Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: I need help, I do not know what to do about this possible malware/rookit

  1. #1
    Junior Member
    Join Date
    Dec 2017
    Posts
    8

    Default

    So first off I don't know anything about anything and have just been following instructions from random articles on how to remove malware/rookits.
    It first started when I wasn't able to open up chrome, which led me to try and open task manager to end it but when I tried to open task manager it didn't let me, some .exe error thing popped up. I didn't think much of it and just went on to use the edge browser but since then the situation has gotten worse. I can't open up most files, like videos, pictures, etc I just get a class not registered error. the windows button and search bar in the bottom left corner are unresponsive and I can't access any settings, I get a message saying "this file does not have a program associated with it" I can't open any command prompt or whatever else most articles were saying to do. While I still had access to the Edge browser I tried to download Malwarebytes but it didn't let me install it, another .exe error or something. Next I decided to just say screw it and format my pc, since I couldn't access the windows button I had to do the hold shift and click restart method. Sadly the formatting process failed, I assume whatever my pc has is preventing me from doing so, I tried 3 more times but still nothing. So what I did after was booting my pc into safe mode with networking. I managed to look through my files and find internet explorer, the only browser that still works. With it I downloaded Rkill and it did it's thing which then let me download Malwarebytes, but Malwarebytes found 0 threats. I tried TDSSkiller next, nothing. So now here I am trying SpyBot. I ran a deep scan for rookits and some hklm registry keys popped up and I'm not sure whether to deleted them or not. If I need to provide any additional information I will, just please help me get rid of this thing.

    Edit
    The malware forum's FAQ: http://forums.spybot.info/showthread.php?t=288

    I don't know what I did wrong with my post for the fyi but if I was missing information needed here it is I think. Somebody please just help or tell me how to post to get proper help because after reading the faq I have no idea what I did wrong.

    // info: Rootkit removal help file
    // copyright: (c) 2008-2017 Safer-Networking Ltd. All rights reserved.

    :: RootAlyzer Results
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\0BE7365E4CF77E116BD159EB7595E4CA:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\1007C6B46D7C017319E3B52CF3EC196E:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Windows\Installer\$PatchCache$\Managed\CFD2C1F142D260E3CB8B271543DA9F98:Win32App_1:$DATA"
    File:"No admin in ACL","C:\Users\kenan\AppData\Local\Temp\~DF0A13FDF61E754587.TMP"
    File:"No admin in ACL","C:\Users\kenan\AppData\Local\Temp\~DF0BDC3D8264C2C3D4.TMP"
    File:"No admin in ACL","C:\Users\kenan\AppData\Local\Temp\~DF55BFE0012B9E915A.TMP"
    File:"No admin in ACL","C:\Users\kenan\AppData\Local\Temp\~DF6B58BAB04CBB3235.TMP"
    File:"No admin in ACL","C:\Users\kenan\AppData\Local\Temp\~DF6BFCBAFF39288B9A.TMP"
    File:"No admin in ACL","C:\Users\kenan\AppData\Local\Temp\~DF712992F7C36790AB.TMP"
    File:"No admin in ACL","C:\Users\kenan\AppData\Local\Temp\~DF8A0B930BEB0DF89E.TMP"
    File:"Unknown ADS","C:\ProgramData\Intel\Wireless\Settings:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\AlphaConsole:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Intel:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Video Win Movie Maker:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Windows Live\Photo Gallery:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Windows Live\Shared:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Windows Live\SOXE:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Windows Live\Photo Gallery\en:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Windows Live\Photo Gallery\Shared:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Steam\steamapps\common\rocketleague:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Realtek\NICDRV_8169:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\NVIDIA Corporation\PhysX:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Intel\Bluetooth:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Intel\WiFi\bin:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe AIR:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\microsoft shared\VC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\microsoft shared\VC\amd64:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\AMD\CNext\CCCSlim:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Adobe\Adobe Help:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Adobe:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\AMD:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\WinRAR:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\VEGAS\VEGAS Pro 15.0:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Realtek\Audio\HDA:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Malwarebytes\Anti-Malware:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Intel\WiFi:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\VC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\Intel\WirelessCommon:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\AMD\CIM:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\AMD\PRW:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\AMD\CNext\CNBranding:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\AMD\CNext\CNext:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\AMD\CNext\CNext\ffmpeg:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\AMD\CIM\BIN64:Win32App_1:$DATA"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\CurrentControlSet\Services\CPK2HWU","Final"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\CurrentControlSet\Services\CPK1HWU","Final"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet001\Services\CPK2HWU","Final"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet001\Services\CPK1HWU","Final"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center","Svc"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\Security Center\Svc","Upgrade"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\WOW6432Node\Microsoft\InputMethod\Chs","DuState"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Svc","Upgrade"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Chs","DuState"
    Last edited by tashi; 2017-12-21 at 07:45. Reason: Merged 2 posts. Topic was moved from the RootAlyzer forum so user could receive assistance

  2. #2
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,453

    Default

    If in normal mode you cannot download the below tool, boot pc into safe mode with networking


    Farbar Recovery Scan Tool (FRST) - Scan mode
    Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.
    • Download the right version of FRST for your system:
      • FRST 32-bit
      • FRST 64-bit
        Note: Only the right version will run on your system, the other will throw an error message. So if you don't know what your system's version is, simply download both of them, and the one that works is the one you should be using.
    • Move the executable (FRST.exe or FRST64.exe) on your Desktop
    • Right-click on the executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
    • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds
    • Make sure the Addition.txt box is checked
    • Click on the Scan button
    • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files
    • Copy and paste the content of both FRST.txt and Addition.txt in your next reply

    created by Aura
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
    Want to help others? Join the ClassRoom and learn how.

  3. #3
    Junior Member
    Join Date
    Dec 2017
    Posts
    8

    Default

    Thank you for the response, here ya go

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-12-2017
    Ran by kenan (administrator) on DESKTOP-8UJQ7IU (21-12-2017 06:15:00)
    Running from C:\Users\kenan\AppData\Local\Microsoft\Windows\INetCache\IE\C16OIGDH
    Loaded Profiles: kenan (Available Profiles: kenan)
    Platform: Windows 10 Home Version 1709 16299.64 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Edge)
    Boot Mode: Safe Mode (with Networking)
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkypeHost.exe
    (Microsoft Corporation) C:\Windows\HelpPane.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDRootAlyzer.exe
    (Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9198592 2017-02-09] (Realtek Semiconductor)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [BrowserPlugInHelper] => C:\Program Files (x86)\Wondershare\VideoConverterFree\BrowserPlugInHelper.exe [410472 2012-09-28] (Wondershare Software)
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\Run: [Discord] => C:\Users\kenan\AppData\Local\Discord\app-0.0.299\Discord.exe [57954808 2017-12-11] (Discord Inc.)
    HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\Run: [Spotify] => C:\Users\kenan\AppData\Roaming\Spotify\Spotify.exe [21070224 2017-12-15] (Spotify Ltd)
    HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)
    HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [5345672 2017-11-09] (Nota Inc.)
    HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\Run: [AMDDVR] => C:\Program Files\AMD\CNext\CNext\amddvr.exe [1548680 2017-11-02] (Advanced Micro Devices, Inc.)
    HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\Run: [GoogleChromeAutoLaunch_E1F3A522677C32194697682E35E41970] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1592664 2017-12-05] (Google Inc.)
    HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\Run: [Spotify Web Helper] => C:\Users\kenan\AppData\Roaming\Spotify\SpotifyWebHelper.exe [780688 2017-12-15] (Spotify Ltd)
    BootExecute: autocheck autochk * sdnclean64.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 162.150.8.37 162.150.21.37
    Tcpip\..\Interfaces\{59617933-9a0e-4989-a0b4-e0af5c9e7167}: [DhcpNameServer] 75.75.75.75 75.75.76.76
    Tcpip\..\Interfaces\{9c020dea-8882-4312-ae78-a59e16a24d73}: [DhcpNameServer] 162.150.8.37 162.150.21.37

    Internet Explorer:
    ==================
    HKU\S-1-5-21-2108490749-413910539-1021375685-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://oem17win10.msn.com/?pc=NMTE
    HKU\S-1-5-21-2108490749-413910539-1021375685-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://oem17win10.msn.com/?pc=NMTE
    SearchScopes: HKU\S-1-5-21-2108490749-413910539-1021375685-1003 -> DefaultScope {DFAEECB9-2C31-4635-BFCD-485BAEABDD31} URL =
    SearchScopes: HKU\S-1-5-21-2108490749-413910539-1021375685-1003 -> {DFAEECB9-2C31-4635-BFCD-485BAEABDD31} URL =
    BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-12-18] (Microsoft Corporation)
    BHO-x32: Wondershare Video Converter Ultimate -> {65DEE40A-3E93-4cae-9F98-B8E06DCEE2BF} -> C:\Program Files (x86)\Wondershare\VideoConverterFree\SVRIEPlugin.dll [2012-09-28] (Wondershare Software Co., Ltd.)
    Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-18] (Microsoft Corporation)
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-12-18] (Microsoft Corporation)
    Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-18] (Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-12-18] (Microsoft Corporation)
    Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-18] (Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-12-18] (Microsoft Corporation)
    Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-18] (Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-12-18] (Microsoft Corporation)

    FireFox:
    ========
    FF HKLM-x32\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Program Files (x86)\Wondershare\VideoConverterFree\SVRFirefoxExt
    FF Extension: (Wondershare Video Converter Ultimate) - C:\Program Files (x86)\Wondershare\VideoConverterFree\SVRFirefoxExt [2017-10-19] [Legacy] [not signed]
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-12-18] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-12-18] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)

    Chrome:
    =======
    CHR Profile: C:\Users\kenan\AppData\Local\Google\Chrome\User Data\Default [2017-12-20]
    CHR Extension: (Slides) - C:\Users\kenan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
    CHR Extension: (Docs) - C:\Users\kenan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
    CHR Extension: (Google Drive) - C:\Users\kenan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-02]
    CHR Extension: (YouTube) - C:\Users\kenan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-02]
    CHR Extension: (Steam Inventory Helper) - C:\Users\kenan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2017-12-14]
    CHR Extension: (Sheets) - C:\Users\kenan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
    CHR Extension: (Google Docs Offline) - C:\Users\kenan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-10-02]
    CHR Extension: (AdBlock) - C:\Users\kenan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-12-08]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\kenan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-02]
    CHR Extension: (Gmail) - C:\Users\kenan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-10-02]
    CHR Extension: (Chrome Media Router) - C:\Users\kenan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-14]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S2 AMD External Events Utility; C:\WINDOWS\System32\DriverStore\FileRepository\c0320046.inf_amd64_8e8f6af872d98101\atiesrxx.exe [472456 2017-11-02] (AMD)
    S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7760552 2017-12-07] (Microsoft Corporation)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-12-27] ()
    S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
    S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
    S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
    S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
    S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\NisSrv.exe [356176 2017-12-06] (Microsoft Corporation)
    R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MsMpEng.exe [105792 2017-12-06] (Microsoft Corporation)
    S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-12-27] (Intel® Corporation)
    S2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 amdgpio2; C:\WINDOWS\System32\drivers\amdgpio2.sys [34696 2017-03-31] (Advanced Micro Devices, Inc)
    R3 amdgpio3; C:\WINDOWS\System32\drivers\amdgpio3.sys [33144 2017-04-01] (Advanced Micro Devices, Inc)
    S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
    S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [95080 2017-06-12] (Advanced Micro Devices, Inc. )
    S3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0320046.inf_amd64_8e8f6af872d98101\atikmdag.sys [40034184 2017-11-02] (Advanced Micro Devices, Inc.)
    S3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0320046.inf_amd64_8e8f6af872d98101\atikmpag.sys [536456 2017-11-02] (Advanced Micro Devices, Inc.)
    R3 AMDPCIDev; C:\WINDOWS\System32\drivers\AMDPCIDev.sys [31112 2017-10-10] (Advanced Micro Devices)
    R1 amdpsp; C:\WINDOWS\system32\DRIVERS\amdpsp.sys [239976 2017-06-12] (Advanced Micro Devices, Inc. )
    S3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [118960 2017-10-12] (Advanced Micro Devices)
    S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
    S3 IaNVMe; C:\WINDOWS\System32\drivers\IaNVMe.sys [113160 2016-11-04] (Intel Corporation)
    S3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [253696 2017-01-13] (Intel Corporation)
    S3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2017-12-20] (Malwarebytes)
    R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2017-12-20] (Malwarebytes)
    S1 MpKsl2af69dc9; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{370E15E5-C8FE-460B-94F8-F56BED5592B2}\MpKsl2af69dc9.sys [58120 2017-12-20] () [File not signed]
    S3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7689728 2017-09-29] (Intel Corporation)
    S2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
    S3 ocznvme; C:\WINDOWS\System32\drivers\ocznvme.sys [99592 2016-06-10] (TOSHIBA CORPORATION)
    S3 ocztrimfilter; C:\WINDOWS\System32\drivers\ocztrimfilter.sys [29064 2016-06-10] (TOSHIBA CORPORATION)
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-08-22] (Realtek )
    R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
    S3 secnvme; C:\WINDOWS\System32\drivers\secnvme.sys [135688 2016-12-09] (Samsung Electronics Co., Ltd)
    S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
    S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2017-12-06] (Microsoft Corporation)
    S0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288848 2017-12-06] (Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2017-12-06] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-12-21 06:14 - 2017-12-21 06:15 - 000000000 ____D C:\FRST
    2017-12-20 23:46 - 2017-12-20 23:46 - 000000000 ____D C:\Users\kenan\Documents\ProcAlyzer Dumps
    2017-12-20 23:44 - 2017-12-20 23:44 - 000004246 _____ C:\WINDOWS\system32\PerfStringBackup.TMP
    2017-12-20 23:40 - 2017-12-20 23:40 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
    2017-12-20 19:20 - 2017-12-20 19:20 - 000000000 ____D C:\$Windows.~BT
    2017-12-20 19:17 - 2017-12-20 19:22 - 000000000 ___HD C:\$SysReset
    2017-12-20 05:57 - 2017-12-20 14:52 - 000524472 _____ C:\TDSSKiller.3.1.0.15_20.12.2017_05.57.03_log.txt
    2017-12-20 05:53 - 2017-12-20 05:53 - 000000000 ____D C:\Users\kenan\AppData\Local\ElevatedDiagnostics
    2017-12-20 05:11 - 2017-12-20 17:03 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2017-12-20 05:11 - 2017-12-20 05:12 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
    2017-12-20 05:11 - 2017-12-20 05:11 - 000001467 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    2017-12-20 05:11 - 2017-12-20 05:11 - 000001455 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    2017-12-20 05:11 - 2017-12-20 05:11 - 000000656 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
    2017-12-20 05:11 - 2017-12-20 05:11 - 000000628 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
    2017-12-20 05:11 - 2017-12-20 05:11 - 000000458 _____ C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
    2017-12-20 05:11 - 2017-12-20 05:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    2017-12-20 05:11 - 2017-05-23 09:22 - 000032240 _____ (Safer-Networking Ltd.) C:\WINDOWS\system32\sdnclean64.exe
    2017-12-20 04:45 - 2017-12-20 23:40 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
    2017-12-20 04:45 - 2017-12-20 04:45 - 000046008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2017-12-20 04:45 - 2017-12-20 04:45 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2017-12-20 04:45 - 2017-12-20 04:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2017-12-20 04:45 - 2017-12-20 04:45 - 000000000 ____D C:\ProgramData\Malwarebytes
    2017-12-20 04:45 - 2017-11-29 09:11 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
    2017-12-20 04:42 - 2017-12-20 17:53 - 000001896 _____ C:\Users\kenan\Desktop\Rkill.txt
    2017-12-20 03:52 - 2017-12-20 23:41 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
    2017-12-20 03:51 - 2017-12-20 23:50 - 001153536 _____ C:\WINDOWS\ntbtlog.txt
    2017-12-20 00:32 - 2017-12-20 00:32 - 933034737 _____ C:\WINDOWS\MEMORY.DMP
    2017-12-20 00:32 - 2017-12-20 00:32 - 001227084 _____ C:\WINDOWS\Minidump\122017-23625-01.dmp
    2017-12-19 05:20 - 2017-12-19 05:20 - 000000000 __SHD C:\found.011
    2017-12-19 05:20 - 2017-12-19 05:20 - 000000000 __SHD C:\found.010
    2017-12-19 05:20 - 2017-12-19 05:20 - 000000000 __SHD C:\found.009
    2017-12-18 17:57 - 2017-12-18 17:57 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
    2017-12-16 12:17 - 2017-12-20 17:11 - 000004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4146EC12-38C2-4FFA-80C8-83B6CE2D9A04}
    2017-12-13 10:04 - 2017-12-07 17:13 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
    2017-12-13 10:04 - 2017-12-07 17:10 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
    2017-12-13 09:55 - 2017-12-13 09:55 - 000000072 ___SH C:\bootTel.dat
    2017-12-12 07:18 - 2017-12-12 07:18 - 000000000 __SHD C:\found.008
    2017-12-12 07:18 - 2017-12-12 07:18 - 000000000 __SHD C:\found.007
    2017-12-12 07:18 - 2017-12-12 07:18 - 000000000 __SHD C:\found.006
    2017-12-12 01:40 - 2017-12-12 01:44 - 000008674 _____ C:\Users\kenan\Documents\preview.wlmp
    2017-12-09 01:39 - 2017-12-18 06:27 - 000065311 _____ C:\Users\kenan\Documents\m2boi.wlmp
    2017-12-07 23:56 - 2017-12-08 00:52 - 1253925746 _____ C:\Users\kenan\Documents\The montage.mp4
    2017-12-07 07:55 - 2017-12-07 07:55 - 000000000 __SHD C:\found.000
    2017-12-05 16:36 - 2017-12-05 22:56 - 000095401 _____ C:\Users\kenan\Documents\kkill me3.wlmp
    2017-12-05 16:16 - 2017-12-05 16:36 - 000096383 _____ C:\Users\kenan\Documents\kkill me 2.wlmp
    2017-12-03 23:50 - 2017-12-03 23:50 - 000440128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140.dll
    2017-12-03 23:50 - 2017-12-03 23:50 - 000263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vccorlib140.dll
    2017-12-03 23:50 - 2017-12-03 23:50 - 000242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\concrt140.dll
    2017-12-03 23:50 - 2017-12-03 23:50 - 000083792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vcruntime140.dll
    2017-12-03 23:38 - 2017-12-03 23:38 - 000641696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140.dll
    2017-12-03 23:38 - 2017-12-03 23:38 - 000389296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vccorlib140.dll
    2017-12-03 23:38 - 2017-12-03 23:38 - 000331432 _____ (Microsoft Corporation) C:\WINDOWS\system32\concrt140.dll
    2017-12-03 23:38 - 2017-12-03 23:38 - 000087728 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140.dll
    2017-12-02 11:14 - 2017-12-02 11:14 - 000000000 ____D C:\found.005
    2017-12-02 11:14 - 2017-12-02 11:14 - 000000000 ____D C:\found.002
    2017-12-01 20:31 - 2017-12-01 21:26 - 671787453 _____ C:\Users\kenan\Documents\do dis look bettar.mp4
    2017-11-30 22:32 - 2017-12-01 20:22 - 026023594 _____ C:\Users\kenan\Documents\Untitled.mp4
    2017-11-30 22:32 - 2017-11-30 22:32 - 400855071 ____T C:\Users\kenan\Documents\mvm774D.tmp
    2017-11-30 19:07 - 2017-12-20 00:32 - 000000000 ____D C:\WINDOWS\Minidump
    2017-11-29 06:24 - 2017-12-05 23:21 - 000097813 _____ C:\Users\kenan\Documents\kkill me.wlmp
    2017-11-26 20:52 - 2017-11-26 20:52 - 000000000 ____D C:\found.004
    2017-11-26 20:52 - 2017-11-26 20:52 - 000000000 ____D C:\found.003
    2017-11-25 21:30 - 2017-11-25 21:32 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
    2017-11-25 21:29 - 2017-11-25 21:30 - 000000000 ____D C:\WINDOWS\ServiceProfiles
    2017-11-25 21:29 - 2017-11-25 21:29 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
    2017-11-25 21:27 - 2017-11-25 21:27 - 025246208 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 023658496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 021753344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 019339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 018914304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 017083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 013655552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 012687360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 008590744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2017-11-25 21:27 - 2017-11-25 21:27 - 008099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 007831248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 006791472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 006035968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 006015200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 005906264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 004742144 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 004648528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 004487968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 003679232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2017-11-25 21:27 - 2017-11-25 21:27 - 003478016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 003313968 _____ C:\WINDOWS\system32\Windows.Mirage.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 002972672 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 002905600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
    2017-11-25 21:27 - 2017-11-25 21:27 - 002869248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 002864640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 002862080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 002781696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 002717392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 002633216 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 002573208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2017-11-25 21:27 - 2017-11-25 21:27 - 002474584 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 002467840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 002465848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 002400664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
    2017-11-25 21:27 - 2017-11-25 21:27 - 002392576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 002269080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 002106368 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2017-11-25 21:27 - 2017-11-25 21:27 - 001970520 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 001954048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 001856000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 001822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 001806336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 001667584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 001664000 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 001641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 001634288 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 001615720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 001587200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 001554216 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 001547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 001528904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 001507736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 001485824 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 001463856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 001454568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 001436432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 001426152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 001377080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 001323840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 001322496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 001280000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 001261864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 001200024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
    2017-11-25 21:27 - 2017-11-25 21:27 - 001170008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 001167360 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 001053592 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
    2017-11-25 21:27 - 2017-11-25 21:27 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
    2017-11-25 21:27 - 2017-11-25 21:27 - 001015008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000975872 _____ C:\WINDOWS\system32\FaceProcessor.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
    2017-11-25 21:27 - 2017-11-25 21:27 - 000925184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000839928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Perception.Stub.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
    2017-11-25 21:27 - 2017-11-25 21:27 - 000768512 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000739696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
    2017-11-25 21:27 - 2017-11-25 21:27 - 000710920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000677280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2017-11-25 21:27 - 2017-11-25 21:27 - 000665600 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000654848 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
    2017-11-25 21:27 - 2017-11-25 21:27 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000618496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000612760 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000610712 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000603920 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
    2017-11-25 21:27 - 2017-11-25 21:27 - 000599040 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000597160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000591872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000566272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000559512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
    2017-11-25 21:27 - 2017-11-25 21:27 - 000555416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
    2017-11-25 21:27 - 2017-11-25 21:27 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000541184 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
    2017-11-25 21:27 - 2017-11-25 21:27 - 000506256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000487424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000479912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000478208 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000465408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000464416 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000442880 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000436120 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000428952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
    2017-11-25 21:27 - 2017-11-25 21:27 - 000418712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000374032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
    2017-11-25 21:27 - 2017-11-25 21:27 - 000373656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
    2017-11-25 21:27 - 2017-11-25 21:27 - 000372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000362176 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioIso.exe
    2017-11-25 21:27 - 2017-11-25 21:27 - 000354200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000353688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicRuntimes.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
    2017-11-25 21:27 - 2017-11-25 21:27 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
    2017-11-25 21:27 - 2017-11-25 21:27 - 000269696 _____ C:\WINDOWS\system32\FaceProcessorCore.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000246168 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000232344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
    2017-11-25 21:27 - 2017-11-25 21:27 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000187288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
    2017-11-25 21:27 - 2017-11-25 21:27 - 000184984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000147864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
    2017-11-25 21:27 - 2017-11-25 21:27 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000139672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
    2017-11-25 21:27 - 2017-11-25 21:27 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
    2017-11-25 21:27 - 2017-11-25 21:27 - 000123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
    2017-11-25 21:27 - 2017-11-25 21:27 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000097792 _____ C:\WINDOWS\system32\runexehelper.exe
    2017-11-25 21:27 - 2017-11-25 21:27 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000060824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\urscx01000.sys
    2017-11-25 21:27 - 2017-11-25 21:27 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
    2017-11-25 21:27 - 2017-11-25 21:27 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdrleakdiag.exe
    2017-11-25 21:27 - 2017-11-25 21:27 - 000045464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
    2017-11-25 21:27 - 2017-11-25 21:27 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdrleakdiag.exe
    2017-11-25 21:27 - 2017-11-25 21:27 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
    2017-11-25 21:27 - 2017-11-25 21:27 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcVSp1res.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcVSp1res.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
    2017-11-25 21:27 - 2017-11-25 21:27 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
    2017-11-25 19:13 - 2017-11-25 19:13 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
    2017-11-25 19:12 - 2017-11-25 19:12 - 000000000 ___HD C:\Users\kenan\MicrosoftEdgeBackups
    2017-11-25 19:11 - 2017-11-25 19:11 - 000000020 ___SH C:\Users\kenan\ntuser.ini
    2017-11-25 19:11 - 2017-11-25 19:11 - 000000000 ___RD C:\Users\kenan\3D Objects
    2017-11-25 19:11 - 2017-11-25 19:11 - 000000000 ____D C:\Users\kenan\AppData\Local\PackageStaging
    2017-11-25 18:55 - 2017-11-25 18:55 - 000000000 ____D C:\ProgramData\USOShared
    2017-11-25 18:52 - 2017-12-20 23:35 - 001325544 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2017-11-25 18:49 - 2017-11-25 18:49 - 000022744 _____ C:\WINDOWS\system32\emptyregdb.dat
    2017-11-25 18:49 - 2017-11-25 18:49 - 000007623 _____ C:\WINDOWS\diagwrn.xml
    2017-11-25 18:49 - 2017-11-25 18:49 - 000007623 _____ C:\WINDOWS\diagerr.xml
    2017-11-25 18:48 - 2017-12-20 23:39 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2017-11-25 18:48 - 2017-11-29 22:32 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2108490749-413910539-1021375685-1003
    2017-11-25 18:48 - 2017-11-25 18:49 - 000003344 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
    2017-11-25 18:48 - 2017-11-25 18:49 - 000002852 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2108490749-413910539-1021375685-500
    2017-11-25 18:48 - 2017-11-25 18:48 - 000003120 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
    2017-11-25 18:48 - 2017-11-25 18:48 - 000002664 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachineDaily
    2017-11-25 18:48 - 2017-11-25 18:48 - 000002558 _____ C:\WINDOWS\System32\Tasks\AMD ThankingURL
    2017-11-25 18:48 - 2017-11-25 18:48 - 000002524 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachine
    2017-11-25 18:48 - 2017-11-25 18:48 - 000002146 _____ C:\WINDOWS\System32\Tasks\StartCN
    2017-11-25 18:40 - 2017-11-25 18:40 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2017-11-25 18:39 - 2017-12-13 18:07 - 000000000 ____D C:\Users\kenan\AppData\Local\Packages
    2017-11-25 18:38 - 2017-12-20 18:56 - 000000000 ____D C:\Users\kenan
    2017-11-25 18:38 - 2017-09-29 08:41 - 002241024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
    2017-11-25 18:35 - 2017-12-21 06:10 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2017-11-25 18:35 - 2017-12-20 00:39 - 005005464 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2017-11-24 02:08 - 2017-11-24 02:08 - 000000761 _____ C:\Users\kenan\Downloads\Documents - Shortcut.lnk
    2017-11-23 09:55 - 2017-11-23 14:53 - 000086356 _____ C:\Users\kenan\Documents\ranked.wlmp
    2017-11-22 02:16 - 2017-11-22 02:21 - 000000000 ____D C:\Users\kenan\AppData\Roaming\HandBrake
    2017-11-22 02:16 - 2017-11-22 02:16 - 000000000 ____D C:\Users\kenan\AppData\Roaming\HandBrake Team
    2017-11-22 02:15 - 2017-11-25 18:44 - 000000000 ____D C:\Users\kenan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HandBrake
    2017-11-22 02:15 - 2017-11-22 02:15 - 000000872 _____ C:\Users\kenan\Desktop\HandBrake.lnk
    2017-11-22 02:15 - 2017-11-22 02:15 - 000000000 ____D C:\Program Files\HandBrake
    2017-11-22 02:14 - 2017-11-22 02:14 - 010468271 _____ C:\Users\kenan\Downloads\HandBrake-1.0.7-x86_64-Win_GUI.exe

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-12-20 23:39 - 2017-04-11 11:49 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
    2017-12-20 18:56 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\rescache
    2017-12-20 17:15 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
    2017-12-20 17:12 - 2017-10-02 07:17 - 000000000 ____D C:\Users\kenan\AppData\Roaming\Spotify
    2017-12-20 17:12 - 2017-10-02 07:17 - 000000000 ____D C:\Users\kenan\AppData\Local\Spotify
    2017-12-20 16:16 - 2017-09-29 03:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
    2017-12-20 03:49 - 2017-10-02 07:36 - 000000000 ____D C:\Program Files (x86)\Steam
    2017-12-20 03:48 - 2017-10-02 07:00 - 000000000 ___RD C:\Users\kenan\OneDrive
    2017-12-20 01:53 - 2017-09-29 08:44 - 000000000 ____D C:\WINDOWS\INF
    2017-12-20 00:45 - 2017-10-02 07:13 - 000000000 ____D C:\Users\kenan\AppData\Roaming\discord
    2017-12-20 00:37 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\TextInput
    2017-12-20 00:37 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
    2017-12-20 00:37 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
    2017-12-20 00:37 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
    2017-12-20 00:37 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\oobe
    2017-12-20 00:37 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
    2017-12-20 00:37 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
    2017-12-20 00:37 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\Provisioning
    2017-12-20 00:37 - 2017-09-29 08:46 - 000000000 ____D C:\Program Files\Windows Defender
    2017-12-20 00:37 - 2017-09-29 03:45 - 000000000 ____D C:\WINDOWS\system32\Dism
    2017-12-19 13:19 - 2017-09-29 08:46 - 000000000 ___HD C:\Program Files\WindowsApps
    2017-12-19 13:19 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\AppReadiness
    2017-12-19 06:28 - 2017-09-29 08:37 - 000000000 ____D C:\WINDOWS\CbsTemp
    2017-12-18 17:59 - 2017-09-29 08:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2017-12-18 17:57 - 2017-09-29 08:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
    2017-12-18 17:57 - 2017-04-07 16:15 - 000000000 ____D C:\Program Files\Microsoft Office
    2017-12-16 12:24 - 2017-10-02 07:10 - 000000000 ____D C:\Users\kenan\AppData\Local\Google
    2017-12-14 20:09 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SystemApps
    2017-12-14 20:09 - 2017-09-29 08:46 - 000000000 ____D C:\PerfLogs
    2017-12-13 10:09 - 2017-10-01 17:30 - 000000000 ____D C:\WINDOWS\system32\MRT
    2017-12-13 10:08 - 2017-10-10 12:34 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
    2017-12-13 10:08 - 2017-10-01 17:30 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2017-12-11 17:39 - 2017-10-02 07:13 - 000002240 _____ C:\Users\kenan\Desktop\Discord.lnk
    2017-12-11 17:39 - 2017-10-02 07:13 - 000000000 ____D C:\Users\kenan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
    2017-12-11 17:38 - 2017-10-02 07:13 - 000000000 ____D C:\Users\kenan\AppData\Local\Discord
    2017-12-06 18:50 - 2017-10-01 19:33 - 000000000 ____D C:\Users\kenan\AppData\Roaming\obs-studio
    2017-12-03 17:38 - 2017-09-29 08:49 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2017-12-03 17:38 - 2017-09-29 08:49 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2017-11-30 20:27 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\NDF
    2017-11-29 22:32 - 2017-10-02 07:00 - 000002370 _____ C:\Users\kenan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2017-11-26 03:40 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\appcompat
    2017-11-25 21:34 - 2017-09-29 08:46 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
    2017-11-25 21:32 - 2017-11-14 15:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
    2017-11-25 21:32 - 2017-10-22 18:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
    2017-11-25 21:32 - 2017-10-20 17:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Win Movie Maker
    2017-11-25 21:32 - 2017-10-19 07:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movavi Video Converter 17
    2017-11-25 21:32 - 2017-10-17 18:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
    2017-11-25 21:32 - 2017-10-02 18:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Problem Report Wizard
    2017-11-25 21:32 - 2017-10-02 10:15 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
    2017-11-25 21:32 - 2017-10-02 10:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
    2017-11-25 21:32 - 2017-10-02 07:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
    2017-11-25 21:32 - 2017-10-01 19:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
    2017-11-25 21:32 - 2017-09-29 08:49 - 000000000 ____D C:\WINDOWS\Setup
    2017-11-25 21:32 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
    2017-11-25 21:32 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\spool
    2017-11-25 21:32 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\ModemLogs
    2017-11-25 21:32 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
    2017-11-25 21:32 - 2017-04-11 11:25 - 000000000 ___HD C:\WINDOWS\system32\WLANProfiles
    2017-11-25 21:32 - 2017-04-11 11:24 - 000000000 ____D C:\Program Files\Intel
    2017-11-25 21:32 - 2017-04-11 11:20 - 000000000 ____D C:\Program Files\AMD
    2017-11-25 21:32 - 2017-04-07 16:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
    2017-11-25 21:32 - 2017-04-03 12:56 - 000000000 ___HD C:\WINDOWS\OEM
    2017-11-25 21:32 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
    2017-11-25 21:30 - 2017-11-14 15:17 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies
    2017-11-25 21:30 - 2017-10-31 03:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VEGAS
    2017-11-25 21:30 - 2017-10-19 07:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
    2017-11-25 21:30 - 2017-04-11 11:35 - 000000000 ____D C:\Program Files\Realtek
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\yo-NG
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\wo-SN
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\vi-VN
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ur-PK
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ug-CN
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\tt-RU
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\tk-TM
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ti-ET
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\te-IN
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ta-IN
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\sw-KE
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\sq-AL
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\si-LK
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\rw-RW
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\quz-PE
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\prs-AF
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\pa-IN
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\or-IN
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\nn-NO
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ne-NP
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\mt-MT
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\mr-IN
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\mn-MN
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ml-IN
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\mk-MK
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\lo-LA
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\lb-LU
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ky-KG
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\kok-IN
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\kn-IN
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\km-KH
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ka-GE
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\is-IS
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ig-NG
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\id-ID
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\hy-AM
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\gu-IN
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\gd-GB
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ga-IE
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\fil-PH
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\fa-IR
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\cy-GB
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\bn-IN
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\bn-BD
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\be-BY
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\as-IN
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\am-ET
    2017-11-25 21:28 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\af-ZA
    2017-11-25 21:28 - 2017-09-29 08:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
    2017-11-25 21:28 - 2017-09-29 08:46 - 000000000 ___SD C:\WINDOWS\system32\F12
    2017-11-25 21:28 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2017-11-25 19:27 - 2017-09-29 08:46 - 000000000 ___RD C:\WINDOWS\PrintDialog
    2017-11-25 19:11 - 2017-11-20 01:57 - 000000000 ___DC C:\WINDOWS\Panther
    2017-11-25 19:11 - 2017-10-02 06:57 - 000000000 ____D C:\Users\kenan\AppData\Local\TileDataLayer
    2017-11-25 19:11 - 2017-04-03 12:54 - 000000000 __RHD C:\Users\Public\AccountPictures
    2017-11-25 18:55 - 2017-09-29 08:46 - 000000000 ____D C:\ProgramData\USOPrivate
    2017-11-25 18:50 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\Registration
    2017-11-25 18:50 - 2017-09-29 03:45 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
    2017-11-25 18:48 - 2017-09-29 08:46 - 000000000 __RHD C:\Users\Public\Libraries
    2017-11-25 18:44 - 2017-10-31 12:53 - 000000000 ____D C:\Users\kenan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
    2017-11-25 18:44 - 2017-10-31 12:51 - 000000000 ____D C:\Users\kenan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
    2017-11-25 18:44 - 2017-10-02 10:00 - 000000000 ____D C:\Users\kenan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
    2017-11-25 18:44 - 2017-10-02 07:47 - 000000000 ____D C:\Users\kenan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
    2017-11-25 18:40 - 2017-09-29 08:46 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2017-11-25 18:38 - 2017-09-29 03:45 - 000000000 ____D C:\WINDOWS\system32\Sysprep
    2017-11-25 18:37 - 2017-04-11 11:35 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
    2017-11-25 18:37 - 2017-04-11 11:35 - 000000000 ____D C:\WINDOWS\system32\DAX3
    2017-11-25 18:37 - 2017-04-11 11:35 - 000000000 ____D C:\WINDOWS\system32\DAX2
    2017-11-25 18:37 - 2017-04-11 11:35 - 000000000 ____D C:\ProgramData\Audyssey Labs

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2017-12-16 11:34

    ==================== End of FRST.txt ============================
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2017
    Ran by kenan (21-12-2017 06:15:43)
    Running from C:\Users\kenan\AppData\Local\Microsoft\Windows\INetCache\IE\C16OIGDH
    Windows 10 Home Version 1709 16299.64 (X64) (2017-11-25 23:52:03)
    Boot Mode: Safe Mode (with Networking)
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2108490749-413910539-1021375685-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-2108490749-413910539-1021375685-503 - Limited - Disabled)
    Guest (S-1-5-21-2108490749-413910539-1021375685-501 - Limited - Disabled)
    kenan (S-1-5-21-2108490749-413910539-1021375685-1003 - Administrator - Enabled) => C:\Users\kenan
    WDAGUtilityAccount (S-1-5-21-2108490749-413910539-1021375685-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Enabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe After Effects CS6 (HKLM-x32\...\{4817D846-700B-474E-A31B-80892B3E92E3}) (Version: 11 - Adobe Systems Incorporated)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
    Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
    AlphaConsole version 8.0 (HKLM-x32\...\{83CB5404-7E78-4B1F-B0D5-A8D0FCDA9B7D}_is1) (Version: 8.0 - AlphaConsole)
    AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
    ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
    Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.36.1 - Asmedia Technology)
    Catalyst Control Center Next Localization BR (HKLM\...\{E7AA1A02-575C-14C6-FBEF-4BE6D46A5B74}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization CHS (HKLM\...\{EB6C44F1-0F78-FE10-BC63-90BA50AB0CE9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization CHT (HKLM\...\{B26D75B8-FAB7-6F8B-767F-BAF975383D91}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization CS (HKLM\...\{36EDC500-E4C0-371C-9865-08450415C1E9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization DA (HKLM\...\{4C2FB7FD-89FD-BA5C-585A-3811F326AD34}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization DE (HKLM\...\{D74218A3-C503-57EF-AC9F-2220082E7ADE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization EL (HKLM\...\{DA433FCF-90A1-19A5-65A7-FDF82DE4826D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization ES (HKLM\...\{949F125B-A6CC-5A5E-EEE7-4AC50305C1FA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization FI (HKLM\...\{20D46801-147B-30AD-7C5A-AC4560A79096}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization FR (HKLM\...\{22C39711-2747-D264-319A-1550BEEAAEC6}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization HU (HKLM\...\{1DBACFDB-5E43-7882-36BD-53526D34BD22}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization IT (HKLM\...\{A91FC4BF-C1EC-ADCA-79D1-F4F0671F1D60}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization JA (HKLM\...\{ED75A775-03A7-F214-868D-497748707968}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization KO (HKLM\...\{07BFBD5C-2F63-6828-1B61-B41A44113F3B}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization NL (HKLM\...\{E6038D3E-5D87-8DF7-6D05-BE7532C3E73E}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization NO (HKLM\...\{DFAD9DAC-4768-C8BB-4E0E-5239605A9BEA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization PL (HKLM\...\{FFBFBD1F-B160-A119-7C43-8584FA2E5665}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization RU (HKLM\...\{4D1D5407-9B69-6422-629C-8518A26004A4}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization SV (HKLM\...\{A8379BAB-59A9-C0A3-8BCC-4852EA403692}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization TH (HKLM\...\{24DF617A-CD23-6E6A-126B-23630D2781CE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization TR (HKLM\...\{83DDDFD8-AD42-72F9-E4F1-5456FDB304C9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
    D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
    Discord (HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\Discord) (Version: 0.0.299 - Discord Inc.)
    FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version: - Image-Line)
    FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version: - )
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.84 - Google Inc.)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
    Gyazo 3.3.4 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.)
    HandBrake 1.0.7 (HKLM-x32\...\HandBrake) (Version: 1.0.7 - )
    IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)
    Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{0E13241D-76B0-4A4C-9665-3969F55C08D5}) (Version: 19.40.1702.1091 - Intel Corporation)
    Intel® PROSet/Wireless Software (HKLM-x32\...\{475ea806-cb2a-455b-bb1b-9f99342b2fe2}) (Version: 19.40.0 - Intel Corporation)
    Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
    Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8730.2127 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123 (HKLM-x32\...\{206898cc-4b41-4d98-ac28-9f9ae57f91fe}) (Version: 14.0.24123.0 - Microsoft Corporation)
    Movavi Video Converter 17 (HKLM-x32\...\Movavi Video Converter 17) (Version: 17.3.0 - Movavi)
    Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
    OBS Studio (HKLM-x32\...\OBS Studio) (Version: 20.0.1 - OBS Project)
    Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8059 - Realtek Semiconductor Corp.)
    Spotify (HKU\S-1-5-21-2108490749-413910539-1021375685-1003\...\Spotify) (Version: 1.0.70.388.g8e1ed5af - Spotify AB)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.6.46 - Safer-Networking Ltd.)
    Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
    VEGAS Pro 15.0 (HKLM\...\{E0F91FB0-7FC4-11E7-B8E9-95BE57594EAC}) (Version: 15.0.177 - VEGAS)
    Video Win Movie Maker 2016 (HKLM-x32\...\{3CC29C1A-B5FE-457B-8F22-32A2videowin}}_is1) (Version: - videowinsoft.com)
    Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
    Vulkan Run Time Libraries 1.0.51.0 (HKLM\...\VulkanRT1.0.51.0) (Version: 1.0.51.0 - LunarG, Inc.)
    Vulkan Run Time Libraries 1.0.54.0 (HKLM\...\VulkanRT1.0.54.0) (Version: 1.0.54.0 - LunarG, Inc.)
    Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
    WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
    WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
    Wondershare Video Converter Free(Build 6.0.1.0) (HKLM-x32\...\Wondershare Video Converter Free_is1) (Version: 6.0.1.0 - Wondershare Software)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
    ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
    ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
    ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
    ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
    ContextMenuHandlers1-x32: [WondershareVideoConverterFileOpreation] -> {FEB746CA-95C2-485F-B386-C30D4E56D22E} => C:\Windows\SysWOW64\WSCM64.dll [2012-09-21] ()
    ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
    ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
    ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-11-02] (Advanced Micro Devices, Inc.)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
    ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
    ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
    ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
    ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {281C13EE-2F71-45B6-8FBB-15112ED57A4E} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-10-03] ()
    Task: {31D34E13-37BE-4989-AD75-7A7C36F2C899} - System32\Tasks\AMD ThankingURL => "" [Argument = -LAUNCHTHQURL]
    Task: {3A9D7F47-4F2B-47F4-BFF0-262DCB74BEF5} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-07] (Microsoft Corporation)
    Task: {4A98B3F7-F03E-481C-886B-CF52A7B399BA} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-10-03] ()
    Task: {4FE111FC-CD4E-4909-8453-440C3C6B7F39} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-12-18] (Microsoft Corporation)
    Task: {72883E6B-1D0E-4491-B030-6BE6D329BA74} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-02] (Google Inc.)
    Task: {820D48C2-C720-4CCA-A9CC-59C617BBBBB3} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-07] (Microsoft Corporation)
    Task: {B0FCFA0C-5A4A-494A-BB37-2E2691F1A18B} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-12-18] (Microsoft Corporation)
    Task: {B94AFC42-2992-4D12-92DE-C2583EC78071} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-02] (Google Inc.)
    Task: {C2DCFBEB-195B-43A7-99E5-64373139D141} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-11-02] (Advanced Micro Devices, Inc.)
    Task: {E8023043-6004-4263-99AB-8FB4E4B6DD5F} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-12-18] (Microsoft Corporation)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
    Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
    Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
    Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============

    2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
    2017-12-20 04:45 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
    2017-10-19 07:23 - 2012-09-21 09:25 - 000727952 _____ () C:\Windows\SysWOW64\WSCM64.dll
    2017-12-11 17:57 - 2017-12-11 17:57 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkypeHost.exe
    2017-12-11 17:57 - 2017-12-11 17:57 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
    2017-12-20 05:11 - 2016-09-13 14:00 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2017-12-20 05:11 - 2016-09-13 14:00 - 000167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2017-12-20 05:11 - 2016-09-13 14:00 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    2017-12-20 05:11 - 2017-05-12 11:36 - 000507464 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2017-03-18 16:03 - 2017-03-18 16:01 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2108490749-413910539-1021375685-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\kenan\Downloads\black-screen.png
    DNS Servers: 162.150.8.37 - 162.150.21.37
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{CB4A2747-F454-43E7-9544-A47BCFA02A72}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Doki Doki Literature Club\DDLC.exe
    FirewallRules: [{FB4C9336-A531-488D-AEAE-688A627328EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Doki Doki Literature Club\DDLC.exe
    FirewallRules: [{C909428C-F32E-4AE7-A7B0-FF3255401339}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
    FirewallRules: [{791BE967-2866-4426-ABAA-D97681664E1C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{33A31565-4E74-4BC8-A57B-44DB916A297A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{4826F9E9-E74A-421D-AC1D-A61418471D4A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{9AD7CE11-1CB5-4600-B5C0-474E9CDFC274}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [UDP Query User{6991F297-DC87-4E87-98C8-6124C1779FE4}C:\users\kenan\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kenan\appdata\roaming\spotify\spotify.exe
    FirewallRules: [TCP Query User{8706F898-0D2D-40C0-9243-4F1C1FD0A488}C:\users\kenan\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kenan\appdata\roaming\spotify\spotify.exe
    FirewallRules: [{801B73F2-2B60-4091-9591-015336AD0ED3}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    FirewallRules: [{2F1D190C-643F-41EF-94AF-D67823FDA069}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{F529904A-52FC-4FF4-8E0E-754796A0A511}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
    FirewallRules: [{58977BB7-850F-4B28-A333-DFF6A27119BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

    ==================== Restore Points =========================

    17-12-2017 17:04:50 Windows Update
    18-12-2017 19:17:09 Windows Modules Installer

    ==================== Faulty Device Manager Devices =============

    Name: Intel(R) Dual Band Wireless-AC 3165
    Description: Intel(R) Dual Band Wireless-AC 3165
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Intel Corporation
    Service: Netwtw04
    Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
    Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (12/20/2017 11:23:42 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Explorer.EXE, version: 10.0.16299.15, time stamp: 0x66e02565
    Faulting module name: twinui.pcshell.dll, version: 10.0.16299.64, time stamp: 0xb927010b
    Exception code: 0x80270233
    Fault offset: 0x00000000001c4095
    Faulting process id: 0x10c0
    Faulting application start time: 0x01d37a137b3d6806
    Faulting application path: C:\WINDOWS\Explorer.EXE
    Faulting module path: C:\WINDOWS\system32\twinui.pcshell.dll
    Report Id: 990105a1-c490-41e2-85db-39068b3488aa
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (12/20/2017 11:23:13 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: sihost.exe, version: 10.0.16299.15, time stamp: 0x72d80092
    Faulting module name: Windows.Shell.ServiceHostBuilder.dll, version: 10.0.16299.15, time stamp: 0xd9ddf724
    Exception code: 0x80270234
    Fault offset: 0x000000000000d549
    Faulting process id: 0x1520
    Faulting application start time: 0x01d37a13694fdddf
    Faulting application path: c:\windows\system32\sihost.exe
    Faulting module path: C:\Windows\System32\Windows.Shell.ServiceHostBuilder.dll
    Report Id: a8b6bf29-28e6-4286-896e-55af07882bef
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (12/20/2017 05:04:02 PM) (Source: System Restore) (EventID: 8206) (User: )
    Description: The restore point selected was damaged or deleted during the restore (Windows Update).

    Error: (12/20/2017 05:03:57 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Explorer.EXE, version: 10.0.16299.15, time stamp: 0x66e02565
    Faulting module name: twinui.pcshell.dll, version: 10.0.16299.64, time stamp: 0xb927010b
    Exception code: 0x80270233
    Fault offset: 0x00000000001c4095
    Faulting process id: 0x84c
    Faulting application start time: 0x01d379de6e075207
    Faulting application path: C:\WINDOWS\Explorer.EXE
    Faulting module path: C:\WINDOWS\system32\twinui.pcshell.dll
    Report Id: f612f9da-ea22-4aeb-8ec8-bad38a30f9f3
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (12/20/2017 05:03:26 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: sihost.exe, version: 10.0.16299.15, time stamp: 0x72d80092
    Faulting module name: Windows.Shell.ServiceHostBuilder.dll, version: 10.0.16299.15, time stamp: 0xd9ddf724
    Exception code: 0x80270234
    Fault offset: 0x000000000000d549
    Faulting process id: 0x1768
    Faulting application start time: 0x01d379de5c2091af
    Faulting application path: c:\windows\system32\sihost.exe
    Faulting module path: C:\Windows\System32\Windows.Shell.ServiceHostBuilder.dll
    Report Id: 44fc6170-113c-4698-a418-6f2b5ee1f6d3
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (12/20/2017 03:52:57 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: SDFiles.exe, version: 2.6.46.135, time stamp: 0x535a5153
    Faulting module name: KERNELBASE.dll, version: 10.0.16299.15, time stamp: 0x2cd1ce3d
    Exception code: 0x0eedfade
    Fault offset: 0x001008b2
    Faulting process id: 0xd00
    Faulting application start time: 0x01d379d45fda0340
    Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFiles.exe
    Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
    Report Id: 69509252-fc0c-4437-9856-87015ed6c00c
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (12/20/2017 03:48:17 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Explorer.EXE, version: 10.0.16299.15, time stamp: 0x66e02565
    Faulting module name: twinui.pcshell.dll, version: 10.0.16299.64, time stamp: 0xb927010b
    Exception code: 0x80270233
    Fault offset: 0x00000000001c4095
    Faulting process id: 0x10a4
    Faulting application start time: 0x01d3796f472b995b
    Faulting application path: C:\WINDOWS\Explorer.EXE
    Faulting module path: C:\WINDOWS\system32\twinui.pcshell.dll
    Report Id: 4591ca86-c33e-4f41-825c-a88a5ec8956b
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (12/20/2017 03:47:47 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: sihost.exe, version: 10.0.16299.15, time stamp: 0x72d80092
    Faulting module name: Windows.Shell.ServiceHostBuilder.dll, version: 10.0.16299.15, time stamp: 0xd9ddf724
    Exception code: 0x80270234
    Fault offset: 0x000000000000d549
    Faulting process id: 0x1718
    Faulting application start time: 0x01d3796f3541031e
    Faulting application path: c:\windows\system32\sihost.exe
    Faulting module path: C:\Windows\System32\Windows.Shell.ServiceHostBuilder.dll
    Report Id: b3e82118-4104-4ec6-9bb3-3db5bb58edd6
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (12/20/2017 01:43:01 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Explorer.EXE, version: 10.0.16299.15, time stamp: 0x66e02565
    Faulting module name: twinui.pcshell.dll, version: 10.0.16299.64, time stamp: 0xb927010b
    Exception code: 0x80270233
    Fault offset: 0x00000000001c4095
    Faulting process id: 0x16f8
    Faulting application start time: 0x01d3795dc6f21247
    Faulting application path: C:\WINDOWS\Explorer.EXE
    Faulting module path: C:\WINDOWS\system32\twinui.pcshell.dll
    Report Id: e688338e-db31-46b9-97af-92155ccf5170
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (12/20/2017 01:42:31 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: sihost.exe, version: 10.0.16299.15, time stamp: 0x72d80092
    Faulting module name: Windows.Shell.ServiceHostBuilder.dll, version: 10.0.16299.15, time stamp: 0xd9ddf724
    Exception code: 0x80270234
    Fault offset: 0x000000000000d549
    Faulting process id: 0x16cc
    Faulting application start time: 0x01d3795db4f47300
    Faulting application path: c:\windows\system32\sihost.exe
    Faulting module path: C:\Windows\System32\Windows.Shell.ServiceHostBuilder.dll
    Report Id: ca5f0f4b-b188-441c-ae08-88023e09a564
    Faulting package full name:
    Faulting package-relative application ID:


    System errors:
    =============
    Error: (12/21/2017 06:15:50 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
    Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server:
    {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error: (12/21/2017 06:15:46 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-8UJQ7IU)
    Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
    {DD522ACC-F821-461A-A407-50B198B896DC}

    Error: (12/21/2017 06:14:03 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-8UJQ7IU)
    Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
    {DD522ACC-F821-461A-A407-50B198B896DC}

    Error: (12/21/2017 06:13:56 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-8UJQ7IU)
    Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
    {DD522ACC-F821-461A-A407-50B198B896DC}

    Error: (12/21/2017 06:13:48 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-8UJQ7IU)
    Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
    {DD522ACC-F821-461A-A407-50B198B896DC}

    Error: (12/21/2017 06:13:28 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-8UJQ7IU)
    Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
    {DD522ACC-F821-461A-A407-50B198B896DC}

    Error: (12/21/2017 06:12:17 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-8UJQ7IU)
    Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
    {DD522ACC-F821-461A-A407-50B198B896DC}

    Error: (12/21/2017 06:12:06 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-8UJQ7IU)
    Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
    {DD522ACC-F821-461A-A407-50B198B896DC}

    Error: (12/21/2017 06:11:39 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-8UJQ7IU)
    Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
    {DD522ACC-F821-461A-A407-50B198B896DC}

    Error: (12/21/2017 06:11:11 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-8UJQ7IU)
    Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
    {DD522ACC-F821-461A-A407-50B198B896DC}


    CodeIntegrity:
    ===================================
    Date: 2017-11-28 14:32:04.440
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\WindowsApps\Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe\x64\hevcdecoder_store.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2017-11-28 14:32:04.415
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\WindowsApps\Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe\x64\hevcdecoder_store.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2017-11-28 14:32:04.363
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\WindowsApps\Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe\x64\hevcdecoder_store.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2017-11-28 14:32:04.348
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\WindowsApps\Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe\x64\hevcdecoder_store.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2017-11-28 14:32:04.319
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\WindowsApps\Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe\x64\hevcdecoder_store.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2017-11-28 14:32:04.262
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\WindowsApps\Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe\x64\hevcdecoder_store.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2017-11-28 14:32:04.247
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\WindowsApps\Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe\x64\hevcdecoder_store.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2017-11-28 14:32:04.229
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\WindowsApps\Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe\x64\hevcdecoder_store.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2017-11-28 14:32:04.213
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\WindowsApps\Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe\x64\hevcdecoder_store.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2017-11-28 14:32:04.198
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\WindowsApps\Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe\x64\hevcdecoder_store.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: AMD Ryzen 5 1400 Quad-Core Processor
    Percentage of memory in use: 21%
    Total physical RAM: 8147.62 MB
    Available physical RAM: 6368.01 MB
    Total Virtual: 13779.62 MB
    Available Virtual: 12184.53 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:930.91 GB) (Free:784.02 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 1BA58450)

    Partition: GPT.

    ==================== End of Addition.txt ============================

  4. #4
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,453

    Default

    Not really seeing much that would point to malware unless you have run tools and it was deleted before you posted here.

    Let's attempt to run a couple of tools and see if anything shows up.


    AdwCleaner - Fix Mode
    • Download AdwCleaner and move it to your Desktop
    • Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
    • Accept the EULA (I accept), then click on Scan
    • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
    • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
    • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


    RogueKiller
    • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
    • Once done, move the executable file to your Desktop, right-click on it and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
    • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
    • Wait for the scan to complete
    • On completion, the results will be displayed
    • Check every single entry (threat found), and click on the Remove Selected button
    • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
    • This will open the report in Notepad. Copy/paste its content in your next reply

    created by Aura
    Your next reply(ies) should therefore contain:
    • Copy/pasted AdwCleaner clean log
    • Copy/pasted RogueKiller clean log
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
    Want to help others? Join the ClassRoom and learn how.

  5. #5
    Junior Member
    Join Date
    Dec 2017
    Posts
    8

    Default

    # AdwCleaner 7.0.5.0 - Logfile created on Thu Dec 21 23:20:48 2017
    # Updated on 2017/29/11 by Malwarebytes
    # Running on Windows 10 Home (X64)
    # Mode: clean
    # Support: https://www.malwarebytes.com/support

    ** [ Services ] **

    No malicious services deleted.

    ** [ Folders ] **

    No malicious folders deleted.

    ** [ Files ] **

    No malicious files deleted.

    ** [ DLL ] **

    No malicious DLLs cleaned.

    ** [ WMI ] **

    No malicious WMI cleaned.

    ** [ Shortcuts ] **

    No malicious shortcuts cleaned.

    ** [ Tasks ] **

    No malicious tasks deleted.

    ** [ Registry ] **

    No malicious registry entries deleted.

    ** [ Firefox (and derivatives) ] **

    No malicious Firefox entries deleted.

    ** [ Chromium (and derivatives) ] **

    No malicious Chromium entries deleted.

    **

    ::Tracing keys deleted
    ::Winsock settings cleared
    ::Additional Actions: 0



    **

    C:/AdwCleaner/AdwCleaner[S0].txt - [945 B] - [2017/12/21 22:51:34]


    ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########


    RogueKiller V12.11.29.0 (x64) [Dec 18 2017] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : https://forum.adlice.com
    Website : http://www.adlice.com/download/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 10 (10.0.16299) 64 bits version
    Started in : Safe mode with network support
    User : kenan [Administrator]
    Started from : C:\Users\kenan\Desktop\RogueKiller_portable64.exe
    Mode : Delete -- Date : 12/21/2017 19:00:00 (Duration : 00:19:12)

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 8 ¤¤¤
    [PUP] (X64) HKEY_USERS\S-1-5-21-2108490749-413910539-1021375685-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce | Application Restart #1 : C:\Program Files\internet explorer\iexplore.exe -restart /WERRESTART [x][x] -> Deleted
    [PUP] (X86) HKEY_USERS\S-1-5-21-2108490749-413910539-1021375685-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce | Application Restart #1 : C:\Program Files\internet explorer\iexplore.exe -restart /WERRESTART [x][x] -> ERROR [2]
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2108490749-413910539-1021375685-1003\Software\Microsoft\Internet Explorer\Main | Start Page : http://oem17win10.msn.com/?pc=NMTE -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2108490749-413910539-1021375685-1003\Software\Microsoft\Internet Explorer\Main | Start Page : http://oem17win10.msn.com/?pc=NMTE -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2108490749-413910539-1021375685-1003\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://oem17win10.msn.com/?pc=NMTE -> Replaced (http://www.microsoft.com/isapi/redir...r=6&ar=msnhome)
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2108490749-413910539-1021375685-1003\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://oem17win10.msn.com/?pc=NMTE -> Replaced (http://www.microsoft.com/isapi/redir...r=6&ar=msnhome)
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 162.150.8.37 162.150.21.37 ([-][United States]) -> Replaced ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{9c020dea-8882-4312-ae78-a59e16a24d73} | DhcpNameServer : 162.150.8.37 162.150.21.37 ([-][United States]) -> Replaced ()

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ WMI : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000035f]) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: WDC WD10EZEX-75WN4A0 +++++
    --- User ---
    [MBR] cb165e8ed9b39ad97831c42a41f1da89
    [BSP] c17b8ea3482583ac4541527a940e30f5 : Empty MBR Code
    Partition table:
    0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 100 MB
    1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 206848 | Size: 16 MB
    2 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 239616 | Size: 500 MB
    3 - Basic data partition | Offset (sectors): 1263616 | Size: 953252 MB
    User = LL1 ... OK
    User = LL2 ... OK

  6. #6
    Junior Member
    Join Date
    Dec 2017
    Posts
    8

    Default

    So I'm pretty sure it removed those 8 registry keys or something but I still can't open anything, not sure if I just need to restart my pc or anything,

  7. #7
    Junior Member
    Join Date
    Dec 2017
    Posts
    8

    Default

    Quote Originally Posted by kenanmp7 View Post
    So I'm pretty sure it removed those 8 registry keys or something but I still can't open anything, not sure if I just need to restart my pc or anything,
    I have no idea what I'm talking about

  8. #8
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,453

    Default

    Yes you can go on and reboot.

    What kind of error message do you get when you try to open a program?

    ~~

    Emsisoft Emergency Kit - Fix Mode
    Follow the instructions below to run a scan using the Emsisoft Emergency Kit.
    • Download the Emsisoft Emergency Kit and execute it. From there, click on the Install button to extract the program in the EEK folder;
    • Once the extraction is complete, the EEK folder will open. Right-click on start emergency kit scanner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
    • EEK will suggest that you run an online update before using the program. Click on Yes to launch it.
    • After the update, click on Malware Scan under 2. Scan and accept to let EEK detect PUPs (click on Yes).
    • Once the scan is complete, make sure that every item in the list is checked, and click on the Quarantine selected button;
    • If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
    • After the restart, open EEK again (in the C:\EEK folder);
    • This time, click on Logs;
    • From there, go under the Quarantine Log tab, and click on the Export button;
    • Save the log on your desktop, then open it, and copy/paste its content in your next reply;


    created by Aura
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
    Want to help others? Join the ClassRoom and learn how.

  9. #9
    Junior Member
    Join Date
    Dec 2017
    Posts
    8

    Default

    Different errors that I get are:

    Class not registered error

    There are no endpoints available from the endpoint mapper

    This file does not have a program associated with it for performing this action. Please install a program or, if one is already installed, create an association in the Default Programs control panel.

    Then there are other programs or things in task bar like like Chrome, the windows logo button, the search bar, etc.. That are just complete unresponsive to my clicks, no errors but nothing happens when I click on them.

    Another error I get when I boot up even in safe mode is
    sihost.exe - System Warning
    Unknown Hard Error
    And if I close it or select OK on the error my screen goes black and the only thing I can see is my mouse, I can't do anything else besides move my mouse. So I've just been leaving the error in the corner of my screen and not touching it.


    Okay as for the quarantined items I didn't get any message saying to reboot or even delete the items for that matter, they are just sitting in the Quarantine section after doing the exact instructions, I'm not sure whether to click delete or not but it didn't say so in your instructions so I haven't yet. Here is the log though:

    Emsisoft Emergency Kit 2017.11.0.8219 stable [en-us]
    OS: Windows 10 (Version 10.0, Build 16299, 64-bit Edition)

    Quarantine log

    Date Source Event Detection
    12/21/2017 9:58:36 PM Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{02DD8284-A49F-43E5-9D84-CF19DC9AD21D} Moved to quarantine Application.AdReg (A)
    12/21/2017 9:58:35 PM Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4} Moved to quarantine Application.AdReg (A)
    12/21/2017 9:58:35 PM Value: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN -> BROWSERPLUGINHELPER Moved to quarantine Application.AdStart (A)
    12/21/2017 9:58:35 PM Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{65DEE40A-3E93-4CAE-9F98-B8E06DCEE2BF} Moved to quarantine Application.BHO (A)
    12/21/2017 9:58:35 PM C:\Program Files (x86)\AlphaConsole\AlphaConsoleUpdater.exe Moved to quarantine Trojan.Generic.22756039 (B)
    12/21/2017 9:58:35 PM C:\Program Files (x86)\AlphaConsole\AlphaConsole.exe Moved to quarantine Gen:Variant.Johnnie.56305 (B)

  10. #10
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,453

    Default

    Okay as for the quarantined items I didn't get any message saying to reboot or even delete the items for that matter, they are just sitting in the Quarantine section after doing the exact instructions, I'm not sure whether to click delete or not but it didn't say so in your instructions so I haven't yet.
    If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
    You can reboot, as long as their in quarantine your safe.

    Those errors
    sihost.exe - System Warning
    Unknown Hard Error

    I went on the net to look those up, good grief, you wont believe the amount of people with this and from what I could tell it's related Microsoft.
    And, if I read it right, it's only windows 10.
    What most were telling people to do is sfc /scannow
    But, not seeing how it's helping.
    https://support.microsoft.com/en-us/...rrupted-system
    Here's an example
    https://answers.microsoft.com/en-us/...9-57e6c2423fbd

    What I can do from here is direct you to a tech forum (I'm a member there too) with these type of errors I can't with this....I don't have the knowledge.
    Register, create a new topic and someone should be with you soon.
    https://forums.whatthetech.com/index.php?showforum=119

    I think we should remove tools and quarantine folders.
    DelFix

    • Please download DelFix or from Here and save the file to your Desktop.
    • Double-click DelFix.exe to run the programme.
    • Place a checkmark next to the following items:
    • Activate UAC
    • Remove disinfection tools
    • Click the Run button.
    • -- This will remove the specialized tools we used to disinfect your system.
      Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete
      ).

    *********
    Last edited by Juliet; 2017-12-22 at 13:12.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
    Want to help others? Join the ClassRoom and learn how.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •