Tweet
I ran anti malwarebytes, zemana, junkware removal tool, adwcleaner, zhpcleaner,rogue killer and eset online scanner. Nothing was found, but i am still curious if there is anything left, since i’ve had a trojan svchost.exe virus that i removed instantly after i got it.
Logs from FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2017
Ran by DuhBoy (administrator) on DUHBOYKX (24-05-2017 16:55:32)
Running from C:\Users\DuhBoy\Downloads
Loaded Profiles: DuhBoy (Available Profiles: defaultuser0 & DuhBoy)
Platform: Windows 10 Pro Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Electronic Arts) D:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8903176 2016-09-23] (Realtek Semiconductor)
HKLM...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
GroupPolicy: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 77.77.192.20 94.140.66.194
Tcpip..\Interfaces{f9f53f6f-3721-44da-a5be-1652421efa6f}: [DhcpNameServer] 77.77.192.20 94.140.66.194
[HEADING=1]Internet Explorer:[/HEADING]
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2590114280-3335225030-2770196223-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-2590114280-3335225030-2770196223-1001 → {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
[HEADING=1]FireFox:[/HEADING]
FF Plugin-x32: @tools.google.com/Google Update;version=3 → C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 → C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
[HEADING=1]Chrome:[/HEADING]
CHR StartupUrls: Default → “hxxps://www.google.ba/”
CHR Profile: C:\Users\DuhBoy\AppData\Local\Google\Chrome\User Data\Default [2017-05-24]
CHR Extension: (BetterTTV) - C:\Users\DuhBoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegp efgped [2017-04-21]
CHR Extension: (Pop up blocker for Chrome™ - Poper Blocker) - C:\Users\DuhBoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkop ceiche [2017-05-05]
CHR Extension: (uBlock Origin) - C:\Users\DuhBoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjb keiagm [2017-05-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\DuhBoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2017-03-09]
CHR Extension: (uMatrix) - C:\Users\DuhBoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogfcmafjalglgifnmanfmnieip oejdcf [2017-04-08]
CHR Extension: (Chrome Media Router) - C:\Users\DuhBoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2017-05-12]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [2162064 2017-05-11] (Electronic Arts)
R2 Origin Web Helper Service; D:\Program Files (x86)\Origin\OriginWebHelperService.exe [3136920 2017-05-11] (Electronic Arts)
S4 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-19] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S4 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c03 14337.inf_amd64_21ee54ffe6f42e4c\atikmdag.sys [36560376 2017-05-18] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c03 14337.inf_amd64_21ee54ffe6f42e4c\atikmpag.sys [529912 2017-05-18] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110088 2017-04-26] (Advanced Micro Devices)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-05-09] ()
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [187320 2017-05-24] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [113592 2017-05-24] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-05-24] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251832 2017-05-24] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93624 2017-05-24] (Malwarebytes)
S1 ndisrd; C:\WINDOWS\system32\DRIVERS\ndisrfl.sys [59792 2016-09-13] (Intel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-11-18] (Realtek )
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-05-24 16:45 - 2017-05-24 16:45 - 00008227 _____ C:\Users\DuhBoy\Downloads\fixlist.txt
2017-05-24 16:24 - 2017-05-24 16:24 - 00038771 _____ C:\Users\DuhBoy\Downloads\Addition.txt
2017-05-24 16:23 - 2017-05-24 16:55 - 00008329 _____ C:\Users\DuhBoy\Downloads\FRST.txt
2017-05-24 16:23 - 2017-05-24 16:55 - 00000000 ____D C:\FRST
2017-05-24 16:23 - 2017-05-24 16:23 - 02429952 _____ (Farbar) C:\Users\DuhBoy\Downloads\FRST64.exe
2017-05-24 16:23 - 2017-05-24 16:23 - 00388608 _____ (Trend Micro Inc.) C:\Users\DuhBoy\Downloads\HijackThis.exe
2017-05-24 14:21 - 2017-05-24 15:27 - 00000000 ____D C:\WINDOWS\System32\Tasks\System
2017-05-24 00:00 - 2017-05-24 00:00 - 00000000 ____D C:\Users\DuhBoy\Documents\SART
2017-05-23 18:34 - 2017-05-24 16:21 - 00000000 ____D C:\Users\DuhBoy\AppData\Local\ESET
2017-05-22 23:34 - 2017-05-22 23:34 - 00000000 ____D C:\Users\DuhBoy\AppData\Local\CAPCOM
2017-05-21 19:49 - 2017-05-21 19:49 - 00000000 ____D C:\Users\DuhBoy\AppData\Roaming\Warner Bros. Interactive Entertainment
2017-05-21 16:09 - 2017-05-21 16:09 - 00000000 ____D C:\Users\DuhBoy\Documents\My Mods
2017-05-20 19:54 - 2017-05-20 19:54 - 00000761 _____ C:\Users\Public\Desktop\w3arena.lnk
2017-05-20 19:54 - 2017-05-20 19:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\w3arena.net Launcher 1.9.10
2017-05-20 19:36 - 2017-05-20 19:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III
2017-05-20 19:14 - 2017-05-22 01:56 - 00000840 _____ C:\Users\Public\Desktop\Warcraft III - The Frozen Throne.lnk
2017-05-20 13:33 - 2017-05-20 18:40 - 00000000 ____D C:\WINDOWS\Minidump
2017-05-18 23:32 - 2017-05-20 01:52 - 00000000 ____D C:\Users\DuhBoy\AppData\Local\AMD
2017-05-18 23:31 - 2017-05-18 23:31 - 00000000 ____D C:\WINDOWS\SysWOW64\directx
2017-05-18 23:30 - 2017-05-18 23:30 - 00003160 _____ C:\WINDOWS\System32\Tasks\StartCN
2017-05-18 23:30 - 2017-05-18 23:30 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-05-18 23:30 - 2017-05-18 23:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2017-05-18 23:30 - 2017-05-18 23:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Problem Report Wizard
2017-05-18 23:30 - 2017-05-18 23:30 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2017-05-18 23:30 - 2017-05-18 23:30 - 00000000 ____D C:\Program Files (x86)\AMD
2017-05-18 23:29 - 2017-05-18 23:30 - 00000000 ____D C:\Program Files\AMD
2017-05-18 23:29 - 2017-01-28 00:05 - 00103936 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-05-18 23:29 - 2017-01-28 00:04 - 00326656 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-05-18 23:29 - 2017-01-28 00:02 - 00118272 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-05-18 23:29 - 2017-01-28 00:01 - 00322560 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-05-18 23:28 - 2017-05-18 23:29 - 00000000 ____D C:\AMD
2017-05-18 23:27 - 2017-05-20 13:34 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask .job
2017-05-18 23:27 - 2017-05-18 23:27 - 00003644 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnele vatedTask
2017-05-18 20:55 - 2017-05-18 20:55 - 10322936 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdvlk64.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 08480248 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdvlk32.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 03471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap
2017-05-18 20:55 - 2017-05-18 20:55 - 03437632 _____ C:\WINDOWS\system32\atiumd6a.cap
2017-05-18 20:55 - 2017-05-18 20:55 - 02536952 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amfrt64.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 02199032 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amfrt32.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 01517048 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 01041400 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 01041400 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00925176 _____ (AMD) C:\WINDOWS\system32\coinst_17.10.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00794880 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb
2017-05-18 20:55 - 2017-05-18 20:55 - 00794880 _____ C:\WINDOWS\system32\atiapfxx.blb
2017-05-18 20:55 - 2017-05-18 20:55 - 00777720 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe
2017-05-18 20:55 - 2017-05-18 20:55 - 00552440 _____ C:\WINDOWS\system32\dgtrayicon.exe
2017-05-18 20:55 - 2017-05-18 20:55 - 00552440 _____ (AMD) C:\WINDOWS\system32\atiesrxx.exe
2017-05-18 20:55 - 2017-05-18 20:55 - 00531960 _____ C:\WINDOWS\system32\GameManager64.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00484344 _____ C:\WINDOWS\system32\atieah64.exe
2017-05-18 20:55 - 2017-05-18 20:55 - 00467960 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00411640 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe
2017-05-18 20:55 - 2017-05-18 20:55 - 00366072 _____ C:\WINDOWS\SysWOW64\GameManager32.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00334840 _____ C:\WINDOWS\SysWOW64\atieah32.exe
2017-05-18 20:55 - 2017-05-18 20:55 - 00279032 _____ C:\WINDOWS\system32\clinfo.exe
2017-05-18 20:55 - 2017-05-18 20:55 - 00276984 _____ C:\WINDOWS\system32\hsa-thunk64.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00245752 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00242680 _____ C:\WINDOWS\SysWOW64\hsa-thunk.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00204952 _____ C:\WINDOWS\SysWOW64\ativvsvl.dat
2017-05-18 20:55 - 2017-05-18 20:55 - 00204952 _____ C:\WINDOWS\system32\ativvsvl.dat
2017-05-18 20:55 - 2017-05-18 20:55 - 00204280 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00191992 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00170488 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00168440 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00157336 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00157144 _____ C:\WINDOWS\SysWOW64\ativvsva.dat
2017-05-18 20:55 - 2017-05-18 20:55 - 00157144 _____ C:\WINDOWS\system32\ativvsva.dat
2017-05-18 20:55 - 2017-05-18 20:55 - 00154384 _____ C:\WINDOWS\system32\samu_krnl_ci.sbin
2017-05-18 20:55 - 2017-05-18 20:55 - 00151544 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00149072 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00138832 _____ C:\WINDOWS\system32\samu_krnl_isv_ci.sbin
2017-05-18 20:55 - 2017-05-18 20:55 - 00135672 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00134136 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00131912 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00131912 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00123384 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00121848 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00120368 _____ C:\WINDOWS\system32\kapp_ci.sbin
2017-05-18 20:55 - 2017-05-18 20:55 - 00115704 _____ C:\WINDOWS\system32\atidxx64.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00114704 _____ C:\WINDOWS\system32\kapp_si.sbin
2017-05-18 20:55 - 2017-05-18 20:55 - 00113144 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00112632 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00103152 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00103152 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00102392 _____ C:\WINDOWS\SysWOW64\atidxx32.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00099832 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00069624 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ati2erec.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00045560 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\RapidFireServer64.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00043000 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\RapidFireServer.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00029688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00029688 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll
2017-05-18 20:54 - 2017-05-18 20:54 - 00864760 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll
2017-05-18 20:54 - 2017-05-18 20:54 - 00696824 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll
2017-05-18 20:54 - 2017-05-18 20:54 - 00574440 _____ C:\WINDOWS\system32\amdmiracast.dll
2017-05-18 20:54 - 2017-05-18 20:54 - 00515064 _____ C:\WINDOWS\system32\amdgfxinfo64.dll
2017-05-18 20:54 - 2017-05-18 20:54 - 00360952 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
2017-05-18 20:54 - 2017-05-18 20:54 - 00196816 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdhcp64.dll
2017-05-18 20:54 - 2017-05-18 20:54 - 00165040 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdhcp32.dll
2017-05-18 20:54 - 2017-05-18 20:54 - 00139712 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll
2017-05-18 20:54 - 2017-05-18 20:54 - 00116704 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll
2017-05-18 20:54 - 2017-05-18 20:54 - 00092152 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmcl64.dll
2017-05-18 20:54 - 2017-05-18 20:54 - 00075768 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmcl32.dll
2017-05-18 20:54 - 2017-05-18 20:54 - 00020580 _____ C:\WINDOWS\system32\AMDKernelEvents.man
2017-05-18 20:54 - 2017-05-18 20:54 - 00000144 _____ C:\WINDOWS\SysWOW64\amd-vulkan32.json
2017-05-18 20:54 - 2017-05-18 20:54 - 00000144 _____ C:\WINDOWS\system32\amd-vulkan64.json
2017-05-17 02:37 - 2017-05-17 02:37 - 00000000 ____D C:\Users\DuhBoy\Downloads\devicecleanup
2017-05-16 10:44 - 2017-05-16 10:44 - 00000851 _____ C:\Users\DuhBoy\Desktop\LEGO City Undercover.lnk
2017-05-16 00:36 - 2017-05-18 17:23 - 00007602 _____ C:\Users\DuhBoy\AppData\Local\Resmon.ResmonCfg
2017-05-15 18:49 - 2017-05-15 18:49 - 00000868 _____ C:\Users\Public\Desktop\Resident Evil Revelations 2.lnk
2017-05-15 14:03 - 2017-05-15 14:03 - 14725904 _____ (TeamViewer GmbH) C:\Users\DuhBoy\Downloads\TeamViewer_Setup.exe
2017-05-11 13:48 - 2017-05-24 16:21 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-05-11 13:48 - 2017-05-24 16:21 - 00187320 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-05-11 13:48 - 2017-05-24 16:21 - 00113592 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-05-11 13:48 - 2017-05-24 16:21 - 00093624 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-05-11 13:48 - 2017-05-24 16:21 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-05-11 13:48 - 2017-05-11 13:48 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-05-11 13:48 - 2017-05-11 13:48 - 00000000 ____D C:\Program Files\Malwarebytes
2017-05-11 13:48 - 2017-05-09 16:37 - 00077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-05-11 01:10 - 2017-05-24 00:16 - 00000000 ____D C:\Users\DuhBoy\AppData\Local\UnrealEngine
2017-05-09 20:04 - 2017-04-28 03:38 - 01411128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-05-09 20:04 - 2017-04-28 03:19 - 01839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-05-09 20:04 - 2017-04-28 03:19 - 00605936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-05-09 20:04 - 2017-04-28 03:18 - 02259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-05-09 20:04 - 2017-04-28 03:16 - 00599576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2017-05-09 20:04 - 2017-04-28 03:12 - 01604312 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-05-09 20:04 - 2017-04-28 03:12 - 00543640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-05-09 20:04 - 2017-04-28 03:11 - 02158544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-05-09 20:04 - 2017-04-28 03:09 - 01557288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2017-05-09 20:04 - 2017-04-28 03:08 - 08320920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-05-09 20:04 - 2017-04-28 03:08 - 02399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-05-09 20:04 - 2017-04-28 03:08 - 02330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-05-09 20:04 - 2017-04-28 03:08 - 00775824 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-05-09 20:04 - 2017-04-28 03:07 - 06759512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayR eady.dll
2017-05-09 20:04 - 2017-04-28 03:07 - 00988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-05-09 20:04 - 2017-04-28 03:06 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-05-09 20:04 - 2017-04-28 03:06 - 00708712 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2017-05-09 20:04 - 2017-04-28 03:05 - 00923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-05-09 20:04 - 2017-04-28 03:04 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-05-09 20:04 - 2017-04-28 03:03 - 00667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-05-09 20:04 - 2017-04-28 03:00 - 02444192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-05-09 20:04 - 2017-04-28 02:59 - 05477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-05-09 20:04 - 2017-04-28 02:59 - 02635336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-05-09 20:04 - 2017-04-28 02:59 - 00388000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-05-09 20:04 - 2017-04-28 02:59 - 00207264 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-05-09 20:04 - 2017-04-28 02:59 - 00027040 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2017-05-09 20:04 - 2017-04-28 02:58 - 01852776 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2017-05-09 20:04 - 2017-04-28 02:58 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-05-09 20:04 - 2017-04-28 02:57 - 03116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-05-09 20:04 - 2017-04-28 02:56 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayR eady.dll
2017-05-09 20:04 - 2017-04-28 02:55 - 21353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-05-09 20:04 - 2017-04-28 02:55 - 01325456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-05-09 20:04 - 2017-04-28 02:53 - 00387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-05-09 20:04 - 2017-04-28 02:52 - 02957824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-05-09 20:04 - 2017-04-28 02:52 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-05-09 20:04 - 2017-04-28 02:52 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-05-09 20:04 - 2017-04-28 02:51 - 20505600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-05-09 20:04 - 2017-04-28 02:49 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2017-05-09 20:04 - 2017-04-28 02:49 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-05-09 20:04 - 2017-04-28 02:46 - 19335168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-05-09 20:04 - 2017-04-28 02:46 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-05-09 20:04 - 2017-04-28 02:46 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-05-09 20:04 - 2017-04-28 02:45 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-05-09 20:04 - 2017-04-28 02:44 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-05-09 20:04 - 2017-04-28 02:44 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-05-09 20:04 - 2017-04-28 02:42 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-05-09 20:04 - 2017-04-28 02:42 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-05-09 20:04 - 2017-04-28 02:42 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-05-09 20:04 - 2017-04-28 02:42 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-05-09 20:04 - 2017-04-28 02:41 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-05-09 20:04 - 2017-04-28 02:40 - 11870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-05-09 20:04 - 2017-04-28 02:40 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-05-09 20:04 - 2017-04-28 02:40 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-05-09 20:04 - 2017-04-28 02:40 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-05-09 20:04 - 2017-04-28 02:40 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-05-09 20:04 - 2017-04-28 02:40 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-05-09 20:04 - 2017-04-28 02:39 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-05-09 20:04 - 2017-04-28 02:39 - 03655680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-05-09 20:04 - 2017-04-28 02:39 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-05-09 20:04 - 2017-04-28 02:38 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-05-09 20:04 - 2017-04-28 02:38 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-05-09 20:04 - 2017-04-28 02:37 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-05-09 20:04 - 2017-04-28 02:37 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-05-09 20:04 - 2017-04-28 02:34 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-05-09 20:04 - 2017-04-28 02:33 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-05-09 20:04 - 2017-04-28 02:26 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-05-09 20:04 - 2017-04-28 02:15 - 03672064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-05-09 20:04 - 2017-04-28 02:15 - 01051648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-05-09 20:04 - 2017-04-28 02:14 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-05-09 20:04 - 2017-04-28 02:11 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2017-05-09 20:04 - 2017-04-28 02:11 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-05-09 20:04 - 2017-04-28 02:11 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-05-09 20:04 - 2017-04-28 02:09 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-05-09 20:04 - 2017-04-28 02:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-05-09 20:04 - 2017-04-28 02:08 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-05-09 20:04 - 2017-04-28 02:08 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dl l
2017-05-09 20:04 - 2017-04-28 02:08 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-05-09 20:04 - 2017-04-28 02:07 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-05-09 20:04 - 2017-04-28 02:06 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-05-09 20:04 - 2017-04-28 02:06 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-05-09 20:04 - 2017-04-28 02:06 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-05-09 20:04 - 2017-04-28 02:06 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-05-09 20:04 - 2017-04-28 02:05 - 01075712 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-05-09 20:04 - 2017-04-28 02:05 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-05-09 20:04 - 2017-04-28 02:04 - 23681024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-05-09 20:04 - 2017-04-28 02:04 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-05-09 20:04 - 2017-04-28 02:04 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-05-09 20:04 - 2017-04-28 02:04 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-05-09 20:04 - 2017-04-28 02:03 - 01085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-05-09 20:04 - 2017-04-28 02:03 - 01027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-05-09 20:04 - 2017-04-28 02:03 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-05-09 20:04 - 2017-04-28 02:03 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-05-09 20:04 - 2017-04-28 02:03 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-05-09 20:04 - 2017-04-28 02:02 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-05-09 20:04 - 2017-04-28 02:01 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-05-09 20:04 - 2017-04-28 02:01 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.oneco re.dll
2017-05-09 20:04 - 2017-04-28 02:00 - 08244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-05-09 20:04 - 2017-04-28 01:59 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-05-09 20:04 - 2017-04-28 01:59 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-05-09 20:04 - 2017-04-28 01:59 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-05-09 20:04 - 2017-04-28 01:59 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-05-09 20:04 - 2017-04-28 01:59 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-05-09 20:04 - 2017-04-28 01:58 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-05-09 20:04 - 2017-04-28 01:58 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-05-09 20:04 - 2017-04-28 01:57 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-05-09 20:04 - 2017-04-28 01:57 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-05-09 20:04 - 2017-04-28 01:57 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-05-09 20:04 - 2017-04-28 01:57 - 01803264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-05-09 20:04 - 2017-04-28 01:54 - 00985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-05-09 20:04 - 2017-04-28 01:54 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-05-09 20:04 - 2017-04-28 01:54 - 00722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-05-09 20:04 - 2017-04-28 01:54 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-05-09 20:04 - 2017-04-28 01:52 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll
2017-05-09 13:56 - 2017-05-09 15:27 - 00000000 ____D C:\Users\DuhBoy\Documents\FIFA 17
2017-05-09 13:56 - 2017-05-09 13:56 - 00000000 ___HD C:\Program Files\Common Files\EAInstaller
2017-05-09 13:56 - 2017-05-09 13:56 - 00000000 ____D C:\ProgramData\Electronic Arts
2017-05-09 13:16 - 2017-05-23 18:32 - 00000000 ____D C:\Users\DuhBoy\AppData\Roaming\Origin
2017-05-09 13:16 - 2017-05-09 13:16 - 00000757 _____ C:\Users\Public\Desktop\Origin.lnk
2017-05-09 13:16 - 2017-05-09 13:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2017-05-09 13:14 - 2017-05-23 12:57 - 00000000 ____D C:\ProgramData\Origin
2017-05-09 13:14 - 2017-05-09 13:16 - 00000000 ____D C:\Users\DuhBoy\AppData\Local\Origin
2017-05-09 13:14 - 2017-05-09 13:14 - 00000000 ____D C:\Users\DuhBoy.Origin
2017-05-08 22:59 - 2017-05-08 22:59 - 00000000 ____D C:\Users\DuhBoy\Documents\League of Legends
2017-05-07 16:25 - 2017-05-07 16:25 - 00000833 _____ C:\Users\Public\Desktop\CPUID HWMonitor.lnk
2017-05-07 16:25 - 2017-05-07 16:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2017-05-03 01:21 - 2017-05-03 01:40 - 00000000 ____D C:\Users\DuhBoy\AppData\LocalLow\Playtonic Ltd
2017-05-01 22:28 - 2017-05-01 22:28 - 00000000 ____D C:\Users\DuhBoy\AppData\Local\FILECACHE
2017-05-01 00:41 - 2017-04-19 09:07 - 00712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-05-01 00:41 - 2017-04-19 09:06 - 00651680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-05-01 00:41 - 2017-04-19 09:04 - 00142240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-05-01 00:41 - 2017-04-19 09:02 - 00716440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2017-05-01 00:41 - 2017-04-19 08:19 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-05-01 00:41 - 2017-04-19 08:18 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2017-05-01 00:41 - 2017-04-19 08:16 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2017-05-01 00:41 - 2017-04-19 08:15 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2017-05-01 00:41 - 2017-04-19 08:14 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-05-01 00:41 - 2017-04-19 08:13 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dl l
2017-05-01 00:41 - 2017-04-19 08:13 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-05-01 00:41 - 2017-04-19 08:12 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-05-01 00:41 - 2017-04-19 08:12 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-05-01 00:41 - 2017-04-19 08:12 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2017-05-01 00:41 - 2017-04-19 08:11 - 04446208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-05-01 00:41 - 2017-04-19 08:11 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-05-01 00:41 - 2017-04-19 08:10 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-05-01 00:41 - 2017-04-19 08:10 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.Cura tedTileCollections.dll
2017-05-01 00:41 - 2017-04-19 08:10 - 01600512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2017-05-01 00:41 - 2017-04-19 08:08 - 01103872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-05-01 00:41 - 2017-04-19 08:08 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-05-01 00:41 - 2017-04-19 08:07 - 01242624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-05-01 00:41 - 2017-04-19 08:07 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-05-01 00:41 - 2017-04-19 08:06 - 02651648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-05-01 00:41 - 2017-04-19 08:04 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-05-01 00:41 - 2017-04-19 08:04 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-05-01 00:41 - 2017-04-19 08:02 - 00559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-05-01 00:41 - 2017-04-19 08:01 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvps.dll
2017-05-01 00:41 - 2017-04-19 07:59 - 02435584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-05-01 00:41 - 2017-04-19 07:59 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-05-01 00:41 - 2017-04-19 07:58 - 20374424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-05-01 00:41 - 2017-04-19 07:37 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2017-05-01 00:41 - 2017-04-19 07:36 - 01291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-05-01 00:41 - 2017-04-19 07:35 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dl l
2017-05-01 00:41 - 2017-04-19 07:34 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-05-01 00:41 - 2017-04-19 07:34 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-05-01 00:41 - 2017-04-19 07:34 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2017-05-01 00:41 - 2017-04-19 07:32 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-05-01 00:41 - 2017-04-19 07:30 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-05-01 00:41 - 2017-04-19 07:29 - 02298880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-05-01 00:41 - 2017-04-14 02:35 - 04848440 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-05-01 00:41 - 2017-04-14 02:35 - 00741784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker. dll
2017-05-01 00:41 - 2017-04-14 02:35 - 00673112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2017-05-01 00:41 - 2017-04-14 02:33 - 02085280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-05-01 00:41 - 2017-04-14 02:32 - 01320352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-05-01 00:41 - 2017-04-14 02:30 - 00105456 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2017-05-01 00:41 - 2017-04-14 02:25 - 01854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-05-01 00:41 - 2017-04-14 02:25 - 01452960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-05-01 00:41 - 2017-04-14 01:43 - 04469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-05-01 00:41 - 2017-04-14 01:43 - 00523296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2017-05-01 00:41 - 2017-04-14 01:41 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2017-05-01 00:41 - 2017-04-14 01:41 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-05-01 00:41 - 2017-04-14 01:40 - 00095584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2017-05-01 00:41 - 2017-04-14 01:39 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-05-01 00:41 - 2017-04-14 01:39 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe
2017-05-01 00:41 - 2017-04-14 01:39 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-05-01 00:41 - 2017-04-14 01:39 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-05-01 00:41 - 2017-04-14 01:39 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2017-05-01 00:41 - 2017-04-14 01:38 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Preview.dll
2017-05-01 00:41 - 2017-04-14 01:38 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2017-05-01 00:41 - 2017-04-14 01:37 - 00450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-05-01 00:41 - 2017-04-14 01:37 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2017-05-01 00:41 - 2017-04-14 01:37 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2017-05-01 00:41 - 2017-04-14 01:37 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-05-01 00:41 - 2017-04-14 01:36 - 00524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-05-01 00:41 - 2017-04-14 01:36 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-05-01 00:41 - 2017-04-14 01:35 - 01433600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-05-01 00:41 - 2017-04-14 01:35 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-05-01 00:41 - 2017-04-14 01:35 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-05-01 00:41 - 2017-04-14 01:34 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.deskt op.dll
2017-05-01 00:41 - 2017-04-14 01:34 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-05-01 00:41 - 2017-04-14 01:33 - 01269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-05-01 00:41 - 2017-04-14 01:33 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-05-01 00:41 - 2017-04-14 01:31 - 01611776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2017-05-01 00:41 - 2017-04-14 01:31 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-05-01 00:41 - 2017-04-14 01:29 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-05-01 00:41 - 2017-04-14 01:29 - 01583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-05-01 00:41 - 2017-04-14 01:29 - 01295872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-05-01 00:41 - 2017-04-14 01:29 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-05-01 00:41 - 2017-04-14 01:29 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-05-01 00:41 - 2017-04-14 01:28 - 02443776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-05-01 00:41 - 2017-04-14 01:26 - 01257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-05-01 00:41 - 2017-04-14 01:25 - 00750080 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2017-05-01 00:41 - 2017-04-14 01:24 - 01628160 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2017-05-01 00:41 - 2017-04-14 01:21 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-05-01 00:41 - 2017-04-14 01:21 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-05-01 00:41 - 2017-04-14 01:18 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaserver.exe
2017-05-01 00:41 - 2017-04-14 01:18 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-05-01 00:41 - 2017-04-14 01:15 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2017-05-01 00:41 - 2017-04-14 01:15 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-05-01 00:41 - 2017-04-14 01:13 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2017-05-01 00:41 - 2017-04-14 01:13 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-05-01 00:41 - 2017-04-14 01:08 - 01463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-05-01 00:41 - 2017-04-14 01:06 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-05-01 00:41 - 2017-04-14 01:04 - 00392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-05-01 00:41 - 2017-04-14 01:01 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-04-30 23:23 - 2017-04-30 23:23 - 00000000 ____D C:\ProgramData\GOG.com
2017-04-29 18:05 - 2017-05-18 23:26 - 00000000 ____D C:\Users\DuhBoy\Downloads\DDU
2017-04-27 18:53 - 2017-05-18 23:30 - 00000000 ____D C:\Users\DuhBoy\AppData\LocalLow\AMD
2017-04-27 18:19 - 2017-05-05 23:57 - 00001015 _____ C:\Users\DuhBoy\Desktop\Outlast 2.lnk
2017-04-26 09:09 - 2017-04-26 09:09 - 00113392 _____ (Advanced Micro Devices) C:\WINDOWS\system32\DelayAPO.dll
2017-04-26 09:09 - 2017-04-26 09:09 - 00110088 _____ (Advanced Micro Devices) C:\WINDOWS\system32\Drivers\AtihdWT6.sys
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-05-24 16:55 - 2016-12-05 18:11 - 00629537 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-05-24 16:36 - 2016-08-09 19:10 - 00000000 ____D C:\Program Files (x86)\Steam
2017-05-24 16:33 - 2017-03-18 23:01 - 00000000 ____D C:\WINDOWS\INF
2017-05-24 16:28 - 2017-04-11 21:12 - 01492078 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-05-24 16:23 - 2017-04-11 21:04 - 00000000 ____D C:\Users\DuhBoy
2017-05-24 16:21 - 2017-04-11 21:06 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-05-24 16:21 - 2017-04-11 21:03 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-05-24 16:21 - 2017-03-18 13:40 - 00262144 _____ C:\WINDOWS\system32\config\BBI
2017-05-24 16:19 - 2016-12-05 18:11 - 00027518 _____ C:\WINDOWS\ZAM.krnl.trace
2017-05-24 16:04 - 2017-04-11 21:02 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-05-24 15:37 - 2017-01-30 04:38 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-05-24 15:30 - 2016-08-22 19:07 - 00000000 ____D C:\Users\DuhBoy\AppData\Roaming\Sony
2017-05-24 13:50 - 2017-04-11 21:06 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronizatio n-{25DA4746-5AA4-44A5-9C19-E6E75C7A10A8}
2017-05-24 09:10 - 2016-08-09 18:05 - 00000000 ____D C:\Users\DuhBoy\AppData\Roaming\qBittorrent
2017-05-24 01:31 - 2016-12-03 22:47 - 00000000 ____D C:\Users\DuhBoy\AppData\Local\CrashDumps
2017-05-24 01:31 - 2016-08-09 18:10 - 00000735 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-05-24 00:18 - 2017-01-20 00:19 - 00000000 ____D C:\ProgramData\Package Cache
2017-05-23 23:36 - 2016-08-19 19:42 - 00000000 ____D C:\Users\DuhBoy\AppData\Roaming\Riot Games
2017-05-23 13:21 - 2016-08-10 00:54 - 00000000 ____D C:\Users\DuhBoy\Documents\My Games
2017-05-23 10:01 - 2016-08-10 18:37 - 132223576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-05-23 10:01 - 2016-08-10 18:37 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-05-23 07:55 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-05-23 01:58 - 2017-04-04 01:24 - 00000000 ____D C:\Users\DuhBoy\AppData\Local\Downloaded Installations
2017-05-22 00:40 - 2017-04-05 19:39 - 00000000 ____D C:\Users\DuhBoy\Documents\Warcraft III
2017-05-21 17:39 - 2016-12-01 03:42 - 00000000 ____D C:\Users\DuhBoy\AppData\Roaming\obs-studio
2017-05-21 14:45 - 2017-03-08 16:28 - 00000000 ____D C:\Program Files\Rockstar Games
2017-05-21 14:45 - 2017-03-08 16:28 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2017-05-21 14:19 - 2016-12-01 03:42 - 00000946 _____ C:\Users\Public\Desktop\OBS Studio.lnk
2017-05-21 02:53 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-05-20 19:45 - 2017-04-05 19:39 - 00000000 ____D C:\Users\DuhBoy\AppData\Local\Blizzard
2017-05-20 19:37 - 2016-08-09 19:10 - 00000000 ____D C:\ProgramData\Battle.net
2017-05-20 19:26 - 2017-04-05 19:40 - 00000000 ____D C:\Users\Public\Documents\Warcraft III
2017-05-20 13:59 - 2017-04-11 21:03 - 00000000 ____D C:\Program Files\Common Files\logishrd
2017-05-20 13:59 - 2017-01-20 18:29 - 00116476 _____ C:\Users\Public\Documents\SIGVERIF.TXT
2017-05-20 02:08 - 2016-12-05 19:35 - 00000000 ____D C:\Users\DuhBoy\AppData\Roaming\discord
2017-05-20 02:08 - 2016-11-22 00:07 - 00002280 _____ C:\Users\DuhBoy\Desktop\Discord.lnk
2017-05-20 02:08 - 2016-11-22 00:07 - 00000000 ____D C:\Users\DuhBoy\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Hammer & Chisel, Inc
2017-05-20 02:08 - 2016-11-22 00:07 - 00000000 ____D C:\Users\DuhBoy\AppData\Local\Discord
2017-05-19 02:23 - 2017-03-27 19:59 - 00000000 ____D C:\Users\DuhBoy\AppData\Roaming\TeamViewer
2017-05-18 20:55 - 2017-04-03 19:52 - 00547320 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Rapidfire64.dll
2017-05-18 20:55 - 2017-04-03 19:52 - 00478712 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\Rapidfire.dll
2017-05-17 23:27 - 2016-08-09 19:19 - 00000000 ____D C:\Users\DuhBoy\AppData\Roaming\vlc
2017-05-15 20:19 - 2016-09-16 16:20 - 00000909 _____ C:\Users\DuhBoy\Desktop\Handbrake.lnk
2017-05-11 14:16 - 2016-09-04 23:42 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-11 14:16 - 2016-09-04 23:42 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-05-11 14:05 - 2017-03-18 23:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-11 14:05 - 2016-08-09 17:55 - 00000000 ____D C:\Users\DuhBoy\AppData\Local\Packages
2017-05-11 13:59 - 2017-04-11 21:20 - 00000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-2590114280-3335225030-2770196223-1001
2017-05-11 13:48 - 2017-04-13 14:50 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-05-10 12:13 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\rescache
2017-05-10 04:09 - 2017-04-11 21:02 - 00373920 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-05-10 04:09 - 2016-08-09 17:55 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-05-10 04:08 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-05-10 04:08 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-05-10 04:08 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-05-10 04:08 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-05-09 20:06 - 2017-03-18 22:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-05-01 00:43 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-05-01 00:43 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-05-01 00:43 - 2017-03-18 23:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-05-01 00:43 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-05-01 00:43 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-05-01 00:43 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\Provisioning
2017-05-01 00:43 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-05-01 00:43 - 2017-03-18 13:40 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-05-01 00:23 - 2016-10-03 13:38 - 00000000 __RHD C:\ESD
2017-04-30 01:55 - 2017-04-11 21:06 - 00003466 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineU A
2017-04-30 01:55 - 2017-04-11 21:06 - 00003342 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineC ore
2017-04-30 00:55 - 2016-08-27 11:25 - 00000000 ____D C:\Users\DuhBoy\AppData\Local\Battle.net
2017-04-29 03:05 - 2017-03-18 23:06 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-04-29 03:05 - 2017-03-18 23:06 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
==================== Files in the root of some directories =======
2017-05-16 00:36 - 2017-05-18 17:23 - 0007602 _____ () C:\Users\DuhBoy\AppData\Local\Resmon.ResmonCfg
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-05-17 13:44
==================== End of FRST.txt ============================
[HEADING=1]Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-05-2017
Ran by DuhBoy (24-05-2017 16:55:51)
Running from C:\Users\DuhBoy\Downloads
Windows 10 Pro Version 1703 (X64) (2017-04-11 19:14:49)
Boot Mode: Normal[/HEADING]
==================== Accounts: =============================
Administrator (S-1-5-21-2590114280-3335225030-2770196223-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2590114280-3335225030-2770196223-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-2590114280-3335225030-2770196223-1000 - Limited - Disabled) => C:\Users\defaultuser0
DuhBoy (S-1-5-21-2590114280-3335225030-2770196223-1001 - Administrator - Enabled) => C:\Users\DuhBoy
Guest (S-1-5-21-2590114280-3335225030-2770196223-501 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AMD Software (HKLM...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Borderlands 2 (HKLM...\Steam App 49520) (Version: - Gearbox Software)
Boris Continuum Complete 10 OFX (64-Bit) (HKLM...{6EF8D3CA-AA7A-412D-9297-F949C2B49821}) (Version: 10.0.2279 - Boris FX, Inc.)
Castle Crashers (HKLM...\Steam App 204360) (Version: - The Behemoth)
Catalyst Control Center Next Localization BR (Version: 2017.0517.1550.26687 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2017.0517.1550.26687 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2017.0517.1550.26687 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2017.0517.1550.26687 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2017.0517.1550.26687 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2017.0517.1550.26687 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2017.0517.1550.26687 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2017.0517.1550.26687 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2017.0517.1550.26687 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2017.0517.1550.26687 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2017.0517.1550.26687 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2017.0517.1550.26687 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2017.0517.1550.26687 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2017.0517.1550.26687 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2017.0517.1550.26687 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2017.0517.1550.26687 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2017.0517.1550.26687 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2017.0517.1550.26687 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2017.0517.1550.26687 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2017.0517.1550.26687 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2017.0517.1550.26687 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM...\CCleaner) (Version: 5.30 - Piriform)
Counter-Strike: Global Offensive (HKLM...\Steam App 730) (Version: - Valve)
CPUID HWMonitor 1.31 (HKLM...\CPUID HWMonitor_is1) (Version: - )
Defraggler (HKLM...\Defraggler) (Version: 2.21 - Piriform)
Discord (HKU\S-1-5-21-2590114280-3335225030-2770196223-1001...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Dota 2 (HKLM...\Steam App 570) (Version: - Valve)
FIFA 17 (HKLM-x32...{8C0DD062-B659-409C-9AB7-8EBD1D64D2EB}) (Version: 1.0.47.58349 - Electronic Arts)
Fraps (HKLM-x32...\Fraps) (Version: - )
Google Chrome (HKLM-x32...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
HandBrake 0.10.5 (HKLM-x32...\HandBrake) (Version: 0.10.5 - )
LEGO City Undercover (HKLM-x32...\LEGO City Undercover_is1) (Version: - )
Malwarebytes version 3.1.2.1733 (HKLM...{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM...{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM...{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM...{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM...{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM...{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM...{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32...{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32...{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32...{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32...{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM...{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32...{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32...{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32...{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32...{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32...{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32...{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32...{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32...{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
NewBlue Vegas Pro Suite Complete (HKLM-x32...\NewBlue Vegas Pro Suite Complete) (Version: 1.0 - NewBlue)
NVIDIA PhysX System Software 9.16.0318 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
OBS Studio (HKLM-x32...\OBS Studio) (Version: 19.0.1 - OBS Project)
Origin (HKLM-x32...\Origin) (Version: 10.4.10.46586 - Electronic Arts, Inc.)
Outlast 2 (HKLM-x32...\Outlast 2_is1) (Version: - )
qBittorrent 3.3.12 (HKLM-x32...\qBittorrent) (Version: 3.3.12 - The qBittorrent project)
Realtek Ethernet Controller Driver (HKLM-x32...{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.2.703.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32...{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7940 - Realtek Semiconductor Corp.)
Resident Evil Revelations 2 version 5.0.0.0 (HKLM-x32...\Resident Evil Revelations 2_is1) (Version: 5.0.0.0 - Mr DJ)
Revo Uninstaller Pro 3.1.9 (HKLM...{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.9 - VS Revo Group, Ltd.)
Rocket League (HKLM...\Steam App 252950) (Version: - Psyonix, Inc.)
Sonic & All-Stars Racing Transformed (HKLM...\Steam App 212480) (Version: - Sumo Digital)
Steam (HKLM-x32...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM...\TeamSpeak 3 Client) (Version: 3.1.1 - TeamSpeak Systems GmbH)
Tom Clancy’s Splinter Cell Chaos Theory (HKLM-x32...{BABAEBE4-9FFB-4B5D-9453-64FF11517CA2}) (Version: 1.05.157 - Ubisoft)
VEGAS Pro 14.0 (64-bit) (HKLM...{F1756240-1A2A-11E7-92A1-C2A106E0D44C}) (Version: 14.0.252 - VEGAS)
VLC media player (HKLM...\VLC media player) (Version: 2.2.5.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.39.1 (HKLM...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
w3arena.net Launcher 1.9.10 (HKLM-x32...{1197C38E-5F74-4141-A58B-FD6936D5D9F3}) (Version: 1.9.10 - w3arena)
Warcraft III (HKLM-x32...\Warcraft III) (Version: - Blizzard Entertainment)
WinRAR 5.50 beta 1 (64-bit) (HKLM...\WinRAR archiver) (Version: 5.50.1 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {6C9A083B-3D40-435E-A04E-7C4C424ACFD9} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\Explorer.EXE /NOUACCHECK
Task: {718E3ADE-7B58-4CFF-9F01-0FCF4EE55F10} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-04] (Google Inc.)
Task: {AE5B41C1-47FE-415F-8032-FD0ADDD500B6} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-05-17] (Advanced Micro Devices, Inc.)
Task: {E15693CF-403C-4D68-94D4-2F35803D934D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-04] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask .job => C:\WINDOWS\explorer.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2017-05-11 13:48 - 2017-05-09 16:38 - 02270672 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-03-18 22:58 - 2017-03-18 22:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 22:59 - 2017-03-19 04:30 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\Cortana.Core.dll
2017-05-11 14:16 - 2017-05-09 11:13 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libg lesv2.dll
2017-05-11 14:16 - 2017-05-09 11:13 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libe gl.dll
2017-05-18 12:29 - 2017-05-09 13:16 - 02493440 _____ () D:\Program Files (x86)\Origin\libGLESv2.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService => “”=“Service”
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2016-07-16 13:47 - 2017-05-11 13:47 - 00003620 _____ C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
0.0.0.0 vortex-win.data.microsoft.com
0.0.0.0 az512334.vo.msecnd.net
0.0.0.0 rad.msn.com
0.0.0.0 preview.msn.com
0.0.0.0 fe2.update.microsoft.com.akadns.net
0.0.0.0 diagnostics.support.microsoft.com
0.0.0.0 corp.sts.microsoft.com
0.0.0.0 statsfe1.ws.microsoft.com
0.0.0.0 pre.footprintpredict.com
0.0.0.0 i1.services.social.microsoft.com
0.0.0.0 i1.services.social.microsoft.com.nsatc.net
0.0.0.0 feedback.search.microsoft.com
0.0.0.0 ad.doubleclick.net
0.0.0.0 feedback.windows.com
0.0.0.0 feedback.microsoft-hohm.com
0.0.0.0 telecommand.telemetry.microsoft.com
0.0.0.0 telemetry.microsoft.com
0.0.0.0 telemetry.appex.bing.net:443
0.0.0.0 survey.watson.microsoft.com
0.0.0.0 watson.live.com
0.0.0.0 sqm.telemetry.microsoft.com.nsatc.net
0.0.0.0 az361816.vo.msecnd.net
0.0.0.0 ads1.msn.com
0.0.0.0 ads.msn.com
0.0.0.0 statsfe2.update.microsoft.com.akadns.net
0.0.0.0 adnxs.com
0.0.0.0 adnexus.net
0.0.0.0 compatexchange.cloudapp.net
0.0.0.0 a-0001.a-msedge.net
There are 73 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2590114280-3335225030-2770196223-1001\Control Panel\Desktop\Wallpaper → C:\Users\DuhBoy\Pictures\ms_windows-wallpaper-1680x1050.jpg
DNS Servers: 77.77.192.20 - 94.140.66.194
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM...\StartupApproved\Run32: => “SecurityHealth”
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{5ED4C595-013E-4F89-B470-DA0A7BBA64FD}] => (Allow) D:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{095297AF-9B32-4BC4-8335-B2CB920DF55E}] => (Allow) D:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [UDP Query User{714F5833-BE70-47E4-BD49-A4D97C888345}C:\program files (x86)\steam\steamapps\common\rocketleague\binaries \win32\rocketleague.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\rocketleague\binaries \win32\rocketleague.exe
FirewallRules: [TCP Query User{33C15387-1BD2-4E07-BAAB-1845259A4A77}C:\program files (x86)\steam\steamapps\common\rocketleague\binaries \win32\rocketleague.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\rocketleague\binaries \win32\rocketleague.exe
FirewallRules: [{58CD17ED-EAA9-44C6-8DC2-381B3F7630B8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{C7CD707E-B0BD-4FBF-AC7E-DF4CF1E7D734}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{53D211E9-0804-4B35-BCE0-7BA6A18C5C76}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{24B634BA-9CEA-422F-B637-D1358C3833E1}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{BAF381E7-92AC-4E6B-B4E4-2CEDC9F188A5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{301FCC0D-2387-4B1A-B50B-386122680F48}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{17E22BC1-02D8-4BDD-B4E3-14A9F91BE0B5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{09D0372F-A844-4EC8-A9DE-EA12F068AB20}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{2CB4439A-460B-473F-B127-418DFAE2AE84}] => (Allow) D:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{6E9E2F6D-3C68-4144-A813-EA8F50EE1030}] => (Allow) D:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [TCP Query User{48D37D40-76AD-492B-9D52-546791886A6D}D:\program files (x86)\ubisoft\tom clancy’s splinter cell chaos theory\system\splintercell3.exe] => (Allow) D:\program files (x86)\ubisoft\tom clancy’s splinter cell chaos theory\system\splintercell3.exe
FirewallRules: [UDP Query User{9C0B5C4F-ED7A-45E4-8651-D8B5EF861309}D:\program files (x86)\ubisoft\tom clancy’s splinter cell chaos theory\system\splintercell3.exe] => (Allow) D:\program files (x86)\ubisoft\tom clancy’s splinter cell chaos theory\system\splintercell3.exe
FirewallRules: [{DF99CD0F-B049-4A9E-88BF-9D91AF87272E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FE522D96-7741-43CF-8BF6-FA0563FC2739}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8F94749C-E186-4F4B-9D15-DE1488924449}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{4CE1686E-7B6C-493B-88BD-1F6FA9E6F31D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{C24268C7-C112-4DCE-8EE4-5C7068941942}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3115130B-2588-48C4-86F7-0F2D6F35D134}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0B78BAF1-CBA9-43B8-BB99-9CA0D1CA833C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AF67D029-8333-4F9F-ABE5-444FB730805A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{69BA2B0F-8AB3-4EA8-ADA1-CEC5FE763251}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D28ED5E7-F578-4DC5-AC4A-DC18BF2D9AC2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6B516B35-2C81-4B6A-B02D-44B7DACFFF52}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5B7CBF9A-2367-46D8-9E8C-9159F6D52B36}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{86ED9362-1944-423C-B4A8-DD13E20A3B3E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BDFE9B0E-72EA-4780-8C85-5503C616B596}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{95A035D4-263E-4FDD-90F1-606D5A8B8B27}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E1AB2477-74BC-486E-9B16-3FC63C09B5A5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C2B707FA-4FFB-46B8-A6DF-7EF538957FC8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{50FC30F8-BF73-418B-BCA0-12A6E2C0ED81}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C1BC9DE9-C69D-4CC1-9167-4106EB5957C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{EF91EB3E-DC42-4A65-8F76-557E67CFBB6F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{461FF452-0C14-457F-BCAF-9C97A6A6D771}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5CC387C6-64FA-4E20-9B80-17CAF85DE59C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{D28484F8-C417-44F6-A753-28426A08CFF8}D:\program files (x86)\outlast 2\binaries\win64\outlast2.exe] => (Block) D:\program files (x86)\outlast 2\binaries\win64\outlast2.exe
FirewallRules: [UDP Query User{2341AA36-53B8-475D-8453-D2332C4D810A}D:\program files (x86)\outlast 2\binaries\win64\outlast2.exe] => (Block) D:\program files (x86)\outlast 2\binaries\win64\outlast2.exe
FirewallRules: [{FD7A622C-BCB0-448B-AC97-5C66E566B4C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4D4F08C5-45D9-45EE-AC8F-ED8E28A2B1A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{14E9815B-952C-4197-86F8-D25ECE5D1D47}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C1B6E7D5-1955-403E-8CE9-76570ECAC823}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{5C4ECD95-089E-4885-8048-39BC91BB7E09}D:\program files (x86)\origin games\fifa 17\fifa17.exe] => (Allow) D:\program files (x86)\origin games\fifa 17\fifa17.exe
FirewallRules: [UDP Query User{A0B935E9-4A31-4E46-9723-338CAE7E415E}D:\program files (x86)\origin games\fifa 17\fifa17.exe] => (Allow) D:\program files (x86)\origin games\fifa 17\fifa17.exe
FirewallRules: [{71B2FF19-A597-41CC-BC25-951A23900200}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1A5F7651-9418-4EB9-B1B7-2ACA00D8CDE6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6393CD30-973E-4650-8532-789F2CC14E7C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2EAF1A7F-12A6-4574-8436-D55FEA7D616D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3553140C-76AE-44C6-9139-5CB7F96B9B86}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries \Win32\RocketLeague.exe
FirewallRules: [{F019850D-1DD2-4640-BB46-65758C1371D8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries \Win32\RocketLeague.exe
FirewallRules: [{ED510579-BCF2-49BA-BCAE-E38ABFBC8D7A}] => (Allow) D:\Program Files (x86)\Origin Games\FIFA 17\FIFASetup\fifaconfig.exe
FirewallRules: [{6A91A993-BC59-4928-863C-E710C944D6E6}] => (Allow) D:\Program Files (x86)\Origin Games\FIFA 17\FIFASetup\fifaconfig.exe
FirewallRules: [{0B056C44-0643-4A0B-BE53-61F7D76F785C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3B3D8177-168A-4D80-B631-E48C5D320697}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9E8F2B4B-2A35-41D4-98BB-DED392D1D7F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8B50998F-1DA9-4853-B135-CC2D8471B254}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A6F9E727-872C-4339-BCF7-B7BBD3ABA3D5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{5508AF85-0925-4867-9FCF-A9CD81B85727}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FF522AC1-FE0D-4236-8BA9-C47E6D23E20D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F579A642-1DFF-4710-BCDA-84F342F98954}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{50B12832-FDD2-47DB-9522-157328A3B8D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7047D2A5-1BC1-45B5-9B10-39CA350F46AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{558B6F35-649E-42B8-9571-58E4146BD7C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FE879407-02D3-4865-98CF-E9B83DA07DAE}] => (Allow) D:\Games\steamapps\common\CastleCrashers\castle.ex e
FirewallRules: [{BFE6EE12-7374-45BE-BBD6-6AB23A0DE5F2}] => (Allow) D:\Games\steamapps\common\CastleCrashers\castle.ex e
FirewallRules: [{B8105E31-3635-4A90-8CA3-32A52E4BA76A}] => (Block) LPort=445
FirewallRules: [{4DE4C44F-A5EA-4AF4-BCEE-CD3C342AF51E}] => (Allow) D:\Program Files (x86)\Resident Evil Revelations 2\rerev2.exe
FirewallRules: [{EF7656F8-6E53-4A8C-9062-74787F4604BC}] => (Allow) D:\Program Files (x86)\Resident Evil Revelations 2\rerev2.exe
FirewallRules: [TCP Query User{40460BB4-5F1A-4C15-BD46-170D6A7091C9}D:\program files (x86)\warcraft iii\war3.exe] => (Allow) D:\program files (x86)\warcraft iii\war3.exe
FirewallRules: [UDP Query User{0063E442-AF7B-4B4B-A9A4-B9C004D6B2CE}D:\program files (x86)\warcraft iii\war3.exe] => (Allow) D:\program files (x86)\warcraft iii\war3.exe
FirewallRules: [{DBD4FA02-84D0-4B34-95D5-9E9F5A512166}] => (Allow) D:\Games\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{738F4FF3-6A6E-4AA7-92CE-45689DD90E75}] => (Allow) D:\Games\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{1165FD4B-B016-455A-8D5E-B010CF046E7F}] => (Allow) D:\Games\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{3233E533-CA0D-4ABF-898F-168BCE8BD883}] => (Allow) D:\Games\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{7E99160D-4DDC-465B-A78D-FAA898B88B18}] => (Allow) D:\Games\steamapps\common\Sonic & All-Stars Racing Transformed\ASN_App_PcDx9_Final.exe
FirewallRules: [{D23B007D-DBFC-4EA8-A638-83191FA1A41F}] => (Allow) D:\Games\steamapps\common\Sonic & All-Stars Racing Transformed\ASN_App_PcDx9_Final.exe
FirewallRules: [{40C17BA3-F631-44AB-A8BA-EC6EB7907303}] => (Allow) D:\Games\steamapps\common\Sonic & All-Stars Racing Transformed\Launcher.exe
FirewallRules: [{8ADB11CC-98B2-4A6C-BA8A-AF8688660762}] => (Allow) D:\Games\steamapps\common\Sonic & All-Stars Racing Transformed\Launcher.exe
==================== Restore Points =========================
ATTENTION: System Restore is disabled
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
[HEADING=1]Application errors:[/HEADING]
Error: (05/24/2017 04:51:20 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description:
Error: (05/24/2017 04:51:04 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description:
Error: (05/24/2017 04:49:47 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description:
Error: (05/24/2017 04:48:21 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description:
Error: (05/24/2017 04:47:33 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description:
Error: (05/24/2017 04:47:26 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description:
Error: (05/24/2017 04:47:20 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description:
[HEADING=1]System errors:[/HEADING]
==================== Memory info ===========================
Processor: Intel(R) Core™ i5-6600K CPU @ 3.50GHz
Percentage of memory in use: 26%
Total physical RAM: 8135.39 MB
Available physical RAM: 5989.59 MB
Total Virtual: 8647.39 MB
Available Virtual: 6537.09 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.24 GB) (Free:36.94 GB) NTFS
Drive d: () (Fixed) (Total:931.51 GB) (Free:795.62 GB) NTFS
==================== MBR & Partition Table ==================
================================================== ======
Disk: 0 (Size: 931.5 GB) (Disk ID: 09836306)
Partition: GPT.
================================================== ======
Disk: 1 (Size: 111.8 GB) (Disk ID: 46192262)
Partition: GPT.
==================== End of Addition.txt ============================
Also this rKILL log looks suspicious:
aRkill 2.8.4 by Lawrence Abrams (Grinler)
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
RKill - What it does and What it Doesn't - A brief introduction to the program - Anti-Virus, Anti-Malware, and Privacy Software
Program started at: 05/24/2017 04:57:38 PM in x64 mode.
Windows Version: Windows 10 Pro
Checking for Windows services to stop:
Checking for processes to terminate:
1 proccess terminated!
Checking Registry for malware related settings:
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
Checking Windows Service Integrity:
Searching for Missing Digital Signatures:
Checking HOSTS File:
127.0.0.1 localhost
::1 localhost
0.0.0.0 vortex.data.microsoft.com
0.0.0.0 vortex-win.data.microsoft.com
0.0.0.0 az512334.vo.msecnd.net
0.0.0.0 rad.msn.com
0.0.0.0 preview.msn.com
0.0.0.0 fe2.update.microsoft.com.akadns.net
0.0.0.0 diagnostics.support.microsoft.com
0.0.0.0 corp.sts.microsoft.com
0.0.0.0 statsfe1.ws.microsoft.com
0.0.0.0 pre.footprintpredict.com
0.0.0.0 i1.services.social.microsoft.com
0.0.0.0 i1.services.social.microsoft.com.nsatc.net
0.0.0.0 feedback.search.microsoft.com
0.0.0.0 ad.doubleclick.net
0.0.0.0 feedback.windows.com
0.0.0.0 feedback.microsoft-hohm.com
0.0.0.0 telecommand.telemetry.microsoft.com
0.0.0.0 telemetry.microsoft.com
20 out of 106 HOSTS entries shown.
Please review HOSTS file for further entries.
Program finished at: 05/24/2017 04:57:45 PM
Execution time: 0 hours(s), 0 minute(s), and 7 seconds(s)
I ran system file integrity scan, but everything is fine, no corruptions. Maybe rkill is incorrect on few of these services?
Also i am really good keeping my pc safe and clean, didn’t had a virus in few years. Just wanna make sure, also i checked the logs, they seem pretty clean to me, except those from rKill. IF you need logs from anything else, just ask.
Logs from FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2017
Ran by DuhBoy (administrator) on DUHBOYKX (24-05-2017 16:55:32)
Running from C:\Users\DuhBoy\Downloads
Loaded Profiles: DuhBoy (Available Profiles: defaultuser0 & DuhBoy)
Platform: Windows 10 Pro Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Electronic Arts) D:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8903176 2016-09-23] (Realtek Semiconductor)
HKLM...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
GroupPolicy: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 77.77.192.20 94.140.66.194
Tcpip..\Interfaces{f9f53f6f-3721-44da-a5be-1652421efa6f}: [DhcpNameServer] 77.77.192.20 94.140.66.194
[HEADING=1]Internet Explorer:[/HEADING]
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2590114280-3335225030-2770196223-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-2590114280-3335225030-2770196223-1001 → {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
[HEADING=1]FireFox:[/HEADING]
FF Plugin-x32: @tools.google.com/Google Update;version=3 → C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 → C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
[HEADING=1]Chrome:[/HEADING]
CHR StartupUrls: Default → “hxxps://www.google.ba/”
CHR Profile: C:\Users\DuhBoy\AppData\Local\Google\Chrome\User Data\Default [2017-05-24]
CHR Extension: (BetterTTV) - C:\Users\DuhBoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegp efgped [2017-04-21]
CHR Extension: (Pop up blocker for Chrome™ - Poper Blocker) - C:\Users\DuhBoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkop ceiche [2017-05-05]
CHR Extension: (uBlock Origin) - C:\Users\DuhBoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjb keiagm [2017-05-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\DuhBoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2017-03-09]
CHR Extension: (uMatrix) - C:\Users\DuhBoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogfcmafjalglgifnmanfmnieip oejdcf [2017-04-08]
CHR Extension: (Chrome Media Router) - C:\Users\DuhBoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2017-05-12]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [2162064 2017-05-11] (Electronic Arts)
R2 Origin Web Helper Service; D:\Program Files (x86)\Origin\OriginWebHelperService.exe [3136920 2017-05-11] (Electronic Arts)
S4 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-19] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S4 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c03 14337.inf_amd64_21ee54ffe6f42e4c\atikmdag.sys [36560376 2017-05-18] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c03 14337.inf_amd64_21ee54ffe6f42e4c\atikmpag.sys [529912 2017-05-18] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110088 2017-04-26] (Advanced Micro Devices)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-05-09] ()
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [187320 2017-05-24] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [113592 2017-05-24] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-05-24] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251832 2017-05-24] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93624 2017-05-24] (Malwarebytes)
S1 ndisrd; C:\WINDOWS\system32\DRIVERS\ndisrfl.sys [59792 2016-09-13] (Intel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-11-18] (Realtek )
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-05-24 16:45 - 2017-05-24 16:45 - 00008227 _____ C:\Users\DuhBoy\Downloads\fixlist.txt
2017-05-24 16:24 - 2017-05-24 16:24 - 00038771 _____ C:\Users\DuhBoy\Downloads\Addition.txt
2017-05-24 16:23 - 2017-05-24 16:55 - 00008329 _____ C:\Users\DuhBoy\Downloads\FRST.txt
2017-05-24 16:23 - 2017-05-24 16:55 - 00000000 ____D C:\FRST
2017-05-24 16:23 - 2017-05-24 16:23 - 02429952 _____ (Farbar) C:\Users\DuhBoy\Downloads\FRST64.exe
2017-05-24 16:23 - 2017-05-24 16:23 - 00388608 _____ (Trend Micro Inc.) C:\Users\DuhBoy\Downloads\HijackThis.exe
2017-05-24 14:21 - 2017-05-24 15:27 - 00000000 ____D C:\WINDOWS\System32\Tasks\System
2017-05-24 00:00 - 2017-05-24 00:00 - 00000000 ____D C:\Users\DuhBoy\Documents\SART
2017-05-23 18:34 - 2017-05-24 16:21 - 00000000 ____D C:\Users\DuhBoy\AppData\Local\ESET
2017-05-22 23:34 - 2017-05-22 23:34 - 00000000 ____D C:\Users\DuhBoy\AppData\Local\CAPCOM
2017-05-21 19:49 - 2017-05-21 19:49 - 00000000 ____D C:\Users\DuhBoy\AppData\Roaming\Warner Bros. Interactive Entertainment
2017-05-21 16:09 - 2017-05-21 16:09 - 00000000 ____D C:\Users\DuhBoy\Documents\My Mods
2017-05-20 19:54 - 2017-05-20 19:54 - 00000761 _____ C:\Users\Public\Desktop\w3arena.lnk
2017-05-20 19:54 - 2017-05-20 19:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\w3arena.net Launcher 1.9.10
2017-05-20 19:36 - 2017-05-20 19:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III
2017-05-20 19:14 - 2017-05-22 01:56 - 00000840 _____ C:\Users\Public\Desktop\Warcraft III - The Frozen Throne.lnk
2017-05-20 13:33 - 2017-05-20 18:40 - 00000000 ____D C:\WINDOWS\Minidump
2017-05-18 23:32 - 2017-05-20 01:52 - 00000000 ____D C:\Users\DuhBoy\AppData\Local\AMD
2017-05-18 23:31 - 2017-05-18 23:31 - 00000000 ____D C:\WINDOWS\SysWOW64\directx
2017-05-18 23:30 - 2017-05-18 23:30 - 00003160 _____ C:\WINDOWS\System32\Tasks\StartCN
2017-05-18 23:30 - 2017-05-18 23:30 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-05-18 23:30 - 2017-05-18 23:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2017-05-18 23:30 - 2017-05-18 23:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Problem Report Wizard
2017-05-18 23:30 - 2017-05-18 23:30 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2017-05-18 23:30 - 2017-05-18 23:30 - 00000000 ____D C:\Program Files (x86)\AMD
2017-05-18 23:29 - 2017-05-18 23:30 - 00000000 ____D C:\Program Files\AMD
2017-05-18 23:29 - 2017-01-28 00:05 - 00103936 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-05-18 23:29 - 2017-01-28 00:04 - 00326656 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-05-18 23:29 - 2017-01-28 00:02 - 00118272 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-05-18 23:29 - 2017-01-28 00:01 - 00322560 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-05-18 23:28 - 2017-05-18 23:29 - 00000000 ____D C:\AMD
2017-05-18 23:27 - 2017-05-20 13:34 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask .job
2017-05-18 23:27 - 2017-05-18 23:27 - 00003644 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnele vatedTask
2017-05-18 20:55 - 2017-05-18 20:55 - 10322936 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdvlk64.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 08480248 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdvlk32.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 03471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap
2017-05-18 20:55 - 2017-05-18 20:55 - 03437632 _____ C:\WINDOWS\system32\atiumd6a.cap
2017-05-18 20:55 - 2017-05-18 20:55 - 02536952 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amfrt64.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 02199032 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amfrt32.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 01517048 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 01041400 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 01041400 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00925176 _____ (AMD) C:\WINDOWS\system32\coinst_17.10.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00794880 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb
2017-05-18 20:55 - 2017-05-18 20:55 - 00794880 _____ C:\WINDOWS\system32\atiapfxx.blb
2017-05-18 20:55 - 2017-05-18 20:55 - 00777720 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe
2017-05-18 20:55 - 2017-05-18 20:55 - 00552440 _____ C:\WINDOWS\system32\dgtrayicon.exe
2017-05-18 20:55 - 2017-05-18 20:55 - 00552440 _____ (AMD) C:\WINDOWS\system32\atiesrxx.exe
2017-05-18 20:55 - 2017-05-18 20:55 - 00531960 _____ C:\WINDOWS\system32\GameManager64.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00484344 _____ C:\WINDOWS\system32\atieah64.exe
2017-05-18 20:55 - 2017-05-18 20:55 - 00467960 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00411640 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe
2017-05-18 20:55 - 2017-05-18 20:55 - 00366072 _____ C:\WINDOWS\SysWOW64\GameManager32.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00334840 _____ C:\WINDOWS\SysWOW64\atieah32.exe
2017-05-18 20:55 - 2017-05-18 20:55 - 00279032 _____ C:\WINDOWS\system32\clinfo.exe
2017-05-18 20:55 - 2017-05-18 20:55 - 00276984 _____ C:\WINDOWS\system32\hsa-thunk64.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00245752 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00242680 _____ C:\WINDOWS\SysWOW64\hsa-thunk.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00204952 _____ C:\WINDOWS\SysWOW64\ativvsvl.dat
2017-05-18 20:55 - 2017-05-18 20:55 - 00204952 _____ C:\WINDOWS\system32\ativvsvl.dat
2017-05-18 20:55 - 2017-05-18 20:55 - 00204280 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00191992 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00170488 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00168440 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00157336 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00157144 _____ C:\WINDOWS\SysWOW64\ativvsva.dat
2017-05-18 20:55 - 2017-05-18 20:55 - 00157144 _____ C:\WINDOWS\system32\ativvsva.dat
2017-05-18 20:55 - 2017-05-18 20:55 - 00154384 _____ C:\WINDOWS\system32\samu_krnl_ci.sbin
2017-05-18 20:55 - 2017-05-18 20:55 - 00151544 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00149072 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00138832 _____ C:\WINDOWS\system32\samu_krnl_isv_ci.sbin
2017-05-18 20:55 - 2017-05-18 20:55 - 00135672 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00134136 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00131912 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00131912 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00123384 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00121848 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00120368 _____ C:\WINDOWS\system32\kapp_ci.sbin
2017-05-18 20:55 - 2017-05-18 20:55 - 00115704 _____ C:\WINDOWS\system32\atidxx64.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00114704 _____ C:\WINDOWS\system32\kapp_si.sbin
2017-05-18 20:55 - 2017-05-18 20:55 - 00113144 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00112632 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00103152 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00103152 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00102392 _____ C:\WINDOWS\SysWOW64\atidxx32.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00099832 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00069624 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ati2erec.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00045560 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\RapidFireServer64.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00043000 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\RapidFireServer.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00029688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll
2017-05-18 20:55 - 2017-05-18 20:55 - 00029688 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll
2017-05-18 20:54 - 2017-05-18 20:54 - 00864760 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll
2017-05-18 20:54 - 2017-05-18 20:54 - 00696824 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll
2017-05-18 20:54 - 2017-05-18 20:54 - 00574440 _____ C:\WINDOWS\system32\amdmiracast.dll
2017-05-18 20:54 - 2017-05-18 20:54 - 00515064 _____ C:\WINDOWS\system32\amdgfxinfo64.dll
2017-05-18 20:54 - 2017-05-18 20:54 - 00360952 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
2017-05-18 20:54 - 2017-05-18 20:54 - 00196816 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdhcp64.dll
2017-05-18 20:54 - 2017-05-18 20:54 - 00165040 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdhcp32.dll
2017-05-18 20:54 - 2017-05-18 20:54 - 00139712 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll
2017-05-18 20:54 - 2017-05-18 20:54 - 00116704 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll
2017-05-18 20:54 - 2017-05-18 20:54 - 00092152 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmcl64.dll
2017-05-18 20:54 - 2017-05-18 20:54 - 00075768 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmcl32.dll
2017-05-18 20:54 - 2017-05-18 20:54 - 00020580 _____ C:\WINDOWS\system32\AMDKernelEvents.man
2017-05-18 20:54 - 2017-05-18 20:54 - 00000144 _____ C:\WINDOWS\SysWOW64\amd-vulkan32.json
2017-05-18 20:54 - 2017-05-18 20:54 - 00000144 _____ C:\WINDOWS\system32\amd-vulkan64.json
2017-05-17 02:37 - 2017-05-17 02:37 - 00000000 ____D C:\Users\DuhBoy\Downloads\devicecleanup
2017-05-16 10:44 - 2017-05-16 10:44 - 00000851 _____ C:\Users\DuhBoy\Desktop\LEGO City Undercover.lnk
2017-05-16 00:36 - 2017-05-18 17:23 - 00007602 _____ C:\Users\DuhBoy\AppData\Local\Resmon.ResmonCfg
2017-05-15 18:49 - 2017-05-15 18:49 - 00000868 _____ C:\Users\Public\Desktop\Resident Evil Revelations 2.lnk
2017-05-15 14:03 - 2017-05-15 14:03 - 14725904 _____ (TeamViewer GmbH) C:\Users\DuhBoy\Downloads\TeamViewer_Setup.exe
2017-05-11 13:48 - 2017-05-24 16:21 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-05-11 13:48 - 2017-05-24 16:21 - 00187320 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-05-11 13:48 - 2017-05-24 16:21 - 00113592 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-05-11 13:48 - 2017-05-24 16:21 - 00093624 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-05-11 13:48 - 2017-05-24 16:21 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-05-11 13:48 - 2017-05-11 13:48 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-05-11 13:48 - 2017-05-11 13:48 - 00000000 ____D C:\Program Files\Malwarebytes
2017-05-11 13:48 - 2017-05-09 16:37 - 00077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-05-11 01:10 - 2017-05-24 00:16 - 00000000 ____D C:\Users\DuhBoy\AppData\Local\UnrealEngine
2017-05-09 20:04 - 2017-04-28 03:38 - 01411128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-05-09 20:04 - 2017-04-28 03:19 - 01839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-05-09 20:04 - 2017-04-28 03:19 - 00605936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-05-09 20:04 - 2017-04-28 03:18 - 02259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-05-09 20:04 - 2017-04-28 03:16 - 00599576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2017-05-09 20:04 - 2017-04-28 03:12 - 01604312 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-05-09 20:04 - 2017-04-28 03:12 - 00543640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-05-09 20:04 - 2017-04-28 03:11 - 02158544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-05-09 20:04 - 2017-04-28 03:09 - 01557288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2017-05-09 20:04 - 2017-04-28 03:08 - 08320920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-05-09 20:04 - 2017-04-28 03:08 - 02399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-05-09 20:04 - 2017-04-28 03:08 - 02330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-05-09 20:04 - 2017-04-28 03:08 - 00775824 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-05-09 20:04 - 2017-04-28 03:07 - 06759512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayR eady.dll
2017-05-09 20:04 - 2017-04-28 03:07 - 00988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-05-09 20:04 - 2017-04-28 03:06 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-05-09 20:04 - 2017-04-28 03:06 - 00708712 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2017-05-09 20:04 - 2017-04-28 03:05 - 00923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-05-09 20:04 - 2017-04-28 03:04 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-05-09 20:04 - 2017-04-28 03:03 - 00667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-05-09 20:04 - 2017-04-28 03:00 - 02444192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-05-09 20:04 - 2017-04-28 02:59 - 05477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-05-09 20:04 - 2017-04-28 02:59 - 02635336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-05-09 20:04 - 2017-04-28 02:59 - 00388000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-05-09 20:04 - 2017-04-28 02:59 - 00207264 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-05-09 20:04 - 2017-04-28 02:59 - 00027040 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2017-05-09 20:04 - 2017-04-28 02:58 - 01852776 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2017-05-09 20:04 - 2017-04-28 02:58 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-05-09 20:04 - 2017-04-28 02:57 - 03116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-05-09 20:04 - 2017-04-28 02:56 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayR eady.dll
2017-05-09 20:04 - 2017-04-28 02:55 - 21353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-05-09 20:04 - 2017-04-28 02:55 - 01325456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-05-09 20:04 - 2017-04-28 02:53 - 00387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-05-09 20:04 - 2017-04-28 02:52 - 02957824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-05-09 20:04 - 2017-04-28 02:52 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-05-09 20:04 - 2017-04-28 02:52 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-05-09 20:04 - 2017-04-28 02:51 - 20505600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-05-09 20:04 - 2017-04-28 02:49 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2017-05-09 20:04 - 2017-04-28 02:49 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-05-09 20:04 - 2017-04-28 02:46 - 19335168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-05-09 20:04 - 2017-04-28 02:46 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-05-09 20:04 - 2017-04-28 02:46 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-05-09 20:04 - 2017-04-28 02:45 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-05-09 20:04 - 2017-04-28 02:44 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-05-09 20:04 - 2017-04-28 02:44 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-05-09 20:04 - 2017-04-28 02:42 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-05-09 20:04 - 2017-04-28 02:42 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-05-09 20:04 - 2017-04-28 02:42 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-05-09 20:04 - 2017-04-28 02:42 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-05-09 20:04 - 2017-04-28 02:41 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-05-09 20:04 - 2017-04-28 02:40 - 11870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-05-09 20:04 - 2017-04-28 02:40 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-05-09 20:04 - 2017-04-28 02:40 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-05-09 20:04 - 2017-04-28 02:40 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-05-09 20:04 - 2017-04-28 02:40 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-05-09 20:04 - 2017-04-28 02:40 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-05-09 20:04 - 2017-04-28 02:39 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-05-09 20:04 - 2017-04-28 02:39 - 03655680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-05-09 20:04 - 2017-04-28 02:39 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-05-09 20:04 - 2017-04-28 02:38 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-05-09 20:04 - 2017-04-28 02:38 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-05-09 20:04 - 2017-04-28 02:37 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-05-09 20:04 - 2017-04-28 02:37 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-05-09 20:04 - 2017-04-28 02:34 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-05-09 20:04 - 2017-04-28 02:33 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-05-09 20:04 - 2017-04-28 02:26 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-05-09 20:04 - 2017-04-28 02:15 - 03672064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-05-09 20:04 - 2017-04-28 02:15 - 01051648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-05-09 20:04 - 2017-04-28 02:14 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-05-09 20:04 - 2017-04-28 02:11 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2017-05-09 20:04 - 2017-04-28 02:11 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-05-09 20:04 - 2017-04-28 02:11 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-05-09 20:04 - 2017-04-28 02:09 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-05-09 20:04 - 2017-04-28 02:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-05-09 20:04 - 2017-04-28 02:08 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-05-09 20:04 - 2017-04-28 02:08 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dl l
2017-05-09 20:04 - 2017-04-28 02:08 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-05-09 20:04 - 2017-04-28 02:07 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-05-09 20:04 - 2017-04-28 02:06 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-05-09 20:04 - 2017-04-28 02:06 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-05-09 20:04 - 2017-04-28 02:06 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-05-09 20:04 - 2017-04-28 02:06 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-05-09 20:04 - 2017-04-28 02:05 - 01075712 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-05-09 20:04 - 2017-04-28 02:05 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-05-09 20:04 - 2017-04-28 02:04 - 23681024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-05-09 20:04 - 2017-04-28 02:04 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-05-09 20:04 - 2017-04-28 02:04 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-05-09 20:04 - 2017-04-28 02:04 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-05-09 20:04 - 2017-04-28 02:03 - 01085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-05-09 20:04 - 2017-04-28 02:03 - 01027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-05-09 20:04 - 2017-04-28 02:03 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-05-09 20:04 - 2017-04-28 02:03 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-05-09 20:04 - 2017-04-28 02:03 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-05-09 20:04 - 2017-04-28 02:02 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-05-09 20:04 - 2017-04-28 02:01 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-05-09 20:04 - 2017-04-28 02:01 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.oneco re.dll
2017-05-09 20:04 - 2017-04-28 02:00 - 08244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-05-09 20:04 - 2017-04-28 01:59 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-05-09 20:04 - 2017-04-28 01:59 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-05-09 20:04 - 2017-04-28 01:59 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-05-09 20:04 - 2017-04-28 01:59 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-05-09 20:04 - 2017-04-28 01:59 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-05-09 20:04 - 2017-04-28 01:58 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-05-09 20:04 - 2017-04-28 01:58 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-05-09 20:04 - 2017-04-28 01:57 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-05-09 20:04 - 2017-04-28 01:57 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-05-09 20:04 - 2017-04-28 01:57 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-05-09 20:04 - 2017-04-28 01:57 - 01803264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-05-09 20:04 - 2017-04-28 01:54 - 00985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-05-09 20:04 - 2017-04-28 01:54 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-05-09 20:04 - 2017-04-28 01:54 - 00722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-05-09 20:04 - 2017-04-28 01:54 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-05-09 20:04 - 2017-04-28 01:52 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll
2017-05-09 13:56 - 2017-05-09 15:27 - 00000000 ____D C:\Users\DuhBoy\Documents\FIFA 17
2017-05-09 13:56 - 2017-05-09 13:56 - 00000000 ___HD C:\Program Files\Common Files\EAInstaller
2017-05-09 13:56 - 2017-05-09 13:56 - 00000000 ____D C:\ProgramData\Electronic Arts
2017-05-09 13:16 - 2017-05-23 18:32 - 00000000 ____D C:\Users\DuhBoy\AppData\Roaming\Origin
2017-05-09 13:16 - 2017-05-09 13:16 - 00000757 _____ C:\Users\Public\Desktop\Origin.lnk
2017-05-09 13:16 - 2017-05-09 13:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2017-05-09 13:14 - 2017-05-23 12:57 - 00000000 ____D C:\ProgramData\Origin
2017-05-09 13:14 - 2017-05-09 13:16 - 00000000 ____D C:\Users\DuhBoy\AppData\Local\Origin
2017-05-09 13:14 - 2017-05-09 13:14 - 00000000 ____D C:\Users\DuhBoy.Origin
2017-05-08 22:59 - 2017-05-08 22:59 - 00000000 ____D C:\Users\DuhBoy\Documents\League of Legends
2017-05-07 16:25 - 2017-05-07 16:25 - 00000833 _____ C:\Users\Public\Desktop\CPUID HWMonitor.lnk
2017-05-07 16:25 - 2017-05-07 16:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2017-05-03 01:21 - 2017-05-03 01:40 - 00000000 ____D C:\Users\DuhBoy\AppData\LocalLow\Playtonic Ltd
2017-05-01 22:28 - 2017-05-01 22:28 - 00000000 ____D C:\Users\DuhBoy\AppData\Local\FILECACHE
2017-05-01 00:41 - 2017-04-19 09:07 - 00712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-05-01 00:41 - 2017-04-19 09:06 - 00651680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-05-01 00:41 - 2017-04-19 09:04 - 00142240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-05-01 00:41 - 2017-04-19 09:02 - 00716440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2017-05-01 00:41 - 2017-04-19 08:19 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-05-01 00:41 - 2017-04-19 08:18 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2017-05-01 00:41 - 2017-04-19 08:16 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2017-05-01 00:41 - 2017-04-19 08:15 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2017-05-01 00:41 - 2017-04-19 08:14 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-05-01 00:41 - 2017-04-19 08:13 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dl l
2017-05-01 00:41 - 2017-04-19 08:13 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-05-01 00:41 - 2017-04-19 08:12 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-05-01 00:41 - 2017-04-19 08:12 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-05-01 00:41 - 2017-04-19 08:12 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2017-05-01 00:41 - 2017-04-19 08:11 - 04446208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-05-01 00:41 - 2017-04-19 08:11 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-05-01 00:41 - 2017-04-19 08:10 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-05-01 00:41 - 2017-04-19 08:10 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.Cura tedTileCollections.dll
2017-05-01 00:41 - 2017-04-19 08:10 - 01600512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2017-05-01 00:41 - 2017-04-19 08:08 - 01103872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-05-01 00:41 - 2017-04-19 08:08 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-05-01 00:41 - 2017-04-19 08:07 - 01242624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-05-01 00:41 - 2017-04-19 08:07 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-05-01 00:41 - 2017-04-19 08:06 - 02651648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-05-01 00:41 - 2017-04-19 08:04 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-05-01 00:41 - 2017-04-19 08:04 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-05-01 00:41 - 2017-04-19 08:02 - 00559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-05-01 00:41 - 2017-04-19 08:01 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvps.dll
2017-05-01 00:41 - 2017-04-19 07:59 - 02435584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-05-01 00:41 - 2017-04-19 07:59 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-05-01 00:41 - 2017-04-19 07:58 - 20374424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-05-01 00:41 - 2017-04-19 07:37 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2017-05-01 00:41 - 2017-04-19 07:36 - 01291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-05-01 00:41 - 2017-04-19 07:35 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dl l
2017-05-01 00:41 - 2017-04-19 07:34 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-05-01 00:41 - 2017-04-19 07:34 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-05-01 00:41 - 2017-04-19 07:34 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2017-05-01 00:41 - 2017-04-19 07:32 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-05-01 00:41 - 2017-04-19 07:30 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-05-01 00:41 - 2017-04-19 07:29 - 02298880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-05-01 00:41 - 2017-04-14 02:35 - 04848440 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-05-01 00:41 - 2017-04-14 02:35 - 00741784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker. dll
2017-05-01 00:41 - 2017-04-14 02:35 - 00673112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2017-05-01 00:41 - 2017-04-14 02:33 - 02085280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-05-01 00:41 - 2017-04-14 02:32 - 01320352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-05-01 00:41 - 2017-04-14 02:30 - 00105456 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2017-05-01 00:41 - 2017-04-14 02:25 - 01854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-05-01 00:41 - 2017-04-14 02:25 - 01452960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-05-01 00:41 - 2017-04-14 01:43 - 04469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-05-01 00:41 - 2017-04-14 01:43 - 00523296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2017-05-01 00:41 - 2017-04-14 01:41 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2017-05-01 00:41 - 2017-04-14 01:41 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-05-01 00:41 - 2017-04-14 01:40 - 00095584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2017-05-01 00:41 - 2017-04-14 01:39 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-05-01 00:41 - 2017-04-14 01:39 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe
2017-05-01 00:41 - 2017-04-14 01:39 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-05-01 00:41 - 2017-04-14 01:39 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-05-01 00:41 - 2017-04-14 01:39 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2017-05-01 00:41 - 2017-04-14 01:38 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Preview.dll
2017-05-01 00:41 - 2017-04-14 01:38 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2017-05-01 00:41 - 2017-04-14 01:37 - 00450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-05-01 00:41 - 2017-04-14 01:37 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2017-05-01 00:41 - 2017-04-14 01:37 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2017-05-01 00:41 - 2017-04-14 01:37 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-05-01 00:41 - 2017-04-14 01:36 - 00524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-05-01 00:41 - 2017-04-14 01:36 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-05-01 00:41 - 2017-04-14 01:35 - 01433600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-05-01 00:41 - 2017-04-14 01:35 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-05-01 00:41 - 2017-04-14 01:35 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-05-01 00:41 - 2017-04-14 01:34 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.deskt op.dll
2017-05-01 00:41 - 2017-04-14 01:34 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-05-01 00:41 - 2017-04-14 01:33 - 01269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-05-01 00:41 - 2017-04-14 01:33 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-05-01 00:41 - 2017-04-14 01:31 - 01611776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2017-05-01 00:41 - 2017-04-14 01:31 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-05-01 00:41 - 2017-04-14 01:29 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-05-01 00:41 - 2017-04-14 01:29 - 01583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-05-01 00:41 - 2017-04-14 01:29 - 01295872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-05-01 00:41 - 2017-04-14 01:29 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-05-01 00:41 - 2017-04-14 01:29 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-05-01 00:41 - 2017-04-14 01:28 - 02443776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-05-01 00:41 - 2017-04-14 01:26 - 01257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-05-01 00:41 - 2017-04-14 01:25 - 00750080 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2017-05-01 00:41 - 2017-04-14 01:24 - 01628160 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2017-05-01 00:41 - 2017-04-14 01:21 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-05-01 00:41 - 2017-04-14 01:21 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-05-01 00:41 - 2017-04-14 01:18 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaserver.exe
2017-05-01 00:41 - 2017-04-14 01:18 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-05-01 00:41 - 2017-04-14 01:15 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2017-05-01 00:41 - 2017-04-14 01:15 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-05-01 00:41 - 2017-04-14 01:13 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2017-05-01 00:41 - 2017-04-14 01:13 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-05-01 00:41 - 2017-04-14 01:08 - 01463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-05-01 00:41 - 2017-04-14 01:06 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-05-01 00:41 - 2017-04-14 01:04 - 00392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-05-01 00:41 - 2017-04-14 01:01 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-04-30 23:23 - 2017-04-30 23:23 - 00000000 ____D C:\ProgramData\GOG.com
2017-04-29 18:05 - 2017-05-18 23:26 - 00000000 ____D C:\Users\DuhBoy\Downloads\DDU
2017-04-27 18:53 - 2017-05-18 23:30 - 00000000 ____D C:\Users\DuhBoy\AppData\LocalLow\AMD
2017-04-27 18:19 - 2017-05-05 23:57 - 00001015 _____ C:\Users\DuhBoy\Desktop\Outlast 2.lnk
2017-04-26 09:09 - 2017-04-26 09:09 - 00113392 _____ (Advanced Micro Devices) C:\WINDOWS\system32\DelayAPO.dll
2017-04-26 09:09 - 2017-04-26 09:09 - 00110088 _____ (Advanced Micro Devices) C:\WINDOWS\system32\Drivers\AtihdWT6.sys
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-05-24 16:55 - 2016-12-05 18:11 - 00629537 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-05-24 16:36 - 2016-08-09 19:10 - 00000000 ____D C:\Program Files (x86)\Steam
2017-05-24 16:33 - 2017-03-18 23:01 - 00000000 ____D C:\WINDOWS\INF
2017-05-24 16:28 - 2017-04-11 21:12 - 01492078 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-05-24 16:23 - 2017-04-11 21:04 - 00000000 ____D C:\Users\DuhBoy
2017-05-24 16:21 - 2017-04-11 21:06 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-05-24 16:21 - 2017-04-11 21:03 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-05-24 16:21 - 2017-03-18 13:40 - 00262144 _____ C:\WINDOWS\system32\config\BBI
2017-05-24 16:19 - 2016-12-05 18:11 - 00027518 _____ C:\WINDOWS\ZAM.krnl.trace
2017-05-24 16:04 - 2017-04-11 21:02 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-05-24 15:37 - 2017-01-30 04:38 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-05-24 15:30 - 2016-08-22 19:07 - 00000000 ____D C:\Users\DuhBoy\AppData\Roaming\Sony
2017-05-24 13:50 - 2017-04-11 21:06 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronizatio n-{25DA4746-5AA4-44A5-9C19-E6E75C7A10A8}
2017-05-24 09:10 - 2016-08-09 18:05 - 00000000 ____D C:\Users\DuhBoy\AppData\Roaming\qBittorrent
2017-05-24 01:31 - 2016-12-03 22:47 - 00000000 ____D C:\Users\DuhBoy\AppData\Local\CrashDumps
2017-05-24 01:31 - 2016-08-09 18:10 - 00000735 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-05-24 00:18 - 2017-01-20 00:19 - 00000000 ____D C:\ProgramData\Package Cache
2017-05-23 23:36 - 2016-08-19 19:42 - 00000000 ____D C:\Users\DuhBoy\AppData\Roaming\Riot Games
2017-05-23 13:21 - 2016-08-10 00:54 - 00000000 ____D C:\Users\DuhBoy\Documents\My Games
2017-05-23 10:01 - 2016-08-10 18:37 - 132223576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-05-23 10:01 - 2016-08-10 18:37 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-05-23 07:55 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-05-23 01:58 - 2017-04-04 01:24 - 00000000 ____D C:\Users\DuhBoy\AppData\Local\Downloaded Installations
2017-05-22 00:40 - 2017-04-05 19:39 - 00000000 ____D C:\Users\DuhBoy\Documents\Warcraft III
2017-05-21 17:39 - 2016-12-01 03:42 - 00000000 ____D C:\Users\DuhBoy\AppData\Roaming\obs-studio
2017-05-21 14:45 - 2017-03-08 16:28 - 00000000 ____D C:\Program Files\Rockstar Games
2017-05-21 14:45 - 2017-03-08 16:28 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2017-05-21 14:19 - 2016-12-01 03:42 - 00000946 _____ C:\Users\Public\Desktop\OBS Studio.lnk
2017-05-21 02:53 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-05-20 19:45 - 2017-04-05 19:39 - 00000000 ____D C:\Users\DuhBoy\AppData\Local\Blizzard
2017-05-20 19:37 - 2016-08-09 19:10 - 00000000 ____D C:\ProgramData\Battle.net
2017-05-20 19:26 - 2017-04-05 19:40 - 00000000 ____D C:\Users\Public\Documents\Warcraft III
2017-05-20 13:59 - 2017-04-11 21:03 - 00000000 ____D C:\Program Files\Common Files\logishrd
2017-05-20 13:59 - 2017-01-20 18:29 - 00116476 _____ C:\Users\Public\Documents\SIGVERIF.TXT
2017-05-20 02:08 - 2016-12-05 19:35 - 00000000 ____D C:\Users\DuhBoy\AppData\Roaming\discord
2017-05-20 02:08 - 2016-11-22 00:07 - 00002280 _____ C:\Users\DuhBoy\Desktop\Discord.lnk
2017-05-20 02:08 - 2016-11-22 00:07 - 00000000 ____D C:\Users\DuhBoy\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Hammer & Chisel, Inc
2017-05-20 02:08 - 2016-11-22 00:07 - 00000000 ____D C:\Users\DuhBoy\AppData\Local\Discord
2017-05-19 02:23 - 2017-03-27 19:59 - 00000000 ____D C:\Users\DuhBoy\AppData\Roaming\TeamViewer
2017-05-18 20:55 - 2017-04-03 19:52 - 00547320 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Rapidfire64.dll
2017-05-18 20:55 - 2017-04-03 19:52 - 00478712 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\Rapidfire.dll
2017-05-17 23:27 - 2016-08-09 19:19 - 00000000 ____D C:\Users\DuhBoy\AppData\Roaming\vlc
2017-05-15 20:19 - 2016-09-16 16:20 - 00000909 _____ C:\Users\DuhBoy\Desktop\Handbrake.lnk
2017-05-11 14:16 - 2016-09-04 23:42 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-11 14:16 - 2016-09-04 23:42 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-05-11 14:05 - 2017-03-18 23:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-11 14:05 - 2016-08-09 17:55 - 00000000 ____D C:\Users\DuhBoy\AppData\Local\Packages
2017-05-11 13:59 - 2017-04-11 21:20 - 00000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-2590114280-3335225030-2770196223-1001
2017-05-11 13:48 - 2017-04-13 14:50 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-05-10 12:13 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\rescache
2017-05-10 04:09 - 2017-04-11 21:02 - 00373920 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-05-10 04:09 - 2016-08-09 17:55 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-05-10 04:08 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-05-10 04:08 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-05-10 04:08 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-05-10 04:08 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-05-09 20:06 - 2017-03-18 22:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-05-01 00:43 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-05-01 00:43 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-05-01 00:43 - 2017-03-18 23:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-05-01 00:43 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-05-01 00:43 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-05-01 00:43 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\Provisioning
2017-05-01 00:43 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-05-01 00:43 - 2017-03-18 13:40 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-05-01 00:23 - 2016-10-03 13:38 - 00000000 __RHD C:\ESD
2017-04-30 01:55 - 2017-04-11 21:06 - 00003466 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineU A
2017-04-30 01:55 - 2017-04-11 21:06 - 00003342 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineC ore
2017-04-30 00:55 - 2016-08-27 11:25 - 00000000 ____D C:\Users\DuhBoy\AppData\Local\Battle.net
2017-04-29 03:05 - 2017-03-18 23:06 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-04-29 03:05 - 2017-03-18 23:06 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
==================== Files in the root of some directories =======
2017-05-16 00:36 - 2017-05-18 17:23 - 0007602 _____ () C:\Users\DuhBoy\AppData\Local\Resmon.ResmonCfg
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-05-17 13:44
==================== End of FRST.txt ============================
[HEADING=1]Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-05-2017
Ran by DuhBoy (24-05-2017 16:55:51)
Running from C:\Users\DuhBoy\Downloads
Windows 10 Pro Version 1703 (X64) (2017-04-11 19:14:49)
Boot Mode: Normal[/HEADING]
==================== Accounts: =============================
Administrator (S-1-5-21-2590114280-3335225030-2770196223-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2590114280-3335225030-2770196223-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-2590114280-3335225030-2770196223-1000 - Limited - Disabled) => C:\Users\defaultuser0
DuhBoy (S-1-5-21-2590114280-3335225030-2770196223-1001 - Administrator - Enabled) => C:\Users\DuhBoy
Guest (S-1-5-21-2590114280-3335225030-2770196223-501 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AMD Software (HKLM...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Borderlands 2 (HKLM...\Steam App 49520) (Version: - Gearbox Software)
Boris Continuum Complete 10 OFX (64-Bit) (HKLM...{6EF8D3CA-AA7A-412D-9297-F949C2B49821}) (Version: 10.0.2279 - Boris FX, Inc.)
Castle Crashers (HKLM...\Steam App 204360) (Version: - The Behemoth)
Catalyst Control Center Next Localization BR (Version: 2017.0517.1550.26687 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2017.0517.1550.26687 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2017.0517.1550.26687 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2017.0517.1550.26687 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2017.0517.1550.26687 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2017.0517.1550.26687 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2017.0517.1550.26687 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2017.0517.1550.26687 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2017.0517.1550.26687 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2017.0517.1550.26687 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2017.0517.1550.26687 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2017.0517.1550.26687 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2017.0517.1550.26687 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2017.0517.1550.26687 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2017.0517.1550.26687 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2017.0517.1550.26687 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2017.0517.1550.26687 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2017.0517.1550.26687 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2017.0517.1550.26687 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2017.0517.1550.26687 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2017.0517.1550.26687 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM...\CCleaner) (Version: 5.30 - Piriform)
Counter-Strike: Global Offensive (HKLM...\Steam App 730) (Version: - Valve)
CPUID HWMonitor 1.31 (HKLM...\CPUID HWMonitor_is1) (Version: - )
Defraggler (HKLM...\Defraggler) (Version: 2.21 - Piriform)
Discord (HKU\S-1-5-21-2590114280-3335225030-2770196223-1001...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Dota 2 (HKLM...\Steam App 570) (Version: - Valve)
FIFA 17 (HKLM-x32...{8C0DD062-B659-409C-9AB7-8EBD1D64D2EB}) (Version: 1.0.47.58349 - Electronic Arts)
Fraps (HKLM-x32...\Fraps) (Version: - )
Google Chrome (HKLM-x32...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
HandBrake 0.10.5 (HKLM-x32...\HandBrake) (Version: 0.10.5 - )
LEGO City Undercover (HKLM-x32...\LEGO City Undercover_is1) (Version: - )
Malwarebytes version 3.1.2.1733 (HKLM...{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM...{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM...{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM...{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM...{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM...{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM...{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32...{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32...{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32...{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32...{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM...{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32...{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32...{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32...{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32...{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32...{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32...{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32...{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32...{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
NewBlue Vegas Pro Suite Complete (HKLM-x32...\NewBlue Vegas Pro Suite Complete) (Version: 1.0 - NewBlue)
NVIDIA PhysX System Software 9.16.0318 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
OBS Studio (HKLM-x32...\OBS Studio) (Version: 19.0.1 - OBS Project)
Origin (HKLM-x32...\Origin) (Version: 10.4.10.46586 - Electronic Arts, Inc.)
Outlast 2 (HKLM-x32...\Outlast 2_is1) (Version: - )
qBittorrent 3.3.12 (HKLM-x32...\qBittorrent) (Version: 3.3.12 - The qBittorrent project)
Realtek Ethernet Controller Driver (HKLM-x32...{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.2.703.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32...{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7940 - Realtek Semiconductor Corp.)
Resident Evil Revelations 2 version 5.0.0.0 (HKLM-x32...\Resident Evil Revelations 2_is1) (Version: 5.0.0.0 - Mr DJ)
Revo Uninstaller Pro 3.1.9 (HKLM...{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.9 - VS Revo Group, Ltd.)
Rocket League (HKLM...\Steam App 252950) (Version: - Psyonix, Inc.)
Sonic & All-Stars Racing Transformed (HKLM...\Steam App 212480) (Version: - Sumo Digital)
Steam (HKLM-x32...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM...\TeamSpeak 3 Client) (Version: 3.1.1 - TeamSpeak Systems GmbH)
Tom Clancy’s Splinter Cell Chaos Theory (HKLM-x32...{BABAEBE4-9FFB-4B5D-9453-64FF11517CA2}) (Version: 1.05.157 - Ubisoft)
VEGAS Pro 14.0 (64-bit) (HKLM...{F1756240-1A2A-11E7-92A1-C2A106E0D44C}) (Version: 14.0.252 - VEGAS)
VLC media player (HKLM...\VLC media player) (Version: 2.2.5.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.39.1 (HKLM...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
w3arena.net Launcher 1.9.10 (HKLM-x32...{1197C38E-5F74-4141-A58B-FD6936D5D9F3}) (Version: 1.9.10 - w3arena)
Warcraft III (HKLM-x32...\Warcraft III) (Version: - Blizzard Entertainment)
WinRAR 5.50 beta 1 (64-bit) (HKLM...\WinRAR archiver) (Version: 5.50.1 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {6C9A083B-3D40-435E-A04E-7C4C424ACFD9} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\Explorer.EXE /NOUACCHECK
Task: {718E3ADE-7B58-4CFF-9F01-0FCF4EE55F10} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-04] (Google Inc.)
Task: {AE5B41C1-47FE-415F-8032-FD0ADDD500B6} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-05-17] (Advanced Micro Devices, Inc.)
Task: {E15693CF-403C-4D68-94D4-2F35803D934D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-04] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask .job => C:\WINDOWS\explorer.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2017-05-11 13:48 - 2017-05-09 16:38 - 02270672 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-03-18 22:58 - 2017-03-18 22:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 22:59 - 2017-03-19 04:30 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\Cortana.Core.dll
2017-05-11 14:16 - 2017-05-09 11:13 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libg lesv2.dll
2017-05-11 14:16 - 2017-05-09 11:13 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libe gl.dll
2017-05-18 12:29 - 2017-05-09 13:16 - 02493440 _____ () D:\Program Files (x86)\Origin\libGLESv2.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService => “”=“Service”
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2016-07-16 13:47 - 2017-05-11 13:47 - 00003620 _____ C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
0.0.0.0 vortex-win.data.microsoft.com
0.0.0.0 az512334.vo.msecnd.net
0.0.0.0 rad.msn.com
0.0.0.0 preview.msn.com
0.0.0.0 fe2.update.microsoft.com.akadns.net
0.0.0.0 diagnostics.support.microsoft.com
0.0.0.0 corp.sts.microsoft.com
0.0.0.0 statsfe1.ws.microsoft.com
0.0.0.0 pre.footprintpredict.com
0.0.0.0 i1.services.social.microsoft.com
0.0.0.0 i1.services.social.microsoft.com.nsatc.net
0.0.0.0 feedback.search.microsoft.com
0.0.0.0 ad.doubleclick.net
0.0.0.0 feedback.windows.com
0.0.0.0 feedback.microsoft-hohm.com
0.0.0.0 telecommand.telemetry.microsoft.com
0.0.0.0 telemetry.microsoft.com
0.0.0.0 telemetry.appex.bing.net:443
0.0.0.0 survey.watson.microsoft.com
0.0.0.0 watson.live.com
0.0.0.0 sqm.telemetry.microsoft.com.nsatc.net
0.0.0.0 az361816.vo.msecnd.net
0.0.0.0 ads1.msn.com
0.0.0.0 ads.msn.com
0.0.0.0 statsfe2.update.microsoft.com.akadns.net
0.0.0.0 adnxs.com
0.0.0.0 adnexus.net
0.0.0.0 compatexchange.cloudapp.net
0.0.0.0 a-0001.a-msedge.net
There are 73 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2590114280-3335225030-2770196223-1001\Control Panel\Desktop\Wallpaper → C:\Users\DuhBoy\Pictures\ms_windows-wallpaper-1680x1050.jpg
DNS Servers: 77.77.192.20 - 94.140.66.194
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM...\StartupApproved\Run32: => “SecurityHealth”
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{5ED4C595-013E-4F89-B470-DA0A7BBA64FD}] => (Allow) D:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{095297AF-9B32-4BC4-8335-B2CB920DF55E}] => (Allow) D:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [UDP Query User{714F5833-BE70-47E4-BD49-A4D97C888345}C:\program files (x86)\steam\steamapps\common\rocketleague\binaries \win32\rocketleague.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\rocketleague\binaries \win32\rocketleague.exe
FirewallRules: [TCP Query User{33C15387-1BD2-4E07-BAAB-1845259A4A77}C:\program files (x86)\steam\steamapps\common\rocketleague\binaries \win32\rocketleague.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\rocketleague\binaries \win32\rocketleague.exe
FirewallRules: [{58CD17ED-EAA9-44C6-8DC2-381B3F7630B8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{C7CD707E-B0BD-4FBF-AC7E-DF4CF1E7D734}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{53D211E9-0804-4B35-BCE0-7BA6A18C5C76}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{24B634BA-9CEA-422F-B637-D1358C3833E1}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{BAF381E7-92AC-4E6B-B4E4-2CEDC9F188A5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{301FCC0D-2387-4B1A-B50B-386122680F48}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{17E22BC1-02D8-4BDD-B4E3-14A9F91BE0B5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{09D0372F-A844-4EC8-A9DE-EA12F068AB20}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{2CB4439A-460B-473F-B127-418DFAE2AE84}] => (Allow) D:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{6E9E2F6D-3C68-4144-A813-EA8F50EE1030}] => (Allow) D:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [TCP Query User{48D37D40-76AD-492B-9D52-546791886A6D}D:\program files (x86)\ubisoft\tom clancy’s splinter cell chaos theory\system\splintercell3.exe] => (Allow) D:\program files (x86)\ubisoft\tom clancy’s splinter cell chaos theory\system\splintercell3.exe
FirewallRules: [UDP Query User{9C0B5C4F-ED7A-45E4-8651-D8B5EF861309}D:\program files (x86)\ubisoft\tom clancy’s splinter cell chaos theory\system\splintercell3.exe] => (Allow) D:\program files (x86)\ubisoft\tom clancy’s splinter cell chaos theory\system\splintercell3.exe
FirewallRules: [{DF99CD0F-B049-4A9E-88BF-9D91AF87272E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FE522D96-7741-43CF-8BF6-FA0563FC2739}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8F94749C-E186-4F4B-9D15-DE1488924449}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{4CE1686E-7B6C-493B-88BD-1F6FA9E6F31D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{C24268C7-C112-4DCE-8EE4-5C7068941942}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3115130B-2588-48C4-86F7-0F2D6F35D134}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0B78BAF1-CBA9-43B8-BB99-9CA0D1CA833C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AF67D029-8333-4F9F-ABE5-444FB730805A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{69BA2B0F-8AB3-4EA8-ADA1-CEC5FE763251}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D28ED5E7-F578-4DC5-AC4A-DC18BF2D9AC2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6B516B35-2C81-4B6A-B02D-44B7DACFFF52}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5B7CBF9A-2367-46D8-9E8C-9159F6D52B36}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{86ED9362-1944-423C-B4A8-DD13E20A3B3E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BDFE9B0E-72EA-4780-8C85-5503C616B596}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{95A035D4-263E-4FDD-90F1-606D5A8B8B27}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E1AB2477-74BC-486E-9B16-3FC63C09B5A5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C2B707FA-4FFB-46B8-A6DF-7EF538957FC8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{50FC30F8-BF73-418B-BCA0-12A6E2C0ED81}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C1BC9DE9-C69D-4CC1-9167-4106EB5957C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{EF91EB3E-DC42-4A65-8F76-557E67CFBB6F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{461FF452-0C14-457F-BCAF-9C97A6A6D771}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5CC387C6-64FA-4E20-9B80-17CAF85DE59C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{D28484F8-C417-44F6-A753-28426A08CFF8}D:\program files (x86)\outlast 2\binaries\win64\outlast2.exe] => (Block) D:\program files (x86)\outlast 2\binaries\win64\outlast2.exe
FirewallRules: [UDP Query User{2341AA36-53B8-475D-8453-D2332C4D810A}D:\program files (x86)\outlast 2\binaries\win64\outlast2.exe] => (Block) D:\program files (x86)\outlast 2\binaries\win64\outlast2.exe
FirewallRules: [{FD7A622C-BCB0-448B-AC97-5C66E566B4C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4D4F08C5-45D9-45EE-AC8F-ED8E28A2B1A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{14E9815B-952C-4197-86F8-D25ECE5D1D47}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C1B6E7D5-1955-403E-8CE9-76570ECAC823}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{5C4ECD95-089E-4885-8048-39BC91BB7E09}D:\program files (x86)\origin games\fifa 17\fifa17.exe] => (Allow) D:\program files (x86)\origin games\fifa 17\fifa17.exe
FirewallRules: [UDP Query User{A0B935E9-4A31-4E46-9723-338CAE7E415E}D:\program files (x86)\origin games\fifa 17\fifa17.exe] => (Allow) D:\program files (x86)\origin games\fifa 17\fifa17.exe
FirewallRules: [{71B2FF19-A597-41CC-BC25-951A23900200}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1A5F7651-9418-4EB9-B1B7-2ACA00D8CDE6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6393CD30-973E-4650-8532-789F2CC14E7C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2EAF1A7F-12A6-4574-8436-D55FEA7D616D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3553140C-76AE-44C6-9139-5CB7F96B9B86}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries \Win32\RocketLeague.exe
FirewallRules: [{F019850D-1DD2-4640-BB46-65758C1371D8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries \Win32\RocketLeague.exe
FirewallRules: [{ED510579-BCF2-49BA-BCAE-E38ABFBC8D7A}] => (Allow) D:\Program Files (x86)\Origin Games\FIFA 17\FIFASetup\fifaconfig.exe
FirewallRules: [{6A91A993-BC59-4928-863C-E710C944D6E6}] => (Allow) D:\Program Files (x86)\Origin Games\FIFA 17\FIFASetup\fifaconfig.exe
FirewallRules: [{0B056C44-0643-4A0B-BE53-61F7D76F785C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3B3D8177-168A-4D80-B631-E48C5D320697}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9E8F2B4B-2A35-41D4-98BB-DED392D1D7F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8B50998F-1DA9-4853-B135-CC2D8471B254}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A6F9E727-872C-4339-BCF7-B7BBD3ABA3D5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{5508AF85-0925-4867-9FCF-A9CD81B85727}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FF522AC1-FE0D-4236-8BA9-C47E6D23E20D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F579A642-1DFF-4710-BCDA-84F342F98954}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{50B12832-FDD2-47DB-9522-157328A3B8D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7047D2A5-1BC1-45B5-9B10-39CA350F46AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{558B6F35-649E-42B8-9571-58E4146BD7C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FE879407-02D3-4865-98CF-E9B83DA07DAE}] => (Allow) D:\Games\steamapps\common\CastleCrashers\castle.ex e
FirewallRules: [{BFE6EE12-7374-45BE-BBD6-6AB23A0DE5F2}] => (Allow) D:\Games\steamapps\common\CastleCrashers\castle.ex e
FirewallRules: [{B8105E31-3635-4A90-8CA3-32A52E4BA76A}] => (Block) LPort=445
FirewallRules: [{4DE4C44F-A5EA-4AF4-BCEE-CD3C342AF51E}] => (Allow) D:\Program Files (x86)\Resident Evil Revelations 2\rerev2.exe
FirewallRules: [{EF7656F8-6E53-4A8C-9062-74787F4604BC}] => (Allow) D:\Program Files (x86)\Resident Evil Revelations 2\rerev2.exe
FirewallRules: [TCP Query User{40460BB4-5F1A-4C15-BD46-170D6A7091C9}D:\program files (x86)\warcraft iii\war3.exe] => (Allow) D:\program files (x86)\warcraft iii\war3.exe
FirewallRules: [UDP Query User{0063E442-AF7B-4B4B-A9A4-B9C004D6B2CE}D:\program files (x86)\warcraft iii\war3.exe] => (Allow) D:\program files (x86)\warcraft iii\war3.exe
FirewallRules: [{DBD4FA02-84D0-4B34-95D5-9E9F5A512166}] => (Allow) D:\Games\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{738F4FF3-6A6E-4AA7-92CE-45689DD90E75}] => (Allow) D:\Games\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{1165FD4B-B016-455A-8D5E-B010CF046E7F}] => (Allow) D:\Games\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{3233E533-CA0D-4ABF-898F-168BCE8BD883}] => (Allow) D:\Games\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{7E99160D-4DDC-465B-A78D-FAA898B88B18}] => (Allow) D:\Games\steamapps\common\Sonic & All-Stars Racing Transformed\ASN_App_PcDx9_Final.exe
FirewallRules: [{D23B007D-DBFC-4EA8-A638-83191FA1A41F}] => (Allow) D:\Games\steamapps\common\Sonic & All-Stars Racing Transformed\ASN_App_PcDx9_Final.exe
FirewallRules: [{40C17BA3-F631-44AB-A8BA-EC6EB7907303}] => (Allow) D:\Games\steamapps\common\Sonic & All-Stars Racing Transformed\Launcher.exe
FirewallRules: [{8ADB11CC-98B2-4A6C-BA8A-AF8688660762}] => (Allow) D:\Games\steamapps\common\Sonic & All-Stars Racing Transformed\Launcher.exe
==================== Restore Points =========================
ATTENTION: System Restore is disabled
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
[HEADING=1]Application errors:[/HEADING]
Error: (05/24/2017 04:51:20 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description:
Error: (05/24/2017 04:51:04 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description:
Error: (05/24/2017 04:49:47 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description:
Error: (05/24/2017 04:48:21 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description:
Error: (05/24/2017 04:47:33 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description:
Error: (05/24/2017 04:47:26 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description:
Error: (05/24/2017 04:47:20 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description:
[HEADING=1]System errors:[/HEADING]
==================== Memory info ===========================
Processor: Intel(R) Core™ i5-6600K CPU @ 3.50GHz
Percentage of memory in use: 26%
Total physical RAM: 8135.39 MB
Available physical RAM: 5989.59 MB
Total Virtual: 8647.39 MB
Available Virtual: 6537.09 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.24 GB) (Free:36.94 GB) NTFS
Drive d: () (Fixed) (Total:931.51 GB) (Free:795.62 GB) NTFS
==================== MBR & Partition Table ==================
================================================== ======
Disk: 0 (Size: 931.5 GB) (Disk ID: 09836306)
Partition: GPT.
================================================== ======
Disk: 1 (Size: 111.8 GB) (Disk ID: 46192262)
Partition: GPT.
==================== End of Addition.txt ============================
Also this rKILL log looks suspicious:
aRkill 2.8.4 by Lawrence Abrams (Grinler)
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
RKill - What it does and What it Doesn't - A brief introduction to the program - Anti-Virus, Anti-Malware, and Privacy Software
Program started at: 05/24/2017 04:57:38 PM in x64 mode.
Windows Version: Windows 10 Pro
Checking for Windows services to stop:
- No malware services found to stop.
Checking for processes to terminate:
- C:\Users\DuhBoy\Downloads\FRST64.exe (PID: 2044) [UP-HEUR]
1 proccess terminated!
Checking Registry for malware related settings:
- No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
- Windows Defender Disabled
[HKLM\SOFTWARE\Policies\Microsoft\Windows Defender]
“DisableAntiSpyware” = dword:00000001
Checking Windows Service Integrity:
- agp440 [Missing Service]
- DcpSvc [Missing Service]
- Fax [Missing Service]
- gagp30kx [Missing Service]
- IEEtwCollectorService [Missing Service]
- IoQos [Missing Service]
- nv_agp [Missing Service]
- TimeBroker [Missing Service]
- tunnel [Missing Service]
- uagp35 [Missing Service]
- uliagpkx [Missing Service]
- WcsPlugInService [Missing Service]
- workfolderssvc [Missing Service]
- wpcfltr [Missing Service]
- WSService [Missing Service]
- AJRouter => %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted [Incorrect ImagePath]
- NetTcpPortSharing => %systemroot%\Microsoft.NET\Framework64\v3.0\Window s Communication Foundation\SMSvcHost.exe [Incorrect ImagePath]
- RetailDemo => %SystemRoot%\System32\svchost.exe -k rdxgroup [Incorrect ImagePath]
- WpnService => %systemroot%\system32\svchost.exe -k netsvcs [Incorrect ImagePath]
- vmicrdv => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
- vmicvss => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
Searching for Missing Digital Signatures:
- No issues found.
Checking HOSTS File:
- HOSTS file entries found:
127.0.0.1 localhost
::1 localhost
0.0.0.0 vortex.data.microsoft.com
0.0.0.0 vortex-win.data.microsoft.com
0.0.0.0 az512334.vo.msecnd.net
0.0.0.0 rad.msn.com
0.0.0.0 preview.msn.com
0.0.0.0 fe2.update.microsoft.com.akadns.net
0.0.0.0 diagnostics.support.microsoft.com
0.0.0.0 corp.sts.microsoft.com
0.0.0.0 statsfe1.ws.microsoft.com
0.0.0.0 pre.footprintpredict.com
0.0.0.0 i1.services.social.microsoft.com
0.0.0.0 i1.services.social.microsoft.com.nsatc.net
0.0.0.0 feedback.search.microsoft.com
0.0.0.0 ad.doubleclick.net
0.0.0.0 feedback.windows.com
0.0.0.0 feedback.microsoft-hohm.com
0.0.0.0 telecommand.telemetry.microsoft.com
0.0.0.0 telemetry.microsoft.com
20 out of 106 HOSTS entries shown.
Please review HOSTS file for further entries.
Program finished at: 05/24/2017 04:57:45 PM
Execution time: 0 hours(s), 0 minute(s), and 7 seconds(s)
I ran system file integrity scan, but everything is fine, no corruptions. Maybe rkill is incorrect on few of these services?
Also i am really good keeping my pc safe and clean, didn’t had a virus in few years. Just wanna make sure, also i checked the logs, they seem pretty clean to me, except those from rKill. IF you need logs from anything else, just ask.
Comment