Log in

View Full Version : file on temp folder that i delete and keeps coming back there. need help please

2018-12-06, 22:28
Hi, so a few days ago i saw on my temp folder this file "sa.9PGGJ4LF6SPV_0__.Public.InstallAgent" + another one "AM_Delta_Patch_1.281.1476.0"
but the first one keeps coming back every hour or so after i delete it. i run all sorts of rootkit remover- antivirus programs but still it persists on coming.
i could really use your knowledge guys!
thanks in advance have a great day!
i will post the logs below. ( as mentioned above i run all sort of antivirus-antispyware etc. programs before these logs were captured.)

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01.12.2018 01
Ran by mrizo (administrator) on DESKTOP-F843553 (06-12-2018 23:17:52)
Running from C:\Users\mrizo\Desktop
Loaded Profiles: mrizo (Available Profiles: mrizo)
Platform: Windows 10 Home Version 1803 17134.441 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\MsMpEng.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\NisSrv.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe
() C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\LeagueClient.exe
() C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\LeagueClientUx.exe
() C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\LeagueClientUxRender.exe
() C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\LeagueClientUxRender.exe
(Microsoft Corporation) C:\Windows\System32\GameBarPresenceWriter.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AxCrypt AB) C:\Program Files\AxCrypt\AxCrypt\AxCrypt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18389440 2018-08-14] (Realtek Semiconductor)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-274154173-2780070492-278442082-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19476424 2018-11-06] (Piriform Software Ltd)
HKU\S-1-5-21-274154173-2780070492-278442082-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast Cleanup Premium.lnk [2018-11-18]
ShortcutTarget: Avast Cleanup Premium.lnk -> C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe (AVAST Software)
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer]
Tcpip\..\Interfaces\{a0287988-f6f9-4b8c-a3e0-aa61ee26466a}: [NameServer],,
Tcpip\..\Interfaces\{a0287988-f6f9-4b8c-a3e0-aa61ee26466a}: [DhcpNameServer]

Internet Explorer:
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =

FF DefaultProfile: xye4umdg.default-1539041698779
FF ProfilePath: C:\Users\mrizo\AppData\Roaming\Mozilla\Firefox\Profiles\xye4umdg.default-1539041698779 [2018-12-06]
FF NetworkProxy: Mozilla\Firefox\Profiles\xye4umdg.default-1539041698779 -> type", 0
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\mrizo\AppData\Roaming\Mozilla\Firefox\Profiles\xye4umdg.default-1539041698779\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2018-12-06]
FF Extension: (Adblock Plus) - C:\Users\mrizo\AppData\Roaming\Mozilla\Firefox\Profiles\xye4umdg.default-1539041698779\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-12-04]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_31_0_0_148.dll [2018-11-19] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_148.dll [2018-11-19] ()
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-10-11] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-10-11] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin HKU\S-1-5-21-274154173-2780070492-278442082-1001: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=3 -> C:\Users\mrizo\AppData\Local\Epic Privacy Browser\Installer\\npEpicUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-274154173-2780070492-278442082-1001: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=9 -> C:\Users\mrizo\AppData\Local\Epic Privacy Browser\Installer\\npEpicUpdate3.dll [No File]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 CleanupPSvc; C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe [9121248 2018-10-24] (AVAST Software)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd.)
S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd.)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\NisSrv.exe [3917016 2018-10-24] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MsMpEng.exe [114208 2018-10-24] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
S4 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-04-18] (Apple Inc.)
S3 aswTap; C:\WINDOWS\System32\drivers\aswTap.sys [53904 2018-09-05] (The OpenVPN Project)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2018-02-06] (REALiX(tm))
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_a5e9eb9bc021c27a\nvlddmkm.sys [20337080 2018-10-12] (NVIDIA Corporation)
S3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57976 2017-08-22] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1118648 2018-10-25] (Realtek )
S3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [213216 2018-11-08] (Oracle Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46184 2018-10-24] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [328696 2018-10-24] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60408 2018-10-24] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-06 23:17 - 2018-12-06 23:18 - 000009953 _____ C:\Users\mrizo\Desktop\FRST.txt
2018-12-06 23:17 - 2018-12-06 23:17 - 000036705 _____ C:\Users\mrizo\Documents\Addition.txt
2018-12-06 23:16 - 2018-12-06 23:17 - 000054210 _____ C:\Users\mrizo\Documents\FRST.txt
2018-12-06 23:15 - 2018-12-06 23:15 - 000000207 _____ C:\WINDOWS\tweaking.com-regbackup-DESKTOP-F843553-Windows-10-Home-(64-bit).dat
2018-12-06 23:15 - 2018-12-06 23:15 - 000000000 ____D C:\RegBackup
2018-12-06 23:14 - 2018-12-06 23:14 - 005766144 _____ (Tweaking.com) C:\Users\mrizo\Desktop\tweaking.com_registry_backup_setup.exe
2018-12-06 23:14 - 2018-12-06 23:14 - 000018111 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2018-12-06 23:14 - 2018-12-06 23:14 - 000002328 _____ C:\Users\mrizo\Desktop\Tweaking.com - Registry Backup.lnk
2018-12-06 23:14 - 2018-12-06 23:14 - 000000000 ____D C:\Users\mrizo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2018-12-06 23:14 - 2018-12-06 23:14 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2018-12-06 22:42 - 2018-12-06 22:42 - 000000000 ____D C:\Users\mrizo\Documents\My AxCrypt
2018-12-06 22:38 - 2018-12-06 22:42 - 000000000 ____D C:\Users\mrizo\AppData\Local\AxCrypt
2018-12-06 22:38 - 2018-12-06 22:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AxCrypt
2018-12-06 22:38 - 2018-12-06 22:38 - 000000000 ____D C:\Program Files\AxCrypt
2018-12-06 21:01 - 2018-12-06 21:01 - 000005614 _____ C:\WINDOWS\system32\PerfStringBackup.TMP
2018-12-06 20:35 - 2018-12-06 20:35 - 000650652 _____ C:\WINDOWS\Minidump\120618-7500-01.dmp
2018-12-06 20:35 - 2018-12-06 20:35 - 000233856 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-12-06 20:35 - 2018-12-06 20:35 - 000000000 ____D C:\WINDOWS\Minidump
2018-12-06 20:30 - 2018-12-06 20:30 - 000000000 ____D C:\Program Files (x86)\trend micro
2018-12-06 19:12 - 2018-12-06 19:12 - 000004052 _____ C:\Users\mrizo\Documents\Fixlog.txt
2018-12-06 19:11 - 2018-12-06 19:11 - 000000000 ____D C:\Users\mrizo\AppData\Local\D3DSCache
2018-12-06 19:09 - 2018-12-06 23:16 - 000000000 ____D C:\FRST
2018-12-06 19:08 - 2018-12-06 19:08 - 002417152 _____ (Farbar) C:\Users\mrizo\Desktop\FRST64.exe
2018-12-06 18:58 - 2018-12-06 18:58 - 000000000 ____D C:\Users\mrizo\AppData\Roaming\AVAST Software
2018-12-06 18:43 - 2018-12-06 20:35 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-12-06 18:42 - 2018-12-06 18:42 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2018-12-06 18:42 - 2018-12-06 18:42 - 000000000 ____D C:\Users\mrizo\AppData\Local\mbamtray
2018-12-06 18:42 - 2018-12-06 18:42 - 000000000 ____D C:\Users\mrizo\AppData\Local\DBG
2018-12-06 18:37 - 2018-12-06 18:37 - 000000000 ____D C:\Users\mrizo\AppData\Local\mbam
2018-12-06 18:24 - 2018-12-06 06:52 - 000454504 _____ C:\WINDOWS\system32\Drivers\etc\hosts.bak
2018-12-06 18:04 - 2018-12-06 18:04 - 000000000 ____D C:\ProgramData\Emsisoft
2018-12-06 18:00 - 2018-12-06 20:23 - 000000000 ____D C:\EEK
2018-12-06 17:34 - 2018-12-06 18:03 - 000000000 ____D C:\ProgramData\RogueKiller
2018-12-06 17:34 - 2018-12-06 17:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-12-06 17:34 - 2018-12-06 17:34 - 000000000 ____D C:\Program Files\RogueKiller
2018-12-06 10:56 - 2018-12-06 10:56 - 000001920 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-12-06 10:56 - 2018-12-06 10:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-12-06 10:56 - 2018-12-06 10:56 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-12-06 10:56 - 2018-12-06 10:56 - 000000000 ____D C:\Program Files\Malwarebytes
2018-12-06 10:56 - 2018-10-18 08:44 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-12-06 09:44 - 2018-12-01 06:01 - 000835688 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-12-06 09:44 - 2018-12-01 06:01 - 000179808 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-12-06 04:05 - 2018-12-06 04:05 - 000001071 _____ C:\Users\mrizo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LeagueClient.lnk
2018-12-03 20:02 - 2018-12-03 20:02 - 000000258 __RSH C:\ProgramData\ntuser.pol
2018-12-03 18:22 - 2018-12-03 18:27 - 000000000 ____D C:\Users\mrizo\Desktop\Stuff
2018-12-03 17:39 - 2018-11-09 03:46 - 000407274 __RSH C:\bootmgr
2018-12-03 17:39 - 2018-04-12 01:34 - 000000001 ___SH C:\BOOTNXT
2018-12-03 16:29 - 2018-11-09 08:00 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2018-12-03 16:29 - 2018-11-09 07:20 - 007987712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-12-03 16:29 - 2018-11-09 07:18 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-12-03 16:29 - 2018-11-09 04:48 - 007519896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-12-03 16:29 - 2018-11-09 04:47 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-12-03 16:29 - 2018-11-09 04:47 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-12-03 16:29 - 2018-11-09 04:21 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2018-12-03 16:29 - 2018-11-09 04:21 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-12-03 16:29 - 2018-11-09 04:20 - 000399872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvctpSvc.dll
2018-12-03 16:29 - 2018-11-09 04:19 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-12-03 16:29 - 2018-11-09 04:19 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-12-03 16:29 - 2018-11-09 04:18 - 001768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-12-03 16:29 - 2018-11-09 04:18 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-12-03 16:29 - 2018-11-09 04:18 - 000514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2018-12-03 16:29 - 2018-11-09 04:16 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2018-12-03 16:29 - 2018-11-09 04:15 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2018-12-03 16:29 - 2018-11-09 04:07 - 002417976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2018-12-03 16:29 - 2018-11-09 04:07 - 001299704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2018-12-03 16:29 - 2018-11-09 03:46 - 002253184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-12-03 16:29 - 2018-11-09 03:46 - 000129288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-12-03 16:29 - 2018-11-09 03:31 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-12-03 16:29 - 2018-11-09 03:29 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-12-03 16:29 - 2018-11-09 03:29 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-12-03 16:29 - 2018-11-09 03:27 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2018-12-03 16:29 - 2018-11-09 03:25 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2018-12-03 16:28 - 2018-11-09 08:19 - 001048480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2018-12-03 16:28 - 2018-11-09 08:19 - 000549736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2018-12-03 16:28 - 2018-11-09 08:15 - 021388752 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-12-03 16:28 - 2018-11-09 08:15 - 004527584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-12-03 16:28 - 2018-11-09 08:14 - 001617120 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2018-12-03 16:28 - 2018-11-09 08:01 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-12-03 16:28 - 2018-11-09 08:00 - 006586880 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-12-03 16:28 - 2018-11-09 08:00 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2018-12-03 16:28 - 2018-11-09 07:59 - 012710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-12-03 16:28 - 2018-11-09 07:59 - 008623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-12-03 16:28 - 2018-11-09 07:58 - 000244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2018-12-03 16:28 - 2018-11-09 07:57 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-12-03 16:28 - 2018-11-09 07:57 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\sensrsvc.dll
2018-12-03 16:28 - 2018-11-09 07:56 - 003649024 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-12-03 16:28 - 2018-11-09 07:56 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2018-12-03 16:28 - 2018-11-09 07:56 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2018-12-03 16:28 - 2018-11-09 07:56 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-12-03 16:28 - 2018-11-09 07:56 - 000381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll
2018-12-03 16:28 - 2018-11-09 07:56 - 000103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSoftwareInstallationClient.dll
2018-12-03 16:28 - 2018-11-09 07:55 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-12-03 16:28 - 2018-11-09 07:55 - 001254400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-12-03 16:28 - 2018-11-09 07:55 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-12-03 16:28 - 2018-11-09 07:54 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
2018-12-03 16:28 - 2018-11-09 07:35 - 000443864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2018-12-03 16:28 - 2018-11-09 07:32 - 020383832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-12-03 16:28 - 2018-11-09 07:23 - 005657600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-12-03 16:28 - 2018-11-09 07:22 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2018-12-03 16:28 - 2018-11-09 07:21 - 011902976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-12-03 16:28 - 2018-11-09 07:20 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-12-03 16:28 - 2018-11-09 07:19 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2018-12-03 16:28 - 2018-11-09 07:18 - 000320512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll
2018-12-03 16:28 - 2018-11-09 07:17 - 002892800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-12-03 16:28 - 2018-11-09 07:17 - 000704000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-12-03 16:28 - 2018-11-09 04:56 - 001213472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2018-12-03 16:28 - 2018-11-09 04:56 - 001040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-12-03 16:28 - 2018-11-09 04:56 - 000272408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-12-03 16:28 - 2018-11-09 04:56 - 000269320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-12-03 16:28 - 2018-11-09 04:50 - 005624648 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-12-03 16:28 - 2018-11-09 04:49 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-12-03 16:28 - 2018-11-09 04:49 - 001062712 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-12-03 16:28 - 2018-11-09 04:49 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-12-03 16:28 - 2018-11-09 04:49 - 000723416 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-12-03 16:28 - 2018-11-09 04:49 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-12-03 16:28 - 2018-11-09 04:49 - 000565048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-12-03 16:28 - 2018-11-09 04:49 - 000491208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-12-03 16:28 - 2018-11-09 04:49 - 000368656 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2018-12-03 16:28 - 2018-11-09 04:49 - 000135184 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-12-03 16:28 - 2018-11-09 04:49 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-12-03 16:28 - 2018-11-09 04:48 - 007436536 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-12-03 16:28 - 2018-11-09 04:48 - 003179760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-12-03 16:28 - 2018-11-09 04:48 - 002719736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-12-03 16:28 - 2018-11-09 04:48 - 001613288 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2018-12-03 16:28 - 2018-11-09 04:48 - 001209696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-12-03 16:28 - 2018-11-09 04:48 - 000899920 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-12-03 16:28 - 2018-11-09 04:48 - 000766704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2018-12-03 16:28 - 2018-11-09 04:48 - 000745472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-12-03 16:28 - 2018-11-09 04:48 - 000375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-12-03 16:28 - 2018-11-09 04:47 - 009089848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-12-03 16:28 - 2018-11-09 04:47 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-12-03 16:28 - 2018-11-09 04:47 - 002822456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-12-03 16:28 - 2018-11-09 04:47 - 002765344 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-12-03 16:28 - 2018-11-09 04:47 - 002571128 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-12-03 16:28 - 2018-11-09 04:47 - 002371296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-12-03 16:28 - 2018-11-09 04:47 - 002062392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2018-12-03 16:28 - 2018-11-09 04:47 - 001934808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-12-03 16:28 - 2018-11-09 04:47 - 001456520 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-12-03 16:28 - 2018-11-09 04:47 - 001285432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-12-03 16:28 - 2018-11-09 04:47 - 001257672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-12-03 16:28 - 2018-11-09 04:47 - 001140480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-12-03 16:28 - 2018-11-09 04:47 - 000982400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-12-03 16:28 - 2018-11-09 04:47 - 000930616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-12-03 16:28 - 2018-11-09 04:47 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-12-03 16:28 - 2018-11-09 04:47 - 000793400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-12-03 16:28 - 2018-11-09 04:47 - 000594032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-12-03 16:28 - 2018-11-09 04:47 - 000537912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2018-12-03 16:28 - 2018-11-09 04:47 - 000527160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-12-03 16:28 - 2018-11-09 04:47 - 000413720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-12-03 16:28 - 2018-11-09 04:47 - 000335672 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2018-12-03 16:28 - 2018-11-09 04:31 - 025856000 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-12-03 16:28 - 2018-11-09 04:24 - 022715904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-12-03 16:28 - 2018-11-09 04:23 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2018-12-03 16:28 - 2018-11-09 04:22 - 007056896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2018-12-03 16:28 - 2018-11-09 04:22 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2018-12-03 16:28 - 2018-11-09 04:22 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
2018-12-03 16:28 - 2018-11-09 04:21 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-12-03 16:28 - 2018-11-09 04:21 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-12-03 16:28 - 2018-11-09 04:21 - 003396608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-12-03 16:28 - 2018-11-09 04:21 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2018-12-03 16:28 - 2018-11-09 04:21 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2018-12-03 16:28 - 2018-11-09 04:21 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2018-12-03 16:28 - 2018-11-09 04:21 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-12-03 16:28 - 2018-11-09 04:20 - 006032384 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2018-12-03 16:28 - 2018-11-09 04:20 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2018-12-03 16:28 - 2018-11-09 04:20 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2018-12-03 16:28 - 2018-11-09 04:20 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2018-12-03 16:28 - 2018-11-09 04:20 - 000193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndiswan.sys
2018-12-03 16:28 - 2018-11-09 04:20 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-12-03 16:28 - 2018-11-09 04:20 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2018-12-03 16:28 - 2018-11-09 04:19 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-12-03 16:28 - 2018-11-09 04:19 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2018-12-03 16:28 - 2018-11-09 04:19 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-12-03 16:28 - 2018-11-09 04:19 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-12-03 16:28 - 2018-11-09 04:19 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-12-03 16:28 - 2018-11-09 04:19 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2018-12-03 16:28 - 2018-11-09 04:19 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2018-12-03 16:28 - 2018-11-09 04:18 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-12-03 16:28 - 2018-11-09 04:18 - 002172928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-12-03 16:28 - 2018-11-09 04:18 - 001487360 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-12-03 16:28 - 2018-11-09 04:18 - 000573952 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2018-12-03 16:28 - 2018-11-09 04:18 - 000300032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2018-12-03 16:28 - 2018-11-09 04:17 - 002584576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-12-03 16:28 - 2018-11-09 04:17 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2018-12-03 16:28 - 2018-11-09 04:17 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-12-03 16:28 - 2018-11-09 04:17 - 001069568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2018-12-03 16:28 - 2018-11-09 04:17 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-12-03 16:28 - 2018-11-09 04:16 - 004939776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-12-03 16:28 - 2018-11-09 04:16 - 002904064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-12-03 16:28 - 2018-11-09 04:16 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-12-03 16:28 - 2018-11-09 04:16 - 002224640 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-12-03 16:28 - 2018-11-09 04:16 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-12-03 16:28 - 2018-11-09 04:16 - 001457152 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2018-12-03 16:28 - 2018-11-09 04:16 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2018-12-03 16:28 - 2018-11-09 04:16 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2018-12-03 16:28 - 2018-11-09 04:16 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2018-12-03 16:28 - 2018-11-09 04:16 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2018-12-03 16:28 - 2018-11-09 04:15 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2018-12-03 16:28 - 2018-11-09 04:15 - 000933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-12-03 16:28 - 2018-11-09 04:15 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2018-12-03 16:28 - 2018-11-09 04:15 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2018-12-03 16:28 - 2018-11-09 04:15 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2018-12-03 16:28 - 2018-11-09 04:15 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-12-03 16:28 - 2018-11-09 04:15 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2018-12-03 16:28 - 2018-11-09 04:15 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2018-12-03 16:28 - 2018-11-09 03:48 - 000550728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2018-12-03 16:28 - 2018-11-09 03:47 - 000295224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2018-12-03 16:28 - 2018-11-09 03:46 - 006571392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-12-03 16:28 - 2018-11-09 03:46 - 006044008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-12-03 16:28 - 2018-11-09 03:46 - 004789952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-12-03 16:28 - 2018-11-09 03:46 - 002331480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-12-03 16:28 - 2018-11-09 03:46 - 002161008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2018-12-03 16:28 - 2018-11-09 03:46 - 001980776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-12-03 16:28 - 2018-11-09 03:46 - 001805656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-12-03 16:28 - 2018-11-09 03:46 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-12-03 16:28 - 2018-11-09 03:46 - 000829960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-12-03 16:28 - 2018-11-09 03:46 - 000721024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-12-03 16:28 - 2018-11-09 03:46 - 000573504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2018-12-03 16:28 - 2018-11-09 03:46 - 000567048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-12-03 16:28 - 2018-11-09 03:38 - 022016512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-12-03 16:28 - 2018-11-09 03:35 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-12-03 16:28 - 2018-11-09 03:31 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2018-12-03 16:28 - 2018-11-09 03:31 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2018-12-03 16:28 - 2018-11-09 03:31 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-12-03 16:28 - 2018-11-09 03:30 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2018-12-03 16:28 - 2018-11-09 03:30 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
2018-12-03 16:28 - 2018-11-09 03:29 - 005883392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2018-12-03 16:28 - 2018-11-09 03:29 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-12-03 16:28 - 2018-11-09 03:29 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2018-12-03 16:28 - 2018-11-09 03:29 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-12-03 16:28 - 2018-11-09 03:29 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2018-12-03 16:28 - 2018-11-09 03:28 - 005775872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-12-03 16:28 - 2018-11-09 03:28 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2018-12-03 16:28 - 2018-11-09 03:28 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-12-03 16:28 - 2018-11-09 03:28 - 001348096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2018-12-03 16:28 - 2018-11-09 03:28 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-12-03 16:28 - 2018-11-09 03:28 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-12-03 16:28 - 2018-11-09 03:27 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2018-12-03 16:28 - 2018-11-09 03:27 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2018-12-03 16:28 - 2018-11-09 03:27 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-12-03 16:28 - 2018-11-09 03:27 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2018-12-03 16:28 - 2018-11-09 03:26 - 004514816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-12-03 16:28 - 2018-11-09 03:26 - 001110528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-12-03 16:28 - 2018-11-09 03:26 - 000978944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2018-12-03 16:28 - 2018-11-09 03:26 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2018-12-03 16:28 - 2018-11-09 03:26 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2018-12-03 16:28 - 2018-11-09 03:26 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2018-12-03 16:28 - 2018-11-09 03:26 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-12-03 16:28 - 2018-11-09 03:25 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2018-12-03 16:28 - 2018-11-09 03:25 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2018-12-03 16:28 - 2018-11-09 03:25 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2018-12-03 16:28 - 2018-11-09 03:25 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2018-12-03 16:28 - 2018-11-09 03:25 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2018-12-03 16:28 - 2018-11-09 03:01 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2018-12-03 02:03 - 2018-12-06 17:54 - 000000070 _____ C:\Users\mrizo\Desktop\New Text Document (2).txt
2018-12-03 01:58 - 2018-12-03 01:59 - 001832768 _____ (Epic Privacy Browser) C:\Users\mrizo\Documents\epicsetup.exe
2018-11-30 02:05 - 2018-12-06 20:27 - 000000000 ____D C:\Users\mrizo\AppData\Local\CrashDumps
2018-11-28 16:51 - 2018-11-28 16:52 - 007321808 _____ (Malwarebytes) C:\Users\mrizo\Documents\adwcleaner_7.2.1.exe
2018-11-28 16:03 - 2018-12-06 18:43 - 000000000 ____D C:\Users\mrizo\AppData\Local\ConnectedDevicesPlatform
2018-11-28 05:38 - 2018-11-28 05:38 - 000000000 ____D C:\Users\mrizo\AppData\Local\Comms
2018-11-28 01:34 - 2018-11-28 01:34 - 000000000 ____D C:\Users\mrizo\AppData\Local\CEF
2018-11-27 00:09 - 2018-11-27 00:09 - 000000000 ____D C:\ProgramData\Epic Privacy Browser
2018-11-23 19:26 - 2018-11-29 21:31 - 000000081 _____ C:\Users\mrizo\Desktop\honor.txt
2018-11-19 05:06 - 2018-09-05 22:01 - 000053904 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\aswTap.sys
2018-11-19 00:29 - 2018-11-24 17:03 - 000003808 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-11-19 00:29 - 2018-11-24 17:03 - 000003506 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-11-18 21:16 - 2018-11-18 21:16 - 000004012 _____ C:\WINDOWS\System32\Tasks\Avast Cleanup Update
2018-11-18 21:16 - 2018-11-18 21:16 - 000001298 _____ C:\Users\Public\Desktop\Avast Cleanup Premium.lnk
2018-11-18 21:16 - 2018-11-18 21:16 - 000000000 ____D C:\Program Files (x86)\AVAST Software
2018-11-18 20:53 - 2018-12-06 19:02 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2018-11-18 20:52 - 2018-11-18 20:52 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2018-11-18 20:43 - 2018-12-05 02:08 - 000000000 ____D C:\Program Files\AVAST Software
2018-11-18 20:42 - 2018-12-05 02:08 - 000000000 ____D C:\ProgramData\AVAST Software
2018-11-17 21:34 - 2018-11-01 03:09 - 000454638 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20181117-213445.backup
2018-11-17 21:08 - 2018-12-05 02:03 - 000002234 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-11-17 21:08 - 2018-11-24 17:03 - 000003048 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-11-17 21:08 - 2018-11-17 21:08 - 000000865 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-11-17 21:08 - 2018-11-17 21:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-11-17 21:06 - 2018-11-17 21:06 - 000532480 _____ (Trend Micro Incorporated) C:\Users\mrizo\Desktop\cwshredder.exe
2018-11-13 21:25 - 2018-11-01 13:49 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-11-13 21:25 - 2018-11-01 13:45 - 001376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-11-13 21:25 - 2018-11-01 13:27 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2018-11-13 21:25 - 2018-11-01 12:09 - 001027000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-11-13 21:25 - 2018-11-01 11:53 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2018-11-13 21:25 - 2018-11-01 09:26 - 001363536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2018-11-13 21:25 - 2018-11-01 09:25 - 001784680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-11-13 21:25 - 2018-11-01 09:25 - 000375824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-11-13 21:25 - 2018-11-01 08:59 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2018-11-13 21:25 - 2018-11-01 08:57 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-11-13 21:25 - 2018-11-01 08:56 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-11-13 21:25 - 2018-11-01 08:54 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-11-13 21:25 - 2018-11-01 08:53 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-11-13 21:25 - 2018-11-01 06:50 - 000861712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2018-11-13 21:25 - 2018-11-01 06:50 - 000786288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-11-13 21:25 - 2018-11-01 06:48 - 002478872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2018-11-13 21:25 - 2018-11-01 06:48 - 000880248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2018-11-13 21:25 - 2018-11-01 06:47 - 001379792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-11-13 21:25 - 2018-11-01 06:47 - 001020064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-11-13 21:25 - 2018-11-01 06:33 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-11-13 21:25 - 2018-11-01 06:30 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2018-11-13 21:25 - 2018-11-01 06:28 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-11-13 21:25 - 2018-11-01 06:27 - 001627648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-11-13 21:25 - 2018-11-01 06:27 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-11-13 21:25 - 2018-11-01 06:27 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-11-13 21:24 - 2018-11-01 13:46 - 002394960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2018-11-13 21:24 - 2018-11-01 13:30 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-11-13 21:24 - 2018-11-01 13:30 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-11-13 21:24 - 2018-11-01 13:29 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2018-11-13 21:24 - 2018-11-01 13:28 - 000253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2018-11-13 21:24 - 2018-11-01 11:56 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
2018-11-13 21:24 - 2018-11-01 11:56 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-11-13 21:24 - 2018-11-01 11:15 - 023861760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-11-13 21:24 - 2018-11-01 11:13 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-11-13 21:24 - 2018-11-01 09:27 - 001017152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2018-11-13 21:24 - 2018-11-01 09:26 - 003291640 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-11-13 21:24 - 2018-11-01 09:25 - 001288920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-11-13 21:24 - 2018-11-01 09:25 - 001190248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-11-13 21:24 - 2018-11-01 09:25 - 000713472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-11-13 21:24 - 2018-11-01 09:25 - 000463672 _____ (Microsoft Corporation) C:\WINDOWS\system32\coml2.dll
2018-11-13 21:24 - 2018-11-01 09:25 - 000268088 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-11-13 21:24 - 2018-11-01 09:03 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmtask.exe
2018-11-13 21:24 - 2018-11-01 09:02 - 000047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmapi.dll
2018-11-13 21:24 - 2018-11-01 09:02 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\CSystemEventsBrokerClient.dll
2018-11-13 21:24 - 2018-11-01 09:00 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-11-13 21:24 - 2018-11-01 09:00 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-11-13 21:24 - 2018-11-01 08:59 - 000322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-11-13 21:24 - 2018-11-01 08:59 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2018-11-13 21:24 - 2018-11-01 08:59 - 000192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2018-11-13 21:24 - 2018-11-01 08:59 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WPTaskScheduler.dll
2018-11-13 21:24 - 2018-11-01 08:58 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2018-11-13 21:24 - 2018-11-01 08:58 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2018-11-13 21:24 - 2018-11-01 08:57 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-11-13 21:24 - 2018-11-01 08:57 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-11-13 21:24 - 2018-11-01 08:57 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-11-13 21:24 - 2018-11-01 08:57 - 000281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2018-11-13 21:24 - 2018-11-01 08:57 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2018-11-13 21:24 - 2018-11-01 08:56 - 002929664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsservices.dll
2018-11-13 21:24 - 2018-11-01 08:56 - 000506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2018-11-13 21:24 - 2018-11-01 08:54 - 001679360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-11-13 21:24 - 2018-11-01 08:54 - 001023488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2018-11-13 21:24 - 2018-11-01 08:54 - 000606208 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-11-13 21:24 - 2018-11-01 08:53 - 002248192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-11-13 21:24 - 2018-11-01 08:53 - 001373696 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-11-13 21:24 - 2018-11-01 08:53 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-11-13 21:24 - 2018-11-01 08:53 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-11-13 21:24 - 2018-11-01 06:48 - 000384520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\coml2.dll
2018-11-13 21:24 - 2018-11-01 06:47 - 000581600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-11-13 21:24 - 2018-11-01 06:29 - 001862656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsservices.dll
2018-11-13 21:24 - 2018-11-01 06:29 - 000848384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2018-11-13 21:24 - 2018-11-01 06:29 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2018-11-08 16:40 - 2018-11-08 16:40 - 000223000 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxNetLwf.sys
2018-11-08 16:40 - 2018-11-08 16:40 - 000213216 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxNetAdp6.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-06 23:11 - 2018-08-12 13:48 - 000000000 ____D C:\Users\mrizo\AppData\LocalLow\Mozilla
2018-12-06 22:56 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-12-06 22:50 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-12-06 22:43 - 2018-08-03 11:14 - 000000000 ____D C:\Users\mrizo\AppData\Local\PlaceholderTileLogoFolder
2018-12-06 22:43 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-12-06 22:38 - 2018-02-06 14:36 - 000000000 ____D C:\ProgramData\Package Cache
2018-12-06 21:01 - 2018-04-12 01:36 - 000000000 ____D C:\WINDOWS\INF
2018-12-06 20:43 - 2018-10-13 02:37 - 000000000 ____D C:\Users\mrizo
2018-12-06 20:35 - 2018-10-13 02:35 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-12-06 20:35 - 2018-10-11 12:06 - 577350351 _____ C:\WINDOWS\MEMORY.DMP
2018-12-06 20:35 - 2018-04-19 22:52 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-12-06 20:35 - 2018-02-06 01:21 - 000000000 ____D C:\ProgramData\NVIDIA
2018-12-06 20:09 - 2018-05-04 18:54 - 000000000 ____D C:\ProgramData\SecTaskMan
2018-12-06 19:13 - 2018-04-11 23:04 - 000131072 _____ C:\WINDOWS\system32\config\BBI
2018-12-06 18:42 - 2018-02-27 23:52 - 000000000 ____D C:\WINDOWS\pss
2018-12-05 02:09 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SystemApps
2018-12-04 19:47 - 2018-04-24 10:52 - 000001864 _____ C:\Users\mrizo\Desktop\New Text Document.txt
2018-12-04 06:44 - 2018-10-10 13:44 - 000000000 ____D C:\Users\mrizo\AppData\Roaming\vlc
2018-12-03 18:19 - 2018-02-26 16:48 - 000000000 ___RD C:\Users\mrizo\3D Objects
2018-12-03 18:19 - 2018-02-05 23:27 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-12-03 17:37 - 2018-04-12 01:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-12-03 17:37 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-12-03 17:37 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\ShellComponents
2018-12-03 17:37 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-11-29 20:16 - 2018-08-12 15:28 - 000000420 _____ C:\Users\mrizo\Desktop\This PC.lnk
2018-11-28 01:42 - 2018-08-12 14:28 - 000000000 ____D C:\EFSTMPWP
2018-11-26 02:30 - 2018-04-22 03:31 - 000000000 ____D C:\ProgramData\TEMP
2018-11-26 02:27 - 2018-02-26 16:43 - 000000000 ____D C:\Users\mrizo\AppData\Local\Packages
2018-11-24 19:59 - 2018-07-02 16:00 - 000000000 ____D C:\Users\mrizo\Documents\Autoruns
2018-11-22 09:01 - 2018-10-09 01:34 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-11-22 09:01 - 2018-10-09 01:34 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-11-21 01:15 - 2018-10-09 01:34 - 000001011 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-11-19 21:00 - 2018-04-12 18:16 - 000000000 ____D C:\WINDOWS\OCR
2018-11-19 03:31 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-11-19 00:29 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-11-19 00:29 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-11-18 20:52 - 2018-04-12 01:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-11-17 21:08 - 2018-08-03 13:49 - 000000000 ____D C:\Program Files\CCleaner
2018-11-17 20:58 - 2018-10-25 14:39 - 000001134 _____ C:\WINDOWS\system32\config\VSMIDK
2018-11-17 20:57 - 2018-10-25 21:15 - 000000000 ____D C:\Program Files (x86)\Intel
2018-11-17 20:56 - 2018-02-06 01:21 - 000000000 ____D C:\Intel
2018-11-17 00:00 - 2018-02-14 22:49 - 000000000 ____D C:\Program Files\rempl
2018-11-14 00:56 - 2018-07-01 06:18 - 000000000 ____D C:\Program Files (x86)\Java
2018-11-13 21:34 - 2018-04-12 01:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-11-13 21:34 - 2018-04-12 01:38 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-11-13 21:34 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2018-11-13 21:34 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-11-13 21:30 - 2018-02-25 21:07 - 000000000 ____D C:\WINDOWS\system32\MRT

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-10-13 02:35

==================== End of FRST.txt ============================

and i got this one as an addition.txt on dekstop
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01.12.2018 01
Ran by mrizo (06-12-2018 23:18:18)
Running from C:\Users\mrizo\Desktop
Windows 10 Home Version 1803 17134.441 (X64) (2018-10-13 00:42:32)
Boot Mode: Normal

==================== Accounts: =============================

Administrator (S-1-5-21-274154173-2780070492-278442082-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-274154173-2780070492-278442082-503 - Limited - Disabled)
Guest (S-1-5-21-274154173-2780070492-278442082-501 - Limited - Enabled)
mrizo (S-1-5-21-274154173-2780070492-278442082-1001 - Administrator - Enabled) => C:\Users\mrizo
WDAGUtilityAccount (S-1-5-21-274154173-2780070492-278442082-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: - Adobe Systems Incorporated)
Avast Cleanup Premium (HKLM-x32\...\{075CC190-59EE-499F-828B-0B5C098C8C15}_is1) (Version: 18.2.5964 - AVAST Software)
AxCrypt 2.1.1573.0 (HKLM\...\{902A739B-1DAE-6E68-81B1-674E343E1CF1}) (Version: 2.1.1573.0 - AxCrypt AB) Hidden
AxCrypt 2.1.1573.0 (HKLM-x32\...\{4802bd28-932d-4070-99e2-068ea74d872d}) (Version: 2.1.1573.0 - AxCrypt AB)
CCleaner (HKLM\...\CCleaner) (Version: 5.49 - Piriform)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 416.34 - NVIDIA Corporation) Hidden
League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
Malwarebytes version (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: - Malwarebytes)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25017 (HKLM-x32\...\{d6f233bd-3f8c-43f6-878b-07bd0568d595}) (Version: 14.10.25017.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25017 (HKLM-x32\...\{cb7c3049-21de-415b-bd85-b65c14e547df}) (Version: 14.10.25017.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 63.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 63.0.3 (x64 en-US)) (Version: 63.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 62.0.3 - Mozilla)
NVIDIA 3D Vision Controller Driver 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 416.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 416.34 - NVIDIA Corporation)
NVIDIA Graphics Driver 416.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 416.34 - NVIDIA Corporation)
NVIDIA HD Audio Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: - NVIDIA Corporation)
NVIDIA PhysX System Software 9.18.0907 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.18.0907 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - Realtek Semiconductor Corp.)
RogueKiller version (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: - Adlice Software)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: - Safer-Networking Ltd.)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C5FDDED7-DEC7-48B4-AFD8-DFB8A0FD199A}) (Version: - Microsoft Corporation)
UpdateAssistant (HKLM-x32\...\{035FFC43-55D6-4F5C-BCC5-21FED122C8B4}) (Version: - Microsoft Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.4 - VideoLAN)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [axcrypt.File] -> {C3DFC144-30F8-4138-81F9-578DBEB9324A} => C:\Program Files\AxCrypt\AxCrypt\ShellExt.dll [2018-11-07] (AxCrypt AB)
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-10-11] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers6: [axcrypt.File] -> {C3DFC144-30F8-4138-81F9-578DBEB9324A} => C:\Program Files\AxCrypt\AxCrypt\ShellExt.dll [2018-11-07] (AxCrypt AB)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07165C06-7AB0-40BD-A766-3484B7E6AC2F} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-11-19] (Adobe Systems Incorporated)
Task: {1CBCAFD5-2209-4533-8D57-E1F094F14CDE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-24] (Microsoft Corporation)
Task: {3E005D0F-A2E4-4485-A667-1964EC09279E} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_148_Plugin.exe [2018-11-19] (Adobe Systems Incorporated)
Task: {61FF6E75-411C-4BB7-BC7A-867DB3D7B5E8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-24] (Microsoft Corporation)
Task: {77DC960C-4098-4842-8850-3A896A17C4B9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-11-06] (Piriform Software Ltd)
Task: {94A6AC57-0371-45A8-A4BE-17ACAB769E85} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2018-04-20] (Safer-Networking Ltd.)
Task: {A12F5A1F-35CB-455E-9556-3A8AC00E42B0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2018-04-20] (Safer-Networking Ltd.)
Task: {D7806F3B-6911-4C8A-8AAC-CC2F85CEC824} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-11-06] (Piriform Ltd)
Task: {DD1678C2-BD0E-43FB-B264-E8251BBBB3C6} - System32\Tasks\Avast Cleanup Update => C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe [2018-10-24] (AVAST Software)
Task: {E3789F75-7E95-490C-9C1A-3A98E0451F44} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-24] (Microsoft Corporation)
Task: {FAE908CB-6713-4852-A8AB-5862634C24F5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-24] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2018-02-06 01:21 - 2018-10-11 01:10 - 000154152 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000491744 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-12-03 16:28 - 2018-11-09 04:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-12-03 16:28 - 2018-11-09 04:17 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-12-06 20:15 - 2018-12-06 20:15 - 005055104 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\LeagueClient.exe
2018-12-06 20:15 - 2018-12-06 20:15 - 001704408 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\LeagueClientUx.exe
2018-12-06 20:15 - 2018-12-06 20:15 - 000895448 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\LeagueClientUxRender.exe
2018-11-18 21:16 - 2016-09-12 14:53 - 048936448 _____ () C:\Program Files (x86)\AVAST Software\Avast Cleanup\libcef.dll
2018-12-06 20:15 - 2018-12-06 20:15 - 000128640 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\yaml.dll
2018-12-06 20:15 - 2018-12-06 20:15 - 000113792 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\zlib.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 002201216 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-patch\rcp-be-lol-patch.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 001346008 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-patcher\rcp-be-patcher.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 000584152 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-rso-auth\rcp-be-rso-auth.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 000960472 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-login\rcp-be-lol-login.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 000450176 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-platform-config\rcp-be-lol-platform-config.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 000530904 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-riot-messaging-service\rcp-be-riot-messaging-service.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 000717952 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-summoner\rcp-be-lol-summoner.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 000500696 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-ranked-stats\rcp-be-lol-ranked-stats.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 000432768 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-maps\rcp-be-lol-maps.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 000584152 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-game-queues\rcp-be-lol-game-queues.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 000459736 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-player-preferences\rcp-be-lol-player-preferences.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 000564184 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-game-settings\rcp-be-lol-game-settings.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 000512472 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-settings\rcp-be-lol-settings.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 000432768 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-game-session\rcp-be-lol-game-session.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 000779736 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-gameflow\rcp-be-lol-gameflow.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 000404440 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-pre-end-of-game\rcp-be-lol-pre-end-of-game.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 000743552 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-sanitizer\rcp-be-sanitizer.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 000375936 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-riot-messaging-service\rcp-be-lol-riot-messaging-service.dll
2018-12-06 19:55 - 2018-12-05 17:15 - 000475264 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-acs\rcp-be-lol-acs.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 000460760 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-player-notifications\rcp-be-player-notifications.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 000423552 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-loyalty\rcp-be-lol-loyalty.dll
2018-12-06 19:55 - 2018-12-05 17:15 - 000749696 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-collections\rcp-be-lol-collections.dll
2018-12-06 19:55 - 2018-12-05 17:15 - 000622720 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-champions\rcp-be-lol-champions.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 000421848 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-kr-shutdown-law\rcp-be-lol-kr-shutdown-law.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 000666584 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-store\rcp-be-lol-store.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 000611800 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-inventory\rcp-be-lol-inventory.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 000903640 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-lobby-team-builder\rcp-be-lol-lobby-team-builder.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 000538584 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-queue-eligibility\rcp-be-lol-queue-eligibility.dll
2018-12-06 19:55 - 2018-12-05 17:15 - 000727000 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-champ-select-legacy\rcp-be-lol-champ-select-legacy.dll
2018-12-06 19:55 - 2018-12-05 17:15 - 000543872 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-champ-select\rcp-be-lol-champ-select.dll
2018-12-06 19:55 - 2018-12-05 17:15 - 000629376 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-end-of-game\rcp-be-lol-end-of-game.dll
2018-12-06 20:15 - 2018-12-06 20:15 - 000849536 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-ranked\rcp-be-lol-ranked.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 000616064 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-matchmaking\rcp-be-lol-matchmaking.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 000440792 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-spectator\rcp-be-lol-spectator.dll
2018-12-06 19:55 - 2018-12-05 17:15 - 001549440 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-chat\rcp-be-lol-chat.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 001672664 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-lobby\rcp-be-lol-lobby.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 000562304 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-loadouts\rcp-be-lol-loadouts.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 000420480 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-heartbeat\rcp-be-lol-heartbeat.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 000445400 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-shutdown\rcp-be-lol-shutdown.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 000895960 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-loot\rcp-be-lol-loot.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 000407168 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-kickout\rcp-be-lol-kickout.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 000412120 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-license-agreement\rcp-be-lol-license-agreement.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 000403928 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-kr-playtime-reminder\rcp-be-lol-kr-playtime-reminder.dll
2018-12-06 19:55 - 2018-12-05 17:15 - 000413656 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-game-client-chat\rcp-be-lol-game-client-chat.dll
2018-12-06 19:55 - 2018-12-05 17:15 - 000446080 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-active-boosts\rcp-be-lol-active-boosts.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 000516056 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-pft\rcp-be-lol-pft.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 000569472 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-player-behavior\rcp-be-lol-player-behavior.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 000456152 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-suggested-players\rcp-be-lol-suggested-players.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 000451544 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-service-status\rcp-be-lol-service-status.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 000475776 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-leaver-buster\rcp-be-lol-leaver-buster.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 000536024 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-match-history\rcp-be-lol-match-history.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 000605656 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-recofriender\rcp-be-recofriender.dll
2018-12-06 19:55 - 2018-12-05 17:15 - 000686720 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-clubs\rcp-be-lol-clubs.dll
2018-12-06 19:55 - 2018-12-05 17:15 - 000446936 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-clubs-public\rcp-be-lol-clubs-public.dll
2018-12-06 19:55 - 2018-12-05 17:15 - 000493696 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-esport-stream-notifications\rcp-be-lol-esport-stream-notifications.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 000425600 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-player-level-up\rcp-be-lol-player-level-up.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 000409728 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-tencent-qt\rcp-be-lol-tencent-qt.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 000466392 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-player-messaging\rcp-be-lol-player-messaging.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 000456664 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-purchase-widget\rcp-be-lol-purchase-widget.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 000515544 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-personalized-offers\rcp-be-lol-personalized-offers.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 000591320 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-recommendations\rcp-be-lol-recommendations.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 000394880 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-user-experience\rcp-be-lol-user-experience.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 000464856 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-simple-dialog-messages\rcp-be-lol-simple-dialog-messages.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 000539608 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-highlights\rcp-be-lol-highlights.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 000595928 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-honor-v2\rcp-be-lol-honor-v2.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 000433112 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-network-testing\rcp-be-network-testing.dll
2018-12-06 19:55 - 2018-12-05 17:15 - 000464512 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-entitlements\rcp-be-entitlements.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 000610264 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-missions\rcp-be-lol-missions.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 000512472 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-item-sets\rcp-be-lol-item-sets.dll
2018-12-06 19:55 - 2018-12-05 17:15 - 000472536 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-email-verification\rcp-be-lol-email-verification.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 000450688 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-geoinfo\rcp-be-lol-geoinfo.dll
2018-12-06 19:55 - 2018-12-05 17:15 - 000475264 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-content-targeting\rcp-be-lol-content-targeting.dll
2018-12-06 19:55 - 2018-12-05 17:15 - 001283200 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-clash\rcp-be-lol-clash.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 000635352 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-replays\rcp-be-lol-replays.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 000733824 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-voice-chat\rcp-be-voice-chat.dll
2018-12-06 19:55 - 2018-12-05 17:15 - 000648152 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-gcloud-voice-chat\rcp-be-gcloud-voice-chat.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 000609752 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-premade-voice\rcp-be-lol-premade-voice.dll
2018-12-06 19:55 - 2018-12-05 17:15 - 000500864 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-featured-modes\rcp-be-lol-featured-modes.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 000458200 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-npe-rewards\rcp-be-lol-npe-rewards.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 000578688 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-npe-tutorial-path\rcp-be-lol-npe-tutorial-path.dll
2018-12-06 19:55 - 2018-10-10 12:42 - 000482264 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-catalog\rcp-be-lol-catalog.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 000565208 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-regalia\rcp-be-lol-regalia.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 000428160 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-payments\rcp-be-payments.dll
2018-12-06 19:55 - 2018-12-05 17:15 - 000536192 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-banners\rcp-be-lol-banners.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 000454104 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-trophies\rcp-be-lol-trophies.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 000751576 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-perks\rcp-be-lol-perks.dll
2018-12-06 19:55 - 2018-12-05 17:15 - 000432088 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-discord-rp\rcp-be-lol-discord-rp.dll
2018-12-06 19:55 - 2018-12-05 17:15 - 000502232 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-account-verification\rcp-be-lol-account-verification.dll
2018-12-06 19:55 - 2018-12-05 17:15 - 000554456 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-career-stats\rcp-be-lol-career-stats.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 000435840 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-worlds-token-card\rcp-be-lol-worlds-token-card.dll
2018-12-06 19:55 - 2018-12-05 17:26 - 000402048 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-mode-progression\rcp-be-lol-mode-progression.dll
2018-12-06 20:15 - 2018-12-06 20:15 - 055045760 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\libcef.dll
2018-12-06 20:15 - 2018-12-06 20:15 - 000832640 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\ffmpeg.dll
2018-12-06 20:15 - 2018-12-06 20:15 - 001801344 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\libglesv2.dll
2018-12-06 20:15 - 2018-12-06 20:15 - 000022144 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.

IE trusted site: HKU\S-1-5-21-274154173-2780070492-278442082-1001\...\localhost -> localhost
IE restricted site: HKU\S-1-5-21-274154173-2780070492-278442082-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-274154173-2780070492-278442082-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-274154173-2780070492-278442082-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-274154173-2780070492-278442082-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-274154173-2780070492-278442082-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-274154173-2780070492-278442082-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-274154173-2780070492-278442082-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-274154173-2780070492-278442082-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-274154173-2780070492-278442082-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-274154173-2780070492-278442082-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-274154173-2780070492-278442082-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-274154173-2780070492-278442082-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-274154173-2780070492-278442082-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-274154173-2780070492-278442082-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-274154173-2780070492-278442082-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-274154173-2780070492-278442082-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-274154173-2780070492-278442082-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-274154173-2780070492-278442082-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-274154173-2780070492-278442082-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-274154173-2780070492-278442082-1001\...\1-2005-search.com -> www.1-2005-search.com

There are 12682 more sites.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-02-06 01:16 - 2018-12-06 18:24 - 000453966 _____ C:\WINDOWS\system32\Drivers\etc\hosts choice.microsoft.com choice.microsoft.com.nstac.net df.telemetry.microsoft.com oca.telemetry.microsoft.com oca.telemetry.microsoft.com.nsatc.net redir.metaservices.microsoft.com reports.wes.df.telemetry.microsoft.com services.wes.df.telemetry.microsoft.com settings-sandbox.data.microsoft.com settings-win.data.microsoft.com sqm.df.telemetry.microsoft.com sqm.telemetry.microsoft.com sqm.telemetry.microsoft.com.nsatc.net telecommand.telemetry.microsoft.com telecommand.telemetry.microsoft.com.nsatc.net telemetry.appex.bing.net telemetry.microsoft.com telemetry.urs.microsoft.com vortex-sandbox.data.microsoft.com vortex-win.data.microsoft.com vortex.data.microsoft.com watson.telemetry.microsoft.com watson.telemetry.microsoft.com.nsatc.net watson.ppe.telemetry.microsoft.com wes.df.telemetry.microsoft.com vortex-bn2.metron.live.com.nsatc.net vortex-cy2.metron.live.com.nsatc.net watson.live.com watson.microsoft.com feedback.search.microsoft.com

There are 15553 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-274154173-2780070492-278442082-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: -
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: XboxGipSvc => 3
HKLM\...\StartupApproved\StartupFolder: => "Avast SecureLine.lnk"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "RtHDVCpl"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-274154173-2780070492-278442082-1001\...\StartupApproved\Run: => "Epic Privacy Browser Installer"
HKU\S-1-5-21-274154173-2780070492-278442082-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-274154173-2780070492-278442082-1001\...\StartupApproved\Run: => "wtfast Tray"
HKU\S-1-5-21-274154173-2780070492-278442082-1001\...\StartupApproved\Run: => "Skype for Desktop"
HKU\S-1-5-21-274154173-2780070492-278442082-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-274154173-2780070492-278442082-1001\...\StartupApproved\Run: => "OneDriveSetup"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [Microsoft-Windows-Unified-Telemetry-Client] => (Block) C:\WINDOWS\system32\svchost.exe
FirewallRules: [{8DE5F8DB-C0A3-4DF8-B78B-3CDA4F6CBC7D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{6565C0E1-D568-4BE2-B461-654DE8DAA088}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{CB982792-9BFF-4ACC-9760-4332A1DD8C8E}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{31636902-7609-4783-AAC4-9B29A05A48FC}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{9A722529-C883-47A8-B023-7A9A3A185639}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{82AD804B-85D6-40F5-8829-3AD28B5F6D22}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{A5565CEB-97E6-4E45-928B-5EE00563162C}] => (Allow) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe
FirewallRules: [{95F5F9E6-4C58-4D4B-9B56-0017F12D1F8D}] => (Allow) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe
FirewallRules: [TCP Query User{FB6C2678-DBD6-43F9-B74D-3C6FC0E8CD88}C:\riot games\league of legends\rads\projects\league_client\releases\\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\\deploy\leagueclient.exe
FirewallRules: [UDP Query User{B5C87A7A-2F30-4FCF-9D0D-59C231F17508}C:\riot games\league of legends\rads\projects\league_client\releases\\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\\deploy\leagueclient.exe
FirewallRules: [{E8F70BD1-6DE8-4788-B586-503B901E101F}] => (Block) C:\riot games\league of legends\rads\projects\league_client\releases\\deploy\leagueclient.exe
FirewallRules: [{41D67CB6-2262-4D6F-A127-07113C2615B2}] => (Block) C:\riot games\league of legends\rads\projects\league_client\releases\\deploy\leagueclient.exe
FirewallRules: [TCP Query User{1DC9277F-F193-4DD4-9AB6-B8113F34EC62}C:\riot games\league of legends\rads\projects\league_client\releases\\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\\deploy\leagueclient.exe
FirewallRules: [UDP Query User{1D1AF3E2-A7C4-4D36-AA1B-BDBA27DA0F0E}C:\riot games\league of legends\rads\projects\league_client\releases\\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\\deploy\leagueclient.exe
FirewallRules: [{90AA63D9-9A3A-41CC-BF7B-E9884EACD7DF}] => (Block) C:\riot games\league of legends\rads\projects\league_client\releases\\deploy\leagueclient.exe
FirewallRules: [{DAE588BA-B57E-499B-9088-E952650ADFA4}] => (Block) C:\riot games\league of legends\rads\projects\league_client\releases\\deploy\leagueclient.exe
FirewallRules: [TCP Query User{41C02A6A-4865-4DB6-82BC-E8FFEDAEA36D}C:\riot games\league of legends\rads\projects\league_client\releases\\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\\deploy\leagueclient.exe
FirewallRules: [UDP Query User{C77B83D8-B9A7-41C6-9CFB-51DB0B027C52}C:\riot games\league of legends\rads\projects\league_client\releases\\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\\deploy\leagueclient.exe
FirewallRules: [{C8E6602B-342F-4EFB-A7B0-E8DB7410418F}] => (Block) C:\riot games\league of legends\rads\projects\league_client\releases\\deploy\leagueclient.exe
FirewallRules: [{659C96D3-B773-4471-ADCF-829AC91A7F4F}] => (Block) C:\riot games\league of legends\rads\projects\league_client\releases\\deploy\leagueclient.exe
FirewallRules: [TCP Query User{7F9D4007-2B58-4547-AD5F-D95442F77927}C:\riot games\league of legends\rads\projects\league_client\releases\\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\\deploy\leagueclient.exe
FirewallRules: [UDP Query User{95CB8694-010C-45B8-8078-FFBD00B30EAA}C:\riot games\league of legends\rads\projects\league_client\releases\\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\\deploy\leagueclient.exe
FirewallRules: [{33E12845-272E-46BC-AC19-4E78C15B7E59}] => (Block) C:\riot games\league of legends\rads\projects\league_client\releases\\deploy\leagueclient.exe
FirewallRules: [{BD14B7C2-50E8-43A5-81A2-DE46BC942A83}] => (Block) C:\riot games\league of legends\rads\projects\league_client\releases\\deploy\leagueclient.exe

==================== Restore Points =========================

03-12-2018 16:28:02 Windows Update
06-12-2018 02:52:33 Windows Modules Installer

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
Error: (12/06/2018 11:17:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 1.12.2018.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 13f8

Start Time: 01d48da8f0094a3b

Termination Time: 4294967295

Application Path: C:\Users\mrizo\Desktop\FRST64.exe

Report Id: 21ac59c1-0ec3-41f7-8242-9d0d880ec39c

Faulting package full name:

Faulting package-relative application ID:

Error: (12/06/2018 08:27:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: gmer.exe, version: 2.2.19882.0, time stamp: 0x56e2cdca
Faulting module name: gmer.exe, version: 2.2.19882.0, time stamp: 0x56e2cdca
Exception code: 0xc0000005
Fault offset: 0x0008de57
Faulting process ID: 0x1dc0
Faulting application start time: 0x01d48d914b1f1fab
Faulting application path: C:\Users\mrizo\Documents\gmer\gmer.exe
Faulting module path: C:\Users\mrizo\Documents\gmer\gmer.exe
Report ID: 5e7f8a25-abe0-4bf9-96ac-c1aa09b14a49
Faulting package full name:
Faulting package-relative application ID:

Error: (12/06/2018 07:12:33 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.

Executing Asynchronous Operation

Current State: DoSnapshotSet

Error: (12/06/2018 07:12:23 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
This is often caused by incorrect security settings in either the writer or requestor process.

Gathering Writer Data

Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {f1265da7-a1cf-47f1-96de-5cebb57fd012}

Error: (12/06/2018 07:12:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 1.12.2018.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1944

Start Time: 01d48d8674b2dfad

Termination Time: 4294967295

Application Path: C:\Users\mrizo\Documents\FRST64.exe

Report Id: 4d1c83ff-8dc0-4743-8b1b-aa13ab8aef81

Faulting package full name:

Faulting package-relative application ID:

Error: (12/06/2018 07:04:13 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\mrizo\Documents\Autoruns\Autoruns.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.441_none_42ebd1ee44e52429.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.441_none_fb3e9b173068fb23.manifest.

Error: (12/06/2018 07:03:52 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\mrizo\Documents\Autoruns\autorunsc.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.441_none_42ebd1ee44e52429.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.441_none_fb3e9b173068fb23.manifest.

Error: (12/06/2018 07:03:52 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\mrizo\Documents\Autoruns\Autoruns.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.441_none_42ebd1ee44e52429.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.441_none_fb3e9b173068fb23.manifest.

System errors:
Error: (12/06/2018 10:58:33 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

Error: (12/06/2018 08:35:14 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0xffff8600aaf65010, 0x00000000000000ff, 0x0000000000000000, 0xfffff80630ea8bc8). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: bbace290-db95-4a84-b493-9512736b0cde.

Error: (12/06/2018 08:35:05 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 20:33:31 on ‎06/‎12/‎2018 was unexpected.

Error: (12/06/2018 07:12:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (12/06/2018 07:12:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Security Center Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (12/06/2018 07:12:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avast Cleanup Premium service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (12/06/2018 07:12:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Scanner Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (12/06/2018 07:12:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA Display Container LS service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.

Windows Defender:
Date: 2018-11-15 05:17:05.436
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {2F5C04BE-6A31-40B9-831D-E0C8B40D8CC2}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-11-15 02:47:47.676
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {14CB794D-8A80-4DF7-AE62-9DE42E1A52E3}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-11-13 17:20:35.847
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {C3C0F4F9-B748-48FE-914E-46C1116C21E9}
Scan Type: Antimalware
Scan Parameters: Full Scan

Date: 2018-11-02 00:59:00.761
C:\Users\mrizo\AppData\Local\Epic Privacy Browser\Application\epic.exe has been blocked from modifying %desktopdirectory%\ by Controlled Folder Access.
Detection time: 2018-11-01T22:59:00.760Z
Path: %desktopdirectory%\
Process Name: C:\Users\mrizo\AppData\Local\Epic Privacy Browser\Application\epic.exe
Signature Version: 1.279.891.0
Engine Version: 1.1.15400.4
Product Version: 4.18.1810.5

Date: 2018-11-01 05:00:23.224
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {F96A344E-2351-46D5-8153-E1827A6F6807}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-12-06 18:42:09.644
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2018-12-06 18:31:23.994
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.281.1479.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15400.5
Error code: 0x80070422
Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Date: 2018-12-06 18:21:22.498
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2018-12-06 09:28:58.162
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.281.354.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15400.5
Error code: 0x80070422
Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Date: 2018-12-05 16:52:33.691
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.281.354.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15400.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz
Percentage of memory in use: 44%
Total physical RAM: 8109.18 MB
Available physical RAM: 4524.97 MB
Total Virtual: 9389.18 MB
Available Virtual: 3881.75 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.43 GB) (Free:178.68 GB) NTFS ==>[drive with boot components (obtained from BCD)]

\\?\Volume{045d200f-0000-0000-0000-601b3a000000}\ () (Fixed) (Total:0.46 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: 045D200F)
Partition 1: (Active) - (Size=232.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=467 MB) - (Type=27)

==================== End of Addition.txt ============================

and that's the log backup

[12/6/2018 - 11:15:24 PM] System Variables
[12/6/2018 - 11:15:24 PM] --------------------------------------------------------------------------------
[12/6/2018 - 11:15:24 PM] Use Fallback Backup Method: 1 (0 = No, 1 = Yes)
[12/6/2018 - 11:15:24 PM] VSS exe To Use: vss_7_8_2008_2012_64.exe
[12/6/2018 - 11:15:24 PM] Windows Drive: C:
[12/6/2018 - 11:15:24 PM] Windows Folder: WINDOWS
[12/6/2018 - 11:15:24 PM] Windows Path: C:\WINDOWS
[12/6/2018 - 11:15:24 PM] Registry File Location: C:\WINDOWS\System32\Config
[12/6/2018 - 11:15:24 PM] Current Profile: C:\Users\mrizo
[12/6/2018 - 11:15:24 PM] Current Profile SID: S-1-5-21-274154173-2780070492-278442082-1001
[12/6/2018 - 11:15:24 PM] Current Profile Classes: S-1-5-21-274154173-2780070492-278442082-1001_Classes
[12/6/2018 - 11:15:24 PM] Profiles Location: C:\Users
[12/6/2018 - 11:15:24 PM] Profiles Location 2: C:\WINDOWS\ServiceProfiles
[12/6/2018 - 11:15:24 PM] Local Settings AppData: AppData\Local
[12/6/2018 - 11:15:24 PM] Computer Name: DESKTOP-F843553
[12/6/2018 - 11:15:24 PM] OS: Windows 10 Home (64-bit)
[12/6/2018 - 11:15:24 PM] OS Architecture: 64-bit
[12/6/2018 - 11:15:24 PM] OS Version: 10.0.17134
[12/6/2018 - 11:15:24 PM] OS Service Pack:
[12/6/2018 - 11:15:24 PM] --------------------------------------------------------------------------------

[12/6/2018 - 11:15:24 PM] Backup Location: C:\RegBackup\

[12/6/2018 - 11:15:24 PM] Auto Delete Old Backups Enabled, Working...
[12/6/2018 - 11:15:24 PM] Delete backups 7 Days or older. Keep at least 5 Backups.
[12/6/2018 - 11:15:24 PM] --------------------------------------------------------------------------------
[12/6/2018 - 11:15:24 PM] --------------------------------------------------------------------------------

[12/6/2018 - 11:15:24 PM] Starting Backup...

[12/6/2018 - 11:15:24 PM] Files To Backup:
[12/6/2018 - 11:15:24 PM] --------------------------------------------------------------------------------
[12/6/2018 - 11:15:24 PM] C:\WINDOWS\System32\Config\components
[12/6/2018 - 11:15:24 PM] C:\WINDOWS\System32\Config\drivers
[12/6/2018 - 11:15:24 PM] C:\WINDOWS\System32\Config\default
[12/6/2018 - 11:15:24 PM] C:\WINDOWS\System32\Config\sam
[12/6/2018 - 11:15:24 PM] C:\WINDOWS\System32\Config\security
[12/6/2018 - 11:15:24 PM] C:\WINDOWS\System32\Config\software
[12/6/2018 - 11:15:24 PM] C:\WINDOWS\System32\Config\system
[12/6/2018 - 11:15:24 PM] C:\Users\mrizo\ntuser.dat
[12/6/2018 - 11:15:24 PM] C:\Users\mrizo\AppData\Local\Microsoft\Windows\UsrClass.dat
[12/6/2018 - 11:15:24 PM] C:\WINDOWS\ServiceProfiles\LocalService\ntuser.dat
[12/6/2018 - 11:15:24 PM] C:\WINDOWS\ServiceProfiles\NetworkService\ntuser.dat
[12/6/2018 - 11:15:24 PM] --------------------------------------------------------------------------------

[12/6/2018 - 11:15:24 PM] Backing Up Registry Files Security Descriptors (SDDL):
[12/6/2018 - 11:15:24 PM] --------------------------------------------------------------------------------
[12/6/2018 - 11:15:24 PM] "\\?\C:\Users\mrizo\AppData\Local\Microsoft\Windows\UsrClass.dat",1,"O:SYG:SYD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;S-1-5-21-274154173-2780070492-278442082-1001)"

[12/6/2018 - 11:15:24 PM] --------------------------------------------------------------------------------

[12/6/2018 - 11:15:24 PM] Backing Up Files:
[12/6/2018 - 11:15:24 PM] --------------------------------------------------------------------------------
[12/6/2018 - 11:15:24 PM] Using Fallback Backup Method.

[12/6/2018 - 11:15:24 PM] Backing Up File: C:\WINDOWS\System32\Config\components
[12/6/2018 - 11:15:24 PM] Result: Successful (41.81 MB) - C:\RegBackup\DESKTOP-F843553\12.6.2018_11.15.24-PM\C\WINDOWS\System32\Config\components

[12/6/2018 - 11:15:24 PM] Backing Up File: C:\WINDOWS\System32\Config\drivers
[12/6/2018 - 11:15:24 PM] Result: Successful (6.18 MB) - C:\RegBackup\DESKTOP-F843553\12.6.2018_11.15.24-PM\C\WINDOWS\System32\Config\drivers

[12/6/2018 - 11:15:24 PM] Backing Up File: C:\WINDOWS\System32\Config\default
[12/6/2018 - 11:15:24 PM] Result: Successful (4.92 MB) - C:\RegBackup\DESKTOP-F843553\12.6.2018_11.15.24-PM\C\WINDOWS\System32\Config\default

[12/6/2018 - 11:15:24 PM] Backing Up File: C:\WINDOWS\System32\Config\sam
[12/6/2018 - 11:15:24 PM] Result: Successful (36.00 KB) - C:\RegBackup\DESKTOP-F843553\12.6.2018_11.15.24-PM\C\WINDOWS\System32\Config\sam

[12/6/2018 - 11:15:24 PM] Backing Up File: C:\WINDOWS\System32\Config\security
[12/6/2018 - 11:15:24 PM] Result: Successful (32.00 KB) - C:\RegBackup\DESKTOP-F843553\12.6.2018_11.15.24-PM\C\WINDOWS\System32\Config\security

[12/6/2018 - 11:15:24 PM] Backing Up File: C:\WINDOWS\System32\Config\software
[12/6/2018 - 11:15:25 PM] Result: Successful (85.40 MB) - C:\RegBackup\DESKTOP-F843553\12.6.2018_11.15.24-PM\C\WINDOWS\System32\Config\software

[12/6/2018 - 11:15:25 PM] Backing Up File: C:\WINDOWS\System32\Config\system
[12/6/2018 - 11:15:25 PM] Result: Successful (17.75 MB) - C:\RegBackup\DESKTOP-F843553\12.6.2018_11.15.24-PM\C\WINDOWS\System32\Config\system

[12/6/2018 - 11:15:25 PM] Backing Up File: C:\Users\mrizo\ntuser.dat
[12/6/2018 - 11:15:26 PM] Result: Successful (7.73 MB) - C:\RegBackup\DESKTOP-F843553\12.6.2018_11.15.24-PM\C\Users\mrizo\ntuser.dat

[12/6/2018 - 11:15:26 PM] Backing Up File: C:\Users\mrizo\AppData\Local\Microsoft\Windows\UsrClass.dat
[12/6/2018 - 11:15:26 PM] Result: Successful (4.47 MB) - C:\RegBackup\DESKTOP-F843553\12.6.2018_11.15.24-PM\C\Users\mrizo\AppData\Local\Microsoft\Windows\UsrClass.dat

[12/6/2018 - 11:15:26 PM] Backing Up File: C:\WINDOWS\ServiceProfiles\LocalService\ntuser.dat
[12/6/2018 - 11:15:26 PM] Result: Successful (196.00 KB) - C:\RegBackup\DESKTOP-F843553\12.6.2018_11.15.24-PM\C\WINDOWS\ServiceProfiles\LocalService\ntuser.dat

[12/6/2018 - 11:15:26 PM] Backing Up File: C:\WINDOWS\ServiceProfiles\NetworkService\ntuser.dat
[12/6/2018 - 11:15:26 PM] Result: Successful (168.00 KB) - C:\RegBackup\DESKTOP-F843553\12.6.2018_11.15.24-PM\C\WINDOWS\ServiceProfiles\NetworkService\ntuser.dat

[12/6/2018 - 11:15:26 PM] Total Size: 168.69 MB

[12/6/2018 - 11:15:26 PM] --------------------------------------------------------------------------------

[12/6/2018 - 11:15:26 PM] Creating DOS restore bat file for use in the Windows Recovery Console:
[12/6/2018 - 11:15:26 PM] --------------------------------------------------------------------------------
[12/6/2018 - 11:15:26 PM] Created: C:\WINDOWS\tweaking.com-regbackup-DESKTOP-F843553-Windows-10-Home-(64-bit).dat for use in the dos_restore.cmd file
[12/6/2018 - 11:15:26 PM] Done: C:\RegBackup\DESKTOP-F843553\12.6.2018_11.15.24-PM\dos_restore.cmd
[12/6/2018 - 11:15:26 PM] --------------------------------------------------------------------------------

2018-12-06, 23:32
Start Farbar Recovery Scan Tool with Administrator privileges
(Right click on the FRST icon and select Run as administrator)

highlight on the text below and select Copy.
beginning with Start:: and finishing with End::

Highlight the entire content of the quote box below and select Copy.

GroupPolicy: Restriction ? <==== ATTENTION
FF Plugin HKU\S-1-5-21-274154173-2780070492-278442082-1001: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=3 -> C:\Users\mrizo\AppData\Local\Epic Privacy Browser\Installer\\npEpicUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-274154173-2780070492-278442082-1001: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=9 -> C:\Users\mrizo\AppData\Local\Epic Privacy Browser\Installer\\npEpicUpdate3.dll [No File]
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]

Start FRST (FRST64) with Administrator privileges
Press the Fix button. FRST will process the lines copied above from the clipboard.
When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
Some of the tools I request below may have already been used, please delete those and download updated versions.


http://i.imgur.com/zcMPezJ.pngAdwCleaner - Fix Mode

Download [b]AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) and move it to your Desktop
Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Accept the EULA (I accept), then click on Scan
Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean & Repair button. This will kill all the active processes
Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


Download the right version of RogueKiller (http://www.adlice.com/download/roguekiller/#download) for your Windows version (32 or 64-bit)
Once done, move the executable file to your Desktop, right-click on it and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
Wait for the scan to complete
On completion, the results will be displayed
Check every single entry (threat found), and click on the Remove Selected button
On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
This will open the report in Notepad. Copy/paste its content in your next reply

created by Aura

Your next reply(ies) should therefore contain:

Copy/pasted Fixlog.txt
Copy/pasted AdwCleaner clean log
Copy/pasted RogueKiller clean log

2018-12-06, 23:57
Hi, thank you so much for taking the time to reply,i really appreciate it alot!
Adwcleaner found 0 threats so there are no logs from that.
Also roguekiller found 0 threats but i copy the logs too
the logs from Roguekiller and Farbar are the following :

Fix result of Farbar Recovery Scan Tool (x64) Version: 01.12.2018 01
Ran by mrizo (07-12-2018 00:35:40) Run:2
Running from C:\Users\mrizo\Desktop
Loaded Profiles: mrizo (Available Profiles: mrizo)
Boot Mode: Normal

fixlist content:
GroupPolicy: Restriction ? <==== ATTENTION
FF Plugin HKU\S-1-5-21-274154173-2780070492-278442082-1001: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=3 -> C:\Users\mrizo\AppData\Local\Epic Privacy Browser\Installer\\npEpicUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-274154173-2780070492-278442082-1001: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=9 -> C:\Users\mrizo\AppData\Local\Epic Privacy Browser\Installer\\npEpicUpdate3.dll [No File]
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]


Processes closed successfully.
Restore point was successfully created.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKU\S-1-5-21-274154173-2780070492-278442082-1001\Software\MozillaPlugins\@updates.epicbrowser.com/Epic Privacy Browser Installer;version=3 => removed successfully
"C:\Users\mrizo\AppData\Local\Epic Privacy Browser\Installer\\npEpicUpdate3.dll" => not found
HKU\S-1-5-21-274154173-2780070492-278442082-1001\Software\MozillaPlugins\@updates.epicbrowser.com/Epic Privacy Browser Installer;version=9 => removed successfully
"C:\Users\mrizo\AppData\Local\Epic Privacy Browser\Installer\\npEpicUpdate3.dll" => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ FileSyncEx => removed successfully
HKLM\Software\Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed successfully
HKLM\Software\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D} => not found
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully
HKLM\Software\Classes\CLSID\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\ FileSyncEx => removed successfully
HKLM\Software\Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => not found
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully

=========== "C:\Windows\Temp\*.*" ==========

not found

========= End -> "C:\Windows\Temp\*.*" ========

=========== EmptyTemp: ==========

BITS transfer queue => 9461760 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12694365 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 0 B
Firefox => 785245228 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 878 B
LocalService => 0 B
NetworkService => 2578 B
NetworkService => 0 B
mrizo => 495112 B

RecycleBin => 4346666 B
EmptyTemp: => 774.6 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 00:36:35 ====

RogueKiller Anti-Malware V13.0.15.0 (x64) [Dec 3 2018] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.17134) 64 bits
Started in : Normal mode
User : mrizo [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Standard Scan, Scan -- Date : 2018/12/07 00:47:54 (Duration : 00:06:28)

いいいいいいいいいいいい Processes いいいいいいいいいいいい

いいいいいいいいいいいい Process Modules いいいいいいいいいいいい

いいいいいいいいいいいい Services いいいいいいいいいいいい

いいいいいいいいいいいい Tasks いいいいいいいいいいいい

いいいいいいいいいいいい Registry いいいいいいいいいいいい

いいいいいいいいいいいい WMI いいいいいいいいいいいい

いいいいいいいいいいいい Hosts File いいいいいいいいいいいい
Hosts file is too big

いいいいいいいいいいいい Files いいいいいいいいいいいい

いいいいいいいいいいいい Web browsers いいいいいいいいいいいい

2018-12-07, 00:09
By the way i checked the "temp" folder and i still see this file but now its 2 times

2018-12-07, 11:52
A DAT file is a generic data file created by a specific application. DAT files are typically accessed only by the application that created them.

What tools on your computer have run update checks since we ran FRST?
Not saying thats whats happened but, it is possible.

Whats the computer doing?


http://i.imgur.com/G0tu5D9.pngEmsisoft Emergency Kit - Fix Mode
Follow the instructions below to run a scan using the Emsisoft Emergency Kit.

Download the Emsisoft Emergency Kit (https://www.emsisoft.com/en/software/eek/download/) and execute it. From there, click on the Install button to extract the program in the EEK folder;
Once the extraction is complete, the EEK folder will open. Right-click on http://i.imgur.com/G0tu5D9.pngstart emergency kit scanner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
EEK will suggest that you run an online update before using the program. Click on Yes to launch it.
After the update, click on Malware Scan under 2. Scan and accept to let EEK detect PUPs (click on Yes).
Once the scan is complete, make sure that every item in the list is checked, and click on the Quarantine selected button;
If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
After the restart, open EEK again (in the C:\EEK folder);
This time, click on Logs;
From there, go under the Quarantine Log tab, and click on the Export button;
Save the log on your desktop, then open it, and copy/paste its content in your next reply;

2018-12-07, 12:29
update checks by themselves were made by the MPCmdRun.log many times ( i mean without me actually checking for updates)
(log file)

MpCmdRun: Command Line: "C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe" -DisableService
Start Time: ‎Fri ‎Dec ‎07 ‎2018 00:36:42

MpEnsureProcessMitigationPolicy: hr = 0x1
EnableService(0, 3)

MpCmdRun: Command Line: "C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe" SignatureUpdate -ScheduleJob -RestrictPrivileges
Start Time: ‎Fri ‎Dec ‎07 ‎2018 00:47:18

MpEnsureProcessMitigationPolicy: hr = 0x1
Run as Network Service
MpCmdRun: End Time: ‎Fri ‎Dec ‎07 ‎2018 00:47:18

MpCmdRun: Command Line: "C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe" SignaturesUpdateService -ScheduleJob -UnmanagedUpdate
Start Time: ‎Fri ‎Dec ‎07 ‎2018 03:53:15

MpEnsureProcessMitigationPolicy: hr = 0x1
Start: Signatures Update Service
Update Started
Search Started (MU/WU update) (Path: Default URL)...
Update failed with hr: 0x80070422
Update completed with hr: 0x80070422
End: Signatures Update Service
MpCmdRun: End Time: ‎Fri ‎Dec ‎07 ‎2018 03:53:15

MpCmdRun: Command Line: "C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe" SignaturesUpdateService -ScheduleJob -UnmanagedUpdate
Start Time: ‎Fri ‎Dec ‎07 ‎2018 03:54:22

MpEnsureProcessMitigationPolicy: hr = 0x1
Start: Signatures Update Service
Update Started
Search Started (MU/WU update) (Path: Default URL)...
Update failed with hr: 0x80070422
Update completed with hr: 0x80070422
End: Signatures Update Service
MpCmdRun: End Time: ‎Fri ‎Dec ‎07 ‎2018 03:54:22

MpCmdRun: Command Line: "C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe" -DisableService
Start Time: ‎Fri ‎Dec ‎07 ‎2018 03:55:49

MpEnsureProcessMitigationPolicy: hr = 0x1
EnableService(0, 3)
Time Info - ‎Fri ‎Dec ‎07 ‎2018 03:56:01 EnableService(0, 3) - finished.
MpCmdRun: End Time: ‎Fri ‎Dec ‎07 ‎2018 03:56:01
i updated manually sbot run some checks yesterday but still these files are in temp.
computer is doing pretty good actually, i made some netstat (-b) (-ano) checks too didn't see anything unusual.
only thing that got my attention was a kind of freeze that lasted about 5sec but everything was normal after that.
i will run the tool and paste the logs.

2018-12-07, 12:57
Emsisoft Emergency Kit - Version 2018.6
Last update: 12/7/2018 1:50:56 PM
User account: DESKTOP-F843553\mrizo
Computer name: DESKTOP-F843553
OS version: Windows 10x64

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
Scan mail archives: Off
ADS Scan: On
File extension filter: Off
Direct disk access: Off

Scan start: 12/7/2018 1:54:30 PM

Scanned 74412
Found 0

Scan end: 12/7/2018 1:55:25 PM
Scan time: 0:00:55

2018-12-07, 13:01
apologies i did it wrong,here is the right one.

Emsisoft Emergency Kit 2018.6.0.8742 stable [en-us]
OS: Windows 10 (Version 10.0, Build 17134, 64-bit Edition)

Forensics log

Date Component Action Details
12/7/2018 2:00:30 PM Scanner Scan finished Scanned 74406 objects and found nothing.
12/7/2018 1:59:32 PM User DESKTOP-F843553\mrizo Scan started Malware Scan
12/7/2018 1:55:25 PM Scanner Scan finished Scanned 74412 objects and found nothing.
12/7/2018 1:54:30 PM User DESKTOP-F843553\mrizo Scan started Malware Scan
12/7/2018 1:50:56 PM User Update Downloaded and installed 1 file (2 kb) (20 sec.).
12/7/2018 1:47:07 PM Scanner Scan finished Scanned 74958 objects and found nothing.
12/7/2018 1:46:07 PM User DESKTOP-F843553\mrizo Scan started Malware Scan
12/7/2018 1:41:51 PM User Update Downloaded and installed 73 files (11051 kb) (1 min. 53 sec.).
12/6/2018 8:23:41 PM Scanner Scan finished Scanned 221485 objects and found nothing.
12/6/2018 8:19:21 PM User DESKTOP-F843553\mrizo Scan started Custom Scan
12/6/2018 6:10:19 PM Scanner Scan finished Scanned 76956 objects and found nothing.
12/6/2018 6:08:22 PM User DESKTOP-F843553\mrizo Scan started Malware Scan
12/6/2018 6:08:13 PM User DESKTOP-F843553\mrizo Setting modified "Detect PUPs" has been changed to "Enabled".
12/6/2018 6:05:23 PM User Update Downloaded and installed 71 files (9792 kb) (52 sec.).
12/6/2018 6:04:32 PM Core Notification "Recommended Reading:Beware: New wave of malware spreads via ISO file email attachments".
12/6/2018 6:04:27 PM User Update Failed with error "Server returned error" (0 sec.).

2018-12-07, 14:16
I dont think this is malware, and you can delete temp folders at any time.
we can try to set the machine to delete temp files and see if that can find whats updating and creating the file

Open Settings app. Navigate to System > Storage.
In the Storage sense section, turn on the Storage sense feature by moving the slider to on position.
Click Change how we free up space link. ...
Turn on Delete temporary files that my apps aren't using option.

If you can catch a legit too/application running in the background, check the temp folder and see if one is created.

I think we can go on and delete tools and quarantine folders now.

Please download DelFix (https://www.bleepingcomputer.com/download/delfix/) or from Here (http://www.bleepingcomputer.com/download/delfix/) and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:
Activate UAC
Remove disinfection tools
Click the Run button.
-- This will remove the specialized tools we used to disinfect your system.
Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).


2018-12-07, 14:29
ok! i did that,thank you so much for taking the time out of your day to assist me with my problem and provide all that info and solutions!
is there somewhere i can donate as a "thank you " to you guys and your forum?

2018-12-07, 14:33
nevermind i found it :)
thank you again god job on the forum and thank for the fast response!

2018-12-07, 14:34
Your welcome

Glad we could help. http://i.imgur.com/SakDYGv.gif
Since this issue appears resolved ... this Topic is closed.