Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected laptop - Weird process using high CPU - computer freeze and crash


  • This topic is locked This topic is locked
16 replies to this topic

#1 Hedgemo

Hedgemo

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:53 AM

Posted 21 April 2016 - 04:02 AM

Running Windows 10

 

The process looks like hebrew or arabic but starts with the letters HK. Hope this helps. I feel it is doing something via the internet as we keep having our bandwidth limited to 0.5mbps by the ISP. They say it's due to a large amount of users or unusually high usage. There are just two of us living here and we have a plan for up to 6 due to us both working over the internet. We can't work until this is fixed so i really hope you guys can help me. Our network is hidden and all the router default password has been changes so i highly doubt someone is stealing internet. 

 

I did have the helper.exe and another weird virus type thing but i managed to get rid of them with malwarebytes and emergency kit. It was okay for a day then this one turned up and i can't seem to get rid of it. 

 

Windows also freezes and sometimes stops altogether since it turned up. Same as the previous infection, i feel they may well be related. I can't install windows updates and my machine crashes when i try to install avast. 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:53 AM

Posted 21 April 2016 - 07:55 AM

Hello

  •   Welcome to Bleeping Computer.
  •   My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  •   Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  •   If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  •   Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  •   In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  •   Finally, please reply using the Post button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:53 AM

Posted 21 April 2016 - 08:10 AM

1.
Download attached fixlist.txt file and save it to the Desktop.    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system    Run FRST/FRST64 and press the Fix button just once and wait.  If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.  When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

 
 
2.
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • The tool will start to update its database...please wait until complete.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a report (AdwCleaner[SX].txt) will open in Notepad (where the largest value of X represents the most recent report).
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
3.
Download 51a46ae42d560-malwarebytes_anti_malware.MalwareBytes Anti-Malware to your desktop.
  • Double-click mbam-setup-2.0.exe to start the installation of Malwarebytes Anti-Malware.
  • Follow the instructions on your screen to complete the installation. You can find the complete installation procedure here.
  • Click the Scan Now button, a threat scan will start automatically.
  • MalwareBytes Anti-Malware will now check for the latest updates. Click Update Now if new updates are available.
  • Your computer is now being scanned, please do not use your computer during the scan.
  • If no threats were found, click View detailed log.
    • Click Export and save the log as a .txt file on your Desktop or another location.
  • If the scan detected any threats, click Apply Actions.
    • To complete any actions taken you will be prompted to restart your computer...click on Yes.
    • After reboot, start Malwarebytes Anti-Malware again and click the History Tab at the top and select Application Logs.
    • Check the box next to Scan Log. Choose the most current scan and click View.
    • Click Export and save the log as a .txt file on your Desktop or another location.
Providing the MalwareBytes' Anti-Malware log file
  • Attach the log file you just saved to your next reply for further review.
Things to include in your next reply::
Fixlog.txt
AdwCleaner[CX].txt
Mbam log
How is the computer running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#4 Hedgemo

Hedgemo
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:53 AM

Posted 22 April 2016 - 10:35 AM

Hi Bleepin' Fireman, 

 

First of all thank you for assisting me and for the fast response. I really appreciate the help. 

 

Machine seems a lot better now but i haven't used it much since following your instructions. The weird process is no longer there on start up so fingers crossed all is well now. 

 

Here are the logs:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:18-04-2016

Ran by Andy (2016-04-22 21:25:18) Run:1
Running from C:\Users\Andy\Desktop
Loaded Profiles: Andy (Available Profiles: Andy)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKU\S-1-5-21-751680038-293567957-139391555-1001\...\Winlogon: [Shell] explorer.exe,"C:\Users\Andy\AppData\Roaming\winsystem.exe" <==== ATTENTION
HKU\S-1-5-21-751680038-293567957-139391555-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\CurrentVersion\Windows: [Load] C:\Users\Andy\AppData\Roaming\Microsoft\Windows\ScreenToGif\netprotocol.exe <===== ATTENTION
HKU\S-1-5-21-751680038-293567957-139391555-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Winlogon: [Shell] explorer.exe,"C:\Users\Andy\AppData\Roaming\winsystem.exe" <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
CHR HomePage: Default -> hxxps://ph.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_16_04&param1=1&param2=f%3D1%26b%3DChrome%26cc%3Dph%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutAzzyCtA0B0BzztDyD0A0DtD0DtBtDyBtN0D0Tzu0StCyEzzyCtN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StDtC0C0FtAtBtCzytGyB0Ezz0BtG0C0FyBtBtGyByB0F0DtG0AtCtDyByC0ByEtDzzyBtB0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyByC0CyBzz0EyBtGyCtCyEyBtGyE0D0AzztGzyzy0FzytGyDtAyDtDtD0BtDtDtA0A0E0E2QtN0A0LzuyE%26cr%3D1368831435%26a%3Dwncy_pwrisofs_16_04%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
2016-04-21 05:44 - 2016-04-21 05:37 - 00507904 _____ (ѬдмМđтълчлюэНржІѰѰЖ) C:\Users\Andy\AppData\Roaming\winsystem.exe
2016-04-21 05:39 - 2016-04-21 06:05 - 00001577 _____ C:\ProgramData\HKU
2016-04-21 05:39 - 2016-04-21 05:39 - 00003198 _____ C:\WINDOWS\System32\Tasks\HKU
2016-04-21 05:38 - 2016-04-21 06:04 - 00000000 ____D C:\ProgramData\HKUL
2016-04-21 05:38 - 2016-04-21 05:38 - 00000000 ____D C:\Users\Andy\AppData\Roaming\winsystem
2016-04-21 05:35 - 2016-04-21 05:35 - 00507904 _____ (ѬдмМđтълчлюэНржІѰѰЖ) C:\Users\Andy\AppData\Roaming\sys.exe
Emptytemp:
Task: {0480D90F-959B-47EE-9637-B9982659B0A3} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {0B1998FD-FB81-4618-84CC-0E1943A5A658} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {2A40BE5E-9BB7-4895-9F8D-FE055DC45707} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {42502123-6AD9-4D77-B7B3-4CF440D1FC86} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {58F16384-802C-4F30-8635-7956F20FC96B} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {6B6C408D-F0B9-4B6C-9E06-968B1A504069} - System32\Tasks\Computer Helper => C:\ProgramData\601680\helper.exe
Task: {7E6053CE-6D90-44CC-98F7-1342623CEB2F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {8AF5EA6F-AF2D-4EC4-8AEC-8347A27BBD23} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {9A193890-8D56-4B76-AA65-C27750A1E69E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {A58317C1-BB38-4D7E-BFF7-E42C9245B542} - System32\Tasks\HKU => C:\ProgramData\HKUL\winsys.exe [2016-04-21] (ѬдмМđтълчлюэНржІѰѰЖ)
Task: {B34A1BFD-14FF-497F-BB15-0F3AF8DBA04F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {D197DCA6-0BB7-47C6-B394-0FC615AA808B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {EAF1E759-058C-4AB8-BEA3-BF51E5A93656} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:6F770ABC [126]
AlternateDataStreams: C:\ProgramData\Temp:F0D7EE30 [86]
 
 
*****************
 
HKU\S-1-5-21-751680038-293567957-139391555-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value not found.
HKU\S-1-5-21-751680038-293567957-139391555-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows NT\CurrentVersion\Windows\\Load => value not found.
HKU\S-1-5-21-751680038-293567957-139391555-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
Chrome HomePage => removed successfully
"C:\Users\Andy\AppData\Roaming\winsystem.exe" => not found.
C:\ProgramData\HKU => moved successfully
C:\WINDOWS\System32\Tasks\HKU => moved successfully
C:\ProgramData\HKUL => moved successfully
C:\Users\Andy\AppData\Roaming\winsystem => moved successfully
"C:\Users\Andy\AppData\Roaming\sys.exe" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0480D90F-959B-47EE-9637-B9982659B0A3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0480D90F-959B-47EE-9637-B9982659B0A3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0B1998FD-FB81-4618-84CC-0E1943A5A658}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B1998FD-FB81-4618-84CC-0E1943A5A658}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2A40BE5E-9BB7-4895-9F8D-FE055DC45707}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A40BE5E-9BB7-4895-9F8D-FE055DC45707}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{42502123-6AD9-4D77-B7B3-4CF440D1FC86}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42502123-6AD9-4D77-B7B3-4CF440D1FC86}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{58F16384-802C-4F30-8635-7956F20FC96B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{58F16384-802C-4F30-8635-7956F20FC96B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6B6C408D-F0B9-4B6C-9E06-968B1A504069}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B6C408D-F0B9-4B6C-9E06-968B1A504069}" => key removed successfully
C:\WINDOWS\System32\Tasks\Computer Helper => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Computer Helper" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7E6053CE-6D90-44CC-98F7-1342623CEB2F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E6053CE-6D90-44CC-98F7-1342623CEB2F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8AF5EA6F-AF2D-4EC4-8AEC-8347A27BBD23}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8AF5EA6F-AF2D-4EC4-8AEC-8347A27BBD23}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9A193890-8D56-4B76-AA65-C27750A1E69E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A193890-8D56-4B76-AA65-C27750A1E69E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A58317C1-BB38-4D7E-BFF7-E42C9245B542}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A58317C1-BB38-4D7E-BFF7-E42C9245B542}" => key removed successfully
C:\WINDOWS\System32\Tasks\HKU => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HKU" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B34A1BFD-14FF-497F-BB15-0F3AF8DBA04F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B34A1BFD-14FF-497F-BB15-0F3AF8DBA04F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D197DCA6-0BB7-47C6-B394-0FC615AA808B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D197DCA6-0BB7-47C6-B394-0FC615AA808B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EAF1E759-058C-4AB8-BEA3-BF51E5A93656}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EAF1E759-058C-4AB8-BEA3-BF51E5A93656}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
C:\ProgramData\Temp => ":6F770ABC" ADS removed successfully.
C:\ProgramData\Temp => ":F0D7EE30" ADS removed successfully.
EmptyTemp: => 691.6 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 21:29:07 ====
 
 
# AdwCleaner v5.112 - Logfile created 22/04/2016 at 21:40:18
# Updated 17/04/2016 by Xplode
# Database : 2016-04-19.5 [Server]
# Operating system : Windows 10 Home  (X64)
# Username : Andy - PANDA-PC
# Running from : C:\Users\Andy\Desktop\adwcleaner_5.112.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
 
***** [ Web browsers ] *****
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [2329 bytes] - [21/04/2016 23:44:20]
C:\AdwCleaner\AdwCleaner[C2].txt - [873 bytes] - [22/04/2016 21:40:18]
C:\AdwCleaner\AdwCleaner[S1].txt - [2179 bytes] - [21/04/2016 23:40:50]
C:\AdwCleaner\AdwCleaner[S2].txt - [1001 bytes] - [22/04/2016 21:34:40]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1091 bytes] ##########
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 22/04/2016
Scan Time: 21:47
Logfile: Mba.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.04.22.03
Rootkit Database: v2016.04.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Andy
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 368872
Time Elapsed: 1 hr, 37 min, 7 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
Kind regards,
Andy


#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:53 AM

Posted 22 April 2016 - 10:43 AM

Glad things are better!
 
1.
img=http://i.imgur.com/ZN3USrZ.png] Emsisoft Emergency Kit
  • Click here to download Emsisoft Emergency Kit. The download will automatically start after a moment.
  • Save EmsisoftEmergencyKit.exe to your Desktop.
  • Double click on EmsisoftEmergencyKit.exe (Windows Vista/7/8 users: Accept UAC warning if it is enabled). A screen like this will appear:
    dQVDkTW.png
  • Leave everything as it is, then click Extract. This will unpack Emsisoft Emergency Kit to the EEK folder located in the root drive (usually C:\).
  • Once the extraction is done, an icon qwL1Upn.png will appear on your Desktop. Double click it to start Emsisoft Emergency Kit.
  • Wait for Emsisoft Emergency Kit to finish loading signatures. A screen like this should appear:
    yEgPemv.png
  • Choose Yes, then wait for EEK to finish updating.
  • Choose Malware Scan under the Scan button. When EEK asks to activate PUP detection, choose Yes.
  • Wait for the scan to finish.
    RUeRoi4.png
  • If EEK detects something, all detected items will be displayed. Place a checkmark before everything, then choose Quarantine Selected.
  • If Emsisoft Emergency Kit asks to reboot, please do so immediately.
  • The scan log is located in Logs -> Scan Logs. Click on the entry of the latest scan, choose Export and save the report on your Desktop.
    P7FSALs.png
  • Please Copy and Paste the contents of the scan log in your next reply.
2.
Please run FRST as you did the first time you ran it and post the new FRST.txt
 
How is the computer running now?

Edited by fireman4it, 22 April 2016 - 10:43 AM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#6 Hedgemo

Hedgemo
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:53 AM

Posted 22 April 2016 - 03:20 PM

Thanks again for the speedy reply.

 

No problems so far although when i was running Emsisoft Emergency Kit i got a pop up saying windows defender has found malware and it was removing it. Don't know if that is some conflict with the antivirus apps or something. 

 

Here are the logs:

 

 

Emsisoft Emergency Kit - Version 11.0
Scan log
 
Date Scan Method Objects Scanned Objects Detected Duration Type
23/04/2016 03:56:06 Malware 80622 0 0:16:54 Manual scan
21/04/2016 04:54:21 Malware 81011 0 0:18:48 Manual scan
19/04/2016 07:11:43 Malware 80994 13 0:08:31 Manual scan
 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-04-2016
Ran by Andy (administrator) on PANDA-PC (23-04-2016 04:14:19)
Running from C:\Users\Andy\Desktop
Loaded Profiles: Andy (Available Profiles: Andy)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
() C:\Program Files (x86)\Droid4X\Droid4XService.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems, Incorporated) C:\Program Files\Adobe\Adobe Photoshop CC 2015\Photoshop.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Photoshop CC 2015\Required\CEP\CEPHtmlEngine\CEPHtmlEngine.exe
(Joyent, Inc) C:\Program Files\Adobe\Adobe Photoshop CC 2015\node.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Photoshop CC 2015\Required\CEP\CEPHtmlEngine\CEPHtmlEngine.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8497368 2015-08-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-08-23] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-07-17] (Synaptics Incorporated)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [653576 2015-06-29] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKU\S-1-5-21-751680038-293567957-139391555-1001\...\MountPoints2: {7e937e99-6db1-11e5-82de-3863bb805ad0} - "F:\setup.exe" 
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254 192.168.254.254
Tcpip\..\Interfaces\{0237659b-3a0b-4e43-bf87-4cb1005d30a9}: [DhcpNameServer] 192.168.254.254 192.168.254.254
Tcpip\..\Interfaces\{3c19f2c6-2e2c-4745-9742-cd16fc9a3fe6}: [DhcpNameServer] 192.168.254.254 192.168.254.254
Tcpip\..\Interfaces\{8efc0b3f-1b3d-4dbf-92f7-b2601d8aae31}: [NameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{8efc0b3f-1b3d-4dbf-92f7-b2601d8aae31}: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{cd4caa6d-f3e1-4d5a-a07a-db105982f2ed}: [NameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{cd4caa6d-f3e1-4d5a-a07a-db105982f2ed}: [DhcpNameServer] 192.168.254.254
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130857739771315016&GUID=A203A976-459A-9B28-F29D-F5355AAAA79D
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPNOT14/2
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/2
HKU\S-1-5-21-751680038-293567957-139391555-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT14/2
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-751680038-293567957-139391555-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-11-12] (IObit)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-10-21] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-09-17] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-10-21] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1220162.dll [2015-08-31] (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-14] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-10-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-10-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-09-17] (Adobe Systems)
FF Plugin HKU\S-1-5-21-751680038-293567957-139391555-1001: SkypePlugin -> C:\Users\Andy\AppData\Local\SkypePlugin\7.6.0.295\npGatewayNpapi.dll [2015-09-14] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-751680038-293567957-139391555-1001: SkypePlugin64 -> C:\Users\Andy\AppData\Local\SkypePlugin\7.6.0.295\npGatewayNpapi-x64.dll [2015-09-14] (Skype Technologies S.A.)
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.866\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\PepperFlash\21.0.0.216\pepflashplayer.dll ()
CHR Profile: C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-15]
CHR Extension: (Google Drive) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (TV) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh [2015-03-15]
CHR Extension: (Skype Calling) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2015-11-03]
CHR Extension: (YouTube) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Nimbus Screenshot and Screencast) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpconcjcammlapcogcnnelfmaeghhagj [2016-04-19]
CHR Extension: (Google Search) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Calendar) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-04-18]
CHR Extension: (Google Mail Checker) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2015-03-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Bastion) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\oohphhdkahjlioohbalmicpokoefkgid [2015-03-15]
CHR Extension: (Gmail) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [669872 2015-09-15] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
S4 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437784 2016-03-11] (BlueStack Systems, Inc.)
S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [417304 2016-03-11] (BlueStack Systems, Inc.)
S4 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [880152 2016-03-11] (BlueStack Systems, Inc.)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
R2 Droid4XService; C:\Program Files (x86)\Droid4X\Droid4XService.exe [261864 2015-06-03] () [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [26680 2016-02-18] (Hewlett-Packard Company)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [602888 2015-06-29] (Hewlett-Packard Development Company, L.P.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-10-23] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel® Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2934048 2015-11-02] (IObit)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2015-08-23] (Realtek Semiconductor)
S3 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-03] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4318760 2015-09-07] (Qualcomm Atheros Communications, Inc.)
S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [154680 2016-03-11] (BlueStack Systems)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [165376 2015-10-30] (Microsoft Corporation)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-10-07] (Disc Soft Ltd)
S3 ew_usbenumfilter; C:\Windows\System32\drivers\ew_usbenumfilter.sys [14336 2012-10-30] (Huawei Technologies Co., Ltd.) [File not signed]
R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2015-08-01] (Intel Corporation)
S3 huawei_cdcecm; C:\Windows\system32\DRIVERS\ew_jucdcecm.sys [76800 2012-10-29] (Huawei Technologies Co., Ltd.) [File not signed]
S3 huawei_ext_ctrl; C:\Windows\System32\drivers\ew_juextctrl.sys [30720 2012-08-20] (Huawei Technologies Co., Ltd.) [File not signed]
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-08-01] (REALiX™)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2014-01-24] (Intel Corporation)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] ()
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-29] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [886528 2015-08-23] (Realtek                                            )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-07-17] (Synaptics Incorporated)
U5 SynTP; C:\Windows\System32\Drivers\SynTP.sys [614088 2015-07-17] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-23] (Hewlett-Packard Development Company, L.P.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-04-16 22:18 - 2021-04-16 22:18 - 00000000 ____D C:\ProgramData\ALM
2021-04-16 22:18 - 2015-10-21 02:29 - 00001572 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2015.lnk
2019-10-11 22:57 - 2019-10-11 22:57 - 00000000 ____D C:\Users\Public\Documents\Adobe
2019-10-11 22:54 - 2015-10-21 02:29 - 00001150 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition CC 2015.lnk
2019-10-11 22:52 - 2019-10-11 22:52 - 00000000 ____D C:\Program Files (x86)\My Company Name
2019-10-11 22:52 - 2012-06-22 03:01 - 00056336 _____ (Corel Corporation) C:\WINDOWS\system32\Drivers\PxHlpa64.sys
2019-10-11 22:52 - 2012-04-24 03:01 - 00011376 _____ (Corel Corporation) C:\WINDOWS\system32\Drivers\cdralw2k.sys
2019-10-11 22:52 - 2012-04-24 03:01 - 00010864 _____ (Corel Corporation) C:\WINDOWS\system32\Drivers\cdr4_xp.sys
2016-04-23 04:14 - 2016-04-23 04:14 - 00019526 _____ C:\Users\Andy\Desktop\FRST.txt
2016-04-23 04:13 - 2016-04-23 04:13 - 00000586 _____ C:\Users\Andy\Desktop\Scan_160423-041328.txt
2016-04-23 00:49 - 2016-04-23 00:50 - 00389825 _____ C:\Users\Andy\Downloads\FREE-PSD-Colorful-Badges-Set.zip
2016-04-23 00:37 - 2016-04-23 00:37 - 01906643 _____ C:\Users\Andy\Downloads\FA Personal Ultrasonic Humidifiers Red gift box design 2015.pdf
2016-04-23 00:37 - 2016-04-23 00:37 - 01894846 _____ C:\Users\Andy\Downloads\FA Personal Ultrasonic Humidifiers black gift box design 2015 (1).pdf
2016-04-23 00:35 - 2016-04-23 00:35 - 01894846 _____ C:\Users\Andy\Downloads\FA Personal Ultrasonic Humidifiers black gift box design 2015.pdf
2016-04-22 23:27 - 2016-04-22 23:27 - 00001040 _____ C:\Users\Andy\Desktop\Mba.txt
2016-04-22 21:42 - 2016-04-22 21:42 - 00001170 _____ C:\Users\Andy\Desktop\AdwCleaner[C2].txt
2016-04-22 21:25 - 2016-04-22 21:29 - 00010882 _____ C:\Users\Andy\Desktop\Fixlog.txt
2016-04-22 13:44 - 2016-04-22 13:44 - 142726973 _____ C:\Users\Andy\Downloads\model.psd
2016-04-22 12:33 - 2016-04-22 12:33 - 00000000 ____D C:\Users\Andy\AppData\Roaming\ProductData
2016-04-22 12:33 - 2016-04-22 12:33 - 00000000 ____D C:\ProgramData\ProductData
2016-04-22 06:15 - 2016-04-22 06:15 - 17847704 _____ C:\Users\Andy\Downloads\premier_photo_portfolio_brick_NEW PRINT FILE AUG.pdf
2016-04-22 01:22 - 2016-04-22 01:22 - 00576696 _____ C:\Users\Andy\Downloads\aqua_tesxt (1).zip
2016-04-22 00:54 - 2016-04-22 08:31 - 00000000 ____D C:\Users\Andy\Downloads\Logos to copy 21-04-16
2016-04-22 00:54 - 2016-04-22 00:54 - 00004032 _____ C:\Users\Andy\Downloads\Logos to copy 21-04-16.zip
2016-04-22 00:50 - 2009-12-26 04:02 - 04118574 _____ C:\Users\Andy\Downloads\Watercolor Splatters (675 pixels).abr
2016-04-22 00:49 - 2016-04-22 00:49 - 00576696 _____ C:\Users\Andy\Downloads\aqua_tesxt.zip
2016-04-22 00:47 - 2016-04-22 00:48 - 13159306 _____ C:\Users\Andy\Downloads\Watercolor_Splatters_675_pixels_.zip
2016-04-22 00:43 - 2008-11-29 02:40 - 04493604 ____N C:\Users\Andy\Downloads\Mcbad - watercolor.abr
2016-04-22 00:41 - 2016-04-22 00:41 - 04524755 _____ C:\Users\Andy\Downloads\Watercolor_Brushes_by_mcbadshoes.zip
2016-04-22 00:03 - 2016-04-22 00:03 - 00000000 ____D C:\ProgramData\Sophos
2016-04-22 00:02 - 2016-04-22 00:02 - 00002841 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2016-04-22 00:02 - 2016-04-22 00:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2016-04-22 00:01 - 2016-04-22 00:01 - 00000000 ____D C:\Program Files (x86)\Sophos
2016-04-21 23:40 - 2016-04-22 21:40 - 00000000 ____D C:\AdwCleaner
2016-04-21 19:06 - 2016-04-21 21:28 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-04-21 19:02 - 2016-04-21 19:45 - 147672144 _____ (Sophos Limited) C:\Users\Andy\Downloads\Sophos Virus Removal Tool.exe
2016-04-21 19:02 - 2016-04-21 19:03 - 03683904 _____ C:\Users\Andy\Desktop\adwcleaner_5.112.exe
2016-04-21 19:02 - 2016-04-21 19:03 - 01610352 _____ (Malwarebytes) C:\Users\Andy\Downloads\JRT.exe
2016-04-21 19:02 - 2016-04-21 19:02 - 00448512 _____ (OldTimer Tools) C:\Users\Andy\Downloads\TFC.exe
2016-04-21 19:01 - 2016-04-21 21:28 - 00000000 ____D C:\Users\Andy\Desktop\mbar
2016-04-21 18:52 - 2016-04-21 19:01 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Andy\Downloads\mbar-1.09.3.1001.exe
2016-04-21 18:17 - 2016-04-21 18:17 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-04-21 17:49 - 2016-04-21 17:49 - 00000000 ____D C:\WINDOWS\pss
2016-04-21 16:36 - 2016-04-21 16:36 - 02375680 _____ (Farbar) C:\Users\Andy\Desktop\FRST64.exe
2016-04-21 05:33 - 2016-04-21 05:33 - 00002008 _____ C:\Users\Andy\Downloads\Logo to finish.zip
2016-04-20 23:33 - 2016-04-20 23:33 - 01871906 _____ C:\Users\Andy\Downloads\phone.pdf
2016-04-20 23:32 - 2016-04-20 23:32 - 03936066 _____ C:\Users\Andy\Downloads\phone.psd
2016-04-20 22:52 - 2016-04-20 22:52 - 21757682 _____ C:\Users\Andy\Downloads\1.1 slim.psd
2016-04-20 22:27 - 2016-04-20 22:27 - 21617842 _____ C:\Users\Andy\Downloads\1 slim.psd
2016-04-20 21:28 - 2016-04-20 22:24 - 00000000 ____D C:\Users\Andy\Downloads\slim
2016-04-20 21:21 - 2016-04-20 21:28 - 04857781 _____ C:\Users\Andy\Downloads\slim.zip
2016-04-20 19:35 - 2016-04-20 19:35 - 00236326 _____ C:\Users\Andy\Downloads\phones.pdf
2016-04-20 16:57 - 2016-04-20 16:57 - 00008960 _____ C:\Users\Andy\Documents\Background remove.atn
2016-04-19 07:22 - 2016-04-19 07:22 - 00001103 _____ C:\Users\Andy\Desktop\Start Emergency Kit Scanner.exe - Shortcut.lnk
2016-04-19 07:20 - 2016-04-19 07:20 - 00000010 _____ C:\Users\Andy\Desktop\pandamouse.txt
2016-04-19 06:56 - 2016-04-23 04:14 - 00000000 ____D C:\EEK
2016-04-19 05:24 - 2016-04-23 04:14 - 00000000 ____D C:\FRST
2016-04-19 04:21 - 2016-04-22 21:47 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-19 04:21 - 2016-04-21 19:02 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-04-19 04:21 - 2016-04-19 04:21 - 00001190 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-19 04:21 - 2016-04-19 04:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-19 04:21 - 2016-04-19 04:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-19 04:21 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-04-19 04:21 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-04-13 17:56 - 2016-04-13 17:56 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-04-13 17:56 - 2016-04-13 17:56 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-13 05:13 - 2016-03-29 15:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-04-13 05:13 - 2016-03-29 15:19 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-04-13 05:13 - 2016-03-29 15:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-04-13 05:13 - 2016-03-29 15:02 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-04-13 05:13 - 2016-03-29 14:37 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-04-13 05:13 - 2016-03-29 14:02 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-04-13 05:13 - 2016-03-29 13:38 - 18673664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-04-13 05:12 - 2016-03-29 18:20 - 07474016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-04-13 05:12 - 2016-03-29 18:20 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 05:12 - 2016-03-29 18:18 - 02152280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-04-13 05:12 - 2016-03-29 17:37 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-04-13 05:12 - 2016-03-29 16:41 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-04-13 05:12 - 2016-03-29 16:06 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-04-13 05:12 - 2016-03-29 16:01 - 00541304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-04-13 05:12 - 2016-03-29 15:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-04-13 05:12 - 2016-03-29 15:46 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-04-13 05:12 - 2016-03-29 15:36 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-04-13 05:12 - 2016-03-29 15:15 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-04-13 05:12 - 2016-03-29 15:12 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-04-13 05:12 - 2016-03-29 15:07 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-04-13 05:12 - 2016-03-29 14:42 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-04-13 05:12 - 2016-03-29 14:32 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-04-13 05:12 - 2016-03-29 14:31 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-04-13 05:12 - 2016-03-29 14:26 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-04-13 05:12 - 2016-03-29 14:05 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-04-13 05:12 - 2016-03-29 14:05 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-04-13 05:12 - 2016-03-29 13:51 - 22378496 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-04-13 05:12 - 2016-03-29 13:41 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-04-13 05:12 - 2016-03-29 13:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-04-13 05:12 - 2016-03-29 13:37 - 19340800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-04-13 05:11 - 2016-03-29 13:41 - 24602112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-04-13 05:10 - 2016-03-29 15:15 - 01714688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-04-13 05:10 - 2016-03-29 15:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-04-13 05:10 - 2016-03-29 14:37 - 01444352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-04-13 05:10 - 2016-03-29 14:37 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-04-13 05:10 - 2016-03-29 14:01 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-04-13 05:10 - 2016-03-29 13:56 - 16985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-04-13 05:10 - 2016-03-29 13:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-04-13 05:09 - 2016-04-02 11:14 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-04-13 05:09 - 2016-03-29 16:02 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-04-13 05:09 - 2016-03-29 15:02 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-04-13 05:09 - 2016-03-29 15:00 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-04-13 05:09 - 2016-03-29 14:28 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-04-13 05:09 - 2016-03-29 14:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-04-13 05:09 - 2016-03-29 13:51 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-04-13 05:09 - 2016-03-29 13:27 - 07836160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-04-13 05:09 - 2016-03-29 13:27 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-04-13 05:08 - 2016-04-02 11:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-04-13 05:08 - 2016-03-29 17:56 - 01297752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-04-13 05:08 - 2016-03-29 17:11 - 00605440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-04-13 05:08 - 2016-03-29 15:34 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-04-13 05:08 - 2016-03-29 15:20 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-04-13 05:08 - 2016-03-29 14:31 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-04-13 05:08 - 2016-03-29 14:19 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-04-13 05:08 - 2016-03-29 13:58 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-04-13 05:08 - 2016-03-29 13:49 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-04-13 05:08 - 2016-03-29 13:43 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-04-13 05:08 - 2016-03-29 13:38 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-04-13 05:07 - 2016-04-02 11:19 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-04-13 05:07 - 2016-04-02 11:09 - 01832448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-04-13 05:07 - 2016-04-02 11:07 - 03575296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-04-13 05:07 - 2016-03-29 17:13 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-04-13 05:07 - 2016-03-29 15:14 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-04-13 05:07 - 2016-03-29 15:10 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-04-13 05:07 - 2016-03-29 15:05 - 01395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-04-13 05:07 - 2016-03-29 14:32 - 01098240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-04-13 05:07 - 2016-03-29 14:30 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-04-13 05:07 - 2016-03-29 14:05 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-04-13 05:07 - 2016-03-29 14:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-04-13 05:07 - 2016-03-29 13:45 - 03078144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-04-13 05:07 - 2016-03-29 13:36 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-04-13 05:06 - 2016-04-02 11:26 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-04-13 05:06 - 2016-04-02 11:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-04-13 05:06 - 2016-04-02 11:15 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-04-13 05:06 - 2016-04-02 11:07 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-04-13 05:06 - 2016-03-29 18:22 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-04-13 05:06 - 2016-03-29 18:22 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-04-13 05:06 - 2016-03-29 18:20 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-04-13 05:06 - 2016-03-29 18:20 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-04-13 05:06 - 2016-03-29 18:02 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-04-13 05:06 - 2016-03-29 17:28 - 00696664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-04-13 05:06 - 2016-03-29 16:44 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-04-13 05:06 - 2016-03-29 15:16 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-04-13 05:06 - 2016-03-29 15:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-04-13 05:06 - 2016-03-29 15:12 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-04-13 05:06 - 2016-03-29 15:10 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-04-13 05:06 - 2016-03-29 15:06 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-04-13 05:06 - 2016-03-29 15:02 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-04-13 05:06 - 2016-03-29 14:59 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-04-13 05:06 - 2016-03-29 14:56 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-04-13 05:06 - 2016-03-29 14:36 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-04-13 05:06 - 2016-03-29 14:35 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-04-13 05:06 - 2016-03-29 14:34 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-04-13 05:06 - 2016-03-29 13:26 - 00958976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-04-13 05:05 - 2016-04-02 12:13 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-04-13 05:05 - 2016-04-02 12:10 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-04-13 05:05 - 2016-04-02 11:21 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-04-13 05:05 - 2016-03-29 17:17 - 00300104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-04-13 05:05 - 2016-03-29 17:08 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-04-13 05:05 - 2016-03-29 16:32 - 00253088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-04-13 05:05 - 2016-03-29 16:26 - 01089888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-04-13 05:05 - 2016-03-29 16:24 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-04-13 05:05 - 2016-03-29 15:39 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-04-13 05:05 - 2016-03-29 15:38 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-04-13 05:05 - 2016-03-29 15:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-04-13 05:05 - 2016-03-29 15:28 - 00460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-04-13 05:05 - 2016-03-29 15:27 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-04-13 05:05 - 2016-03-29 15:23 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-04-13 05:05 - 2016-03-29 15:23 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-04-13 05:05 - 2016-03-29 15:22 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2016-04-13 05:05 - 2016-03-29 15:19 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-04-13 05:05 - 2016-03-29 15:17 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-04-13 05:05 - 2016-03-29 15:16 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-04-13 05:05 - 2016-03-29 15:14 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-04-13 05:05 - 2016-03-29 15:11 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-04-13 05:05 - 2016-03-29 15:07 - 01902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-04-13 05:05 - 2016-03-29 15:00 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-04-13 05:05 - 2016-03-29 14:56 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-04-13 05:05 - 2016-03-29 14:55 - 01052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2016-04-13 05:05 - 2016-03-29 14:48 - 00346624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-04-13 05:05 - 2016-03-29 14:44 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-04-13 05:05 - 2016-03-29 14:43 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll
2016-04-13 05:05 - 2016-03-29 14:42 - 01410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-04-13 05:05 - 2016-03-29 14:39 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-04-13 05:05 - 2016-03-29 14:38 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-04-13 05:05 - 2016-03-29 14:34 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-04-13 05:05 - 2016-03-29 14:29 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-04-13 05:05 - 2016-03-29 14:28 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-04-13 05:05 - 2016-03-29 14:27 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-04-13 05:05 - 2016-03-29 14:27 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-04-13 05:05 - 2016-03-29 14:17 - 00765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-04-13 05:05 - 2016-03-29 14:14 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2016-04-13 05:05 - 2016-03-29 13:25 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-04-13 05:04 - 2016-03-29 18:11 - 00686976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-04-13 05:04 - 2016-03-29 17:25 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-04-13 05:04 - 2016-03-29 17:19 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-04-13 05:04 - 2016-03-29 16:26 - 02403680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-04-13 05:04 - 2016-03-29 15:51 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2016-04-13 05:04 - 2016-03-29 15:42 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-04-13 05:04 - 2016-03-29 15:26 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-04-13 05:04 - 2016-03-29 15:17 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-04-13 05:04 - 2016-03-29 15:09 - 01239552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2016-04-13 05:04 - 2016-03-29 15:06 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-04-13 05:04 - 2016-03-29 14:40 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-04-13 05:04 - 2016-03-29 14:32 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-04-13 05:04 - 2016-03-29 14:32 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-04-13 05:04 - 2016-03-29 14:29 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-04-13 05:04 - 2016-03-29 14:22 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-04-13 05:04 - 2016-03-29 14:10 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-04-13 05:04 - 2016-03-29 14:05 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-04-13 05:04 - 2016-03-29 14:04 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-04-13 05:03 - 2016-04-02 12:10 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-04-13 05:03 - 2016-04-02 11:29 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-04-13 05:03 - 2016-03-29 18:15 - 00100232 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2016-04-13 05:03 - 2016-03-29 18:05 - 01152864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-04-13 05:03 - 2016-03-29 18:02 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-04-13 05:03 - 2016-03-29 17:28 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-04-13 05:03 - 2016-03-29 17:28 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-04-13 05:03 - 2016-03-29 17:10 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-04-13 05:03 - 2016-03-29 17:08 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2016-04-13 05:03 - 2016-03-29 16:44 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-04-13 05:03 - 2016-03-29 16:26 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
2016-04-13 05:03 - 2016-03-29 16:21 - 00378208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2016-04-13 05:03 - 2016-03-29 16:16 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-04-13 05:03 - 2016-03-29 16:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2016-04-13 05:03 - 2016-03-29 15:57 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-04-13 05:03 - 2016-03-29 15:51 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-04-13 05:03 - 2016-03-29 15:50 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-04-13 05:03 - 2016-03-29 15:48 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2016-04-13 05:03 - 2016-03-29 15:30 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-04-13 05:03 - 2016-03-29 15:30 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-04-13 05:03 - 2016-03-29 15:20 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-04-13 05:03 - 2016-03-29 15:17 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-04-13 05:03 - 2016-03-29 15:11 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2016-04-13 05:03 - 2016-03-29 15:11 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-04-13 05:03 - 2016-03-29 15:08 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-04-13 05:03 - 2016-03-29 15:03 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-04-13 05:03 - 2016-03-29 14:49 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2016-04-13 05:03 - 2016-03-29 14:41 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2016-04-13 05:03 - 2016-03-29 14:36 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-04-13 05:03 - 2016-03-29 14:34 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2016-04-13 05:03 - 2016-03-29 14:32 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-04-13 05:03 - 2016-03-29 14:31 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-04-13 05:03 - 2016-03-29 14:23 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2016-04-13 05:03 - 2016-03-29 14:13 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2016-04-13 05:03 - 2016-03-29 14:06 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-04-13 05:03 - 2016-03-29 14:04 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-04-13 05:03 - 2016-03-29 13:45 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2016-04-13 05:03 - 2016-03-29 13:43 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-04-13 05:02 - 2016-04-02 12:10 - 00770640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2016-04-13 05:02 - 2016-04-02 11:30 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-04-13 05:02 - 2016-04-02 11:29 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-04-13 05:02 - 2016-04-02 11:25 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2016-04-13 05:02 - 2016-04-02 11:25 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2016-04-13 05:02 - 2016-04-02 11:23 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-04-13 05:02 - 2016-04-02 11:23 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-04-13 05:02 - 2016-04-02 11:08 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-04-13 05:02 - 2016-04-02 11:03 - 04774912 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-04-13 05:02 - 2016-03-29 18:23 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-04-13 05:02 - 2016-03-29 17:25 - 00058400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-04-13 05:02 - 2016-03-29 17:18 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-04-13 05:02 - 2016-03-29 17:11 - 00074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2016-04-13 05:02 - 2016-03-29 17:09 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-04-13 05:02 - 2016-03-29 17:07 - 00081144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-04-13 05:02 - 2016-03-29 16:41 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-04-13 05:02 - 2016-03-29 16:25 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
2016-04-13 05:02 - 2016-03-29 16:23 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
2016-04-13 05:02 - 2016-03-29 16:17 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-04-13 05:02 - 2016-03-29 16:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2016-04-13 05:02 - 2016-03-29 16:07 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-04-13 05:02 - 2016-03-29 16:07 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2016-04-13 05:02 - 2016-03-29 16:07 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll
2016-04-13 05:02 - 2016-03-29 16:06 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll
2016-04-13 05:02 - 2016-03-29 16:00 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-04-13 05:02 - 2016-03-29 16:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2016-04-13 05:02 - 2016-03-29 16:00 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-04-13 05:02 - 2016-03-29 15:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2016-04-13 05:02 - 2016-03-29 15:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-04-13 05:02 - 2016-03-29 15:57 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-04-13 05:02 - 2016-03-29 15:57 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-04-13 05:02 - 2016-03-29 15:55 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-04-13 05:02 - 2016-03-29 15:55 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
2016-04-13 05:02 - 2016-03-29 15:55 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2016-04-13 05:02 - 2016-03-29 15:54 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-04-13 05:02 - 2016-03-29 15:54 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-04-13 05:02 - 2016-03-29 15:53 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-04-13 05:02 - 2016-03-29 15:52 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2016-04-13 05:02 - 2016-03-29 15:51 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-04-13 05:02 - 2016-03-29 15:50 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2016-04-13 05:02 - 2016-03-29 15:50 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-04-13 05:02 - 2016-03-29 15:50 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-04-13 05:02 - 2016-03-29 15:50 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2016-04-13 05:02 - 2016-03-29 15:49 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-04-13 05:02 - 2016-03-29 15:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-04-13 05:02 - 2016-03-29 15:46 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-04-13 05:02 - 2016-03-29 15:44 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2016-04-13 05:02 - 2016-03-29 15:36 - 00530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2016-04-13 05:02 - 2016-03-29 15:35 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2016-04-13 05:02 - 2016-03-29 15:35 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2016-04-13 05:02 - 2016-03-29 15:34 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-04-13 05:02 - 2016-03-29 15:34 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2016-04-13 05:02 - 2016-03-29 15:34 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2016-04-13 05:02 - 2016-03-29 15:33 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2016-04-13 05:02 - 2016-03-29 15:32 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-04-13 05:02 - 2016-03-29 15:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-04-13 05:02 - 2016-03-29 15:23 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2016-04-13 05:02 - 2016-03-29 15:21 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-13 05:02 - 2016-03-29 15:20 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2016-04-13 05:02 - 2016-03-29 15:20 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll
2016-04-13 05:02 - 2016-03-29 15:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacchooks.dll
2016-04-13 05:02 - 2016-03-29 15:18 - 00676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2016-04-13 05:02 - 2016-03-29 15:14 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-04-13 05:02 - 2016-03-29 15:11 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-04-13 05:02 - 2016-03-29 15:11 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-04-13 05:02 - 2016-03-29 15:11 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
2016-04-13 05:02 - 2016-03-29 15:09 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-04-13 05:02 - 2016-03-29 15:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2016-04-13 05:02 - 2016-03-29 15:08 - 00841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-04-13 05:02 - 2016-03-29 15:08 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-04-13 05:02 - 2016-03-29 15:06 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2016-04-13 05:02 - 2016-03-29 15:05 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2016-04-13 05:02 - 2016-03-29 15:04 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2016-04-13 05:02 - 2016-03-29 15:00 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-04-13 05:02 - 2016-03-29 15:00 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-04-13 05:02 - 2016-03-29 14:59 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-04-13 05:02 - 2016-03-29 14:59 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2016-04-13 05:02 - 2016-03-29 14:53 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2016-04-13 05:02 - 2016-03-29 14:53 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2016-04-13 05:02 - 2016-03-29 14:52 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-04-13 05:02 - 2016-03-29 14:52 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2016-04-13 05:02 - 2016-03-29 14:42 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-13 05:02 - 2016-03-29 14:39 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2016-04-13 05:02 - 2016-03-29 14:39 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2016-04-13 05:02 - 2016-03-29 14:34 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-04-13 05:02 - 2016-03-29 14:32 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2016-04-13 05:02 - 2016-03-29 14:32 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-04-13 05:02 - 2016-03-29 14:32 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2016-04-13 05:02 - 2016-03-29 14:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-04-13 05:02 - 2016-03-29 14:27 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-04-13 05:02 - 2016-03-29 14:27 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-04-13 05:02 - 2016-03-29 14:05 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-04-13 05:02 - 2016-03-29 14:01 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-04-13 05:02 - 2016-03-29 14:00 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-04-13 05:02 - 2016-03-29 13:35 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2016-04-13 05:02 - 2016-03-29 13:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2016-04-13 05:02 - 2016-03-29 13:27 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-04-13 05:02 - 2016-03-29 13:26 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-04-13 05:02 - 2016-03-29 13:25 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-04-13 05:02 - 2016-03-29 13:21 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-04-08 23:11 - 2016-04-08 23:11 - 00003789 _____ C:\Users\Andy\Documents\crop.atn
2016-04-08 23:11 - 2016-04-08 23:11 - 00002620 _____ C:\Users\Andy\Documents\Teeth Whitening.atn
2016-04-06 23:02 - 2016-04-06 23:02 - 00000000 ____D C:\Users\Andy\AppData\Roaming\WinRAR
2016-04-06 23:02 - 2016-04-06 23:02 - 00000000 ____D C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-04-06 23:02 - 2016-04-06 23:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-04-06 23:02 - 2016-04-06 23:02 - 00000000 ____D C:\Program Files (x86)\WinRAR
2016-04-06 16:04 - 2016-04-06 16:04 - 00000000 ____D C:\Users\Andy\Desktop\VISA UK
2016-04-05 04:18 - 2016-04-05 04:18 - 00000000 ____D C:\Users\Andy\AppData\LocalLow\uTorrent
2016-03-31 16:40 - 2016-04-19 04:09 - 00001579 _____ C:\ProgramData\XML
2016-03-31 16:39 - 2016-04-21 23:53 - 00000000 __SHD C:\ProgramData\601780
2016-03-31 16:39 - 2016-04-19 05:04 - 00000000 _RSHD C:\ProgramData\601680
2016-03-31 16:39 - 2016-03-31 16:39 - 00000006 ____S C:\ProgramData\7a43af6a0273bff1b47e52544b642f9fa7e74383
2016-03-25 20:03 - 2016-03-25 20:03 - 00000007 _____ C:\WINDOWS\SysWOW64\tempsm123.txt
2016-03-25 19:59 - 2016-03-25 20:27 - 00000000 ____D C:\Program Files (x86)\IUWEshare
2016-03-25 19:45 - 2013-08-29 17:20 - 00000000 ____D C:\Users\Andy\Desktop\Stellar Phoenix JPEG Repair 2.0
2016-03-25 19:38 - 2004-03-29 16:23 - 00090112 _____ (MindVision Software) C:\WINDOWS\unvise32.exe
2016-03-25 01:00 - 2016-03-25 01:00 - 00000095 _____ C:\Users\Andy\Desktop\job sites.txt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-04-16 22:25 - 2015-08-01 07:56 - 00001045 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2021-04-16 22:25 - 2015-07-18 22:00 - 00001045 _____ C:\WINDOWS\system32\Drivers\etc\hosts
2019-10-11 22:54 - 2015-07-03 16:56 - 00000000 ____D C:\Program Files\Adobe
2016-04-23 03:48 - 2015-10-21 04:36 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-04-23 03:24 - 2016-02-03 03:19 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-23 03:24 - 2016-02-03 03:19 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-23 03:10 - 2015-03-15 00:36 - 00004146 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5945333F-8F49-4046-8108-A7497B70B921}
2016-04-23 03:02 - 2015-07-10 20:16 - 00000000 ____D C:\Users\Andy\Desktop\Freelancer work
2016-04-22 23:38 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-22 21:42 - 2015-08-21 22:21 - 00000000 __SHD C:\Users\Andy\IntelGraphicsProfiles
2016-04-22 21:41 - 2015-12-07 16:24 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-22 21:41 - 2015-10-30 03:49 - 00000000 _____ C:\hsrv.txt
2016-04-22 21:40 - 2015-10-30 14:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-04-22 21:25 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\SchCache
2016-04-22 15:57 - 2015-04-21 14:33 - 00453288 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-04-22 08:38 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\rescache
2016-04-22 06:21 - 2015-08-21 10:09 - 00001456 _____ C:\Users\Andy\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-04-22 03:55 - 2015-10-01 00:36 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-04-22 01:48 - 2015-04-12 02:12 - 00000000 ____D C:\Users\Andy\AppData\Local\Battle.net
2016-04-22 01:48 - 2015-04-12 02:12 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-04-21 23:53 - 2015-03-15 00:52 - 00000000 ____D C:\Users\Andy\AppData\Roaming\IObit
2016-04-21 23:46 - 2015-10-30 15:24 - 00000000 __RSD C:\WINDOWS\Media
2016-04-21 22:58 - 2015-10-30 15:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-21 18:57 - 2015-10-30 15:21 - 00000000 ____D C:\WINDOWS\INF
2016-04-21 18:55 - 2015-12-07 15:40 - 00972104 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-21 18:21 - 2015-12-07 15:41 - 00000000 ____D C:\Users\Andy
2016-04-21 17:42 - 2015-03-15 03:16 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-04-21 06:07 - 2016-01-03 06:28 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-04-21 05:58 - 2015-03-15 00:52 - 00000000 ____D C:\Program Files (x86)\IObit
2016-04-21 05:39 - 2015-03-15 00:33 - 00000000 ____D C:\Users\Andy\AppData\Local\VirtualStore
2016-04-20 21:48 - 2015-08-01 23:13 - 00000000 ____D C:\Users\Andy\AppData\Roaming\Skype
2016-04-20 07:04 - 2015-05-05 01:50 - 00000299 _____ C:\Users\Andy\Desktop\address.txt
2016-04-19 16:40 - 2015-12-07 15:11 - 05007152 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-19 16:39 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\addins
2016-04-19 05:04 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\System
2016-04-19 05:04 - 2014-07-15 12:52 - 00000000 ____D C:\Program Files\Hewlett-Packard
2016-04-19 04:35 - 2015-03-15 00:33 - 00000000 ____D C:\Users\Andy\AppData\Local\Packages
2016-04-19 04:23 - 2014-07-15 12:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-04-17 08:32 - 2015-04-12 02:22 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-04-16 00:53 - 2015-04-12 02:16 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2016-04-15 01:30 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2016-04-15 01:30 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-04-15 01:30 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-04-15 01:30 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-04-15 01:30 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-04-15 01:30 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-04-13 19:42 - 2015-10-30 15:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-13 19:38 - 2015-03-17 17:25 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-13 19:15 - 2015-03-17 17:25 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-12 06:09 - 2015-08-21 22:04 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-11 15:44 - 2015-07-03 17:09 - 00001111 _____ C:\Users\Andy\Desktop\Adobe Photoshop CC 2015.lnk
2016-04-11 02:56 - 2015-03-16 09:00 - 00000000 ____D C:\Users\Andy\AppData\Roaming\vlc
2016-04-08 19:58 - 2015-03-15 16:02 - 00000000 ____D C:\Program Files (x86)\THQ
2016-04-05 11:14 - 2015-03-15 00:52 - 00000000 ____D C:\Users\Andy\AppData\Roaming\uTorrent
2016-03-28 10:48 - 2015-09-28 22:48 - 00003234 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForAndy
2016-03-28 10:48 - 2015-09-28 22:48 - 00000346 _____ C:\WINDOWS\Tasks\HPCeeScheduleForAndy.job
2016-03-25 20:00 - 2015-03-15 00:54 - 00000000 ____D C:\ProgramData\IObit
2016-03-24 06:38 - 2015-05-06 03:25 - 00000000 ____D C:\Users\Andy\AppData\Local\ElevatedDiagnostics
 
==================== Files in the root of some directories =======
 
2015-10-22 21:11 - 2015-10-22 21:11 - 0000034 _____ () C:\Users\Andy\AppData\Roaming\AdobeWLCMCache.dat
2015-10-30 03:34 - 2015-10-30 03:49 - 0002675 _____ () C:\Users\Andy\AppData\Roaming\droid4xinstaller.log
2015-11-15 18:12 - 2015-11-15 18:12 - 0000112 _____ () C:\Users\Andy\AppData\Roaming\JP2K CS6 Prefs
2015-10-04 21:12 - 2016-02-13 15:17 - 0000028 _____ () C:\Users\Andy\AppData\Roaming\kulerdata.json
2016-01-26 21:40 - 2016-01-26 21:40 - 0000043 _____ () C:\Users\Andy\AppData\Roaming\WB.CFG
2015-08-21 10:09 - 2016-04-22 06:21 - 0001456 _____ () C:\Users\Andy\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-06-03 15:20 - 2015-06-03 15:23 - 0003584 _____ () C:\Users\Andy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-07-10 19:36 - 2015-07-10 19:36 - 0000008 ____H () C:\Users\Andy\AppData\Local\L8457789140
2015-05-14 04:09 - 2015-05-14 04:14 - 0000000 _____ () C:\Users\Andy\AppData\Local\{DA368B97-7991-4F9E-B539-C7973B80B795}
2016-03-31 16:39 - 2016-03-31 16:39 - 0000006 ____S () C:\ProgramData\7a43af6a0273bff1b47e52544b642f9fa7e74383
2016-03-31 16:40 - 2016-04-19 04:09 - 0001579 _____ () C:\ProgramData\XML
 
Some files in TEMP:
====================
C:\Users\Andy\AppData\Local\Temp\libeay32.dll
C:\Users\Andy\AppData\Local\Temp\msvcr120.dll
C:\Users\Andy\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-04-13 19:02
 
==================== End of FRST.txt ============================


#7 Hedgemo

Hedgemo
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:53 AM

Posted 23 April 2016 - 02:08 PM

Update: The computer is a lot better than it was although it started playing up again a little today. Just random freezes. When it does that i open task manager and the CPU is on 100% but jumps back down and starts working again. I'm guessing there is's some malware left over that shuts off the process when i open task manager to try and hide itself. I'm just speculating though. However i'm thinking the is the previous malware reinstalling itself as that's what started happening shortly before it got really bad. 

 

Hope this helps.

 

Once again I massively appreciate your help. You're awesome!



#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:53 AM

Posted 25 April 2016 - 04:17 PM

At this point im not see any malware left on the machine. Lets try two more scans.
 
1.
ESET Online Scanner:

Note: You will need to disable your currently installed Anti-Virus, how to do so can be read here.
  • Please go here, download the ESET Smart Installer, and save it to your desktop.
  • Double-click on the esetimage.png you just downloaded.
  • Place a checkmark next to "YES, I accept the Terms of Use" and click the shieldstart.png button.
  • Click "Yes" to the UAC (User Account Control) warning, then ESET will download it's components, register itself, and start itself.
  • In the new window that opens, tic the radio button next to Enable detection of potentially unwanted applications.
  • Then click "Advanced settings", and make sure there is a checkmark next to only the following items (uncheck everything else):
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Now click on: start.png
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. ...The scan may appear to be finished sometimes...if there is a progress bar visible, it is still scanning!
  • When the scan completes, click List Found Threats (only if anything is found).
  • Then click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click back.png, then click finish.png to exit ESET Online Scanner.
Don't forget to re-enable your antivirus when finished!
 
 
2.
Download RogueKiller from one of the following links and save it to your desktop:
  • Link 1
  • Link 2
    • Close all programs and disconnect any USB or external drives before running the tool.
    • Double-click RogueKiller.exe to run the tool (Vista or 7 users: Right-click and select Run As Administrator).
    • Once the Prescan has finished, click Scan.
    • Once the Status box shows "Scan Finished", click the "Report" button to show the log, and then close the program. <--Don't fix anything!
    • Copy and paste the report that opens into your next reply.
      • The log can also be found in the following location: C:\ProgramData\RogueKiller\Logs\RKreport_SCN_mmddyyyy_hhmmss.log
      • >>For XP users, you must first show hidden files/folders, then the log location is here: C:\Documents and Settings\All Users\Application data\RogueKiller\Logs\RKreport_SCN_mmddyyyy_hhmmss.log

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 Hedgemo

Hedgemo
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:53 AM

Posted 29 April 2016 - 01:13 AM

Hi,

 

I've been busy recently but i'm working on the above instructions now. I'll post the logs shortly.

 

Cheers



#10 Hedgemo

Hedgemo
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:53 AM

Posted 29 April 2016 - 07:07 AM

Okay, ESET found some stuff:

 

C:\$Recycle.Bin\S-1-5-21-751680038-293567957-139391555-1001\$RITX656.zip LNK/Agent.CW trojan deleted
C:\$Recycle.Bin\S-1-5-21-751680038-293567957-139391555-1001\$RQG3QDG.zip LNK/Agent.CW trojan deleted
C:\FRST\Quarantine\C\ProgramData\HKUL\winsys.exe a variant of MSIL/Injector.OXQ trojan cleaned by deleting
C:\Users\Andy\AppData\Roaming\uTorrent\updates\3.4.2_38913.exe a variant of Win32/OpenCandy.A potentially unsafe application cleaned by deleting
C:\Users\Andy\Documents\Media\stack\Microsoft Office Professional Plus 2010\Activators\KMSpico\KMSpico_setup.exe a variant of MSIL/HackTool.IdleKMS.C potentially unsafe application deleted
C:\Windows\SECOH-QAD.exe Win64/HackKMS.C potentially unsafe application cleaned by deleting
 
RogueKiller says it can't run on my PC, i'm guessing not compatible with windows 10. 
 
Thanks again Bleepin' Fireman. I really do appreciate the help.


#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:53 AM

Posted 01 May 2016 - 04:20 PM

1.
Please run the F-Secure Online Scanner
Follow the Instruction here for installation.
Accept the License Agreement.
Once the ActiveX installs,Click Full System Scan
Once the download completes, the scan will begin automatically.
The scan will take some time to finish, so please be patient.
When the scan completes, click the Automatic cleaning (recommended) button.
Click the Show Report button and Copy&Paste the entire report in your next reply.

2.
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Edited by fireman4it, 01 May 2016 - 04:21 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 Hedgemo

Hedgemo
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:53 AM

Posted 03 May 2016 - 06:40 AM

F-secure didn't find anything

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 10 Home x64 
Ran by Andy (Administrator) on 03/05/2016 at 12:05:25.57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 2 
 
Failed to delete: C:\ProgramData\601680 (Folder) 
Failed to delete: C:\ProgramData\601780 (Folder) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03/05/2016 at 12:07:38.96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:53 AM

Posted 03 May 2016 - 08:12 AM

C:\Users\Andy\Documents\Media\stack\Microsoft Office Professional Plus 2010\Activators\KMSpico\KMSpico_setup.exe a variant of MSIL/HackTool.IdleKMS.C potentially unsafe application deleted
C:\Windows\SECOH-QAD.exe Win64/HackKMS.C potentially unsafe application cleaned by deleting

 

These are indicating you are using a hacked copy of Microsoft Office.  At this point I see not other signs of malware on your machine. Please run FRST again and post the new FRST.txt


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 Hedgemo

Hedgemo
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:53 AM

Posted 04 May 2016 - 12:41 AM

I've got no idea what the last guy put on the machine. I just tried to open MS word and it says it's not activated so i don't think it's hacked. 

 

Here is the log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-04-2016
Ran by Andy (administrator) on PANDA-PC (04-05-2016 12:26:16)
Running from C:\Users\Andy\Desktop
Loaded Profiles: Andy (Available Profiles: Andy)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
() C:\Program Files (x86)\Droid4X\Droid4XService.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8497368 2015-08-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-08-23] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-07-17] (Synaptics Incorporated)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [653576 2015-06-29] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKU\S-1-5-21-751680038-293567957-139391555-1001\...\Run: [uTorrent] => C:\Users\Andy\AppData\Roaming\uTorrent\uTorrent.exe [1959424 2016-04-27] (BitTorrent Inc.)
HKU\S-1-5-21-751680038-293567957-139391555-1001\...\MountPoints2: {7e937e99-6db1-11e5-82de-3863bb805ad0} - "F:\setup.exe" 
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254 192.168.254.254
Tcpip\..\Interfaces\{0237659b-3a0b-4e43-bf87-4cb1005d30a9}: [DhcpNameServer] 192.168.254.254 192.168.254.254
Tcpip\..\Interfaces\{3c19f2c6-2e2c-4745-9742-cd16fc9a3fe6}: [DhcpNameServer] 192.168.254.254 192.168.254.254
Tcpip\..\Interfaces\{8efc0b3f-1b3d-4dbf-92f7-b2601d8aae31}: [NameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{8efc0b3f-1b3d-4dbf-92f7-b2601d8aae31}: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{cd4caa6d-f3e1-4d5a-a07a-db105982f2ed}: [NameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{cd4caa6d-f3e1-4d5a-a07a-db105982f2ed}: [DhcpNameServer] 192.168.254.254
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130857739771315016&GUID=A203A976-459A-9B28-F29D-F5355AAAA79D
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPNOT14/2
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/2
HKU\S-1-5-21-751680038-293567957-139391555-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT14/2
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-751680038-293567957-139391555-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-11-12] (IObit)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-10-21] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-09-17] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-10-21] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1220162.dll [2015-08-31] (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-14] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-10-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-10-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-09-17] (Adobe Systems)
FF Plugin HKU\S-1-5-21-751680038-293567957-139391555-1001: SkypePlugin -> C:\Users\Andy\AppData\Local\SkypePlugin\7.6.0.295\npGatewayNpapi.dll [2015-09-14] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-751680038-293567957-139391555-1001: SkypePlugin64 -> C:\Users\Andy\AppData\Local\SkypePlugin\7.6.0.295\npGatewayNpapi-x64.dll [2015-09-14] (Skype Technologies S.A.)
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.866\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\PepperFlash\21.0.0.216\pepflashplayer.dll ()
CHR Profile: C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-15]
CHR Extension: (Google Drive) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (TV) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh [2015-03-15]
CHR Extension: (Skype Calling) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2015-11-03]
CHR Extension: (YouTube) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Nimbus Screenshot and Screencast) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpconcjcammlapcogcnnelfmaeghhagj [2016-05-03]
CHR Extension: (Google Search) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Calendar) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-04-18]
CHR Extension: (Google Mail Checker) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2015-03-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Bastion) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\oohphhdkahjlioohbalmicpokoefkgid [2015-03-15]
CHR Extension: (Gmail) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [669872 2015-09-15] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
S4 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437784 2016-03-11] (BlueStack Systems, Inc.)
S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [417304 2016-03-11] (BlueStack Systems, Inc.)
S4 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [880152 2016-03-11] (BlueStack Systems, Inc.)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
R2 Droid4XService; C:\Program Files (x86)\Droid4X\Droid4XService.exe [261864 2015-06-03] () [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [26680 2016-02-18] (Hewlett-Packard Company)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [602888 2015-06-29] (Hewlett-Packard Development Company, L.P.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-10-23] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel® Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2934048 2015-11-02] (IObit)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2015-08-23] (Realtek Semiconductor)
S3 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-03] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4318760 2015-09-07] (Qualcomm Atheros Communications, Inc.)
S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [154680 2016-03-11] (BlueStack Systems)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [165376 2015-10-30] (Microsoft Corporation)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-10-07] (Disc Soft Ltd)
S3 ew_usbenumfilter; C:\Windows\System32\drivers\ew_usbenumfilter.sys [14336 2012-10-30] (Huawei Technologies Co., Ltd.) [File not signed]
R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2015-08-01] (Intel Corporation)
S3 huawei_cdcecm; C:\Windows\system32\DRIVERS\ew_jucdcecm.sys [76800 2012-10-29] (Huawei Technologies Co., Ltd.) [File not signed]
S3 huawei_ext_ctrl; C:\Windows\System32\drivers\ew_juextctrl.sys [30720 2012-08-20] (Huawei Technologies Co., Ltd.) [File not signed]
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-08-01] (REALiX™)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2014-01-24] (Intel Corporation)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] ()
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-29] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [886528 2015-08-23] (Realtek                                            )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-07-17] (Synaptics Incorporated)
U5 SynTP; C:\Windows\System32\Drivers\SynTP.sys [614088 2015-07-17] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-23] (Hewlett-Packard Development Company, L.P.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-04-16 22:18 - 2021-04-16 22:18 - 00000000 ____D C:\ProgramData\ALM
2021-04-16 22:18 - 2015-10-21 02:29 - 00001572 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2015.lnk
2019-10-11 22:57 - 2019-10-11 22:57 - 00000000 ____D C:\Users\Public\Documents\Adobe
2019-10-11 22:54 - 2015-10-21 02:29 - 00001150 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition CC 2015.lnk
2019-10-11 22:52 - 2019-10-11 22:52 - 00000000 ____D C:\Program Files (x86)\My Company Name
2019-10-11 22:52 - 2012-06-22 03:01 - 00056336 _____ (Corel Corporation) C:\WINDOWS\system32\Drivers\PxHlpa64.sys
2019-10-11 22:52 - 2012-04-24 03:01 - 00011376 _____ (Corel Corporation) C:\WINDOWS\system32\Drivers\cdralw2k.sys
2019-10-11 22:52 - 2012-04-24 03:01 - 00010864 _____ (Corel Corporation) C:\WINDOWS\system32\Drivers\cdr4_xp.sys
2016-05-04 12:26 - 2016-05-04 12:28 - 00019256 _____ C:\Users\Andy\Desktop\FRST.txt
2016-05-03 15:49 - 2016-05-03 15:49 - 00000000 ____D C:\Users\Andy\AppData\Roaming\ProductData
2016-05-03 15:49 - 2016-05-03 15:49 - 00000000 ____D C:\ProgramData\ProductData
2016-05-03 15:33 - 2016-05-03 15:33 - 209178745 _____ C:\Users\Andy\Downloads\model.psd
2016-05-03 12:47 - 2016-05-03 12:58 - 39240428 _____ C:\Users\Andy\Downloads\web-7466.dng
2016-05-03 12:40 - 2016-05-03 12:40 - 00002302 _____ C:\Users\Andy\Downloads\FrequencySeparation-ElenaJasic.zip
2016-05-03 12:40 - 2013-02-16 17:30 - 00002141 ____N C:\Users\Andy\Downloads\FrequencySeparation - Elena Jasic.atn
2016-05-03 11:01 - 2016-05-03 12:07 - 00000648 _____ C:\Users\Andy\Desktop\JRT.txt
2016-05-03 10:59 - 2016-05-03 10:59 - 00001012 _____ C:\Users\Andy\Desktop\mbar.lnk
2016-05-03 10:45 - 2016-05-03 10:47 - 01610816 _____ (Malwarebytes) C:\Users\Andy\Desktop\JRT (1).exe
2016-05-03 03:18 - 2016-05-03 15:47 - 00000000 ____D C:\Users\Andy\AppData\Local\FSDART
2016-05-03 03:18 - 2016-05-03 10:39 - 00000000 ____D C:\ProgramData\F-Secure
2016-05-03 03:18 - 2016-05-03 03:18 - 00524248 _____ (F-Secure Corporation) C:\Users\Andy\Desktop\F-SecureOnlineScanner.exe
2016-05-03 03:18 - 2016-05-03 03:18 - 00000000 ____D C:\Users\Andy\AppData\Local\F-Secure
2016-05-02 20:34 - 2016-05-02 20:34 - 00083933 _____ C:\Users\Andy\Downloads\Recovery-Tools.apk
2016-05-02 20:31 - 2016-05-02 20:31 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2016-05-02 20:23 - 2016-05-02 20:57 - 00000000 ____D C:\Program Files (x86)\KingRoot
2016-05-02 20:23 - 2016-05-02 20:23 - 00000000 ____D C:\Users\Andy\AppData\Roaming\KingRoot
2016-05-02 20:23 - 2016-05-02 20:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KingRoot
2016-05-02 20:05 - 2016-05-02 20:14 - 26013344 _____ (KingRoot ) C:\Users\Andy\Downloads\KingRootSetup_v3.2.0.1128_105002.exe
2016-05-02 19:46 - 2016-05-02 20:25 - 05463944 _____ C:\Users\Andy\Downloads\popkatv2.zip
2016-05-02 19:35 - 2016-05-02 19:45 - 19428370 _____ C:\Users\Andy\Downloads\StarMobile_UP+_TWRP.apk
2016-05-02 19:28 - 2016-05-02 19:28 - 11865328 _____ C:\Users\Andy\Downloads\kingroot41&45.rar
2016-05-02 13:40 - 2016-05-02 13:42 - 00247169 _____ C:\Users\Andy\Downloads\Pages from UC201403525bEN_NuVent_Sinus_Dilation-US-LR_Design.pdf
2016-05-02 13:40 - 2016-05-02 13:41 - 00302702 _____ C:\Users\Andy\Downloads\Pages from UC201403525bEN_NuVent_Sinus_Dilation-US-LR-2.pdf
2016-05-02 11:35 - 2016-05-02 11:42 - 18533287 _____ C:\Users\Andy\Downloads\full_workflow.mp4
2016-04-30 19:10 - 2016-04-30 19:17 - 45156213 _____ C:\Users\Andy\Downloads\Light-rays-background.zip
2016-04-30 18:35 - 2016-04-30 18:35 - 06812813 _____ C:\Users\Andy\Downloads\fabrics (1).zip
2016-04-30 18:35 - 2012-11-09 19:57 - 07867032 _____ C:\Users\Andy\Downloads\fabrics2.pat
2016-04-30 18:19 - 2016-04-30 18:25 - 21700697 _____ C:\Users\Andy\Downloads\fabric_textures_by_daintyish.rar
2016-04-30 18:12 - 2016-04-30 18:17 - 05537792 _____ C:\Users\Andy\Downloads\denim (1).zip
2016-04-30 18:12 - 2012-11-09 19:57 - 07867032 _____ C:\Users\Andy\Downloads\fabrics.pat
2016-04-30 18:04 - 2016-04-30 18:08 - 05537792 _____ C:\Users\Andy\Downloads\denim.zip
2016-04-30 18:04 - 2016-04-30 18:06 - 06812811 _____ C:\Users\Andy\Downloads\fabrics.zip
2016-04-29 22:23 - 2016-04-29 22:25 - 06426862 _____ C:\Users\Andy\Downloads\gfxcave_lensflares.zip
2016-04-29 21:37 - 2016-04-29 21:51 - 26983583 _____ C:\Users\Andy\Downloads\Crotchless YOGA PANTS - Pics to EDIT.zip
2016-04-29 13:19 - 2016-04-29 13:19 - 00089296 _____ C:\Users\Andy\Downloads\free-bonus.zip
2016-04-29 12:28 - 2016-04-29 12:29 - 01290296 _____ C:\Users\Andy\Downloads\10_layer_styles.zip
2016-04-29 08:48 - 2016-04-29 08:52 - 20175284 _____ C:\Users\Andy\Downloads\BG_Textures_Set_10_.zip
2016-04-29 08:47 - 2016-04-29 08:51 - 10707206 _____ C:\Users\Andy\Downloads\Archive.zip
2016-04-28 23:32 - 2016-04-28 23:36 - 00000000 ____D C:\Users\Andy\Documents\add ons
2016-04-28 23:31 - 2016-04-28 23:35 - 26354176 _____ C:\Users\Andy\Downloads\fabric_textures_by_fudgegraphics_abr.zip
2016-04-28 23:31 - 2016-04-28 23:31 - 00000000 ____D C:\Users\Andy\Documents\New folder
2016-04-28 23:30 - 2016-04-28 23:30 - 04569162 _____ C:\Users\Andy\Downloads\6_etc_fabric_patterns.zip
2016-04-28 19:47 - 2016-04-28 19:47 - 00000000 ____D C:\Program Files (x86)\ESET
2016-04-28 19:44 - 2016-04-28 19:59 - 07634944 _____ C:\Users\Andy\Downloads\RogueKiller.exe
2016-04-28 19:43 - 2016-04-28 19:45 - 02870984 _____ (ESET) C:\Users\Andy\Downloads\esetsmartinstaller_enu.exe
2016-04-28 10:17 - 2016-04-28 10:17 - 01760749 _____ C:\Users\Andy\Downloads\meet_instagrame_v2_1_by_yousefcia-d4v79lo.rar
2016-04-28 10:17 - 2016-04-28 10:17 - 00208936 _____ C:\Users\Andy\Downloads\instagram_nashville___photoshop_action_by_iresourcees-d5l9orf.rar
2016-04-28 10:14 - 2016-04-28 10:18 - 00000000 ____D C:\Users\Andy\Documents\Actions
2016-04-28 10:13 - 2016-04-28 10:13 - 00199629 _____ C:\Users\Andy\Downloads\instagram_poprocket___photoshop_action_by_howicopewithlife-d5mhyqp.rar
2016-04-28 10:08 - 2016-04-28 10:08 - 00180589 _____ C:\Users\Andy\Downloads\instagram_walden_photoshop_action_by_iresourcees-d5ln4b2.rar
2016-04-28 09:59 - 2016-04-28 09:59 - 00047419 _____ C:\Users\Andy\Downloads\semi-vintage-red.zip
2016-04-28 09:59 - 2016-04-28 09:59 - 00045556 _____ C:\Users\Andy\Downloads\dim-and-jaded.zip
2016-04-28 09:59 - 2016-04-28 09:59 - 00045315 _____ C:\Users\Andy\Downloads\freezing-blue.zip
2016-04-27 21:18 - 2016-04-27 21:18 - 00000000 ____D C:\Users\Andy\AppData\LocalLow\uTorrent
2016-04-27 18:44 - 2016-04-27 18:44 - 00000000 ____D C:\Users\Andy\AppData\Roaming\Imagenomic
2016-04-27 18:39 - 2016-04-27 18:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Imagenomic
2016-04-27 18:04 - 2016-04-27 18:04 - 00316218 _____ C:\Users\Andy\Downloads\boxfitting.zip
2016-04-27 12:02 - 2016-04-27 12:02 - 00002402 _____ C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-04-27 06:20 - 2016-04-27 06:23 - 17598114 _____ C:\Users\Andy\Downloads\rawandrew_e7c3bfe6-a8bc-4076-af4a-f587d47c1469.zip
2016-04-26 11:12 - 2013-08-02 17:21 - 00004926 _____ C:\Users\Andy\Downloads\reflection-action-by-psd-dude.atn
2016-04-26 11:11 - 2016-04-26 11:11 - 00001983 _____ C:\Users\Andy\Downloads\reflection-action(psd-dude).zip
2016-04-22 00:03 - 2016-04-22 00:03 - 00000000 ____D C:\ProgramData\Sophos
2016-04-22 00:02 - 2016-04-22 00:02 - 00002841 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2016-04-22 00:02 - 2016-04-22 00:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2016-04-22 00:01 - 2016-04-22 00:01 - 00000000 ____D C:\Program Files (x86)\Sophos
2016-04-21 23:40 - 2016-04-22 21:40 - 00000000 ____D C:\AdwCleaner
2016-04-21 19:06 - 2016-05-03 14:33 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-04-21 19:02 - 2016-04-21 19:45 - 147672144 _____ (Sophos Limited) C:\Users\Andy\Downloads\Sophos Virus Removal Tool.exe
2016-04-21 19:02 - 2016-04-21 19:03 - 03683904 _____ C:\Users\Andy\Desktop\adwcleaner_5.112.exe
2016-04-21 19:02 - 2016-04-21 19:03 - 01610352 _____ (Malwarebytes) C:\Users\Andy\Downloads\JRT.exe
2016-04-21 19:02 - 2016-04-21 19:02 - 00448512 _____ (OldTimer Tools) C:\Users\Andy\Downloads\TFC.exe
2016-04-21 19:01 - 2016-05-03 14:33 - 00000000 ____D C:\Users\Andy\Desktop\mbar
2016-04-21 18:17 - 2016-04-21 18:17 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-04-21 17:49 - 2016-04-21 17:49 - 00000000 ____D C:\WINDOWS\pss
2016-04-21 16:36 - 2016-04-21 16:36 - 02375680 _____ (Farbar) C:\Users\Andy\Desktop\FRST64.exe
2016-04-20 16:57 - 2016-04-20 16:57 - 00008960 _____ C:\Users\Andy\Documents\Background remove.atn
2016-04-19 07:22 - 2016-04-19 07:22 - 00001103 _____ C:\Users\Andy\Desktop\Start Emergency Kit Scanner.exe - Shortcut.lnk
2016-04-19 07:20 - 2016-04-19 07:20 - 00000010 _____ C:\Users\Andy\Desktop\pandamouse.txt
2016-04-19 06:56 - 2016-04-23 04:14 - 00000000 ____D C:\EEK
2016-04-19 05:24 - 2016-05-04 12:26 - 00000000 ____D C:\FRST
2016-04-19 04:21 - 2016-05-03 12:16 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-19 04:21 - 2016-05-03 12:16 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-04-19 04:21 - 2016-04-19 04:21 - 00001190 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-19 04:21 - 2016-04-19 04:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-19 04:21 - 2016-04-19 04:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-19 04:21 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-04-19 04:21 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-04-13 17:56 - 2016-04-13 17:56 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-04-13 17:56 - 2016-04-13 17:56 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-13 05:13 - 2016-03-29 15:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-04-13 05:13 - 2016-03-29 15:19 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-04-13 05:13 - 2016-03-29 15:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-04-13 05:13 - 2016-03-29 15:02 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-04-13 05:13 - 2016-03-29 14:37 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-04-13 05:13 - 2016-03-29 14:02 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-04-13 05:13 - 2016-03-29 13:38 - 18673664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-04-13 05:12 - 2016-03-29 18:20 - 07474016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-04-13 05:12 - 2016-03-29 18:20 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 05:12 - 2016-03-29 18:18 - 02152280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-04-13 05:12 - 2016-03-29 17:37 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-04-13 05:12 - 2016-03-29 16:41 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-04-13 05:12 - 2016-03-29 16:06 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-04-13 05:12 - 2016-03-29 16:01 - 00541304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-04-13 05:12 - 2016-03-29 15:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-04-13 05:12 - 2016-03-29 15:46 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-04-13 05:12 - 2016-03-29 15:36 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-04-13 05:12 - 2016-03-29 15:15 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-04-13 05:12 - 2016-03-29 15:12 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-04-13 05:12 - 2016-03-29 15:07 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-04-13 05:12 - 2016-03-29 14:42 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-04-13 05:12 - 2016-03-29 14:32 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-04-13 05:12 - 2016-03-29 14:31 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-04-13 05:12 - 2016-03-29 14:26 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-04-13 05:12 - 2016-03-29 14:05 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-04-13 05:12 - 2016-03-29 14:05 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-04-13 05:12 - 2016-03-29 13:51 - 22378496 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-04-13 05:12 - 2016-03-29 13:41 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-04-13 05:12 - 2016-03-29 13:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-04-13 05:12 - 2016-03-29 13:37 - 19340800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-04-13 05:11 - 2016-03-29 13:41 - 24602112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-04-13 05:10 - 2016-03-29 15:15 - 01714688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-04-13 05:10 - 2016-03-29 15:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-04-13 05:10 - 2016-03-29 14:37 - 01444352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-04-13 05:10 - 2016-03-29 14:37 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-04-13 05:10 - 2016-03-29 14:01 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-04-13 05:10 - 2016-03-29 13:56 - 16985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-04-13 05:10 - 2016-03-29 13:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-04-13 05:09 - 2016-04-02 11:14 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-04-13 05:09 - 2016-03-29 16:02 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-04-13 05:09 - 2016-03-29 15:02 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-04-13 05:09 - 2016-03-29 15:00 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-04-13 05:09 - 2016-03-29 14:28 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-04-13 05:09 - 2016-03-29 14:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-04-13 05:09 - 2016-03-29 13:51 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-04-13 05:09 - 2016-03-29 13:27 - 07836160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-04-13 05:09 - 2016-03-29 13:27 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-04-13 05:08 - 2016-04-02 11:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-04-13 05:08 - 2016-03-29 17:56 - 01297752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-04-13 05:08 - 2016-03-29 17:11 - 00605440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-04-13 05:08 - 2016-03-29 15:34 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-04-13 05:08 - 2016-03-29 15:20 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-04-13 05:08 - 2016-03-29 14:31 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-04-13 05:08 - 2016-03-29 14:19 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-04-13 05:08 - 2016-03-29 13:58 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-04-13 05:08 - 2016-03-29 13:49 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-04-13 05:08 - 2016-03-29 13:43 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-04-13 05:08 - 2016-03-29 13:38 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-04-13 05:07 - 2016-04-02 11:19 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-04-13 05:07 - 2016-04-02 11:09 - 01832448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-04-13 05:07 - 2016-04-02 11:07 - 03575296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-04-13 05:07 - 2016-03-29 17:13 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-04-13 05:07 - 2016-03-29 15:14 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-04-13 05:07 - 2016-03-29 15:10 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-04-13 05:07 - 2016-03-29 15:05 - 01395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-04-13 05:07 - 2016-03-29 14:32 - 01098240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-04-13 05:07 - 2016-03-29 14:30 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-04-13 05:07 - 2016-03-29 14:05 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-04-13 05:07 - 2016-03-29 14:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-04-13 05:07 - 2016-03-29 13:45 - 03078144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-04-13 05:07 - 2016-03-29 13:36 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-04-13 05:06 - 2016-04-02 11:26 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-04-13 05:06 - 2016-04-02 11:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-04-13 05:06 - 2016-04-02 11:15 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-04-13 05:06 - 2016-04-02 11:07 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-04-13 05:06 - 2016-03-29 18:22 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-04-13 05:06 - 2016-03-29 18:22 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-04-13 05:06 - 2016-03-29 18:20 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-04-13 05:06 - 2016-03-29 18:20 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-04-13 05:06 - 2016-03-29 18:02 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-04-13 05:06 - 2016-03-29 17:28 - 00696664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-04-13 05:06 - 2016-03-29 16:44 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-04-13 05:06 - 2016-03-29 15:16 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-04-13 05:06 - 2016-03-29 15:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-04-13 05:06 - 2016-03-29 15:12 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-04-13 05:06 - 2016-03-29 15:10 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-04-13 05:06 - 2016-03-29 15:06 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-04-13 05:06 - 2016-03-29 15:02 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-04-13 05:06 - 2016-03-29 14:59 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-04-13 05:06 - 2016-03-29 14:56 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-04-13 05:06 - 2016-03-29 14:36 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-04-13 05:06 - 2016-03-29 14:35 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-04-13 05:06 - 2016-03-29 14:34 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-04-13 05:06 - 2016-03-29 13:26 - 00958976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-04-13 05:05 - 2016-04-02 12:13 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-04-13 05:05 - 2016-04-02 12:10 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-04-13 05:05 - 2016-04-02 11:21 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-04-13 05:05 - 2016-03-29 17:17 - 00300104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-04-13 05:05 - 2016-03-29 17:08 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-04-13 05:05 - 2016-03-29 16:32 - 00253088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-04-13 05:05 - 2016-03-29 16:26 - 01089888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-04-13 05:05 - 2016-03-29 16:24 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-04-13 05:05 - 2016-03-29 15:39 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-04-13 05:05 - 2016-03-29 15:38 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-04-13 05:05 - 2016-03-29 15:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-04-13 05:05 - 2016-03-29 15:28 - 00460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-04-13 05:05 - 2016-03-29 15:27 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-04-13 05:05 - 2016-03-29 15:23 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-04-13 05:05 - 2016-03-29 15:23 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-04-13 05:05 - 2016-03-29 15:22 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2016-04-13 05:05 - 2016-03-29 15:19 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-04-13 05:05 - 2016-03-29 15:17 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-04-13 05:05 - 2016-03-29 15:16 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-04-13 05:05 - 2016-03-29 15:14 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-04-13 05:05 - 2016-03-29 15:11 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-04-13 05:05 - 2016-03-29 15:07 - 01902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-04-13 05:05 - 2016-03-29 15:00 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-04-13 05:05 - 2016-03-29 14:56 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-04-13 05:05 - 2016-03-29 14:55 - 01052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2016-04-13 05:05 - 2016-03-29 14:48 - 00346624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-04-13 05:05 - 2016-03-29 14:44 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-04-13 05:05 - 2016-03-29 14:43 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll
2016-04-13 05:05 - 2016-03-29 14:42 - 01410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-04-13 05:05 - 2016-03-29 14:39 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-04-13 05:05 - 2016-03-29 14:38 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-04-13 05:05 - 2016-03-29 14:34 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-04-13 05:05 - 2016-03-29 14:29 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-04-13 05:05 - 2016-03-29 14:28 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-04-13 05:05 - 2016-03-29 14:27 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-04-13 05:05 - 2016-03-29 14:27 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-04-13 05:05 - 2016-03-29 14:17 - 00765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-04-13 05:05 - 2016-03-29 14:14 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2016-04-13 05:05 - 2016-03-29 13:25 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-04-13 05:04 - 2016-03-29 18:11 - 00686976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-04-13 05:04 - 2016-03-29 17:25 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-04-13 05:04 - 2016-03-29 17:19 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-04-13 05:04 - 2016-03-29 16:26 - 02403680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-04-13 05:04 - 2016-03-29 15:51 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2016-04-13 05:04 - 2016-03-29 15:42 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-04-13 05:04 - 2016-03-29 15:26 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-04-13 05:04 - 2016-03-29 15:17 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-04-13 05:04 - 2016-03-29 15:09 - 01239552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2016-04-13 05:04 - 2016-03-29 15:06 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-04-13 05:04 - 2016-03-29 14:40 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-04-13 05:04 - 2016-03-29 14:32 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-04-13 05:04 - 2016-03-29 14:32 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-04-13 05:04 - 2016-03-29 14:29 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-04-13 05:04 - 2016-03-29 14:22 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-04-13 05:04 - 2016-03-29 14:10 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-04-13 05:04 - 2016-03-29 14:05 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-04-13 05:04 - 2016-03-29 14:04 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-04-13 05:03 - 2016-04-02 12:10 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-04-13 05:03 - 2016-04-02 11:29 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-04-13 05:03 - 2016-03-29 18:15 - 00100232 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2016-04-13 05:03 - 2016-03-29 18:05 - 01152864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-04-13 05:03 - 2016-03-29 18:02 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-04-13 05:03 - 2016-03-29 17:28 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-04-13 05:03 - 2016-03-29 17:28 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-04-13 05:03 - 2016-03-29 17:10 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-04-13 05:03 - 2016-03-29 17:08 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2016-04-13 05:03 - 2016-03-29 16:44 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-04-13 05:03 - 2016-03-29 16:26 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
2016-04-13 05:03 - 2016-03-29 16:21 - 00378208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2016-04-13 05:03 - 2016-03-29 16:16 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-04-13 05:03 - 2016-03-29 16:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2016-04-13 05:03 - 2016-03-29 15:57 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-04-13 05:03 - 2016-03-29 15:51 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-04-13 05:03 - 2016-03-29 15:50 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-04-13 05:03 - 2016-03-29 15:48 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2016-04-13 05:03 - 2016-03-29 15:30 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-04-13 05:03 - 2016-03-29 15:30 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-04-13 05:03 - 2016-03-29 15:20 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-04-13 05:03 - 2016-03-29 15:17 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-04-13 05:03 - 2016-03-29 15:11 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2016-04-13 05:03 - 2016-03-29 15:11 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-04-13 05:03 - 2016-03-29 15:08 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-04-13 05:03 - 2016-03-29 15:03 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-04-13 05:03 - 2016-03-29 14:49 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2016-04-13 05:03 - 2016-03-29 14:41 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2016-04-13 05:03 - 2016-03-29 14:36 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-04-13 05:03 - 2016-03-29 14:34 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2016-04-13 05:03 - 2016-03-29 14:32 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-04-13 05:03 - 2016-03-29 14:31 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-04-13 05:03 - 2016-03-29 14:23 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2016-04-13 05:03 - 2016-03-29 14:13 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2016-04-13 05:03 - 2016-03-29 14:06 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-04-13 05:03 - 2016-03-29 14:04 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-04-13 05:03 - 2016-03-29 13:45 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2016-04-13 05:03 - 2016-03-29 13:43 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-04-13 05:02 - 2016-04-02 12:10 - 00770640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2016-04-13 05:02 - 2016-04-02 11:30 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-04-13 05:02 - 2016-04-02 11:29 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-04-13 05:02 - 2016-04-02 11:25 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2016-04-13 05:02 - 2016-04-02 11:25 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2016-04-13 05:02 - 2016-04-02 11:23 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-04-13 05:02 - 2016-04-02 11:23 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-04-13 05:02 - 2016-04-02 11:08 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-04-13 05:02 - 2016-04-02 11:03 - 04774912 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-04-13 05:02 - 2016-03-29 18:23 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-04-13 05:02 - 2016-03-29 17:25 - 00058400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-04-13 05:02 - 2016-03-29 17:18 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-04-13 05:02 - 2016-03-29 17:11 - 00074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2016-04-13 05:02 - 2016-03-29 17:09 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-04-13 05:02 - 2016-03-29 17:07 - 00081144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-04-13 05:02 - 2016-03-29 16:41 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-04-13 05:02 - 2016-03-29 16:25 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
2016-04-13 05:02 - 2016-03-29 16:23 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
2016-04-13 05:02 - 2016-03-29 16:17 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-04-13 05:02 - 2016-03-29 16:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2016-04-13 05:02 - 2016-03-29 16:07 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-04-13 05:02 - 2016-03-29 16:07 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2016-04-13 05:02 - 2016-03-29 16:07 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll
2016-04-13 05:02 - 2016-03-29 16:06 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll
2016-04-13 05:02 - 2016-03-29 16:00 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-04-13 05:02 - 2016-03-29 16:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2016-04-13 05:02 - 2016-03-29 16:00 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-04-13 05:02 - 2016-03-29 15:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2016-04-13 05:02 - 2016-03-29 15:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-04-13 05:02 - 2016-03-29 15:57 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-04-13 05:02 - 2016-03-29 15:57 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-04-13 05:02 - 2016-03-29 15:55 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-04-13 05:02 - 2016-03-29 15:55 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
2016-04-13 05:02 - 2016-03-29 15:55 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2016-04-13 05:02 - 2016-03-29 15:54 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-04-13 05:02 - 2016-03-29 15:54 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-04-13 05:02 - 2016-03-29 15:53 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-04-13 05:02 - 2016-03-29 15:52 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2016-04-13 05:02 - 2016-03-29 15:51 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-04-13 05:02 - 2016-03-29 15:50 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2016-04-13 05:02 - 2016-03-29 15:50 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-04-13 05:02 - 2016-03-29 15:50 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-04-13 05:02 - 2016-03-29 15:50 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2016-04-13 05:02 - 2016-03-29 15:49 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-04-13 05:02 - 2016-03-29 15:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-04-13 05:02 - 2016-03-29 15:46 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-04-13 05:02 - 2016-03-29 15:44 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2016-04-13 05:02 - 2016-03-29 15:36 - 00530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2016-04-13 05:02 - 2016-03-29 15:35 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2016-04-13 05:02 - 2016-03-29 15:35 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2016-04-13 05:02 - 2016-03-29 15:34 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-04-13 05:02 - 2016-03-29 15:34 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2016-04-13 05:02 - 2016-03-29 15:34 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2016-04-13 05:02 - 2016-03-29 15:33 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2016-04-13 05:02 - 2016-03-29 15:32 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-04-13 05:02 - 2016-03-29 15:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-04-13 05:02 - 2016-03-29 15:23 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2016-04-13 05:02 - 2016-03-29 15:21 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-13 05:02 - 2016-03-29 15:20 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2016-04-13 05:02 - 2016-03-29 15:20 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll
2016-04-13 05:02 - 2016-03-29 15:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacchooks.dll
2016-04-13 05:02 - 2016-03-29 15:18 - 00676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2016-04-13 05:02 - 2016-03-29 15:14 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-04-13 05:02 - 2016-03-29 15:11 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-04-13 05:02 - 2016-03-29 15:11 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-04-13 05:02 - 2016-03-29 15:11 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
2016-04-13 05:02 - 2016-03-29 15:09 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-04-13 05:02 - 2016-03-29 15:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2016-04-13 05:02 - 2016-03-29 15:08 - 00841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-04-13 05:02 - 2016-03-29 15:08 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-04-13 05:02 - 2016-03-29 15:06 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2016-04-13 05:02 - 2016-03-29 15:05 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2016-04-13 05:02 - 2016-03-29 15:04 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2016-04-13 05:02 - 2016-03-29 15:00 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-04-13 05:02 - 2016-03-29 15:00 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-04-13 05:02 - 2016-03-29 14:59 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-04-13 05:02 - 2016-03-29 14:59 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2016-04-13 05:02 - 2016-03-29 14:53 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2016-04-13 05:02 - 2016-03-29 14:53 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2016-04-13 05:02 - 2016-03-29 14:52 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-04-13 05:02 - 2016-03-29 14:52 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2016-04-13 05:02 - 2016-03-29 14:42 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-13 05:02 - 2016-03-29 14:39 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2016-04-13 05:02 - 2016-03-29 14:39 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2016-04-13 05:02 - 2016-03-29 14:34 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-04-13 05:02 - 2016-03-29 14:32 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2016-04-13 05:02 - 2016-03-29 14:32 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-04-13 05:02 - 2016-03-29 14:32 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2016-04-13 05:02 - 2016-03-29 14:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-04-13 05:02 - 2016-03-29 14:27 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-04-13 05:02 - 2016-03-29 14:27 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-04-13 05:02 - 2016-03-29 14:05 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-04-13 05:02 - 2016-03-29 14:01 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-04-13 05:02 - 2016-03-29 14:00 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-04-13 05:02 - 2016-03-29 13:35 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2016-04-13 05:02 - 2016-03-29 13:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2016-04-13 05:02 - 2016-03-29 13:27 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-04-13 05:02 - 2016-03-29 13:26 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-04-13 05:02 - 2016-03-29 13:25 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-04-13 05:02 - 2016-03-29 13:21 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-04-08 23:11 - 2016-04-08 23:11 - 00003789 _____ C:\Users\Andy\Documents\crop.atn
2016-04-08 23:11 - 2016-04-08 23:11 - 00002620 _____ C:\Users\Andy\Documents\Teeth Whitening.atn
2016-04-06 23:02 - 2016-04-06 23:02 - 00000000 ____D C:\Users\Andy\AppData\Roaming\WinRAR
2016-04-06 23:02 - 2016-04-06 23:02 - 00000000 ____D C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-04-06 23:02 - 2016-04-06 23:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-04-06 23:02 - 2016-04-06 23:02 - 00000000 ____D C:\Program Files (x86)\WinRAR
2016-04-06 16:04 - 2016-04-06 16:04 - 00000000 ____D C:\Users\Andy\Desktop\VISA UK
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-04-16 22:25 - 2015-08-01 07:56 - 00001045 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2021-04-16 22:25 - 2015-07-18 22:00 - 00001045 _____ C:\WINDOWS\system32\Drivers\etc\hosts
2016-05-04 12:27 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-05-04 12:24 - 2016-02-03 03:19 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-04 12:11 - 2015-03-15 00:36 - 00004146 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5945333F-8F49-4046-8108-A7497B70B921}
2016-05-04 11:48 - 2015-10-21 04:36 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-05-04 04:05 - 2015-10-30 15:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-05-04 03:24 - 2016-02-03 03:19 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-04 00:56 - 2015-04-12 02:12 - 00000000 ____D C:\Users\Andy\AppData\Local\Battle.net
2016-05-04 00:55 - 2015-04-12 02:12 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-05-03 18:43 - 2015-08-21 10:09 - 00001456 _____ C:\Users\Andy\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-05-03 15:54 - 2015-12-07 15:40 - 00972104 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-05-03 15:54 - 2015-10-30 15:21 - 00000000 ____D C:\WINDOWS\INF
2016-05-03 15:50 - 2015-08-21 22:21 - 00000000 __SHD C:\Users\Andy\IntelGraphicsProfiles
2016-05-03 15:48 - 2015-12-07 15:41 - 00000000 ____D C:\Users\Andy
2016-05-03 15:47 - 2015-12-07 16:24 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-05-03 15:47 - 2015-12-07 15:11 - 05007208 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-05-03 15:47 - 2015-10-30 03:49 - 00000000 _____ C:\hsrv.txt
2016-05-03 05:46 - 2015-03-15 00:33 - 00000000 ____D C:\Users\Andy\AppData\Local\Packages
2016-05-02 22:59 - 2015-07-10 20:16 - 00000000 ____D C:\Users\Andy\Desktop\Freelancer work
2016-05-02 09:27 - 2015-07-03 16:56 - 00000000 ____D C:\Program Files\Adobe
2016-05-01 01:32 - 2015-04-12 02:22 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-04-29 09:26 - 2015-08-21 22:04 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-28 19:30 - 2015-03-15 00:52 - 00000000 ____D C:\Users\Andy\AppData\Roaming\uTorrent
2016-04-28 08:03 - 2015-04-12 02:16 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2016-04-27 12:02 - 2015-03-15 00:35 - 00000000 __RDO C:\Users\Andy\OneDrive
2016-04-27 10:48 - 2015-09-28 22:48 - 00003234 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForAndy
2016-04-27 10:48 - 2015-09-28 22:48 - 00000346 _____ C:\WINDOWS\Tasks\HPCeeScheduleForAndy.job
2016-04-24 22:55 - 2015-08-01 23:13 - 00000000 ____D C:\Users\Andy\AppData\Roaming\Skype
2016-04-24 07:58 - 2015-10-01 17:26 - 00000000 ____D C:\Program Files (x86)\WebSite X5 v12 - Professional
2016-04-24 07:58 - 2015-09-17 05:52 - 00000000 ____D C:\Users\Andy\AppData\Local\Incomedia
2016-04-22 21:40 - 2015-10-30 14:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-04-22 21:30 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\SchCache
2016-04-22 15:57 - 2015-04-21 14:33 - 00453288 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-04-22 08:38 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\rescache
2016-04-22 03:55 - 2015-10-01 00:36 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-04-21 23:53 - 2016-03-31 16:39 - 00000000 __SHD C:\ProgramData\601780
2016-04-21 23:53 - 2015-03-15 00:52 - 00000000 ____D C:\Users\Andy\AppData\Roaming\IObit
2016-04-21 23:46 - 2015-10-30 15:24 - 00000000 __RSD C:\WINDOWS\Media
2016-04-21 17:42 - 2015-03-15 03:16 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-04-21 06:07 - 2016-01-03 06:28 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-04-21 05:58 - 2015-03-15 00:52 - 00000000 ____D C:\Program Files (x86)\IObit
2016-04-21 05:39 - 2015-03-15 00:33 - 00000000 ____D C:\Users\Andy\AppData\Local\VirtualStore
2016-04-20 07:04 - 2015-05-05 01:50 - 00000299 _____ C:\Users\Andy\Desktop\address.txt
2016-04-19 16:39 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\addins
2016-04-19 05:04 - 2016-03-31 16:39 - 00000000 _RSHD C:\ProgramData\601680
2016-04-19 05:04 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\System
2016-04-19 05:04 - 2014-07-15 12:52 - 00000000 ____D C:\Program Files\Hewlett-Packard
2016-04-19 04:23 - 2014-07-15 12:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-04-19 04:09 - 2016-03-31 16:40 - 00001579 _____ C:\ProgramData\XML
2016-04-15 01:30 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2016-04-15 01:30 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-04-15 01:30 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-04-15 01:30 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-04-15 01:30 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-04-15 01:30 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-04-13 19:42 - 2015-10-30 15:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-13 19:38 - 2015-03-17 17:25 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-13 19:15 - 2015-03-17 17:25 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-11 15:44 - 2015-07-03 17:09 - 00001111 _____ C:\Users\Andy\Desktop\Adobe Photoshop CC 2015.lnk
2016-04-11 02:56 - 2015-03-16 09:00 - 00000000 ____D C:\Users\Andy\AppData\Roaming\vlc
2016-04-08 19:58 - 2015-03-15 16:02 - 00000000 ____D C:\Program Files (x86)\THQ
 
==================== Files in the root of some directories =======
 
2015-10-22 21:11 - 2015-10-22 21:11 - 0000034 _____ () C:\Users\Andy\AppData\Roaming\AdobeWLCMCache.dat
2015-10-30 03:34 - 2015-10-30 03:49 - 0002675 _____ () C:\Users\Andy\AppData\Roaming\droid4xinstaller.log
2015-11-15 18:12 - 2015-11-15 18:12 - 0000112 _____ () C:\Users\Andy\AppData\Roaming\JP2K CS6 Prefs
2015-10-04 21:12 - 2016-02-13 15:17 - 0000028 _____ () C:\Users\Andy\AppData\Roaming\kulerdata.json
2016-01-26 21:40 - 2016-01-26 21:40 - 0000043 _____ () C:\Users\Andy\AppData\Roaming\WB.CFG
2015-08-21 10:09 - 2016-05-03 18:43 - 0001456 _____ () C:\Users\Andy\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-06-03 15:20 - 2015-06-03 15:23 - 0003584 _____ () C:\Users\Andy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-07-10 19:36 - 2015-07-10 19:36 - 0000008 ____H () C:\Users\Andy\AppData\Local\L8457789140
2015-05-14 04:09 - 2015-05-14 04:14 - 0000000 _____ () C:\Users\Andy\AppData\Local\{DA368B97-7991-4F9E-B539-C7973B80B795}
2016-03-31 16:39 - 2016-03-31 16:39 - 0000006 ____S () C:\ProgramData\7a43af6a0273bff1b47e52544b642f9fa7e74383
2016-03-31 16:40 - 2016-04-19 04:09 - 0001579 _____ () C:\ProgramData\XML
 
Some files in TEMP:
====================
C:\Users\Andy\AppData\Local\Temp\libeay32.dll
C:\Users\Andy\AppData\Local\Temp\msvcr120.dll
C:\Users\Andy\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Andy\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-05-03 12:11
 
==================== End of FRST.txt ============================


#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:53 AM

Posted 04 May 2016 - 06:40 PM

It Appears That Your Pc Is Now Clean!

***



Clean up:

***



Right-click  AdwCleaner.exe and select Run As Administrator.
  • Click on the Uninstall button.
  • A window will open, press the Confirm button.
  • AdwCleaner will uninstall now.


***



Clean up with delfix:
  • please download delfix to your desktop.
  • Close all other programms and start delfix.
  • Please check all the boxes and run the tool.
  • delfix will now delete all found traces of our removal process

***



Delete the log files our tools created; they are located at your desktop or at the
"c:\users\{.......}\Downloads" folder.
Highlight them, and press the del or delete key on the keyboard.
You can browse to the location of the file or folder using either My Computer or Windows Explorer.

***



Here are some Preventive tips to reduce the potential for spyware infection in the future

:step1: Browse more secure


:step2: Make sure you keep your Windows OS current.
  • Windows XP users can visit Windows update regularly to download and install any critical updates and service packs.
  • Windows Vista / 7 / 8 users can update via
    Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane).

:step3: Avoid P2P
  • If you think you're using a "safe" P2P program, only the program is safe, not the data.
  • You will share files from unsafe sources, and these may be infected.
  • Some bad guys use P2P filesharing as an important chanel to spread their wares.

:step4: Use only one anti-virus software and keep it up-to-date.

:step5: Firewall
Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

:step6: Backup regularly
You never know when your PC will become unstable or become so infected that you can't recover it.

:step7: Use Strong passwords!

:step8: Email attachments
Do not open any unknown email attachments, which you received without asking for it!


Extra note:
Keep your Browser, Java, pdf Reader and Adobe Flash Up to Date.
And you could install Malwarebytes Anti-Exploit to run alongside your traditional anti-virus or anti-malware products.

Make sure your programs are up to date - because older versions may contain Security Leaks.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users