Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92362 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Extremely slow load up [Solved]

Slow Startup

  • This topic is locked This topic is locked
12 replies to this topic

#1 FrustratedFather

FrustratedFather

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 03 June 2019 - 09:46 AM

First of all, thank you for what you do.  I am so appreciative.

 

The computer started running slow recently, and now it has been released to almost a crawl.  I have the free version of malawarebytes and will scan the computer from time to time.  I am pretty sure that my son has downloaded something that has caused the virus, and I could really use your help.

 

I ran aswMB updating the definitions and running as administrator turned off Windows Defender, but still got error (see below)

 

FRST64 results two scan results below as well.

 

=========

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2019-06-03 10:21:55
-----------------------------
10:21:55.582    OS Version: Windows x64 6.2.9200
10:21:55.582    Number of processors: 8 586 0x5E03
10:21:55.583    ComputerName: DESKTOP-B1NETCN  UserName: troy4
10:21:57.838    Initialze error C000010E - driver not loaded
10:23:30.910    AVAST engine defs: 17030301
10:24:04.714    Scan error: The parameter is incorrect.
10:25:37.083    Scan stopped
10:25:57.450    Scan error: The parameter is incorrect.
10:28:19.807    The log file has been saved successfully to "C:\Users\troy4\Desktop\aswMBR.txt"

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2019-06-03 10:34:49
-----------------------------
10:34:49.019    OS Version: Windows x64 6.2.9200
10:34:49.019    Number of processors: 8 586 0x5E03
10:34:49.020    ComputerName: DESKTOP-B1NETCN  UserName: troy4
10:34:51.176    Initialze error C000010E - driver not loaded
10:35:48.075    AVAST engine defs: 17030301
10:35:51.075    Scan error: The parameter is incorrect.
10:35:57.375    The log file has been saved successfully to "C:\Users\troy4\Desktop\aswMBR.txt"

=========

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-06-2019
Ran by troy4 (administrator) on DESKTOP-B1NETCN (ASUSTeK COMPUTER INC. GL752VW) (03-06-2019 10:40:14)
Running from C:\Users\troy4\Desktop
Loaded Profiles: troy4 &  (Available Profiles: troy4 & Jadon & Jeremiah)
Platform: Windows 10 Home Version 1809 17763.503 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19051.545.0_x64__8wekyb3d8bbwe\YourPhone.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(AVAST Software) [File not signed] C:\Users\troy4\Desktop\aswMBR.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.CpuIdRemote64.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.DisplayAdapter.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE.exe
(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\UnrealCEFSubProcess.exe
(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxEM.exe
(Intel® Software -> Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Intel® Software -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1904.1-0\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1904.1-0\NisSrv.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\troy4\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsStore_11904.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [CORSAIR iCUE Software] => C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE Launcher.exe [405032 2019-01-29] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-12-16] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-3696728497-2640945442-599516163-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35216784 2019-05-31] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-3696728497-2640945442-599516163-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06032019101508933\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35216784 2019-05-31] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-3696728497-2640945442-599516163-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06032019101511438\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35216784 2019-05-31] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-3696728497-2640945442-599516163-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06032019101511438\...\RunOnce: [Delete Cached Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\Jadon\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-3696728497-2640945442-599516163-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06032019101511438\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\Jadon\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-3696728497-2640945442-599516163-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06032019101511438\...\RunOnce: [Uninstall 19.043.0304.0007\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jadon\AppData\Local\Microsoft\OneDrive\19.043.0304.0007\amd64"
HKU\S-1-5-21-3696728497-2640945442-599516163-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06032019101511438\...\RunOnce: [Uninstall 19.043.0304.0007] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jadon\AppData\Local\Microsoft\OneDrive\19.043.0304.0007"
HKLM\...\Drivers32: [vidc.x264] => C:\Program Files\x264vfw64\x264vfw64.dll [3502080 2014-07-22] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.WVC1] => C:\Windows\system32\d3dgeardecoder64.dll [165832 2018-04-23] (D3DGear Technologies -> D3DGear Technologies.)
HKLM\...\Drivers32: [VIDC.WMV3] => C:\Windows\system32\d3dgeardecoder64.dll [165832 2018-04-23] (D3DGear Technologies -> D3DGear Technologies.)
HKLM\...\Drivers32: [VIDC.MJPG] => C:\Windows\system32\d3dgeardecoder64.dll [165832 2018-04-23] (D3DGear Technologies -> D3DGear Technologies.)
HKLM\...\Drivers32: [VIDC.M4S2] => C:\Windows\system32\d3dgeardecoder64.dll [165832 2018-04-23] (D3DGear Technologies -> D3DGear Technologies.)
HKLM\...\Drivers32: [VIDC.FVFW] => C:\Windows\system32\d3dgeardecoder64.dll [165832 2018-04-23] (D3DGear Technologies -> D3DGear Technologies.)
HKLM\...\Drivers32: [VIDC.MP4V] => C:\Windows\system32\d3dgeardecoder64.dll [165832 2018-04-23] (D3DGear Technologies -> D3DGear Technologies.)
HKLM\...\Drivers32: [VIDC.FFVH] => C:\Windows\system32\d3dgeardecoder64.dll [165832 2018-04-23] (D3DGear Technologies -> D3DGear Technologies.)
HKLM\...\Drivers32: [VIDC.H264] => C:\Windows\system32\d3dgeardecoder64.dll [165832 2018-04-23] (D3DGear Technologies -> D3DGear Technologies.)
HKLM\...\Drivers32: [VIDC.WVC1] => C:\Windows\SysWOW64\d3dgeardecoder.dll [143968 2018-04-24] (D3DGear Technologies -> D3DGear Technologies.)
HKLM\...\Drivers32: [VIDC.WMV3] => C:\Windows\SysWOW64\d3dgeardecoder.dll [143968 2018-04-24] (D3DGear Technologies -> D3DGear Technologies.)
HKLM\...\Drivers32: [VIDC.MJPG] => C:\Windows\SysWOW64\d3dgeardecoder.dll [143968 2018-04-24] (D3DGear Technologies -> D3DGear Technologies.)
HKLM\...\Drivers32: [VIDC.M4S2] => C:\Windows\SysWOW64\d3dgeardecoder.dll [143968 2018-04-24] (D3DGear Technologies -> D3DGear Technologies.)
HKLM\...\Drivers32: [VIDC.FVFW] => C:\Windows\SysWOW64\d3dgeardecoder.dll [143968 2018-04-24] (D3DGear Technologies -> D3DGear Technologies.)
HKLM\...\Drivers32: [VIDC.MP4V] => C:\Windows\SysWOW64\d3dgeardecoder.dll [143968 2018-04-24] (D3DGear Technologies -> D3DGear Technologies.)
HKLM\...\Drivers32: [VIDC.FFVH] => C:\Windows\SysWOW64\d3dgeardecoder.dll [143968 2018-04-24] (D3DGear Technologies -> D3DGear Technologies.)
HKLM\...\Drivers32: [VIDC.H264] => C:\Windows\SysWOW64\d3dgeardecoder.dll [143968 2018-04-24] (D3DGear Technologies -> D3DGear Technologies.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.169\Installer\chrmstp.exe [2019-05-22] (Google LLC -> Google Inc.)
Startup: C:\Users\Jeremiah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Player.me.lnk [2019-04-06]
ShortcutTarget: Player.me.lnk -> C:\Users\troy4\AppData\Roaming\SplitmediaLabs\Player.me\PlayerLauncher.exe (No File)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0460F4BF-31FF-4B4C-9311-A48EBA478F6F} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122008 2015-09-22] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {47EDDC02-251C-4DA7-93A6-692A82B38E94} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {48AF3DBA-1BFD-47D8-A617-247A3E0E8330} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe [745480 2019-04-16] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
Task: {4A5AC615-FC17-4003-B27B-0B813A750F46} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 => {84F0FAE1-C27B-4F6F-807B-28CF6F96287D} C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentasklauncher.dll [29344 2018-09-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {5811D557-5B37-43D8-AF4C-D70A625CC3FD} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122008 2015-09-22] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {5ED206DC-3C88-42D0-9F47-329A2383478C} - System32\Tasks\D3DGearRawFrameCaptureTask => C:\Program Files\D3DGear\d3dGear.exe [1059824 2018-04-24] (D3DGear Technologies -> D3DGear Technologies.)
Task: {676E0032-6430-47DE-867F-D8113DAB9825} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {828458BC-B87B-4A1E-8424-E4A175F5F345} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-01-19] (Google Inc -> Google Inc.)
Task: {8537FD5D-22D5-4AB1-91F5-51952F14D11E} - System32\Tasks\Opera scheduled Autoupdate 1557086474 => C:\Users\Jeremiah\AppData\Local\Programs\Opera\launcher.exe [1493592 2019-05-23] (Opera Software AS -> Opera Software)
Task: {92F7C53A-3218-4945-BF0F-966FBA5B34B9} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 => {429BC048-379E-45E0-80E4-EB1977941B5C} C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentasklauncher.dll [29344 2018-09-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {9903F86D-E65E-4390-B43A-D33480129E4D} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical => {613FBA38-A3DF-4AB8-9674-5604984A299A} C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentasklauncher.dll [29344 2018-09-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {AF9CC4FC-01E4-4696-90C0-E8C5FBB05659} - System32\Tasks\Opera scheduled assistant Autoupdate 1557437230 => C:\Users\Jeremiah\AppData\Local\Programs\Opera\launcher.exe [1493592 2019-05-23] (Opera Software AS -> Opera Software)
Task: {B1913F68-E759-4D81-8215-F5E6984F8E71} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {B66B135D-DA06-4FC4-95F8-7458E1D10129} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical => {DE434264-8FE9-4C0B-A83B-89EBEEBFF78E} C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentasklauncher.dll [29344 2018-09-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {BBB1FBFC-59B7-433C-BBAE-C9E6523A30FC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {FD1A5E97-6B06-49B2-A0B7-E3D37E96AF09} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-01-19] (Google Inc -> Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{ea2a7e25-941e-4c4a-a96e-35f421e48d7b}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Internet Explorer:
==================
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\ssv.dll [2019-02-24] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-02-24] (Oracle America, Inc. -> Oracle Corporation)
FireFox:
========
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-02-24] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-02-24] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
Chrome:
=======
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\troy4\AppData\Local\Google\Chrome\User Data\Default [2019-06-03]
CHR Extension: (Slides) - C:\Users\troy4\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-01-19]
CHR Extension: (Docs) - C:\Users\troy4\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-01-19]
CHR Extension: (Google Drive) - C:\Users\troy4\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-01-19]
CHR Extension: (YouTube) - C:\Users\troy4\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-01-19]
CHR Extension: (Sheets) - C:\Users\troy4\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-01-19]
CHR Extension: (Google Docs Offline) - C:\Users\troy4\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-01-19]
CHR Extension: (Grammarly for Chrome) - C:\Users\troy4\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2019-05-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\troy4\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-01-19]
CHR Extension: (Gmail) - C:\Users\troy4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-29]
CHR Extension: (Chrome Media Router) - C:\Users\troy4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-05-24]
CHR Profile: C:\Users\troy4\AppData\Local\Google\Chrome\User Data\System Profile [2019-05-12]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8473200 2019-03-27] (BattlEye Innovations e.K. -> )
R2 CorsairService; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe [47656 2019-01-29] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [781440 2018-12-09] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1394360 2015-08-13] (Intel® Software -> Intel Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21304 2017-09-28] (Microsoft Corporation -> Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
S3 mracsvc; C:\Windows\System32\mracsvc.exe [17224464 2019-04-27] (Mail.Ru LLC -> LLC Mail.Ru)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2304304 2019-05-29] (Electronic Arts, Inc. -> Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3175728 2019-05-29] (Electronic Arts, Inc. -> Electronic Arts)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [187904 2017-09-28] (Microsoft Corporation) [File not signed]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\NisSrv.exe [3851264 2019-04-23] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MsMpEng.exe [118144 2019-04-23] (Microsoft Corporation -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 ATKWMIACPIIO; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [20096 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek Computer Inc.)
S3 BlueStacksDrv; C:\Program Files\BlueStacks\BstkDrv.sys [313112 2019-04-10] (Bluestack Systems, Inc. -> Bluestack System Inc. )
S3 CMUSBDAC; C:\Windows\system32\DRIVERS\CMUSBDAC.sys [3819744 2018-07-25] (WDKTestCert cm359,131641702659254692 -> C-MEDIA)
R3 CorsairVBusDriver; C:\Windows\System32\drivers\CorsairVBusDriver.sys [46944 2018-12-18] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 CorsairVHidDriver; C:\Windows\System32\drivers\CorsairVHidDriver.sys [23392 2018-12-18] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 cpuz148; C:\Windows\temp\cpuz148\cpuz148_x64.sys [44648 2019-06-03] (CPUID S.A.R.L.U. -> CPUID)
R3 dptf_acpi; C:\Windows\System32\drivers\dptf_acpi.sys [55816 2015-08-13] (Intel® Software -> Intel Corporation)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [53752 2015-08-13] (Intel® Software -> Intel Corporation)
R3 esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [261624 2015-08-13] (Intel® Software -> Intel Corporation)
R3 HIDSwitch; C:\Windows\System32\drivers\AsRadioControl.sys [34184 2018-05-02] (ASUSTeK Computer Inc. -> ASUS)
R3 ibtusb; C:\Windows\System32\drivers\ibtusb.sys [266512 2015-07-16] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [275232 2019-06-03] (Malwarebytes Corporation -> Malwarebytes)
R1 MpKsl547086fd; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CDF2CF70-01A1-4E05-B5BF-7C0AC59FFDEE}\MpKsl547086fd.sys [58120 2019-06-03] (Microsoft Corporation -> Microsoft Corporation)
S3 mracdrv; C:\Windows\System32\drivers\mracdrv.sys [16462872 2019-04-27] (Mail.Ru LLC -> LLC Mail.Ru)
R3 Netwtw04; C:\Windows\System32\drivers\Netwtw04.sys [7708160 2018-09-15] (Microsoft Windows -> Intel Corporation)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvam.inf_amd64_1aae4f19e68d0780\nvlddmkm.sys [17003280 2017-12-12] (NVIDIA Corporation -> NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [605696 2018-09-15] (Microsoft Windows -> Realtek )
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [751632 2015-05-14] (Microsoft Windows Hardware Compatibility Publisher -> Realsil Semiconductor Corporation)
R3 VOICEMOD_Driver; C:\Windows\system32\drivers\vmdrv.sys [45408 2018-11-22] (Voicemod Sociedad Limitada -> Windows ® Win 7 DDK provider)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [46472 2019-04-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [344544 2019-04-23] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [60896 2019-04-23] (Microsoft Windows -> Microsoft Corporation)
S3 xhunter1; C:\Windows\xhunter1.sys [74552 2019-05-18] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
U3 aswMBR; C:\Users\troy4\AppData\Local\Temp\aswMBR.sys [62728 2019-06-03] (GMEREK Systemy Komputerowe Przemyslaw Gmerek -> ) [File not signed] <==== ATTENTION
U3 aswVmm; C:\Users\troy4\AppData\Local\Temp\aswVmm.sys [224896 2019-06-03] (AVAST Software a.s. -> ) <==== ATTENTION
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-06-03 10:40 - 2019-06-03 10:41 - 000024918 _____ C:\Users\troy4\Desktop\FRST.txt
2019-06-03 10:39 - 2019-06-03 10:40 - 000000000 ____D C:\FRST
2019-06-03 10:28 - 2019-06-03 10:35 - 000001193 _____ C:\Users\troy4\Desktop\aswMBR.txt
2019-06-03 10:14 - 2019-06-03 10:20 - 001397212 _____ C:\Windows\Minidump\060319-36953-01.dmp
2019-06-03 10:14 - 2019-06-03 10:14 - 898431753 _____ C:\Windows\MEMORY.DMP
2019-06-03 10:11 - 2019-06-03 10:11 - 002433536 _____ (Farbar) C:\Users\troy4\Desktop\FRST64.exe
2019-06-03 10:10 - 2019-06-03 10:10 - 005198336 _____ (AVAST Software) C:\Users\troy4\Desktop\aswMBR.exe
2019-06-02 23:43 - 2019-06-02 23:44 - 000000000 ____D C:\Users\Jeremiah\opera autoupdate
2019-06-02 23:19 - 2019-06-02 23:19 - 000000000 ___HD C:\OneDriveTemp
2019-06-01 20:31 - 2019-06-03 10:15 - 000275232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-06-01 00:08 - 2019-06-01 00:08 - 000000314 _____ C:\Users\Jeremiah\Desktop\Fortnite.url
2019-05-31 23:03 - 2019-06-01 00:08 - 000000000 ____D C:\Users\Jeremiah\Downloads\Fortnite
2019-05-31 22:55 - 2019-05-31 22:55 - 013386752 _____ () C:\Users\Jeremiah\Downloads\CustomSwapper (1).exe
2019-05-31 22:50 - 2019-05-31 22:50 - 013386752 _____ () C:\Users\Jeremiah\Downloads\CustomSwapper.exe
2019-05-31 22:45 - 2019-05-31 22:47 - 000000000 ____D C:\Users\Jeremiah\Desktop\meme
2019-05-31 22:43 - 2019-05-31 22:43 - 003150484 _____ C:\Users\Jeremiah\Downloads\HxDSetup.zip
2019-05-31 22:42 - 2019-05-31 22:42 - 000005876 _____ C:\Users\Jeremiah\Downloads\NiteliteToDream_1.txt
2019-05-31 22:42 - 2019-05-31 22:42 - 000004172 _____ C:\Users\Jeremiah\Downloads\Recon Expert.txt
2019-05-31 22:40 - 2019-05-31 22:40 - 000006941 _____ C:\Users\Jeremiah\Downloads\Doggo.txt
2019-05-31 22:37 - 2019-05-31 22:37 - 019748785 _____ (Vanadium Changer ) C:\Users\Jeremiah\Downloads\Vanadium_Changer_Setup.exe
2019-05-31 22:37 - 2019-05-31 22:37 - 019748785 _____ (Vanadium Changer ) C:\Users\Jeremiah\Downloads\Vanadium_Changer_Setup (1).exe
2019-05-31 22:21 - 2019-05-31 22:21 - 000000000 ____D C:\Users\Jeremiah\Desktop\New folder
2019-05-31 22:21 - 2019-05-31 22:21 - 000000000 _____ C:\Users\Jeremiah\Desktop\New Text Document (2).txt
2019-05-31 22:13 - 2019-05-31 22:11 - 027768482 _____ (Whey & Darkshoz ) C:\Users\Jeremiah\Desktop\LucidSwapper[Setup]-[2-1] (1).exe
2019-05-31 22:12 - 2019-05-31 22:12 - 000000000 _____ C:\Users\Jeremiah\Desktop\New Text Document.txt
2019-05-31 22:11 - 2019-05-31 22:11 - 027768482 _____ (Whey & Darkshoz ) C:\Users\Jeremiah\Downloads\LucidSwapper[Setup]-[2-1] (1).exe
2019-05-31 22:10 - 2019-05-31 22:24 - 000000000 ____D C:\Users\Jeremiah\Downloads\fortnite 2
2019-05-31 22:08 - 2019-05-31 22:08 - 027768482 _____ (Whey & Darkshoz ) C:\Users\Jeremiah\Downloads\LucidSwapper[Setup]-[2-1].exe
2019-05-31 21:40 - 2019-05-31 21:40 - 000000000 ____D C:\Users\Jeremiah\Downloads\XeX_Swapper
2019-05-31 21:38 - 2019-05-31 21:38 - 004043053 _____ C:\Users\Jeremiah\Downloads\XeX_Swapper.zip
2019-05-31 21:31 - 2019-05-31 21:31 - 003748655 _____ C:\Users\Jeremiah\Downloads\XeX_Swapper (1).rar
2019-05-31 21:30 - 2019-05-31 21:30 - 003748655 _____ C:\Users\Jeremiah\Downloads\XeX_Swapper.rar
2019-05-31 19:23 - 2019-05-31 19:23 - 000000000 ____D C:\Users\troy4\AppData\Local\COB
2019-05-31 19:16 - 2019-06-03 10:14 - 000000000 ____D C:\Windows\Minidump
2019-05-31 17:31 - 2019-05-31 17:31 - 019256968 _____ (Microsoft Corporation) C:\Users\Jeremiah\Downloads\MediaCreationTool1903.exe
2019-05-31 12:29 - 2019-05-31 12:29 - 000000311 _____ C:\Users\troy4\Desktop\City of Brass.url
2019-05-30 23:07 - 2019-05-30 23:08 - 000000000 ____D C:\Users\Jeremiah\Downloads\homojews
2019-05-30 22:43 - 2019-05-30 22:43 - 000000000 ____D C:\Users\Jeremiah\Downloads\Nonsense_Diamond_Nonsense_Diamond_4.9.6
2019-05-30 17:53 - 2019-05-30 17:53 - 084529254 _____ C:\Users\Jeremiah\Downloads\Wurst-Client-v6.25-MC1.12.zip
2019-05-29 17:10 - 2019-05-29 17:11 - 000000000 ____D C:\Users\Jeremiah\Documents\Sound recordings
2019-05-29 15:30 - 2019-05-29 15:30 - 000000000 ____D C:\Users\Jadon\.QtWebEngineProcess
2019-05-29 15:30 - 2019-05-29 15:30 - 000000000 ____D C:\Users\Jadon\.Origin
2019-05-29 15:29 - 2019-05-29 15:32 - 000000000 ____D C:\Users\Jadon\AppData\Roaming\Origin
2019-05-29 15:29 - 2019-05-29 15:30 - 000000000 ____D C:\Users\Jadon\AppData\Local\Origin
2019-05-27 12:54 - 2019-06-01 23:34 - 000000106 _____ C:\Users\Jeremiah\AppData\Roaming\jjv5conf.json
2019-05-27 12:54 - 2019-06-01 23:34 - 000000000 ____D C:\Users\Jeremiah\AppData\Roaming\jjsploitv5
2019-05-27 12:54 - 2019-05-27 12:54 - 000002323 _____ C:\Users\Jeremiah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JJSploit v5.lnk
2019-05-27 12:54 - 2019-05-27 12:54 - 000000000 ____D C:\Users\Jeremiah\AppData\Roaming\JJSploit v5
2019-05-27 12:54 - 2019-05-27 12:54 - 000000000 ____D C:\Users\Jeremiah\AppData\Local\jjsploitv5-updater
2019-05-27 12:53 - 2019-05-27 12:53 - 045183091 _____ C:\Users\Jeremiah\Downloads\JJSploit v5 Setup 5.0.4.exe
2019-05-26 15:42 - 2019-05-26 15:49 - 343851008 _____ C:\Users\Jeremiah\Downloads\iCUESetup_3.16.56_release.msi
2019-05-26 11:58 - 2019-05-26 11:58 - 000479817 _____ C:\Users\Jeremiah\Downloads\Multi Pack Crosshairs.rar
2019-05-25 16:29 - 2019-05-25 16:29 - 298955273 _____ C:\Users\Jeremiah\Downloads\Bendy and the Ink Machine (Demo).zip
2019-05-25 16:28 - 2019-05-25 16:30 - 229915398 _____ () C:\Users\Jeremiah\Downloads\five-nights-at-freddys-1.exe
2019-05-25 11:59 - 2019-05-25 12:00 - 000000000 ____D C:\Users\Jeremiah\AppData\Local\SniperV2 Demo
2019-05-24 23:46 - 2019-05-24 23:46 - 000000222 _____ C:\Users\Jeremiah\Desktop\Sniper Elite V2 Demo.url
2019-05-24 22:16 - 2019-05-24 22:16 - 000000000 ____D C:\Users\Jeremiah\Downloads\insatia-4-1-windows-demo
2019-05-24 22:15 - 2019-05-24 22:15 - 081335561 _____ C:\Users\Jeremiah\Downloads\insatia-4-1-windows-demo.zip
2019-05-24 21:42 - 2019-05-24 21:42 - 000376939 _____ C:\Users\Jeremiah\Downloads\SpritecraftFull.zip
2019-05-23 23:31 - 2019-05-23 23:31 - 000000222 _____ C:\Users\Jeremiah\Desktop\Ultimate Custom Night.url
2019-05-23 17:06 - 2019-05-23 17:06 - 085607757 _____ C:\Users\Jeremiah\Downloads\sinister-turmoil-alpha-v1.zip
2019-05-23 17:06 - 2019-05-23 17:06 - 000000000 ____D C:\Users\Jeremiah\Downloads\sinister-turmoil-alpha-v1
2019-05-23 15:13 - 2019-05-23 15:15 - 168712154 _____ C:\Users\Jeremiah\Downloads\Call_of_Duty_Dawnville_Demo.exe
2019-05-23 14:42 - 2019-05-23 14:42 - 000001942 _____ C:\Users\Public\Desktop\Call of Duty® 2 Single Player Demo.lnk
2019-05-23 14:42 - 2019-05-23 14:42 - 000000291 _____ C:\Windows\cod2demo.ini
2019-05-23 14:42 - 2019-05-23 14:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision
2019-05-23 14:42 - 2019-05-23 14:42 - 000000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2019-05-23 14:41 - 2019-05-23 14:41 - 000000000 ____D C:\Program Files (x86)\Activision
2019-05-23 14:35 - 2019-05-23 14:39 - 687557632 _____ C:\Users\Jeremiah\Downloads\cod2demo.exe
2019-05-21 18:30 - 2019-05-21 18:31 - 229919200 _____ () C:\Users\Jeremiah\Downloads\FiveNightsDEMO_INSTALL.exe
2019-05-21 18:06 - 2019-05-21 18:07 - 462990627 _____ C:\Users\Jeremiah\Downloads\FNAF4_demo.zip
2019-05-21 18:04 - 2019-05-21 18:05 - 000000000 ____D C:\Windows\System32\Tasks\narah
2019-05-21 18:03 - 2019-05-21 18:05 - 000000000 ____D C:\Users\Jeremiah\AppData\Local\1f144dc1231a1d602d766b6fa2ef8163
2019-05-21 18:03 - 2019-05-21 18:04 - 000000000 ____D C:\ProgramData\{59AF6593-7187-1DEB-29DF-35C3C137ED1B}
2019-05-21 18:02 - 2019-05-21 18:03 - 000000000 ____D C:\ProgramData\mcicg
2019-05-20 21:09 - 2019-05-23 23:32 - 000000000 ____D C:\Users\Jeremiah\AppData\Roaming\MMFApplications
2019-05-20 21:08 - 2019-05-20 21:09 - 466404623 _____ C:\Users\Jeremiah\Downloads\five-nights-at-freddys-4-1-0-en-win.exe
2019-05-19 15:37 - 2019-05-19 15:37 - 071345181 _____ C:\Users\Jeremiah\Downloads\10 Years of Minecraft.zip
2019-05-18 20:43 - 2019-05-23 17:07 - 000000000 ____D C:\Users\Jeremiah\AppData\LocalLow\DefaultCompany
2019-05-18 20:43 - 2019-05-18 20:43 - 021554504 _____ C:\Users\Jeremiah\Downloads\fairnsquare.zip
2019-05-18 20:43 - 2019-05-18 20:43 - 000000000 ____D C:\Users\Jeremiah\Downloads\fairnsquare
2019-05-18 16:39 - 2019-05-18 16:39 - 000000000 ____D C:\Users\Jeremiah\Documents\My Cheat Tables
2019-05-18 16:38 - 2019-05-18 16:38 - 000000000 ____D C:\Users\Jeremiah\Downloads\CE 6.4
2019-05-18 15:57 - 2019-05-18 16:14 - 000000000 ____D C:\Users\troy4\Documents\Cross Fire
2019-05-18 15:57 - 2019-05-18 16:14 - 000000000 ____D C:\CFLog
2019-05-18 15:57 - 2019-05-18 16:07 - 000074552 _____ (Wellbia.com Co., Ltd.) C:\Windows\xhunter1.sys
2019-05-18 15:52 - 2019-05-18 15:52 - 000001331 _____ C:\Users\troy4\Desktop\CrossFire.lnk
2019-05-18 15:52 - 2019-05-18 15:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Z8Games
2019-05-18 15:43 - 2019-05-18 15:43 - 000000000 ____D C:\Program Files (x86)\Z8Games
2019-05-18 15:32 - 2019-05-18 15:42 - 000000000 ____D C:\Users\Jeremiah\Downloads\CrossFire Installer
2019-05-18 15:31 - 2019-05-18 15:55 - 000000000 ____D C:\ProgramData\Solid State Networks
2019-05-18 15:31 - 2019-05-18 15:31 - 002146952 _____ (Smilegate - Z8 Games) C:\Users\Jeremiah\Downloads\CrossFire_NA.exe
2019-05-18 15:13 - 2019-05-18 15:13 - 000000000 ____D C:\Users\Jeremiah\Downloads\Ravenfield_B5_1_Windows
2019-05-18 15:12 - 2019-05-18 15:12 - 064282631 _____ C:\Users\Jeremiah\Downloads\Ravenfield_B5_1_Windows.zip
2019-05-18 15:01 - 2019-05-18 15:01 - 000624040 _____ (gamigo AG) C:\Users\Jeremiah\Downloads\IronsightDownloader_US (3).exe
2019-05-18 14:23 - 2019-05-18 14:23 - 000001781 _____ C:\Users\Jeremiah\Desktop\Launch Blacklight Retribution.lnk
2019-05-18 14:23 - 2019-05-18 14:23 - 000000000 ____D C:\Users\Jeremiah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment
2019-05-18 14:23 - 2019-05-18 14:23 - 000000000 ____D C:\Users\Jeremiah\AppData\Roaming\InstallShield Installation Information
2019-05-18 14:23 - 2019-05-18 14:23 - 000000000 ____D C:\Perfect World Entertainment
2019-05-18 14:19 - 2019-05-18 14:21 - 000000000 ____D C:\Users\Jeremiah\Downloads\BLR Installerv2
2019-05-18 14:12 - 2019-05-18 14:18 - 3782926942 _____ C:\Users\Jeremiah\Downloads\BLR_Installer_OBv2.exe
2019-05-18 09:32 - 2019-05-18 09:32 - 000000000 ____D C:\Users\troy4\AppData\Roaming\NuGet
2019-05-17 11:51 - 2019-05-17 11:52 - 015440510 _____ C:\Users\Jeremiah\Downloads\skillclient-1.13.2-b12.1 (1).zip
2019-05-17 11:47 - 2019-05-17 11:48 - 015440510 _____ C:\Users\Jeremiah\Downloads\skillclient-1.13.2-b12.1.zip
2019-05-17 11:41 - 2019-05-17 11:41 - 000000000 ____D C:\Users\Jeremiah\Downloads\SkillClient1.11-b4.3
2019-05-17 11:39 - 2019-05-17 11:40 - 015136405 _____ C:\Users\Jeremiah\Downloads\SkillClient1.11-b4.3.zip
2019-05-17 08:28 - 2019-05-17 08:28 - 000000000 ____D C:\Users\Jeremiah\AppData\Local\paint.net
2019-05-17 08:25 - 2019-05-17 08:25 - 000001104 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2019-05-17 08:25 - 2019-05-17 08:25 - 000001092 _____ C:\Users\Public\Desktop\paint.net.lnk
2019-05-17 08:25 - 2019-05-17 08:25 - 000000000 ____D C:\Program Files\paint.net
2019-05-17 08:24 - 2019-05-17 08:24 - 000000000 ____D C:\Users\troy4\AppData\Local\paint.net
2019-05-17 08:23 - 2019-05-17 08:23 - 008853574 _____ C:\Users\Jeremiah\Downloads\paint.net.4.1.6.install (1).zip
2019-05-16 16:35 - 2019-05-16 16:35 - 008853574 _____ C:\Users\Jeremiah\Downloads\paint.net.4.1.6.install.zip
2019-05-15 17:43 - 2019-05-15 17:43 - 005617230 _____ C:\Users\Jeremiah\Downloads\380483__excuse__french-sex.wav
2019-05-15 17:23 - 2019-05-15 17:23 - 000061535 _____ C:\Users\Jeremiah\Downloads\Undertale_-_Megalovania (1).mid
2019-05-15 17:22 - 2019-05-15 17:22 - 000025926 _____ C:\Users\Jeremiah\Downloads\Undertale_-_Megalovania.mid
2019-05-15 16:52 - 2019-05-15 16:52 - 020814848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2019-05-15 16:52 - 2019-05-15 16:52 - 019022336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-05-15 16:52 - 2019-05-15 16:52 - 006072320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2019-05-15 16:52 - 2019-05-15 16:52 - 003905536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2019-05-15 16:52 - 2019-05-15 16:52 - 003743744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2019-05-15 16:52 - 2019-05-15 16:52 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2019-05-15 16:52 - 2019-05-15 16:52 - 001062400 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2019-05-15 16:52 - 2019-05-15 16:52 - 000833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll
2019-05-15 16:52 - 2019-05-15 16:52 - 000684032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2019-05-15 16:52 - 2019-05-15 16:52 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EdgeManager.dll
2019-05-15 16:52 - 2019-05-15 16:52 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werui.dll
2019-05-15 16:52 - 2019-05-15 16:52 - 000376320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspbde40.dll
2019-05-15 16:52 - 2019-05-15 16:52 - 000353280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2019-05-15 16:52 - 2019-05-15 16:52 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2019-05-15 16:52 - 2019-05-15 16:52 - 000240640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll
2019-05-15 16:52 - 2019-05-15 16:52 - 000181248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWWIN.EXE
2019-05-15 16:51 - 2019-05-15 16:51 - 026807808 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2019-05-15 16:51 - 2019-05-15 16:51 - 023438848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-05-15 16:51 - 2019-05-15 16:51 - 009682744 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-05-15 16:51 - 2019-05-15 16:51 - 007883776 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2019-05-15 16:51 - 2019-05-15 16:51 - 007879680 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2019-05-15 16:51 - 2019-05-15 16:51 - 007687576 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2019-05-15 16:51 - 2019-05-15 16:51 - 007645384 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2019-05-15 16:51 - 2019-05-15 16:51 - 006542464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-05-15 16:51 - 2019-05-15 16:51 - 006440960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2019-05-15 16:51 - 2019-05-15 16:51 - 006309040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2019-05-15 16:51 - 2019-05-15 16:51 - 005498880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-05-15 16:51 - 2019-05-15 16:51 - 005040640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2019-05-15 16:51 - 2019-05-15 16:51 - 004883968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-05-15 16:51 - 2019-05-15 16:51 - 004660736 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2019-05-15 16:51 - 2019-05-15 16:51 - 004588544 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2019-05-15 16:51 - 2019-05-15 16:51 - 003637248 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2019-05-15 16:51 - 2019-05-15 16:51 - 003557888 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2019-05-15 16:51 - 2019-05-15 16:51 - 003384832 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2019-05-15 16:51 - 2019-05-15 16:51 - 003363856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2019-05-15 16:51 - 2019-05-15 16:51 - 002780000 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-05-15 16:51 - 2019-05-15 16:51 - 002708480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2019-05-15 16:51 - 2019-05-15 16:51 - 002422272 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2019-05-15 16:51 - 2019-05-15 16:51 - 002278240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2019-05-15 16:51 - 2019-05-15 16:51 - 002189312 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2019-05-15 16:51 - 2019-05-15 16:51 - 001860096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-05-15 16:51 - 2019-05-15 16:51 - 001760768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2019-05-15 16:51 - 2019-05-15 16:51 - 001701888 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2019-05-15 16:51 - 2019-05-15 16:51 - 001699496 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2019-05-15 16:51 - 2019-05-15 16:51 - 001641616 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2019-05-15 16:51 - 2019-05-15 16:51 - 001605120 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll
2019-05-15 16:51 - 2019-05-15 16:51 - 001484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2019-05-15 16:51 - 2019-05-15 16:51 - 001470016 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2019-05-15 16:51 - 2019-05-15 16:51 - 001395264 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2019-05-15 16:51 - 2019-05-15 16:51 - 001387520 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvruserservice.dll
2019-05-15 16:51 - 2019-05-15 16:51 - 001342608 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2019-05-15 16:51 - 2019-05-15 16:51 - 001309696 _____ (Microsoft Corporation) C:\Windows\system32\webplatstorageserver.dll
2019-05-15 16:51 - 2019-05-15 16:51 - 001290752 _____ (Microsoft Corporation) C:\Windows\system32\werconcpl.dll
2019-05-15 16:51 - 2019-05-15 16:51 - 001253904 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2019-05-15 16:51 - 2019-05-15 16:51 - 001225728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2019-05-15 16:51 - 2019-05-15 16:51 - 001179680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2019-05-15 16:51 - 2019-05-15 16:51 - 001054712 _____ (Microsoft Corporation) C:\Windows\system32\ApplyTrustOffline.exe
2019-05-15 16:51 - 2019-05-15 16:51 - 001048376 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2019-05-15 16:51 - 2019-05-15 16:51 - 001026792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2019-05-15 16:51 - 2019-05-15 16:51 - 000972288 _____ (Microsoft Corporation) C:\Windows\system32\StorSvc.dll
2019-05-15 16:51 - 2019-05-15 16:51 - 000912384 _____ (Microsoft Corporation) C:\Windows\system32\EdgeManager.dll
2019-05-15 16:51 - 2019-05-15 16:51 - 000895792 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2019-05-15 16:51 - 2019-05-15 16:51 - 000865280 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2019-05-15 16:51 - 2019-05-15 16:51 - 000840192 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-05-15 16:51 - 2019-05-15 16:51 - 000807464 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2019-05-15 16:51 - 2019-05-15 16:51 - 000758896 _____ (Microsoft Corporation) C:\Windows\system32\tcblaunch.exe
2019-05-15 16:51 - 2019-05-15 16:51 - 000703488 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2019-05-15 16:51 - 2019-05-15 16:51 - 000680184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2019-05-15 16:51 - 2019-05-15 16:51 - 000660992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2019-05-15 16:51 - 2019-05-15 16:51 - 000594944 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-05-15 16:51 - 2019-05-15 16:51 - 000586280 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2019-05-15 16:51 - 2019-05-15 16:51 - 000543744 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2019-05-15 16:51 - 2019-05-15 16:51 - 000532480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2019-05-15 16:51 - 2019-05-15 16:51 - 000525824 _____ (Microsoft Corporation) C:\Windows\system32\nltest.exe
2019-05-15 16:51 - 2019-05-15 16:51 - 000508432 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2019-05-15 16:51 - 2019-05-15 16:51 - 000495104 _____ (Microsoft Corporation) C:\Windows\system32\werui.dll
2019-05-15 16:51 - 2019-05-15 16:51 - 000449376 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2019-05-15 16:51 - 2019-05-15 16:51 - 000444944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2019-05-15 16:51 - 2019-05-15 16:51 - 000387832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2019-05-15 16:51 - 2019-05-15 16:51 - 000254952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2019-05-15 16:51 - 2019-05-15 16:51 - 000223544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2019-05-15 16:51 - 2019-05-15 16:51 - 000217088 _____ (Microsoft Corporation) C:\Windows\system32\DWWIN.EXE
2019-05-15 16:51 - 2019-05-15 16:51 - 000216064 _____ (Microsoft Corporation) C:\Windows\system32\wersvc.dll
2019-05-15 16:51 - 2019-05-15 16:51 - 000212792 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2019-05-15 16:51 - 2019-05-15 16:51 - 000203272 _____ (Microsoft Corporation) C:\Windows\system32\tcbloader.dll
2019-05-15 16:51 - 2019-05-15 16:51 - 000202768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2019-05-15 16:51 - 2019-05-15 16:51 - 000201016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2019-05-15 16:51 - 2019-05-15 16:51 - 000198456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2019-05-15 16:51 - 2019-05-15 16:51 - 000192824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2019-05-15 16:51 - 2019-05-15 16:51 - 000179728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2019-05-15 16:51 - 2019-05-15 16:51 - 000179200 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2019-05-15 16:51 - 2019-05-15 16:51 - 000177976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-05-15 16:51 - 2019-05-15 16:51 - 000163240 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2019-05-15 16:51 - 2019-05-15 16:51 - 000155136 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2019-05-15 16:51 - 2019-05-15 16:51 - 000147736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2019-05-15 16:51 - 2019-05-15 16:51 - 000138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2019-05-15 16:51 - 2019-05-15 16:51 - 000128000 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-kernel-processor-power-events.dll
2019-05-15 16:51 - 2019-05-15 16:51 - 000124928 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2019-05-15 16:51 - 2019-05-15 16:51 - 000122368 _____ (Microsoft Corporation) C:\Windows\system32\wercplsupport.dll
2019-05-15 16:51 - 2019-05-15 16:51 - 000121656 _____ (Microsoft Corporation) C:\Windows\system32\kdnet.dll
2019-05-15 16:51 - 2019-05-15 16:51 - 000098816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2019-05-15 16:51 - 2019-05-15 16:51 - 000092672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
2019-05-15 16:51 - 2019-05-15 16:51 - 000090640 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.dll
2019-05-15 16:51 - 2019-05-15 16:51 - 000088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2019-05-15 16:51 - 2019-05-15 16:51 - 000080184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hvservice.sys
2019-05-15 16:51 - 2019-05-15 16:51 - 000079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dtdump.exe
2019-05-15 16:51 - 2019-05-15 16:51 - 000066688 _____ (Microsoft Corporation) C:\Windows\system32\cryptdll.dll
2019-05-15 16:51 - 2019-05-15 16:51 - 000055792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdll.dll
2019-05-15 16:51 - 2019-05-15 16:51 - 000000315 _____ C:\Windows\system32\DrtmAuth8.bin
2019-05-15 16:51 - 2019-05-15 16:51 - 000000315 _____ C:\Windows\system32\DrtmAuth7.bin
2019-05-15 16:51 - 2019-05-15 16:51 - 000000315 _____ C:\Windows\system32\DrtmAuth6.bin
2019-05-15 16:51 - 2019-05-15 16:51 - 000000315 _____ C:\Windows\system32\DrtmAuth5.bin
2019-05-15 16:51 - 2019-05-15 16:51 - 000000315 _____ C:\Windows\system32\DrtmAuth4.bin
2019-05-15 16:51 - 2019-05-15 16:51 - 000000315 _____ C:\Windows\system32\DrtmAuth3.bin
2019-05-15 16:51 - 2019-05-15 16:51 - 000000315 _____ C:\Windows\system32\DrtmAuth2.bin
2019-05-15 16:51 - 2019-05-15 16:51 - 000000315 _____ C:\Windows\system32\DrtmAuth1.bin
2019-05-13 20:12 - 2019-05-13 20:12 - 002709891 _____ C:\Users\Jeremiah\Downloads\OptiFine_1.13.2_HD_U_E7 (1).jar
2019-05-13 20:12 - 2019-05-13 20:12 - 000536135 _____ C:\Users\Jeremiah\Downloads\TestLEVEL.zip
2019-05-13 20:08 - 2019-05-13 20:08 - 034940535 _____ C:\Users\Jeremiah\Downloads\Realistic Textures.zip
2019-05-13 08:41 - 2019-05-13 08:41 - 000001647 _____ C:\Users\troy4\Downloads\369520__kinoton__bass-power-down.aup
2019-05-13 08:41 - 2019-05-13 08:41 - 000000000 ____D C:\Users\troy4\Downloads\369520__kinoton__bass-power-down_data
2019-05-13 08:25 - 2019-05-13 08:41 - 000000000 ____D C:\Users\troy4\AppData\Roaming\audacity
2019-05-13 08:25 - 2019-05-13 08:25 - 000001088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2019-05-13 08:25 - 2019-05-13 08:25 - 000001076 _____ C:\Users\Public\Desktop\Audacity.lnk
2019-05-13 08:25 - 2019-05-13 08:25 - 000000000 ____D C:\Users\troy4\Documents\Audacity
2019-05-13 08:25 - 2019-05-13 08:25 - 000000000 ____D C:\Users\troy4\AppData\Local\Audacity
2019-05-13 08:25 - 2019-05-13 08:25 - 000000000 ____D C:\Program Files (x86)\Audacity
2019-05-13 08:22 - 2019-05-13 08:22 - 022750240 _____ (Audacity Team ) C:\Users\troy4\Downloads\audacity-win-2.3.1.exe
2019-05-12 22:36 - 2019-05-12 22:36 - 000001251 _____ C:\Users\Public\Desktop\Minecraft PC Gamer Demo.lnk
2019-05-12 22:36 - 2019-05-12 22:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft PC Gamer Demo
2019-05-12 22:36 - 2019-05-12 22:36 - 000000000 ____D C:\Program Files (x86)\Minecraft PC Gamer Demo
2019-05-12 22:35 - 2019-05-12 22:35 - 004186549 _____ (Mojang ) C:\Users\troy4\Downloads\minecraft_pcgdemo.exe
2019-05-12 22:12 - 2019-05-12 22:12 - 001068674 _____ C:\Users\troy4\Downloads\369520__kinoton__bass-power-down.wav
2019-05-12 18:47 - 2019-05-12 18:48 - 000000000 ____D C:\Users\Jeremiah\Downloads\mining_simulator_script_b91ee
2019-05-12 18:46 - 2019-05-12 18:46 - 000923554 _____ C:\Users\Jeremiah\Downloads\mining_simulator_script_b91ee.zip
2019-05-11 17:31 - 2019-05-31 17:17 - 000000000 ____D C:\Users\Jeremiah\AppData\Local\Voicemod
2019-05-11 17:31 - 2019-05-12 21:21 - 000000000 ____D C:\Users\troy4\AppData\Local\Voicemod
2019-05-11 17:31 - 2019-05-11 17:31 - 000000944 _____ C:\Users\Public\Desktop\Voicemod.lnk
2019-05-11 17:31 - 2019-05-11 17:31 - 000000000 ____D C:\ProgramData\Voicemod
2019-05-11 17:31 - 2019-05-11 17:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Voicemod Desktop
2019-05-11 17:31 - 2019-05-11 17:31 - 000000000 ____D C:\Program Files\Voicemod Desktop
2019-05-11 17:31 - 2018-11-22 17:37 - 000045408 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\vmdrv.sys
2019-05-11 17:27 - 2019-05-11 17:27 - 019996024 _____ (Voicemod S.L. ) C:\Users\Jeremiah\Downloads\VoicemodSetup.exe
2019-05-10 23:25 - 2019-06-02 23:44 - 000000000 ____D C:\Users\Jeremiah\Downloads\opera autoupdate
2019-05-09 16:27 - 2019-05-23 11:41 - 000004490 _____ C:\Windows\System32\Tasks\Opera scheduled assistant Autoupdate 1557437230
2019-05-08 08:17 - 2019-05-08 08:17 - 000001457 _____ C:\Users\troy4\AppData\Local\recently-used.xbel
2019-05-08 07:58 - 2019-05-08 08:17 - 000000000 ____D C:\Users\troy4\AppData\Local\gtk-2.0
2019-05-08 07:57 - 2019-05-08 08:17 - 000000000 ____D C:\Users\troy4\AppData\Local\babl-0.1
2019-05-08 07:57 - 2019-05-08 07:57 - 000000000 ____D C:\Users\troy4\AppData\Roaming\GIMP
2019-05-08 07:57 - 2019-05-08 07:57 - 000000000 ____D C:\Users\troy4\AppData\Local\GIMP
2019-05-08 07:57 - 2019-05-08 07:57 - 000000000 ____D C:\Users\troy4\AppData\Local\gegl-0.4
2019-05-08 07:57 - 2019-05-08 07:57 - 000000000 ____D C:\Users\troy4\.cache
2019-05-08 07:40 - 2019-05-08 14:30 - 000000015 _____ C:\Users\troy4\Desktop\unity terrain.txt
2019-05-07 18:16 - 2019-05-07 18:16 - 000150782 _____ C:\Users\Jeremiah\Downloads\fortnite_mh_load.zip
2019-05-06 20:31 - 2019-05-06 20:31 - 001549718 _____ C:\Users\Jeremiah\Downloads\fortnite_hack_v31_0e19b.zip
2019-05-05 23:04 - 2019-05-05 23:04 - 000471528 _____ C:\Users\troy4\Documents\UFO.blend
2019-05-05 22:25 - 2019-05-05 22:25 - 000000000 ____D C:\Users\troy4\AppData\Roaming\Blender Foundation
2019-05-05 15:01 - 2019-05-27 07:59 - 000004230 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1557086474
2019-05-05 15:01 - 2019-05-21 20:21 - 000000000 ____D C:\Users\Jeremiah\AppData\Local\WebDiscoverBrowser
2019-05-05 15:01 - 2019-05-16 16:37 - 000001408 _____ C:\Users\Jeremiah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2019-05-05 15:01 - 2019-05-05 15:01 - 000000000 ____D C:\Users\Jeremiah\AppData\Local\Opera Software
2019-05-05 15:00 - 2019-05-05 15:00 - 004988799 _____ C:\Users\Jeremiah\Downloads\Forge-1-13.exe
2019-05-05 15:00 - 2019-05-05 15:00 - 000000000 ____D C:\Users\Jeremiah\AppData\Roaming\Opera Software
2019-05-05 14:57 - 2019-05-05 14:57 - 000359716 _____ C:\Users\Jeremiah\Downloads\More Explosives V1.0.2.zip
2019-05-05 14:45 - 2019-05-05 14:45 - 000096042 _____ C:\Users\Jeremiah\Downloads\Rift-ModList-2.0.1b.jar
2019-05-05 14:39 - 2019-05-05 14:39 - 000623697 _____ C:\Users\Jeremiah\Downloads\mod_voxelMap_1.7.1_for_1.12.2.litemod
2019-05-05 10:41 - 2019-05-05 11:32 - 000000013 _____ C:\Users\troy4\Desktop\stronghold.txt
2019-05-04 19:07 - 2019-05-04 19:07 - 000000000 ____D C:\Users\Jadon\AppData\Local\NVIDIA
2019-05-04 19:05 - 2019-05-04 19:05 - 001051639 _____ C:\Users\Jadon\Downloads\Chocapic13 V7.1 Lite.zip
2019-05-04 19:00 - 2019-05-04 19:01 - 002709891 _____ C:\Users\Jadon\Downloads\OptiFine_1.13.2_HD_U_E7.jar
2019-05-04 18:52 - 2019-05-04 18:52 - 001825249 _____ C:\Users\Jeremiah\Downloads\Modern House on the Hill.rar
2019-05-04 18:44 - 2019-05-04 18:44 - 000084813 _____ C:\Users\Jeremiah\Downloads\Sildurs Vibrant Shaders v1.20 Lite.zip
2019-05-04 18:42 - 2019-05-04 18:42 - 001086792 _____ C:\Users\Jeremiah\Downloads\Chocapic13 V7.1 Low.zip
2019-05-04 18:32 - 2019-05-04 18:32 - 000000000 ____D C:\Users\Jeremiah\AppData\Local\OneDrive
2019-05-04 18:23 - 2019-05-04 18:23 - 002709891 _____ C:\Users\Jeremiah\Downloads\OptiFine_1.13.2_HD_U_E7.jar
2019-05-04 18:17 - 2019-05-04 18:17 - 000089688 _____ C:\Users\Jeremiah\Downloads\Sildurs Vibrant Shaders v1.18 High.zip
2019-05-04 18:01 - 2019-05-04 18:01 - 000950602 _____ C:\Users\Jeremiah\Downloads\Minecraft Shaders.rar
2019-05-04 17:58 - 2019-05-04 17:58 - 005512080 _____ C:\Users\Jeremiah\Downloads\Faithful+1.13.2-rv2.zip
2019-05-04 17:53 - 2019-05-04 17:53 - 006930438 _____ C:\Users\Jeremiah\Downloads\SEUS_PTGI_E6.zip
2019-05-04 10:17 - 2019-05-04 10:17 - 000000000 ____D C:\Users\troy4\.thumbnails
2019-05-04 10:13 - 2019-05-04 10:13 - 000001153 _____ C:\Users\troy4\Desktop\blender.lnk
2019-05-04 10:13 - 2019-05-04 10:13 - 000000000 ____D C:\Users\troy4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blender
2019-05-04 10:12 - 2019-05-04 10:12 - 000000000 ____D C:\Program Files\Blender Foundation
2019-05-04 10:08 - 2019-05-04 10:08 - 012844032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-05-04 10:08 - 2019-05-04 10:08 - 012140032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-05-04 10:08 - 2019-05-04 10:08 - 005436904 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2019-05-04 10:08 - 2019-05-04 10:08 - 005210904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepository.dll
2019-05-04 10:08 - 2019-05-04 10:08 - 003551112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2019-05-04 10:08 - 2019-05-04 10:08 - 003426816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdp.dll
2019-05-04 10:08 - 2019-05-04 10:08 - 003406848 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2019-05-04 10:08 - 2019-05-04 10:08 - 002701512 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2019-05-04 10:08 - 2019-05-04 10:08 - 002393088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AcGenral.dll
2019-05-04 10:08 - 2019-05-04 10:08 - 002205184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2019-05-04 10:08 - 2019-05-04 10:08 - 002073960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2019-05-04 10:08 - 2019-05-04 10:08 - 001994976 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2019-05-04 10:08 - 2019-05-04 10:08 - 001674696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2019-05-04 10:08 - 2019-05-04 10:08 - 001671352 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll
2019-05-04 10:08 - 2019-05-04 10:08 - 001467552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
2019-05-04 10:08 - 2019-05-04 10:08 - 001382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2019-05-04 10:08 - 2019-05-04 10:08 - 001315328 _____ (Microsoft Corporation) C:\Windows\system32\wpnapps.dll
2019-05-04 10:08 - 2019-05-04 10:08 - 001001472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpnapps.dll
2019-05-04 10:08 - 2019-05-04 10:08 - 000949248 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Management.dll
2019-05-04 10:08 - 2019-05-04 10:08 - 000815616 _____ (Microsoft Corporation) C:\Windows\system32\MdmDiagnostics.dll
2019-05-04 10:08 - 2019-05-04 10:08 - 000782848 _____ (Microsoft Corporation) C:\Windows\system32\ngcsvc.dll
2019-05-04 10:08 - 2019-05-04 10:08 - 000780632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2019-05-04 10:08 - 2019-05-04 10:08 - 000725696 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2019-05-04 10:08 - 2019-05-04 10:08 - 000695296 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
2019-05-04 10:08 - 2019-05-04 10:08 - 000673280 _____ (Microsoft Corporation) C:\Windows\system32\configmanager2.dll
2019-05-04 10:08 - 2019-05-04 10:08 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Management.dll
2019-05-04 10:08 - 2019-05-04 10:08 - 000663552 _____ (Microsoft Corporation) C:\Windows\system32\PsmServiceExtHost.dll
2019-05-04 10:08 - 2019-05-04 10:08 - 000649064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2019-05-04 10:08 - 2019-05-04 10:08 - 000638376 _____ (Microsoft Corporation) C:\Windows\system32\msvcrt.dll
2019-05-04 10:08 - 2019-05-04 10:08 - 000610304 _____ (Microsoft Corporation) C:\Windows\system32\daxexec.dll
2019-05-04 10:08 - 2019-05-04 10:08 - 000577024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
2019-05-04 10:08 - 2019-05-04 10:08 - 000553656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryPS.dll
2019-05-04 10:08 - 2019-05-04 10:08 - 000553472 _____ (Microsoft Corporation) C:\Windows\system32\dmenrollengine.dll
2019-05-04 10:08 - 2019-05-04 10:08 - 000540720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StateRepository.Core.dll
2019-05-04 10:08 - 2019-05-04 10:08 - 000531968 _____ (Microsoft Corporation) C:\Windows\system32\sppcext.dll
2019-05-04 10:08 - 2019-05-04 10:08 - 000514632 _____ (Microsoft Corporation) C:\Windows\system32\policymanager.dll
2019-05-04 10:08 - 2019-05-04 10:08 - 000461824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dmenrollengine.dll
2019-05-04 10:08 - 2019-05-04 10:08 - 000454160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2019-05-04 10:08 - 2019-05-04 10:08 - 000451080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\policymanager.dll
2019-05-04 10:08 - 2019-05-04 10:08 - 000424960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\daxexec.dll
2019-05-04 10:08 - 2019-05-04 10:08 - 000370176 _____ (Microsoft Corporation) C:\Windows\system32\dxdiag.exe
2019-05-04 10:08 - 2019-05-04 10:08 - 000359936 _____ (Microsoft Corporation) C:\Windows\system32\DeviceEnroller.exe
2019-05-04 10:08 - 2019-05-04 10:08 - 000349696 _____ (Microsoft Corporation) C:\Windows\system32\AcGenral.dll
2019-05-04 10:08 - 2019-05-04 10:08 - 000326144 _____ (Microsoft Corporation) C:\Windows\system32\DiagnosticLogCSP.dll
2019-05-04 10:08 - 2019-05-04 10:08 - 000320512 _____ (Microsoft Corporation) C:\Windows\system32\omadmclient.exe
2019-05-04 10:08 - 2019-05-04 10:08 - 000314368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxdiag.exe
2019-05-04 10:08 - 2019-05-04 10:08 - 000302080 _____ (Microsoft Corporation) C:\Windows\system32\dmenterprisediagnostics.dll
2019-05-04 10:08 - 2019-05-04 10:08 - 000263576 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2019-05-04 10:08 - 2019-05-04 10:08 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2019-05-04 10:08 - 2019-05-04 10:08 - 000254464 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2019-05-04 10:08 - 2019-05-04 10:08 - 000246784 _____ (Microsoft Corporation) C:\Windows\system32\mdmregistration.dll
2019-05-04 10:08 - 2019-05-04 10:08 - 000240128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2019-05-04 10:08 - 2019-05-04 10:08 - 000201728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mdmregistration.dll
2019-05-04 10:08 - 2019-05-04 10:08 - 000153088 _____ (Microsoft Corporation) C:\Windows\system32\fcon.dll
2019-05-04 10:08 - 2019-05-04 10:08 - 000122680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryClient.dll
2019-05-04 10:08 - 2019-05-04 10:08 - 000101376 _____ (Microsoft Corporation) C:\Windows\system32\ActiveSyncCsp.dll
2019-05-04 10:08 - 2019-05-04 10:08 - 000086960 _____ (Microsoft Corporation) C:\Windows\system32\taskhostw.exe
2019-05-04 10:08 - 2019-05-04 10:08 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\EASPolicyManagerBrokerHost.exe
2019-05-04 10:08 - 2019-05-04 10:08 - 000051712 _____ (Microsoft Corporation) C:\Windows\system32\MdmDiagnosticsTool.exe
2019-05-04 10:07 - 2019-05-04 10:07 - 005296640 _____ (Microsoft Corporation) C:\Windows\system32\cdp.dll
2019-05-04 10:07 - 2019-05-04 10:07 - 004997096 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepository.dll
2019-05-04 10:07 - 2019-05-04 10:07 - 003982848 _____ (Microsoft Corporation) C:\Windows\system32\EdgeContent.dll
2019-05-04 10:07 - 2019-05-04 10:07 - 002995712 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2019-05-04 10:07 - 2019-05-04 10:07 - 001768960 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Input.Inking.dll
2019-05-04 10:07 - 2019-05-04 10:07 - 001653760 _____ (Microsoft Corporation) C:\Windows\system32\wpncore.dll
2019-05-04 10:07 - 2019-05-04 10:07 - 001219640 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryPS.dll
2019-05-04 10:07 - 2019-05-04 10:07 - 000999424 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2019-05-04 10:07 - 2019-05-04 10:07 - 000806600 _____ C:\Windows\SysWOW64\locale.nls
2019-05-04 10:07 - 2019-05-04 10:07 - 000806600 _____ C:\Windows\system32\locale.nls
2019-05-04 10:07 - 2019-05-04 10:07 - 000773120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2019-05-04 10:07 - 2019-05-04 10:07 - 000679424 _____ (Microsoft Corporation) C:\Windows\system32\AppReadiness.dll
2019-05-04 10:07 - 2019-05-04 10:07 - 000676256 _____ (Microsoft Corporation) C:\Windows\system32\StateRepository.Core.dll
2019-05-04 10:07 - 2019-05-04 10:07 - 000651576 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe
2019-05-04 10:07 - 2019-05-04 10:07 - 000495616 _____ (Microsoft Corporation) C:\Windows\system32\DDDS.dll
2019-05-04 10:07 - 2019-05-04 10:07 - 000469504 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2019-05-04 10:07 - 2019-05-04 10:07 - 000424960 _____ (Microsoft Corporation) C:\Windows\system32\SDDS.dll
2019-05-04 10:07 - 2019-05-04 10:07 - 000421392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2019-05-04 10:07 - 2019-05-04 10:07 - 000366592 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2019-05-04 10:07 - 2019-05-04 10:07 - 000321024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2019-05-04 10:07 - 2019-05-04 10:07 - 000280592 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll
2019-05-04 10:07 - 2019-05-04 10:07 - 000244224 _____ (Microsoft Corporation) C:\Windows\system32\JpnServiceDS.dll
2019-05-04 10:07 - 2019-05-04 10:07 - 000197120 _____ (Microsoft Corporation) C:\Windows\system32\updatepolicy.dll
2019-05-04 10:07 - 2019-05-04 10:07 - 000161280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\updatepolicy.dll
2019-05-04 10:07 - 2019-05-04 10:07 - 000157200 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryClient.dll
2019-05-04 10:05 - 2019-05-04 10:05 - 087912376 _____ C:\Users\troy4\Downloads\blender-2.79b-windows64.msi
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-06-03 10:18 - 2019-01-19 20:55 - 000000000 ___RD C:\Users\troy4\OneDrive
2019-06-03 10:16 - 2018-09-15 02:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-06-03 10:15 - 2019-01-19 20:53 - 000000000 __SHD C:\Users\troy4\IntelGraphicsProfiles
2019-06-03 10:14 - 2019-01-19 22:33 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-06-03 10:14 - 2019-01-19 22:33 - 000000000 ____D C:\Windows\system32\SleepStudy
2019-06-03 10:14 - 2019-01-19 20:58 - 000000000 ____D C:\ProgramData\NVIDIA
2019-06-03 10:03 - 2018-09-15 02:33 - 000000000 ___HD C:\Program Files\WindowsApps
2019-06-03 10:03 - 2018-09-15 02:33 - 000000000 ____D C:\Windows\AppReadiness
2019-06-03 09:47 - 2019-01-19 20:47 - 000000000 ____D C:\Users\troy4
2019-06-03 09:46 - 2019-01-19 22:33 - 000111104 ____N C:\Windows\Minidump\060319-41031-01.dmp
2019-06-02 23:43 - 2019-01-20 17:49 - 000000000 ____D C:\Users\Jeremiah
2019-06-02 23:38 - 2019-01-20 17:49 - 000000000 __SHD C:\Users\Jeremiah\IntelGraphicsProfiles
2019-06-02 21:18 - 2019-01-19 22:33 - 000110592 ____N C:\Windows\Minidump\060219-39640-01.dmp
2019-06-02 13:34 - 2019-01-19 22:33 - 000110592 ____N C:\Windows\Minidump\060219-35875-01.dmp
2019-06-01 20:30 - 2018-09-15 01:09 - 001572864 _____ C:\Windows\system32\config\BBI
2019-06-01 17:35 - 2019-01-24 23:42 - 000000000 ____D C:\Users\troy4\AppData\Roaming\.minecraft
2019-05-31 23:03 - 2019-01-19 22:01 - 000000000 ____D C:\Program Files\Epic Games
2019-05-31 17:38 - 2019-04-27 21:38 - 000000000 ____D C:\MyGames
2019-05-30 20:29 - 2019-01-20 00:58 - 000000000 ____D C:\Program Files (x86)\Steam
2019-05-30 15:29 - 2019-01-20 00:54 - 000003378 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3696728497-2640945442-599516163-1002
2019-05-30 15:29 - 2019-01-20 00:54 - 000000000 ___RD C:\Users\Jadon\OneDrive
2019-05-30 15:29 - 2019-01-20 00:52 - 000002363 _____ C:\Users\Jadon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-05-30 12:52 - 2019-01-26 21:12 - 000001432 _____ C:\Users\Jeremiah\Desktop\Roblox Player.lnk
2019-05-30 12:52 - 2019-01-26 21:12 - 000001247 _____ C:\Users\Jeremiah\Desktop\Roblox Studio.lnk
2019-05-30 12:52 - 2019-01-26 21:12 - 000000000 ____D C:\Users\Jeremiah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2019-05-30 12:04 - 2019-01-20 00:52 - 000000000 ____D C:\Users\Jadon\AppData\Local\Packages
2019-05-30 11:57 - 2019-01-19 20:55 - 000003378 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3696728497-2640945442-599516163-1001
2019-05-30 11:57 - 2019-01-19 20:47 - 000002363 _____ C:\Users\troy4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-05-29 15:36 - 2019-02-08 22:03 - 000000000 ____D C:\ProgramData\Origin
2019-05-29 15:32 - 2019-02-09 15:38 - 000000000 ____D C:\Program Files (x86)\Origin
2019-05-29 15:30 - 2019-01-20 00:52 - 000000000 ____D C:\Users\Jadon
2019-05-29 15:29 - 2019-01-22 20:23 - 000001429 _____ C:\Users\Jadon\Desktop\Roblox Player.lnk
2019-05-29 15:29 - 2019-01-22 20:22 - 000001244 _____ C:\Users\Jadon\Desktop\Roblox Studio.lnk
2019-05-29 15:29 - 2019-01-22 20:22 - 000000000 ____D C:\Users\Jadon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2019-05-29 15:28 - 2019-01-20 00:52 - 000000000 __SHD C:\Users\Jadon\IntelGraphicsProfiles
2019-05-29 13:12 - 2019-04-06 21:15 - 000000000 ____D C:\Users\Jeremiah\AppData\Roaming\Restream Chat
2019-05-28 21:40 - 2019-02-23 23:32 - 000000000 ____D C:\Users\Jeremiah\AppData\Roaming\.minecraft
2019-05-28 15:39 - 2019-01-19 21:10 - 000000000 ____D C:\ProgramData\Packages
2019-05-28 15:22 - 2019-04-30 10:29 - 000000000 ____D C:\Users\troy4\AppData\Roaming\UnityHub
2019-05-27 18:17 - 2019-01-19 20:55 - 000000000 ____D C:\Users\troy4\AppData\Local\PlaceholderTileLogoFolder
2019-05-27 17:21 - 2019-04-30 15:31 - 000000000 ____D C:\Users\troy4\AppData\Local\Unity
2019-05-27 16:51 - 2019-01-20 18:00 - 000000000 ____D C:\Users\Jeremiah\AppData\Local\PlaceholderTileLogoFolder
2019-05-27 16:51 - 2019-01-20 17:49 - 000000000 ____D C:\Users\Jeremiah\AppData\Local\Publishers
2019-05-27 16:51 - 2019-01-20 17:49 - 000000000 ____D C:\Users\Jeremiah\AppData\Local\Packages
2019-05-27 07:57 - 2019-01-20 17:50 - 000003384 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3696728497-2640945442-599516163-1004
2019-05-27 07:50 - 2019-01-19 20:53 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-05-26 16:06 - 2019-01-20 17:49 - 000000000 ____D C:\Users\Jeremiah\AppData\Local\ConnectedDevicesPlatform
2019-05-26 15:37 - 2019-01-19 20:53 - 000000000 ____D C:\Users\troy4\AppData\Local\Packages
2019-05-25 17:29 - 2019-02-08 22:03 - 000000000 ____D C:\Users\Jeremiah\AppData\Roaming\Origin
2019-05-25 14:00 - 2019-04-26 20:23 - 000000910 _____ C:\Users\Jeremiah\AppData\Local\_settings.ini
2019-05-24 23:46 - 2019-02-18 10:40 - 000000000 ____D C:\Users\Jeremiah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2019-05-23 14:42 - 2019-01-20 17:49 - 000000000 ____D C:\Users\Jeremiah\AppData\Local\VirtualStore
2019-05-22 18:27 - 2019-01-19 21:06 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-05-22 18:27 - 2019-01-19 21:06 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-05-18 15:13 - 2016-12-08 19:09 - 017711616 _____ C:\Users\Jeremiah\Desktop\Ravenfield.exe
2019-05-17 17:37 - 2019-01-20 17:50 - 000000000 ___RD C:\Users\Jeremiah\OneDrive
2019-05-17 17:37 - 2019-01-20 17:49 - 000002372 _____ C:\Users\Jeremiah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-05-17 14:08 - 2019-04-27 21:38 - 000000000 ____D C:\Users\Jeremiah\AppData\Local\GameCenter
2019-05-16 00:16 - 2018-09-15 02:31 - 000000000 ____D C:\Windows\INF
2019-05-16 00:12 - 2019-01-19 22:45 - 000840848 _____ C:\Windows\system32\PerfStringBackup.INI
2019-05-16 00:06 - 2019-01-19 22:33 - 000290512 _____ C:\Windows\system32\FNTCACHE.DAT
2019-05-16 00:03 - 2018-09-15 02:33 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2019-05-16 00:03 - 2018-09-15 02:33 - 000000000 ____D C:\Windows\bcastdvr
2019-05-15 18:17 - 2019-04-27 15:19 - 000000000 ____D C:\Users\Jeremiah\Desktop\scripts
2019-05-15 16:54 - 2018-09-15 02:23 - 000000000 ____D C:\Windows\CbsTemp
2019-05-15 16:39 - 2019-01-19 21:05 - 000003418 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2019-05-15 16:39 - 2019-01-19 21:05 - 000003294 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2019-05-14 17:50 - 2019-01-20 00:01 - 000000000 ____D C:\Windows\system32\MRT
2019-05-14 17:45 - 2019-01-20 00:01 - 132445408 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-05-14 07:05 - 2019-02-13 23:37 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-05-13 16:23 - 2019-02-13 01:38 - 000835688 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-05-13 16:23 - 2019-02-13 01:38 - 000179816 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-05-12 21:20 - 2018-09-15 02:33 - 000000000 ____D C:\Windows\LiveKernelReports
2019-05-07 21:57 - 2019-04-30 15:37 - 000000000 ____D C:\Users\troy4\AppData\LocalLow\DefaultCompany
2019-05-07 21:56 - 2019-04-30 15:33 - 000000000 ____D C:\Users\troy4\Documents\Unity Projects
2019-05-04 23:46 - 2018-09-15 02:33 - 000000000 ____D C:\Windows\TextInput
2019-05-04 23:46 - 2018-09-15 02:33 - 000000000 ____D C:\Windows\ShellExperiences
2019-05-04 19:10 - 2019-04-29 14:46 - 000000000 ____D C:\Users\Jadon\AppData\Roaming\.minecraft
2019-05-04 10:16 - 2019-02-09 15:38 - 000000000 ____D C:\Users\troy4\AppData\Roaming\Origin
2019-05-04 10:15 - 2019-02-09 21:29 - 000000000 ____D C:\Program Files (x86)\Origin Games
==================== Files in the root of some directories =======
2019-05-08 08:17 - 2019-05-08 08:17 - 000001457 _____ () C:\Users\troy4\AppData\Local\recently-used.xbel
==================== SigCheck ===============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ============================

 

=========

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-06-2019
Ran by troy4 (03-06-2019 10:42:32)
Running from C:\Users\troy4\Desktop
Windows 10 Home Version 1809 17763.503 (X64) (2019-01-20 03:42:33)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-3696728497-2640945442-599516163-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3696728497-2640945442-599516163-503 - Limited - Disabled)
Guest (S-1-5-21-3696728497-2640945442-599516163-501 - Limited - Disabled)
Jadon (S-1-5-21-3696728497-2640945442-599516163-1002 - Limited - Enabled) => C:\Users\Jadon
Jeremiah (S-1-5-21-3696728497-2640945442-599516163-1004 - Limited - Enabled) => C:\Users\Jeremiah
troy4 (S-1-5-21-3696728497-2640945442-599516163-1001 - Administrator - Enabled) => C:\Users\troy4
WDAGUtilityAccount (S-1-5-21-3696728497-2640945442-599516163-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Apex Legends (HKLM-x32\...\{D7FBF176-382D-484E-863A-DFD1124A2A1C}) (Version: 1.0.0.8 - Electronic Arts, Inc.)
Application Verifier x64 External Package (HKLM\...\{D9908CED-5ABB-FEE9-FC84-743F4D38637C}) (Version: 10.1.16299.15 - Microsoft) Hidden
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0050 - ASUS)
Audacity 2.3.1 (HKLM-x32\...\Audacity_is1) (Version: 2.3.1 - Audacity Team)
Battlefield 1942™ (HKLM-x32\...\{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}) (Version: 1.6.20.0 - Electronic Arts)
Blender (HKLM\...\{E29A1273-2E7A-40E7-AA63-428A11D59429}) (Version: 2.79.2 - Blender Foundation)
BlueStacks App Player (HKLM\...\BlueStacks) (Version: 4.60.20.1002 - BlueStack Systems, Inc.)
Call of Duty® 2 Demo (HKLM-x32\...\{FB9CDF41-F0B9-4F31-9230-7DF0D6637270}) (Version:  - ) Hidden
Call of Duty® 2 Demo (HKLM-x32\...\InstallShield_{FB9CDF41-F0B9-4F31-9230-7DF0D6637270}) (Version:  - )
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.34.58 - Conexant)
CORSAIR iCUE Software (HKLM-x32\...\{9F6BAED1-1FDA-4AFD-A766-71767A2E784D}) (Version: 3.12.118 - Corsair)
CrossFire NA (HKLM-x32\...\CrossFire_is1) (Version:  - Z8Games.com)
D3DGear (HKLM\...\D3DGear_is1) (Version: 5.0.0.2205 - D3DGear Technologies)
Epic Games Launcher (HKLM-x32\...\{0E63B233-DC24-442C-BD38-0B91D90FEC5B}) (Version: 1.1.167.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
GIMP 2.10.8 (HKLM\...\GIMP-2_is1) (Version: 2.10.8 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 74.0.3729.169 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4550 - Intel Corporation)
Ironsight version 1.0 (HKLM-x32\...\Ironsight_is1) (Version: 1.0 - Aeria Games)
Java 8 Update 201 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)
Kits Configuration Installer (HKLM-x32\...\{86E59C8F-61D5-1782-A3CE-60AE7E4D7791}) (Version: 10.1.16299.15 - Microsoft) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-3696728497-2640945442-599516163-1001\...\OneDriveSetup.exe) (Version: 19.070.0410.0007 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3696728497-2640945442-599516163-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06032019101508933\...\OneDriveSetup.exe) (Version: 19.070.0410.0007 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3696728497-2640945442-599516163-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06032019101511438\...\OneDriveSetup.exe) (Version: 19.070.0410.0007 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27029 (HKLM-x32\...\{64ff2cb0-807c-4ee9-87ef-ec1b2ede0daf}) (Version: 14.16.27029.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27029 (HKLM-x32\...\{f50edb7e-c25e-47b4-bc4f-7ec4a4d256b1}) (Version: 14.16.27029.1 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.18.1100.314 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Minecraft PC Gamer Demo version 1.5 (HKLM-x32\...\{55D65D27-C0CD-4375-9021-F3D3D024ED90}_is1) (Version: 1.5 - Mojang)
Movie Studio Platinum 13.0 (64-bit) (HKLM\...\{8F700B00-B598-11E6-80D9-EF6B4CB4F8F1}) (Version: 13.0.987 - VEGAS)
MSI Development Tools (HKLM-x32\...\{973CACA2-E018-065B-0580-F2784802E299}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
NVIDIA Graphics Driver 388.57 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.57 - NVIDIA Corporation)
OpenOffice 4.1.6 (HKLM-x32\...\{16E4FF6B-31E8-4037-B627-D87CF872E32B}) (Version: 4.16.9790 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 10.5.38.26728 - Electronic Arts, Inc.)
paint.net (HKLM\...\{B998B716-4001-4919-BA90-BA14B51DFEB5}) (Version: 4.1.6 - dotPDN LLC)
Player.me (HKLM-x32\...\{D9D7BF09-0C20-4004-9404-3EFCDE3CF03B}) (Version: 1.0.1812.1301 - SplitmediaLabs) Hidden
Roblox Player for Jadon (HKU\S-1-5-21-3696728497-2640945442-599516163-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06032019101511438\...\roblox-player) (Version:  - Roblox Corporation)
SDK ARM Additions (HKLM-x32\...\{7922BB77-0B59-840A-AC80-D560A34D75C5}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
SDK ARM Redistributables (HKLM-x32\...\{C87DF65C-A672-7E08-A083-E7D48FE8DB70}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Unity (HKLM-x32\...\Unity) (Version: 2019.1.0f2 - Unity Technologies ApS)
Unity Hub 1.6.1 (HKLM\...\Unity Technologies - Hub) (Version: 1.6.1 - Unity Technologies Inc.)
Universal CRT Extension SDK (HKLM-x32\...\{A5FA2886-1925-133F-0D41-B9A8ECEA0A2D}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{B739B4C5-EEEC-8E70-0276-38C4779AF398}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{A9D6F52C-694E-3E41-7AB8-5BEB644742A5}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{E053089E-7953-3219-814F-F485FC151C54}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{B9424F08-0617-C4F6-A798-5A9250C1A738}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{D261CEA1-AB8D-9CFA-4407-BCEFC78661AC}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
vcpp_crt.redist.clickonce (HKLM-x32\...\{16E08161-F78C-4FFC-8E12-F9BEA280795F}) (Version: 14.16.27012 - Microsoft Corporation) Hidden
Visual Studio Community 2017 (HKLM-x32\...\6d0044d6) (Version: 15.9.28307.586 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.6 - VideoLAN)
Voicemod (HKLM\...\{8435A407-F778-4647-9CDB-46E5EC50BAD0}_is1) (Version: 1.2.5.3 - Voicemod S.L.)
VS Script Debugging Common (HKLM\...\{8B657335-3813-4CF4-A6FE-2AA44BE23F94}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\...\{71797C29-380A-492C-B35A-F5E4A7B57BDC}) (Version: 15.9.28307 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{40040E64-50EB-4FCF-B209-DA0B20821759}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{BFFA2FFB-1095-4ADD-A352-368806D2412B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{A254DA0E-26A1-43C3-95BE-7A24D5599473}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{1F42A73E-CF26-4D67-BA79-752CA56B639F}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{A41E138F-5A3F-443C-B72D-957AB994FB5A}) (Version: 15.9.28128 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{3A78DA3D-C8D4-429D-B536-6E59A0088451}) (Version: 15.8.27825 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{68B8AD33-CE97-4C3D-9583-669C39D21BA5}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{6DFE6F8D-B61D-4348-AB70-4ABF1210DFD5}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\...\{1AC6CC3D-7724-4D84-9270-798A2191AB1C}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
WinAppDeploy (HKLM-x32\...\{9690D51C-4435-1C20-7819-66CCAB0F03F9}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Windows SDK AddOn (HKLM-x32\...\{350F0ECD-0783-4529-8797-98F0AD33EAC0}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.16299.15 (HKLM-x32\...\{6195c203-b53c-4bb7-983a-6070a902e704}) (Version: 10.1.16299.15 - Microsoft Corporation)
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{385A1387-A488-9E90-3635-086129610034}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{D7DD3171-DA58-52A1-95B2-4769640855AF}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{7336279F-8F8F-5530-A543-3BE963846C0A}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{E414A474-0A87-4F66-C409-A4D9857CFD34}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense Mobile - en-us (HKLM-x32\...\{CE760B86-975B-F514-5673-0ED4332B801B}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{5E67F8BE-D8D2-257F-CE19-419A2D5125C7}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{A2AA063E-AF50-A1F5-8925-A06EB1556644}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{7D4C7F4A-02A9-E434-6451-C8787DF28C1F}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{BC467065-9374-5345-DA3F-FCF073304A25}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
x264vfw - H.264/MPEG-4 AVC codec for x64 (remove only) (HKLM-x32\...\x264vfw64) (Version:  - )
Packages:
=========
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1520.1.0_x86__kgqvnymyfvs32 [2019-06-03] (king.com)
Fitbit Coach -> C:\Program Files\WindowsApps\Fitbit.FitbitCoach_4.4.133.0_x64__6mqt6hf9g46tw [2019-01-19] (Fitbit)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_95.1.531.0_x64__v10z8vjag6ke6 [2019-03-19] (HP Inc.)
Phototastic Collage -> C:\Program Files\WindowsApps\ThumbmunkeysLtd.PhototasticCollage_2.2.9.0_x64__nfy108tqq3p12 [2019-01-19] (Thumbmunkeys Ltd)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxDTCM.dll [2016-11-30] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-12-04] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============
2018-12-03 14:29 - 2018-12-03 14:29 - 000015872 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\libEGL.DLL
2018-12-03 14:29 - 2018-12-03 14:29 - 002786816 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\libGLESv2.dll
2019-01-29 18:47 - 2019-01-29 18:47 - 000204800 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\quazip.dll
2019-01-29 18:42 - 2019-01-29 18:42 - 000098816 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\zlib.dll
2019-01-19 21:41 - 2019-05-31 19:22 - 098275328 _____ () [File not signed] C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libcef.dll
2019-01-19 21:41 - 2019-01-19 21:41 - 000092672 _____ () [File not signed] C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libEGL.dll
2019-01-19 21:41 - 2019-01-19 21:41 - 003922432 _____ () [File not signed] C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libGLESv2.dll
2019-06-03 10:10 - 2019-06-03 10:10 - 005198336 _____ (AVAST Software) [File not signed] C:\Users\troy4\Desktop\aswMBR.exe
2017-09-28 18:41 - 2017-09-28 18:41 - 000266240 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbPc.DLL
2018-12-14 17:04 - 2018-12-14 17:04 - 000090112 _____ (Silicon Laboratories, Inc.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\SiUSBXp.dll
2019-01-19 21:41 - 2019-01-19 21:41 - 000547840 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\chrome_elf.dll
2018-12-18 13:45 - 2018-12-18 13:45 - 001277952 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\LIBEAY32.dll
2018-12-18 13:45 - 2018-12-18 13:45 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\ssleay32.dll
2018-12-03 14:42 - 2018-12-03 14:42 - 000025600 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\imageformats\qgif.dll
2018-12-03 17:20 - 2018-12-03 17:20 - 000034816 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\imageformats\qicns.dll
2018-12-03 14:41 - 2018-12-03 14:41 - 000025600 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\imageformats\qico.dll
2018-12-03 14:43 - 2018-12-03 14:43 - 000364032 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\imageformats\qjpeg.dll
2018-12-03 17:19 - 2018-12-03 17:19 - 000021504 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\imageformats\qsvg.dll
2018-12-03 17:20 - 2018-12-03 17:20 - 000019968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\imageformats\qtga.dll
2018-12-03 17:20 - 2018-12-03 17:20 - 000330752 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\imageformats\qtiff.dll
2018-12-03 17:20 - 2018-12-03 17:20 - 000019456 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\imageformats\qwbmp.dll
2018-12-03 17:20 - 2018-12-03 17:20 - 000411648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\imageformats\qwebp.dll
2018-12-03 14:44 - 2018-12-03 14:44 - 001196032 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\platforms\qwindows.dll
2018-12-03 14:31 - 2018-12-03 14:31 - 000024576 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Concurrent.dll
2019-01-29 19:10 - 2019-01-29 19:10 - 005086208 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Core.dll
2018-12-03 14:36 - 2018-12-03 14:36 - 005337600 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Gui.dll
2018-12-03 17:48 - 2018-12-03 17:48 - 000576512 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Multimedia.dll
2018-12-03 14:35 - 2018-12-03 14:35 - 001043968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Network.dll
2018-12-03 17:39 - 2018-12-03 17:39 - 003348480 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Qml.dll
2018-12-03 17:31 - 2018-12-03 17:31 - 003169792 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Quick.dll
2018-12-03 17:51 - 2018-12-03 17:51 - 000142336 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5QuickControls2.dll
2018-12-03 17:51 - 2018-12-03 17:51 - 000847872 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5QuickTemplates2.dll
2018-12-03 17:48 - 2018-12-03 17:48 - 000326656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Scxml.dll
2018-12-03 17:19 - 2018-12-03 17:19 - 000263680 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Svg.dll
2018-12-03 14:40 - 2018-12-03 14:40 - 004525568 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Widgets.dll
2018-12-03 17:59 - 2018-12-03 17:59 - 000444416 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5WinExtras.dll
2018-12-03 14:30 - 2018-12-03 14:30 - 000147456 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Xml.dll
2018-12-03 17:45 - 2018-12-03 17:45 - 000045568 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2018-12-03 17:45 - 2018-12-03 17:45 - 000056320 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2018-12-03 17:36 - 2018-12-03 17:36 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\QtQuick.2\qtquick2plugin.dll
2018-12-03 17:57 - 2018-12-03 17:57 - 000446976 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\QtQuick\Controls.2\qtquickcontrols2plugin.dll
2018-12-03 17:52 - 2018-12-03 17:52 - 000269312 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\QtQuick\Controls\qtquickcontrolsplugin.dll
2018-12-03 17:37 - 2018-12-03 17:37 - 000072192 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\QtQuick\Layouts\qquicklayoutsplugin.dll
2018-12-03 17:52 - 2018-12-03 17:52 - 000260608 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\QtQuick\Templates.2\qtquicktemplates2plugin.dll
2018-12-03 17:37 - 2018-12-03 17:37 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\QtQuick\Window.2\windowplugin.dll
2018-12-03 14:43 - 2018-12-03 14:43 - 000122368 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\styles\qwindowsvistastyle.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [468]
AlternateDataStreams: C:\Users\troy4\Application Data:19480092594194a127310869d618ccd6 [362]
AlternateDataStreams: C:\Users\troy4\AppData\Roaming:19480092594194a127310869d618ccd6 [362]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2018-09-15 02:31 - 2018-09-15 02:31 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;%D3DGEARPATH%;c:\program files\d3dgear
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06032019101505909\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06032019101517723\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06032019101508069\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3696728497-2640945442-599516163-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\troy4\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\knight_and_dragon_book_sculpture_by_wetcanvas-d5bhndm.jpg
HKU\S-1-5-21-3696728497-2640945442-599516163-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06032019101508933\Control Panel\Desktop\\Wallpaper -> C:\Users\troy4\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\knight_and_dragon_book_sculpture_by_wetcanvas-d5bhndm.jpg
HKU\S-1-5-21-3696728497-2640945442-599516163-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06032019101511438\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is disabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.

==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{36A6A3C0-1BAA-4A1D-A205-F63CD6BC7B91}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{B0AC49D1-416D-40A3-B652-74894C337C21}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{998B8781-E2E3-499B-9476-038904CA6F1C}] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{CB844279-7F84-4D38-9821-0AE460A53410}] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{11CCA66A-40F2-4C5C-B5AC-B27ED22B8A9E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{472C057B-BED9-4EFB-9C6F-029DE4111D7B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{59C50867-CA6E-4C99-86F4-FEF5C16DE11D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{FD53763C-164F-4EC9-9C51-575B2637D058}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [TCP Query User{3C3ED103-4454-4ABF-9432-CA79D5846D8F}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Block) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe No File
FirewallRules: [UDP Query User{F560E4FB-C8E6-43C9-B355-42C53977F4F5}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Block) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe No File
FirewallRules: [TCP Query User{F0B107A2-126E-42EB-92C2-192BC5BDC7F4}C:\program files\epic games\subnautica\subnautica.exe] => (Allow) C:\program files\epic games\subnautica\subnautica.exe () [File not signed]
FirewallRules: [UDP Query User{5837682A-8E4C-4A98-B537-A807F025E954}C:\program files\epic games\subnautica\subnautica.exe] => (Allow) C:\program files\epic games\subnautica\subnautica.exe () [File not signed]
FirewallRules: [{B7478CA2-A096-4437-A8F5-AF7B7D1373A7}] => (Block) C:\program files\epic games\subnautica\subnautica.exe () [File not signed]
FirewallRules: [{8C77715F-78DC-44C4-8D2D-CCBE91890FA7}] => (Block) C:\program files\epic games\subnautica\subnautica.exe () [File not signed]
FirewallRules: [TCP Query User{9AA59D2B-4C58-4DDC-BD10-FDFB0E65F812}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File
FirewallRules: [UDP Query User{C690FA40-99C1-4E33-9A74-9217C6C2B39D}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File
FirewallRules: [{8E763891-872D-4769-A0ED-D5B2CEB7DF9A}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File
FirewallRules: [{DE0041E7-6291-4435-892C-1F1EC8BB4604}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File
FirewallRules: [{A59230AF-6002-43D1-8639-A93E57B1AD66}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{FBC2E6BA-CEB1-44C0-AF3C-C4C91511DBD1}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{EE791FFA-DFB2-4D35-A76C-1CD103028212}C:\program files (x86)\origin games\apex\r5apex.exe] => (Allow) C:\program files (x86)\origin games\apex\r5apex.exe (Electronic Arts, Inc. -> Respawn Entertainment)
FirewallRules: [UDP Query User{25FB80DB-E694-4D5F-9475-6CE725F1E6BF}C:\program files (x86)\origin games\apex\r5apex.exe] => (Allow) C:\program files (x86)\origin games\apex\r5apex.exe (Electronic Arts, Inc. -> Respawn Entertainment)
FirewallRules: [{A7508A95-D61C-43B1-A290-BBF08D31859B}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1942\BF1942.exe (Electronic Arts -> )
FirewallRules: [{0091C376-3CD7-46AB-AC05-F2A321334F09}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1942\BF1942.exe (Electronic Arts -> )
FirewallRules: [{879D9430-44F9-45DB-8B67-585B5D77D63D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe (Valve -> )
FirewallRules: [{63C9D983-4CC8-481D-8F6A-4C7F6BEDC7C4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe (Valve -> )
FirewallRules: [{2EF4B7AA-8AC1-44A4-B485-D8DF9E1CB452}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TotallyAccurateBattlegrounds\TotallyAccurateBattlegrounds.exe () [File not signed]
FirewallRules: [{4871DC3F-B5E0-424F-8233-E7CAD9DE9F40}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TotallyAccurateBattlegrounds\TotallyAccurateBattlegrounds.exe () [File not signed]
FirewallRules: [{1AD63FFC-202F-4C96-A5D1-AB4628F7B072}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe (Toby Fox ) [File not signed]
FirewallRules: [{F52A5233-97A5-4707-BE19-3AE12B2581DF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe (Toby Fox ) [File not signed]
FirewallRules: [{CF0AE0EB-8175-43BF-9899-987EC90DC02C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{A35F508D-663A-4E18-BE12-18CFBBF7D3F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{4EC8A4A4-BD06-4350-9D09-DF9402C6279B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe (Smartly Dressed Games Ltd. -> ) [File not signed]
FirewallRules: [{ED28F3FF-6993-4E6A-A35E-E52F0C339EAA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe (Smartly Dressed Games Ltd. -> ) [File not signed]
FirewallRules: [{75F0FD80-BA66-4C1E-A0FC-7900D5DD25FA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Scribblenauts\Scribble.exe () [File not signed]
FirewallRules: [{3A868689-5AC8-43AD-B396-19A230A7EF8F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Scribblenauts\Scribble.exe () [File not signed]
FirewallRules: [{455A73F7-DE73-4F0C-83FC-9D84116ECACC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe () [File not signed]
FirewallRules: [{08BA5D56-4BCF-413F-BD61-03AB40DB2C64}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe () [File not signed]
FirewallRules: [TCP Query User{163CBEF8-C4E9-4E26-8FF1-AFEAD0B383C3}C:\program files (x86)\minecraft\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\bin\javaw.exe
FirewallRules: [UDP Query User{E190E8B4-9674-4BDB-B44F-BD5D2F6944BE}C:\program files (x86)\minecraft\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\bin\javaw.exe
FirewallRules: [{9C2E8413-AD9F-45DD-A607-90220915AABE}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File
FirewallRules: [{68DCEAF2-B824-4B4C-A1B2-B0B04D32677F}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File
FirewallRules: [{3429F006-B487-4DE8-96EB-849FDC78C2B5}] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\bin\javaw.exe
FirewallRules: [{8C9FBFFB-A169-47AB-9FFE-9273CD60A7B1}] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\bin\javaw.exe
FirewallRules: [TCP Query User{F4231D3F-1839-4F56-82FD-3D89135DD2ED}C:\program files (x86)\origin games\apex\r5apex.exe] => (Block) C:\program files (x86)\origin games\apex\r5apex.exe (Electronic Arts, Inc. -> Respawn Entertainment)
FirewallRules: [UDP Query User{466EED23-F2F2-48EB-B816-89FBB478661E}C:\program files (x86)\origin games\apex\r5apex.exe] => (Block) C:\program files (x86)\origin games\apex\r5apex.exe (Electronic Arts, Inc. -> Respawn Entertainment)
FirewallRules: [{932EB155-0D63-4F79-A8A9-6CB229570E04}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{7E493FE6-BCF7-4B58-8C41-A2223C526247}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{1D9F4680-14F7-4084-A5E4-27184A1AA1B9}] => (Allow) C:\Program Files (x86)\Origin Games\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{067A2E63-FA0E-4CA4-A9A7-F4431A5E644C}] => (Allow) C:\Program Files (x86)\Origin Games\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [TCP Query User{B4399585-369C-4C6A-AA0C-851EC8B30124}C:\program files (x86)\origin games\battlefield 1942\bf1942.exe] => (Allow) C:\program files (x86)\origin games\battlefield 1942\bf1942.exe (Electronic Arts -> )
FirewallRules: [UDP Query User{A700139D-792A-4BFC-A873-992FF5CBF8CA}C:\program files (x86)\origin games\battlefield 1942\bf1942.exe] => (Allow) C:\program files (x86)\origin games\battlefield 1942\bf1942.exe (Electronic Arts -> )
FirewallRules: [TCP Query User{D6410D44-579E-41FD-95A1-50A098FE67D2}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Block) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe No File
FirewallRules: [UDP Query User{044870C1-4784-4464-9ADD-6D4CEBFE6643}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Block) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe No File
FirewallRules: [{9194855C-0635-4E74-A18E-5E3E936609AD}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
FirewallRules: [{6F17F6D6-DE35-4B0D-91CE-D0ACF09249D9}] => (Allow) C:\Program Files (x86)\Origin Games\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{0E234D5E-D4A2-4D2A-B1EE-12C7FF25DB49}] => (Allow) C:\Program Files (x86)\Origin Games\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [TCP Query User{85DACE83-86BE-4271-B1D1-FEB0B6430382}C:\users\jeremiah\appdata\local\gamecenter\gamecenter.exe] => (Allow) C:\users\jeremiah\appdata\local\gamecenter\gamecenter.exe (Mail.Ru, LLC -> )
FirewallRules: [UDP Query User{C54881F9-8507-42B7-9F84-8111DE3227BD}C:\users\jeremiah\appdata\local\gamecenter\gamecenter.exe] => (Allow) C:\users\jeremiah\appdata\local\gamecenter\gamecenter.exe (Mail.Ru, LLC -> )
FirewallRules: [TCP Query User{EE38642F-DCB5-49E0-A9D8-593F324FE2C1}C:\mygames\warface my.com\bin32release\game.exe] => (Block) C:\mygames\warface my.com\bin32release\game.exe (Mail.Ru, LLC -> Crytek GmbH)
FirewallRules: [UDP Query User{78F42288-F4CA-4F14-920E-7C623AAFD125}C:\mygames\warface my.com\bin32release\game.exe] => (Block) C:\mygames\warface my.com\bin32release\game.exe (Mail.Ru, LLC -> Crytek GmbH)
FirewallRules: [{BBAEF928-A719-40D3-84C4-BCC6C5F6DB10}] => (Allow) C:\Program Files\Unity Hub\Unity Hub.exe (Unity Technologies SF -> Unity Technologies Inc.)
FirewallRules: [TCP Query User{C6490A42-8084-44F5-8C8E-54B23B537E0E}C:\program files\unity hub\unity hub.exe] => (Allow) C:\program files\unity hub\unity hub.exe (Unity Technologies SF -> Unity Technologies Inc.)
FirewallRules: [UDP Query User{87B1CAEC-05BA-4A8E-8307-CDAAA5032DC2}C:\program files\unity hub\unity hub.exe] => (Allow) C:\program files\unity hub\unity hub.exe (Unity Technologies SF -> Unity Technologies Inc.)
FirewallRules: [{BD50CBC0-B998-416D-88B7-E4400E381B84}] => (Allow) C:\Program Files\Unity\Hub\Editor\2019.1.0f2\Editor\Unity.exe (Unity Technologies Aps -> Unity Technologies ApS)
FirewallRules: [{55495AFD-4995-4B71-AF88-E4A93DB31546}] => (Block) C:\Program Files\Unity\Hub\Editor\2019.1.0f2\Editor\Unity.exe (Unity Technologies Aps -> Unity Technologies ApS)
FirewallRules: [TCP Query User{71E124D9-2D90-4370-B65D-D534342FCF30}C:\program files\unity\hub\editor\2019.1.0f2\editor\unity.exe] => (Allow) C:\program files\unity\hub\editor\2019.1.0f2\editor\unity.exe (Unity Technologies Aps -> Unity Technologies ApS)
FirewallRules: [UDP Query User{023E136A-3F18-443B-8AA4-BB7B8E8A86E2}C:\program files\unity\hub\editor\2019.1.0f2\editor\unity.exe] => (Allow) C:\program files\unity\hub\editor\2019.1.0f2\editor\unity.exe (Unity Technologies Aps -> Unity Technologies ApS)
FirewallRules: [TCP Query User{BC889E14-A8C3-4005-B200-EF09D32D8FD5}C:\program files (x86)\microsoft visual studio\2017\community\common7\ide\devenv.exe] => (Allow) C:\program files (x86)\microsoft visual studio\2017\community\common7\ide\devenv.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{5A183869-3133-4F1C-875C-FD2BC51B4781}C:\program files (x86)\microsoft visual studio\2017\community\common7\ide\devenv.exe] => (Allow) C:\program files (x86)\microsoft visual studio\2017\community\common7\ide\devenv.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{058A5549-2018-4605-8BE9-24206C87E850}C:\users\jeremiah\downloads\git gud aiming alpha 1\engine\binaries\win64\ue4game.exe] => (Block) C:\users\jeremiah\downloads\git gud aiming alpha 1\engine\binaries\win64\ue4game.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [UDP Query User{B24721EF-A9C2-4F2E-B854-B6C4ADC5E700}C:\users\jeremiah\downloads\git gud aiming alpha 1\engine\binaries\win64\ue4game.exe] => (Block) C:\users\jeremiah\downloads\git gud aiming alpha 1\engine\binaries\win64\ue4game.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{AD619AA4-42EC-4433-B26C-D445B8FFC081}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{EF7544B6-53A5-4C60-A990-A1AD4B96757E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ultimate Custom Night\Ultimate Custom Night.exe () [File not signed]
FirewallRules: [{ED0DB0BF-F405-4620-8F86-F1E83E9DBEED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ultimate Custom Night\Ultimate Custom Night.exe () [File not signed]
FirewallRules: [{6B4171C2-FAC9-4E1F-9B1D-3C287ECCA025}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sniper Elite V2 Demo\bin\SniperEliteV2Demo.exe () [File not signed]
FirewallRules: [{8A917C11-0E33-4D1F-B772-B6C4A765E094}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sniper Elite V2 Demo\bin\SniperEliteV2Demo.exe () [File not signed]
==================== Restore Points =========================
31-05-2019 13:19:55 Scheduled Checkpoint
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (06/02/2019 09:40:46 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Antimalware Service Executable because of this error.
Program: Antimalware Service Executable
File:
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
 - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
 - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
Additional Data
Error value: C000009C
Disk type: 0
Error: (06/02/2019 09:40:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MsMpEng.exe, version: 4.18.1904.1, time stamp: 0x645431aa
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000006
Fault offset: 0x0000026b807dfef2
Faulting process id: 0x1248
Faulting application start time: 0x01d519b3f6cc6a93
Faulting application path: C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MsMpEng.exe
Faulting module path: unknown
Report Id: 9c202a64-0158-47c0-aa5b-f714f5399149
Faulting package full name:
Faulting package-relative application ID:
Error: (06/02/2019 01:35:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmiprvse.exe, version: 10.0.17763.1, time stamp: 0xdd9b741c
Faulting module name: KERNELBASE.dll, version: 10.0.17763.475, time stamp: 0x69a188f0
Exception code: 0xe06d7363
Fault offset: 0x0000000000039129
Faulting process id: 0x22c
Faulting application start time: 0x01d51971f40bdfde
Faulting application path: C:\Windows\system32\wbem\wmiprvse.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: 64ad5d33-bf7b-4a8c-9273-d04220c704cd
Faulting package full name:
Faulting package-relative application ID:
Error: (06/01/2019 03:58:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ShellExperienceHost.exe version 10.0.17763.439 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 1d28
Start Time: 01d518bca98b7cec
Termination Time: 4294967295
Application Path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Report Id: f2e8db6d-8843-4ccf-8603-f33f853d1c5e
Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.17763.1_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App
Hang type: Quiesce
Error: (05/31/2019 10:54:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program CustomSwapper.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 29ac
Start Time: 01d5182d65094d17
Termination Time: 19104
Application Path: C:\Program Files\Epic Games\Fortnite\FortniteGame\Content\Paks\CustomSwapper.exe
Report Id: 6c9a7231-c827-4db6-bae1-416bd3b47c9a
Faulting package full name:
Faulting package-relative application ID:
Hang type: Unknown
Error: (05/31/2019 07:12:50 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libcef.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program UnrealCEFSubProcess because of this error.
Program: UnrealCEFSubProcess
File: C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libcef.dll
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
 - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
 - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
Additional Data
Error value: C000009C
Disk type: 3
Error: (05/31/2019 07:12:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: UnrealCEFSubProcess.exe, version: 4.21.0.0, time stamp: 0x5ced5633
Faulting module name: ntdll.dll, version: 10.0.17763.475, time stamp: 0x3230aa04
Exception code: 0xc0000006
Fault offset: 0x00000000000049b8
Faulting process id: 0x113c
Faulting application start time: 0x01d5180e093a3c85
Faulting application path: C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\UnrealCEFSubProcess.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 38a2ddae-8009-4e2e-9aa7-30e56b8245b3
Faulting package full name:
Faulting package-relative application ID:
Error: (05/31/2019 07:07:43 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libcef.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program UnrealCEFSubProcess because of this error.
Program: UnrealCEFSubProcess
File: C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libcef.dll
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
 - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
 - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
Additional Data
Error value: C000009C
Disk type: 3

System errors:
=============
Error: (06/03/2019 10:43:02 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (06/03/2019 10:42:58 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (06/03/2019 10:38:42 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (06/03/2019 10:38:39 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (06/03/2019 10:38:36 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (06/03/2019 10:38:33 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (06/03/2019 10:38:30 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (06/03/2019 10:38:27 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Windows Defender:
===================================
Date: 2019-06-03 10:18:58.708
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...70&enterprise=0
Name: Program:Win32/Uwamson.A!ml
ID: 250070
Severity: Medium
Category: Potentially Unwanted Software
Path: file:_C:\Users\Jeremiah\Downloads\Gladiatorcheatz  V3.dll
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.293.2804.0, AS: 1.293.2804.0, NIS: 1.293.2804.0
Engine Version: AM: 1.1.15900.4, NIS: 1.1.15900.4
Date: 2019-06-03 10:00:28.492
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...70&enterprise=0
Name: Program:Win32/Uwamson.A!ml
ID: 250070
Severity: Medium
Category: Potentially Unwanted Software
Path: file:_C:\Users\Jeremiah\Downloads\Gladiatorcheatz  V3.dll
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.293.2769.0, AS: 1.293.2769.0, NIS: 1.293.2769.0
Engine Version: AM: 1.1.15900.4, NIS: 1.1.15900.4
Date: 2019-06-02 22:38:47.500
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...70&enterprise=0
Name: Program:Win32/Uwamson.A!ml
ID: 250070
Severity: Medium
Category: Potentially Unwanted Software
Path: file:_C:\Users\Jeremiah\Downloads\Gladiatorcheatz  V3.dll
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.293.2769.0, AS: 1.293.2769.0, NIS: 1.293.2769.0
Engine Version: AM: 1.1.15900.4, NIS: 1.1.15900.4
Date: 2019-06-02 21:56:24.248
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...70&enterprise=0
Name: Program:Win32/Uwamson.A!ml
ID: 250070
Severity: Medium
Category: Potentially Unwanted Software
Path: file:_C:\Users\Jeremiah\Downloads\Gladiatorcheatz  V3.dll
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.293.2754.0, AS: 1.293.2754.0, NIS: 1.293.2754.0
Engine Version: AM: 1.1.15900.4, NIS: 1.1.15900.4
Date: 2019-06-02 13:42:47.284
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...70&enterprise=0
Name: Program:Win32/Uwamson.A!ml
ID: 250070
Severity: Medium
Category: Potentially Unwanted Software
Path: file:_C:\Users\Jeremiah\Downloads\Gladiatorcheatz  V3.dll
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.293.2725.0, AS: 1.293.2725.0, NIS: 1.293.2725.0
Engine Version: AM: 1.1.15900.4, NIS: 1.1.15900.4
Date: 2019-06-02 22:30:01.227
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.293.2769.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15900.4
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2019-06-02 21:31:54.974
Description:
Windows Defender Antivirus engine has been terminated due to an unexpected error.
Failure Type: Crash
Exception code: 0xc0000006
Resource: file:C:\Program Files (x86)\Google\Update\1.3.34.11\goopdate.dll
Date: 2019-05-26 16:15:29.883
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.293.2352.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15900.4
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2019-05-21 16:06:03.887
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.293.2072.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15900.4
Error code: 0x80070643
Error description: Fatal error during installation.
CodeIntegrity:
===================================
Date: 2019-06-02 21:47:58.288
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.
Date: 2019-06-02 21:47:14.446
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.
Date: 2019-06-02 21:45:16.718
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.
Date: 2019-06-02 21:44:12.799
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.
Date: 2019-06-02 21:42:56.723
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsreg.dll because the set of per-page image hashes could not be found on the system.
Date: 2019-06-02 21:42:05.088
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsreg.dll because the set of per-page image hashes could not be found on the system.
Date: 2019-06-02 21:41:23.397
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
Date: 2019-06-02 21:40:45.828
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
BIOS: American Megatrends Inc. GL752VW.210 12/17/2015
Motherboard: ASUSTeK COMPUTER INC. GL752VW
Processor: Intel® Core™ i7-6700HQ CPU @ 2.60GHz
Percentage of memory in use: 24%
Total physical RAM: 16282.94 MB
Available physical RAM: 12283.52 MB
Total Virtual: 18714.94 MB
Available Virtual: 14863.12 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:930.91 GB) (Free:394.06 GB) NTFS
\\?\Volume{a550712b-5169-4648-9682-76d12b143784}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.47 GB) NTFS
\\?\Volume{5d97d66a-0916-4129-9010-4bcbb4429357}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt ============================

 


    Advertisements

Register to Remove


#2 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,541 posts
  • Interests:LFC, music, more LFC, more music

Posted 03 June 2019 - 03:50 PM

Hello FrustratedFather and welcome to the WTTforum.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Note: Please run these in the order given in the instructions.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.


  • run AdwCleaner by clicking on Scan
  • when it has finished, leave everything that was found checked, (ticked), then click on Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Run RogueKiller

IMPORTANT: Please remove any usb or external drives from the computer before you run this scan!

Close all running programs.


Download RogueKiller to your desktop

  • close all running programs
  • for Windows Vista/7/8/10, right click -> run as administrator, for XP simply double-click on RogueKiller.exe
  • click on Start Scan
  • when it has finished, click on Open Report
  • click on Export Txt and save the file on your Desktop as RKreport.txt
  • copy/paste the content in your next post
  • NOTE: DO NOT attempt to remove anything that the scan detects –everything that is reported is not necessarily bad

Logs to include with next post:

AdwCleaner log
RKreport.txt


Thanks

Satchfan

 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#3 FrustratedFather

FrustratedFather

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 03 June 2019 - 08:14 PM

Satchfan, thank you for your help.  I am having a problem installing roguekiller.  It asks me for a license key and email.  If I skip past that, it keeps coming up during the install that it cannot find a file.  Push abort and it cancels the installation. Push retry, and it fails multiple times.  Push ignore and the installation fails as well.  

 

Any ideas on how to proceed?  Thanks!



#4 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,541 posts
  • Interests:LFC, music, more LFC, more music

Posted 04 June 2019 - 08:52 AM

You were right to skip the license key and e-mail. Please try again and if it is the same, try it in safe mode.

 

If it still doesn't work, please just post the AdwCleaner log.

 

Satchfan


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#5 FrustratedFather

FrustratedFather

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 04 June 2019 - 05:14 PM

Thank you for your help.  Unfortunately, I got the same errors in Safe mode.  Attached are the two log files from the other program.

Attached Files



#6 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,541 posts
  • Interests:LFC, music, more LFC, more music

Posted 05 June 2019 - 03:20 AM

Run Farbar Recovery Scan Tool

  • right-click FRST/FRST64 and select ‘Run as administrator’
  • highlight the contents of the code box below, then press Ctrl+c):
Start::
CloseProcesses:
ShortcutTarget: Player.me.lnk -> C:\Users\troy4\AppData\Roaming\SplitmediaLabs\Player.me\PlayerLauncher.exe (No File)
S3 mracsvc; C:\Windows\System32\mracsvc.exe [17224464 2019-04-27] (Mail.Ru LLC -> LLC Mail.Ru)
S3 mracdrv; C:\Windows\System32\drivers\mracdrv.sys [16462872 2019-04-27] (Mail.Ru LLC -> LLC Mail.Ru)
2019-05-30 23:07 - 2019-05-30 23:08 - 000000000 ____D C:\Users\Jeremiah\Downloads\homojews
2019-05-17 14:08 - 2019-04-27 21:38 - 000000000 ____D C:\Users\Jeremiah\AppData\Local\GameCenter
FirewallRules: [{59C50867-CA6E-4C99-86F4-FEF5C16DE11D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{FD53763C-164F-4EC9-9C51-575B2637D058}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [TCP Query User{3C3ED103-4454-4ABF-9432-CA79D5846D8F}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Block) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe No File
FirewallRules: [UDP Query User{F560E4FB-C8E6-43C9-B355-42C53977F4F5}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Block) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe No File
FirewallRules: [TCP Query User{9AA59D2B-4C58-4DDC-BD10-FDFB0E65F812}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File
FirewallRules: [UDP Query User{C690FA40-99C1-4E33-9A74-9217C6C2B39D}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File
FirewallRules: [{8E763891-872D-4769-A0ED-D5B2CEB7DF9A}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File
FirewallRules: [{DE0041E7-6291-4435-892C-1F1EC8BB4604}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File
FirewallRules: [{9C2E8413-AD9F-45DD-A607-90220915AABE}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File
FirewallRules: [{68DCEAF2-B824-4B4C-A1B2-B0B04D32677F}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File
FirewallRules: [TCP Query User{D6410D44-579E-41FD-95A1-50A098FE67D2}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Block) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe No File
FirewallRules: [UDP Query User{044870C1-4784-4464-9ADD-6D4CEBFE6643}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Block) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe No File
FirewallRules: [TCP Query User{85DACE83-86BE-4271-B1D1-FEB0B6430382}C:\users\jeremiah\appdata\local\gamecenter\gamecenter.exe] => (Allow) C:\users\jeremiah\appdata\local\gamecenter\gamecenter.exe (Mail.Ru, LLC -> )
FirewallRules: [UDP Query User{C54881F9-8507-42B7-9F84-8111DE3227BD}C:\users\jeremiah\appdata\local\gamecenter\gamecenter.exe] => (Allow) C:\users\jeremiah\appdata\local\gamecenter\gamecenter.exe (Mail.Ru, LLC -> )
FirewallRules: [TCP Query User{EE38642F-DCB5-49E0-A9D8-593F324FE2C1}C:\mygames\warface my.com\bin32release\game.exe] => (Block) C:\mygames\warface my.com\bin32release\game.exe (Mail.Ru, LLC -> Crytek GmbH)
FirewallRules: [UDP Query User{78F42288-F4CA-4F14-920E-7C623AAFD125}C:\mygames\warface my.com\bin32release\game.exe] => (Block) C:\mygames\warface my.com\bin32release\game.exe (Mail.Ru, LLC -> Crytek GmbH)
C:\Users\Jeremiah\Downloads\Gladiatorcheatz V3.dll
C:\Windows\System32\mracsvc.exe
C:\Windows\System32\drivers\mracdrv.sys
C:\users\jeremiah\appdata\local\gamecenter\gamecenter.exe
C:\mygames\warface my.com
EmptyTemp:
End::

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • in the FRST window, press the ‘Fix’ button once and wait
  • please reboot the computer if requested
  • it will create a log on your desktop, (Fixlog.txt); please post it to your reply.

================================================

Run CKScanner

Download CKScanner by askey127 from here & save it to your Desktop.

  • double-click CKScanner.exe then click Search For Files
  • when the cursor hourglass disappears, click Save List To File
  • a message box will verify the file saved
  • double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply.

Logs to include with next post:

Fixlog.txt
CKFiles.txt


Thanks

Satchfan

 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#7 FrustratedFather

FrustratedFather

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 05 June 2019 - 06:37 PM

Here are the two logs.  Thank you

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 05-06-2019 01
Ran by troy4 (05-06-2019 13:35:36) Run:1
Running from C:\Users\troy4\Desktop
Loaded Profiles: troy4 (Available Profiles: troy4 & Jadon & Jeremiah)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
ShortcutTarget: Player.me.lnk -> C:\Users\troy4\AppData\Roaming\SplitmediaLabs\Player.me\PlayerLauncher.exe (No File)
S3 mracsvc; C:\Windows\System32\mracsvc.exe [17224464 2019-04-27] (Mail.Ru LLC -> LLC Mail.Ru)
S3 mracdrv; C:\Windows\System32\drivers\mracdrv.sys [16462872 2019-04-27] (Mail.Ru LLC -> LLC Mail.Ru)
2019-05-30 23:07 - 2019-05-30 23:08 - 000000000 ____D C:\Users\Jeremiah\Downloads\homojews
2019-05-17 14:08 - 2019-04-27 21:38 - 000000000 ____D C:\Users\Jeremiah\AppData\Local\GameCenter
FirewallRules: [{59C50867-CA6E-4C99-86F4-FEF5C16DE11D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{FD53763C-164F-4EC9-9C51-575B2637D058}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [TCP Query User{3C3ED103-4454-4ABF-9432-CA79D5846D8F}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Block) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe No File
FirewallRules: [UDP Query User{F560E4FB-C8E6-43C9-B355-42C53977F4F5}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Block) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe No File
FirewallRules: [TCP Query User{9AA59D2B-4C58-4DDC-BD10-FDFB0E65F812}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File
FirewallRules: [UDP Query User{C690FA40-99C1-4E33-9A74-9217C6C2B39D}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File
FirewallRules: [{8E763891-872D-4769-A0ED-D5B2CEB7DF9A}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File
FirewallRules: [{DE0041E7-6291-4435-892C-1F1EC8BB4604}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File
FirewallRules: [{9C2E8413-AD9F-45DD-A607-90220915AABE}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File
FirewallRules: [{68DCEAF2-B824-4B4C-A1B2-B0B04D32677F}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File
FirewallRules: [TCP Query User{D6410D44-579E-41FD-95A1-50A098FE67D2}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Block) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe No File
FirewallRules: [UDP Query User{044870C1-4784-4464-9ADD-6D4CEBFE6643}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Block) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe No File
FirewallRules: [TCP Query User{85DACE83-86BE-4271-B1D1-FEB0B6430382}C:\users\jeremiah\appdata\local\gamecenter\gamecenter.exe] => (Allow) C:\users\jeremiah\appdata\local\gamecenter\gamecenter.exe (Mail.Ru, LLC -> )
FirewallRules: [UDP Query User{C54881F9-8507-42B7-9F84-8111DE3227BD}C:\users\jeremiah\appdata\local\gamecenter\gamecenter.exe] => (Allow) C:\users\jeremiah\appdata\local\gamecenter\gamecenter.exe (Mail.Ru, LLC -> )
FirewallRules: [TCP Query User{EE38642F-DCB5-49E0-A9D8-593F324FE2C1}C:\mygames\warface my.com\bin32release\game.exe] => (Block) C:\mygames\warface my.com\bin32release\game.exe (Mail.Ru, LLC -> Crytek GmbH)
FirewallRules: [UDP Query User{78F42288-F4CA-4F14-920E-7C623AAFD125}C:\mygames\warface my.com\bin32release\game.exe] => (Block) C:\mygames\warface my.com\bin32release\game.exe (Mail.Ru, LLC -> Crytek GmbH)
C:\Users\Jeremiah\Downloads\Gladiatorcheatz V3.dll
C:\Windows\System32\mracsvc.exe
C:\Windows\System32\drivers\mracdrv.sys
C:\users\jeremiah\appdata\local\gamecenter\gamecenter.exe
C:\mygames\warface my.com
EmptyTemp:
 
*****************
 
Processes closed successfully.
"C:\Users\troy4\AppData\Roaming\SplitmediaLabs\Player.me\PlayerLauncher.exe" => not found
HKLM\System\CurrentControlSet\Services\mracsvc => removed successfully
mracsvc => service removed successfully
HKLM\System\CurrentControlSet\Services\mracdrv => removed successfully
mracdrv => service removed successfully
C:\Users\Jeremiah\Downloads\homojews => moved successfully
C:\Users\Jeremiah\AppData\Local\GameCenter => moved successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{59C50867-CA6E-4C99-86F4-FEF5C16DE11D}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FD53763C-164F-4EC9-9C51-575B2637D058}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{3C3ED103-4454-4ABF-9432-CA79D5846D8F}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F560E4FB-C8E6-43C9-B355-42C53977F4F5}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{9AA59D2B-4C58-4DDC-BD10-FDFB0E65F812}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C690FA40-99C1-4E33-9A74-9217C6C2B39D}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8E763891-872D-4769-A0ED-D5B2CEB7DF9A}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DE0041E7-6291-4435-892C-1F1EC8BB4604}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9C2E8413-AD9F-45DD-A607-90220915AABE}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{68DCEAF2-B824-4B4C-A1B2-B0B04D32677F}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D6410D44-579E-41FD-95A1-50A098FE67D2}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{044870C1-4784-4464-9ADD-6D4CEBFE6643}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{85DACE83-86BE-4271-B1D1-FEB0B6430382}C:\users\jeremiah\appdata\local\gamecenter\gamecenter.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C54881F9-8507-42B7-9F84-8111DE3227BD}C:\users\jeremiah\appdata\local\gamecenter\gamecenter.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{EE38642F-DCB5-49E0-A9D8-593F324FE2C1}C:\mygames\warface my.com\bin32release\game.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{78F42288-F4CA-4F14-920E-7C623AAFD125}C:\mygames\warface my.com\bin32release\game.exe" => not found
"C:\Users\Jeremiah\Downloads\Gladiatorcheatz V3.dll" => not found
C:\Windows\System32\mracsvc.exe => moved successfully
C:\Windows\System32\drivers\mracdrv.sys => moved successfully
"C:\users\jeremiah\appdata\local\gamecenter\gamecenter.exe" => not found
C:\mygames\warface my.com => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 79971463 B
Java, Flash, Steam htmlcache => 117706811 B
Windows/system/drivers => 73348758 B
Edge => 39883886 B
Chrome => 46498044 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 2194 B
LocalService => 0 B
NetworkService => 610310 B
NetworkService => 0 B
troy4 => 502964753 B
Jadon => 66132678 B
Jeremiah => 789220126 B
 
RecycleBin => 3529375468 B
EmptyTemp: => 4.9 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 13:50:41 ====
 
CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files\blender foundation\blender\2.79\python\lib\site-packages\numpy\f2py\crackfortran.py
c:\program files\blender foundation\blender\2.79\scripts\addons\object_fracture_crack\crack_it.py
c:\program files\blender foundation\blender\2.79\scripts\addons\object_fracture_crack\operator.py
c:\program files\blender foundation\blender\2.79\scripts\addons\object_fracture_crack\__init__.py
c:\program files\blender foundation\blender\2.79\scripts\addons\object_fracture_crack\materials\materials1.blend
c:\program files\gimp 2\share\gimp\2.0\patterns\stone\cracked.pat
c:\program files (x86)\asus\atk package\atk hotkey\atkmsgctrl.exe
c:\program files (x86)\steam\steamapps\common\unturned\bundles\items\hats\nutcracker_hat\nutcracker_hat.dat
c:\program files (x86)\steam\steamapps\common\unturned\bundles\items\pants\nutcracker_bottom\nutcracker_bottom.dat
c:\program files (x86)\steam\steamapps\common\unturned\bundles\items\shirts\nutcracker_top\nutcracker_top.dat
c:\windows\winsxs\amd64_openssh-common-components-onecore_31bf3856ad364e35_10.0.17763.1_none_ad6c66b207e8c478\ssh-keygen.exe
scanner sequence 3.EF.11.NANAD0
 ----- EOF ----- 
 


#8 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,541 posts
  • Interests:LFC, music, more LFC, more music

Posted 05 June 2019 - 08:02 PM

Download ESET Online Scanner and save it to your desktop.

  • right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • when the tool opens, click Get Started.
  • read and accept the license agreement.
  • at the Welcome to ESET Online Scanner window, click Get Started.
  • select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • click on the Full Scan option.
  • select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • when the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature: click on Continue.
  • on the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

===================================================

When you've done that, please update Malwarebytes and run a new scan.

Post the result of both scans.
 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#9 FrustratedFather

FrustratedFather

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 06 June 2019 - 07:13 AM

Satchfan, I kind of messed up a little on that last instruction, sorry.

 

The scan for ESET completed overnight, It said that it had detected threats, but I missed the instruction line to Save scan log.  I ran Malawarebytes and no threats were found (log below)

 

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build:    04-04-2019
# Database: 2019-05-27.1 (Cloud)
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    06-06-2019
# Duration: 00:03:08
# OS:       Windows 10 Home
# Scanned:  27501
# Detected: 0
 
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries found.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries found.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs found.
 
 
AdwCleaner[S00].txt - [2197 octets] - [03/06/2019 20:45:07]
AdwCleaner[C00].txt - [2289 octets] - [03/06/2019 20:47:25]
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########


#10 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,541 posts
  • Interests:LFC, music, more LFC, more music

Posted 06 June 2019 - 07:44 AM

This problem doesn't appear to be malware-related and, considering the type of programmes installed, could be caused by many things. There could be a conflict between Corsaire and other gaming-related programmes/addons that you use, (eg Asus bundled software, Mystic Light). Can you remember any changes/installations that you made prior to the slowdown?

 

As I know less than nothing about this type of software, it would probably be an idea to start a topic in our Games forum to see if they can find a solution.

 

If you're happy to close this please let me know and I'll send instructions to tidy up the tools we've used.

 

Satchfan


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#11 FrustratedFather

FrustratedFather

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 06 June 2019 - 08:12 AM

Satchfan, thank you again for all your help.  Closing this topic with instructions will be just fine.

 

I hope you have a good day!



#12 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,541 posts
  • Interests:LFC, music, more LFC, more music

Posted 06 June 2019 - 01:43 PM

Good luck with the problem and remember where we are if you need future help.

To tidy up:

Uninstall AdwCleaner

  • open adwcleaner.exe
  • click on Settings
  • click on the Application tab and scroll down to the bottom
  • click on Remove.

===================================================

Download & run Delfix

  • download Delfix from here to remove many of the tools we've used during the cleaning process.
  • ensure “Remove disinfection tools” is checked.

Also place a checkmark next to:


o    Create registry backup
o    Purge system restore

  • click the Run button.

You can delete all other logs and programs we’ve used that are on your desktop. Just click on them and press Delete.

I will keep this open for 24 hours in case you have any problems, after which I’ll close the topic.

Regards

Satchfan

 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#13 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,541 posts
  • Interests:LFC, music, more LFC, more music

Posted 07 June 2019 - 04:38 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users