Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Docs turned into shortcuts. Corruption/virus or both?


  • This topic is locked This topic is locked
18 replies to this topic

#1 hateway

hateway

  • Members
  • 163 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:13 PM

Posted 21 April 2016 - 09:49 AM

I have a PC with Win 10 that suddenly has some, but not all OpenOffice/Word docs turned into shortcuts that target nowhere. I've run ESET online scanner, Malwarebytes, RKill, AVG, Advanced System Care and all kinds of scrpts in CMD prompt and followed all the steps on http://www.techchore.com/flashdrive-shortcut-virus-and-two-2-methods-to-get-rid-of-it/ as it applies to the C drive. I've searched for shortcut virus and found all kinds of software to d/l & run, but it all points to flash drives, and it seems so sketchy.

 

Any ideas? I'm stumped!

 

FRST LOG:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-04-2016
Ran by Owner (administrator) on GOLDSMITH (21-04-2016 10:20:34)
Running from C:\Users\Owner\AppData\Local\Microsoft\Windows\INetCache\IE\MD2TKL81
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Soluto) C:\Program Files\Soluto\SolutoLauncherService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Pokki) C:\Users\Owner\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Soluto) C:\Program Files\Soluto\Soluto.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Pokki) C:\Users\Owner\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
(Pokki) C:\Users\Owner\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
(Pokki) C:\Users\Owner\AppData\Local\SweetLabs App Platform\Engine\ServiceStartMenuIndexer.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
(Soluto) C:\Program Files\Soluto\SolutoService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\sdiagnhost.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
(Microsoft Inc.) C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.8.4181.0_x64__8wekyb3d8bbwe\Solitaire.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Desktop.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-08-04] (Realtek Semiconductor)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2013-12-19] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3930384 2016-04-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-04-14] (AVG Technologies CZ, s.r.o.)
HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit,
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
HKU\S-1-5-21-2986362171-3745760491-3342823073-1001\...\Run: [AcerPortal] => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2732760 2016-01-19] (Acer)
HKU\S-1-5-21-2986362171-3745760491-3342823073-1001\...\Run: [Advanced SystemCare 8] => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe [2429728 2015-04-08] (IObit)
HKU\S-1-5-21-2986362171-3745760491-3342823073-1001\...\RunOnce: [Uninstall C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-2986362171-3745760491-3342823073-1001\...\RunOnce: [Uninstall C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6302.0225] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6302.0225"
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-03-12] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-03-12] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-03-12] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{37ed7bc8-a1a5-45dc-bf58-326b0c52b5bb}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{f7d0a7f7-5876-4b87-b325-f7599b47dca3}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2986362171-3745760491-3342823073-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2986362171-3745760491-3342823073-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={5C240599-639E-4444-B9E4-E767DE396E49}&mid=6143c6ee124c47d2a1ec91b9695ab051-3056deab5288be948ee11a218dc767e7274b32f9&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-09-17 09:04:59&v=18.1.9.799&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2986362171-3745760491-3342823073-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2016-03-10] (IObit)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-20] (Google Inc.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-20] (Google Inc.)
BHO-x32: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2015-04-01] (IObit)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-20] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-20] (Google Inc.)
Toolbar: HKU\S-1-5-21-2986362171-3745760491-3342823073-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-20] (Google Inc.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc.)

FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll [2016-03-20] ()

Chrome:
=======
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen [2016-04-13]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [814880 2015-04-03] (IObit)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [638456 2016-04-06] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3993088 2016-04-06] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1074448 2016-04-14] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [593880 2016-04-06] (AVG Technologies CZ, s.r.o.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2860760 2016-01-14] (Acer Incorporated)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-03-20] (WildTangent)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328624 2015-10-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel® Corporation)
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2904864 2015-06-02] (IObit)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-08-07] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-08-07] (McAfee, Inc.)
R2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [222168 2013-01-29] (Soluto)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162592 2016-02-16] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [306976 2016-03-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-26] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [246560 2016-03-07] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-12-04] (AVG Technologies CZ, s.r.o.)
R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [71456 2016-03-08] (AVG Technologies CZ, s.r.o.)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-08-07] (McAfee, Inc.)
R3 cpuz136; C:\WINDOWS\TEMP\cpuz136\cpuz136_x64.sys [23856 2016-04-14] (CPUID)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-09] (Intel Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-08-07] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-08-07] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69264 2013-08-07] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519064 2013-08-07] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [776168 2013-08-07] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343568 2013-08-07] (McAfee, Inc.)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-08-04] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-21 10:20 - 2016-04-21 10:20 - 00000000 ____D C:\FRST
2016-04-18 14:07 - 2016-04-18 14:07 - 00002410 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-04-18 14:07 - 2016-04-18 14:07 - 00000000 ___HD C:\OneDriveTemp
2016-04-14 18:49 - 2016-04-14 18:49 - 00003388 _____ C:\WINDOWS\System32\Tasks\SweetLabs App Platform
2016-04-14 18:49 - 2016-04-14 18:49 - 00002528 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2016-04-14 13:55 - 2016-04-14 13:55 - 00001013 _____ C:\Users\Public\Desktop\AVG Protection.lnk
2016-04-13 15:47 - 2016-04-01 23:14 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-04-13 15:47 - 2016-03-29 06:20 - 07474016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-04-13 15:47 - 2016-03-29 06:20 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 15:47 - 2016-03-29 06:18 - 02152280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-04-13 15:47 - 2016-03-29 05:37 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-04-13 15:47 - 2016-03-29 04:41 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-04-13 15:47 - 2016-03-29 04:06 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-04-13 15:47 - 2016-03-29 04:02 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-04-13 15:47 - 2016-03-29 04:01 - 00541304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-04-13 15:47 - 2016-03-29 03:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-04-13 15:47 - 2016-03-29 03:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-04-13 15:47 - 2016-03-29 03:46 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-04-13 15:47 - 2016-03-29 03:36 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-04-13 15:47 - 2016-03-29 03:19 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-04-13 15:47 - 2016-03-29 03:15 - 01714688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-04-13 15:47 - 2016-03-29 03:15 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-04-13 15:47 - 2016-03-29 03:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-04-13 15:47 - 2016-03-29 03:12 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-04-13 15:47 - 2016-03-29 03:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-04-13 15:47 - 2016-03-29 03:10 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-04-13 15:47 - 2016-03-29 03:07 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-04-13 15:47 - 2016-03-29 03:02 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-04-13 15:47 - 2016-03-29 03:02 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-04-13 15:47 - 2016-03-29 03:00 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-04-13 15:47 - 2016-03-29 02:42 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-04-13 15:47 - 2016-03-29 02:37 - 01444352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-04-13 15:47 - 2016-03-29 02:37 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-04-13 15:47 - 2016-03-29 02:37 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-04-13 15:47 - 2016-03-29 02:32 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-04-13 15:47 - 2016-03-29 02:31 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-04-13 15:47 - 2016-03-29 02:28 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-04-13 15:47 - 2016-03-29 02:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-04-13 15:47 - 2016-03-29 02:26 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-04-13 15:47 - 2016-03-29 02:05 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-04-13 15:47 - 2016-03-29 02:05 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-04-13 15:47 - 2016-03-29 02:02 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-04-13 15:47 - 2016-03-29 02:01 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-04-13 15:47 - 2016-03-29 01:56 - 16985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-04-13 15:47 - 2016-03-29 01:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-04-13 15:47 - 2016-03-29 01:51 - 22378496 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-04-13 15:47 - 2016-03-29 01:51 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-04-13 15:47 - 2016-03-29 01:41 - 24602112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-04-13 15:47 - 2016-03-29 01:41 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-04-13 15:47 - 2016-03-29 01:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-04-13 15:47 - 2016-03-29 01:38 - 18673664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-04-13 15:47 - 2016-03-29 01:37 - 19340800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-04-13 15:47 - 2016-03-29 01:27 - 07836160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-04-13 15:47 - 2016-03-29 01:27 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-04-13 15:46 - 2016-04-02 00:13 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-04-13 15:46 - 2016-04-02 00:10 - 00770640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2016-04-13 15:46 - 2016-04-02 00:10 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-04-13 15:46 - 2016-04-02 00:10 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-04-13 15:46 - 2016-04-01 23:30 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-04-13 15:46 - 2016-04-01 23:29 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-04-13 15:46 - 2016-04-01 23:29 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-04-13 15:46 - 2016-04-01 23:26 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-04-13 15:46 - 2016-04-01 23:25 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2016-04-13 15:46 - 2016-04-01 23:25 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2016-04-13 15:46 - 2016-04-01 23:23 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-04-13 15:46 - 2016-04-01 23:23 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-04-13 15:46 - 2016-04-01 23:21 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-04-13 15:46 - 2016-04-01 23:19 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-04-13 15:46 - 2016-04-01 23:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-04-13 15:46 - 2016-04-01 23:15 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-04-13 15:46 - 2016-04-01 23:09 - 01832448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-04-13 15:46 - 2016-04-01 23:08 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-04-13 15:46 - 2016-04-01 23:07 - 03575296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-04-13 15:46 - 2016-04-01 23:07 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-04-13 15:46 - 2016-04-01 23:03 - 04774912 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-04-13 15:46 - 2016-04-01 23:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-04-13 15:46 - 2016-03-29 06:23 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-04-13 15:46 - 2016-03-29 06:22 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-04-13 15:46 - 2016-03-29 06:22 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-04-13 15:46 - 2016-03-29 06:20 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-04-13 15:46 - 2016-03-29 06:20 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-04-13 15:46 - 2016-03-29 06:15 - 00100232 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2016-04-13 15:46 - 2016-03-29 06:11 - 00686976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-04-13 15:46 - 2016-03-29 06:05 - 01152864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-04-13 15:46 - 2016-03-29 06:02 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-04-13 15:46 - 2016-03-29 06:02 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-04-13 15:46 - 2016-03-29 05:56 - 01297752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-04-13 15:46 - 2016-03-29 05:28 - 00696664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-04-13 15:46 - 2016-03-29 05:28 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-04-13 15:46 - 2016-03-29 05:28 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-04-13 15:46 - 2016-03-29 05:25 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-04-13 15:46 - 2016-03-29 05:25 - 00058400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-04-13 15:46 - 2016-03-29 05:19 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-04-13 15:46 - 2016-03-29 05:18 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-04-13 15:46 - 2016-03-29 05:17 - 00300104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-04-13 15:46 - 2016-03-29 05:13 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-04-13 15:46 - 2016-03-29 05:11 - 00605440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-04-13 15:46 - 2016-03-29 05:11 - 00074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2016-04-13 15:46 - 2016-03-29 05:10 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-04-13 15:46 - 2016-03-29 05:09 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-04-13 15:46 - 2016-03-29 05:08 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-04-13 15:46 - 2016-03-29 05:08 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2016-04-13 15:46 - 2016-03-29 05:07 - 00081144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-04-13 15:46 - 2016-03-29 04:44 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-04-13 15:46 - 2016-03-29 04:44 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-04-13 15:46 - 2016-03-29 04:41 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-04-13 15:46 - 2016-03-29 04:32 - 00253088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-04-13 15:46 - 2016-03-29 04:26 - 02403680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-04-13 15:46 - 2016-03-29 04:26 - 01089888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-04-13 15:46 - 2016-03-29 04:26 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
2016-04-13 15:46 - 2016-03-29 04:25 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
2016-04-13 15:46 - 2016-03-29 04:24 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-04-13 15:46 - 2016-03-29 04:23 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
2016-04-13 15:46 - 2016-03-29 04:21 - 00378208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2016-04-13 15:46 - 2016-03-29 04:17 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-04-13 15:46 - 2016-03-29 04:16 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-04-13 15:46 - 2016-03-29 04:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2016-04-13 15:46 - 2016-03-29 04:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2016-04-13 15:46 - 2016-03-29 04:07 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-04-13 15:46 - 2016-03-29 04:07 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2016-04-13 15:46 - 2016-03-29 04:07 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll
2016-04-13 15:46 - 2016-03-29 04:06 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll
2016-04-13 15:46 - 2016-03-29 04:00 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-04-13 15:46 - 2016-03-29 04:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2016-04-13 15:46 - 2016-03-29 04:00 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-04-13 15:46 - 2016-03-29 03:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2016-04-13 15:46 - 2016-03-29 03:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-04-13 15:46 - 2016-03-29 03:57 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-04-13 15:46 - 2016-03-29 03:57 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-04-13 15:46 - 2016-03-29 03:57 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-04-13 15:46 - 2016-03-29 03:55 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-04-13 15:46 - 2016-03-29 03:55 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
2016-04-13 15:46 - 2016-03-29 03:55 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2016-04-13 15:46 - 2016-03-29 03:54 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-04-13 15:46 - 2016-03-29 03:54 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-04-13 15:46 - 2016-03-29 03:53 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-04-13 15:46 - 2016-03-29 03:52 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2016-04-13 15:46 - 2016-03-29 03:51 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2016-04-13 15:46 - 2016-03-29 03:51 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-04-13 15:46 - 2016-03-29 03:51 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-04-13 15:46 - 2016-03-29 03:50 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2016-04-13 15:46 - 2016-03-29 03:50 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-04-13 15:46 - 2016-03-29 03:50 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-04-13 15:46 - 2016-03-29 03:50 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-04-13 15:46 - 2016-03-29 03:50 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2016-04-13 15:46 - 2016-03-29 03:49 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthLEEnum.sys
2016-04-13 15:46 - 2016-03-29 03:49 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-04-13 15:46 - 2016-03-29 03:48 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2016-04-13 15:46 - 2016-03-29 03:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-04-13 15:46 - 2016-03-29 03:46 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-04-13 15:46 - 2016-03-29 03:44 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2016-04-13 15:46 - 2016-03-29 03:42 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-04-13 15:46 - 2016-03-29 03:39 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-04-13 15:46 - 2016-03-29 03:38 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-04-13 15:46 - 2016-03-29 03:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-04-13 15:46 - 2016-03-29 03:36 - 00530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2016-04-13 15:46 - 2016-03-29 03:35 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2016-04-13 15:46 - 2016-03-29 03:35 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2016-04-13 15:46 - 2016-03-29 03:34 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-04-13 15:46 - 2016-03-29 03:34 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-04-13 15:46 - 2016-03-29 03:34 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2016-04-13 15:46 - 2016-03-29 03:34 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2016-04-13 15:46 - 2016-03-29 03:33 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2016-04-13 15:46 - 2016-03-29 03:32 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-04-13 15:46 - 2016-03-29 03:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-04-13 15:46 - 2016-03-29 03:30 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-04-13 15:46 - 2016-03-29 03:30 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-04-13 15:46 - 2016-03-29 03:28 - 00460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-04-13 15:46 - 2016-03-29 03:27 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-04-13 15:46 - 2016-03-29 03:26 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-04-13 15:46 - 2016-03-29 03:23 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2016-04-13 15:46 - 2016-03-29 03:23 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-04-13 15:46 - 2016-03-29 03:23 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-04-13 15:46 - 2016-03-29 03:22 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2016-04-13 15:46 - 2016-03-29 03:21 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-13 15:46 - 2016-03-29 03:20 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-04-13 15:46 - 2016-03-29 03:20 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-04-13 15:46 - 2016-03-29 03:20 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2016-04-13 15:46 - 2016-03-29 03:20 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll
2016-04-13 15:46 - 2016-03-29 03:19 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-04-13 15:46 - 2016-03-29 03:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacchooks.dll
2016-04-13 15:46 - 2016-03-29 03:18 - 00676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2016-04-13 15:46 - 2016-03-29 03:17 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-04-13 15:46 - 2016-03-29 03:17 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-04-13 15:46 - 2016-03-29 03:17 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-04-13 15:46 - 2016-03-29 03:16 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-04-13 15:46 - 2016-03-29 03:16 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-04-13 15:46 - 2016-03-29 03:14 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-04-13 15:46 - 2016-03-29 03:14 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-04-13 15:46 - 2016-03-29 03:14 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-04-13 15:46 - 2016-03-29 03:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-04-13 15:46 - 2016-03-29 03:12 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-04-13 15:46 - 2016-03-29 03:11 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-04-13 15:46 - 2016-03-29 03:11 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2016-04-13 15:46 - 2016-03-29 03:11 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-04-13 15:46 - 2016-03-29 03:11 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-04-13 15:46 - 2016-03-29 03:11 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-04-13 15:46 - 2016-03-29 03:11 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
2016-04-13 15:46 - 2016-03-29 03:10 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-04-13 15:46 - 2016-03-29 03:09 - 01239552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2016-04-13 15:46 - 2016-03-29 03:09 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-04-13 15:46 - 2016-03-29 03:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2016-04-13 15:46 - 2016-03-29 03:08 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-04-13 15:46 - 2016-03-29 03:08 - 00841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-04-13 15:46 - 2016-03-29 03:08 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-04-13 15:46 - 2016-03-29 03:07 - 01902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-04-13 15:46 - 2016-03-29 03:06 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-04-13 15:46 - 2016-03-29 03:06 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-04-13 15:46 - 2016-03-29 03:06 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2016-04-13 15:46 - 2016-03-29 03:05 - 01395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-04-13 15:46 - 2016-03-29 03:05 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2016-04-13 15:46 - 2016-03-29 03:04 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2016-04-13 15:46 - 2016-03-29 03:03 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-04-13 15:46 - 2016-03-29 03:02 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-04-13 15:46 - 2016-03-29 03:00 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-04-13 15:46 - 2016-03-29 03:00 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-04-13 15:46 - 2016-03-29 03:00 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-04-13 15:46 - 2016-03-29 02:59 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-04-13 15:46 - 2016-03-29 02:59 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2016-04-13 15:46 - 2016-03-29 02:59 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-04-13 15:46 - 2016-03-29 02:56 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-04-13 15:46 - 2016-03-29 02:56 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-04-13 15:46 - 2016-03-29 02:55 - 01052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2016-04-13 15:46 - 2016-03-29 02:53 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2016-04-13 15:46 - 2016-03-29 02:53 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2016-04-13 15:46 - 2016-03-29 02:52 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-04-13 15:46 - 2016-03-29 02:52 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2016-04-13 15:46 - 2016-03-29 02:49 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2016-04-13 15:46 - 2016-03-29 02:48 - 00346624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-04-13 15:46 - 2016-03-29 02:44 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-04-13 15:46 - 2016-03-29 02:43 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll
2016-04-13 15:46 - 2016-03-29 02:42 - 01410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-04-13 15:46 - 2016-03-29 02:42 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-13 15:46 - 2016-03-29 02:41 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2016-04-13 15:46 - 2016-03-29 02:40 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-04-13 15:46 - 2016-03-29 02:39 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2016-04-13 15:46 - 2016-03-29 02:39 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2016-04-13 15:46 - 2016-03-29 02:39 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-04-13 15:46 - 2016-03-29 02:38 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-04-13 15:46 - 2016-03-29 02:36 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-04-13 15:46 - 2016-03-29 02:36 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-04-13 15:46 - 2016-03-29 02:35 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-04-13 15:46 - 2016-03-29 02:34 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-04-13 15:46 - 2016-03-29 02:34 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-04-13 15:46 - 2016-03-29 02:34 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2016-04-13 15:46 - 2016-03-29 02:34 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-04-13 15:46 - 2016-03-29 02:32 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-04-13 15:46 - 2016-03-29 02:32 - 01098240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-04-13 15:46 - 2016-03-29 02:32 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2016-04-13 15:46 - 2016-03-29 02:32 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-04-13 15:46 - 2016-03-29 02:32 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-04-13 15:46 - 2016-03-29 02:32 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-04-13 15:46 - 2016-03-29 02:32 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2016-04-13 15:46 - 2016-03-29 02:31 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-04-13 15:46 - 2016-03-29 02:31 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-04-13 15:46 - 2016-03-29 02:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-04-13 15:46 - 2016-03-29 02:30 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-04-13 15:46 - 2016-03-29 02:29 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-04-13 15:46 - 2016-03-29 02:29 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-04-13 15:46 - 2016-03-29 02:28 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-04-13 15:46 - 2016-03-29 02:27 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-04-13 15:46 - 2016-03-29 02:27 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-04-13 15:46 - 2016-03-29 02:27 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-04-13 15:46 - 2016-03-29 02:27 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-04-13 15:46 - 2016-03-29 02:23 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2016-04-13 15:46 - 2016-03-29 02:22 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-04-13 15:46 - 2016-03-29 02:19 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-04-13 15:46 - 2016-03-29 02:17 - 00765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-04-13 15:46 - 2016-03-29 02:14 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2016-04-13 15:46 - 2016-03-29 02:13 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2016-04-13 15:46 - 2016-03-29 02:10 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-04-13 15:46 - 2016-03-29 02:06 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-04-13 15:46 - 2016-03-29 02:05 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-04-13 15:46 - 2016-03-29 02:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-04-13 15:46 - 2016-03-29 02:05 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-04-13 15:46 - 2016-03-29 02:05 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-04-13 15:46 - 2016-03-29 02:04 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-04-13 15:46 - 2016-03-29 02:04 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-04-13 15:46 - 2016-03-29 02:01 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-04-13 15:46 - 2016-03-29 02:00 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-04-13 15:46 - 2016-03-29 01:58 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-04-13 15:46 - 2016-03-29 01:49 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-04-13 15:46 - 2016-03-29 01:45 - 03078144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-04-13 15:46 - 2016-03-29 01:45 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2016-04-13 15:46 - 2016-03-29 01:43 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-04-13 15:46 - 2016-03-29 01:43 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-04-13 15:46 - 2016-03-29 01:38 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-04-13 15:46 - 2016-03-29 01:36 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-04-13 15:46 - 2016-03-29 01:35 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2016-04-13 15:46 - 2016-03-29 01:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2016-04-13 15:46 - 2016-03-29 01:27 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-04-13 15:46 - 2016-03-29 01:26 - 00958976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-04-13 15:46 - 2016-03-29 01:26 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-04-13 15:46 - 2016-03-29 01:25 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-04-13 15:46 - 2016-03-29 01:25 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-04-13 15:46 - 2016-03-29 01:21 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-04-13 15:45 - 2016-04-13 15:45 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-04-13 15:45 - 2016-04-13 15:45 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-13 15:38 - 2016-04-13 15:38 - 35528704 _____ C:\WINDOWS\system32\config\components.iobit
2016-04-13 15:38 - 2016-04-13 15:38 - 05771264 _____ C:\WINDOWS\system32\config\drivers.iobit
2016-04-13 15:35 - 2016-04-13 15:35 - 00000000 ____D C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2016-04-13 15:30 - 2016-04-13 15:30 - 00002058 _____ C:\Users\Public\Desktop\abMusic.lnk
2016-04-13 11:46 - 2016-04-18 12:00 - 00014662 _____ C:\Users\Owner\Desktop\Craig Resume.odt
2016-04-12 18:46 - 2016-04-13 13:59 - 00000000 ____D C:\ProgramData\RogueKiller
2016-04-12 18:46 - 2016-04-13 13:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-04-12 18:46 - 2016-04-13 13:59 - 00000000 ____D C:\Program Files\RogueKiller
2016-04-12 18:44 - 2016-04-13 13:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SMADAV Antivirus
2016-04-12 18:44 - 2016-04-13 13:59 - 00000000 ____D C:\Program Files (x86)\SMADAV
2016-04-12 18:44 - 2016-04-12 18:44 - 00000000 __SHD C:\[Smad-Cage]
2016-04-12 18:44 - 2016-04-12 18:44 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Smadav
2016-04-12 18:43 - 2016-04-13 13:58 - 00000000 ____D C:\Users\Owner\Desktop\RogueKiller 11.0.6
2016-04-12 18:43 - 2016-04-12 18:43 - 00001624 _____ C:\Users\Owner\Desktop\Rkill.txt
2016-04-11 12:11 - 2016-04-11 13:52 - 00009898 _____ C:\Users\Owner\Desktop\Documents\received - instruction.odt
2016-04-11 07:00 - 2016-04-11 07:00 - 00011380 _____ C:\Users\Owner\Desktop\Documents\Ruth medications April 2016.odt
2016-04-09 10:56 - 2016-04-09 10:56 - 00178586 _____ C:\Users\Owner\Desktop\Documents\Kulenovic, Maya Bio.pdf
2016-04-06 16:15 - 2016-04-07 09:35 - 00011582 _____ C:\Users\Owner\Desktop\Creative Budget 2016.odt
2016-04-06 09:08 - 2016-04-13 13:59 - 00000000 ____D C:\AdwCleaner
2016-04-06 08:59 - 2016-04-07 11:13 - 00010549 _____ C:\Users\Owner\Desktop\Documents\Checks Concert Association.odt
2016-03-24 12:52 - 2016-03-24 12:52 - 00010840 _____ C:\Users\Owner\Desktop\Documents\medications March 2016.odt
2016-03-24 12:42 - 2016-03-24 12:49 - 00010916 _____ C:\Users\Owner\Desktop\Documents\Untitled 1.odt
2016-03-24 12:13 - 2016-03-24 12:13 - 00009670 _____ C:\Users\Owner\Desktop\Documents\Sign In.odt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-21 09:38 - 2016-02-01 21:33 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-21 07:18 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-21 07:18 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-21 04:57 - 2014-08-04 20:11 - 00004010 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9FDBA0FA-8748-4DEF-90BC-3F3C86CEA9B0}
2016-04-21 04:41 - 2014-08-04 20:07 - 00000000 ____D C:\Users\Owner\AppData\Local\SweetLabs App Platform
2016-04-21 02:09 - 2014-08-04 20:19 - 00000000 ____D C:\ProgramData\MFAData
2016-04-20 20:38 - 2016-02-01 21:33 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-18 14:07 - 2014-08-05 15:02 - 00000000 __RDO C:\Users\Owner\SkyDrive
2016-04-17 16:38 - 2016-03-10 11:21 - 00000000 ____D C:\Users\Owner\IntelGraphicsProfiles
2016-04-17 15:26 - 2016-03-10 11:06 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-17 15:26 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2016-04-17 15:21 - 2016-03-10 11:07 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-17 15:20 - 2016-03-10 10:49 - 00000000 ____D C:\Users\Owner
2016-04-17 15:20 - 2015-10-30 02:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-04-16 11:20 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\rescache
2016-04-15 02:09 - 2015-10-30 02:28 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2016-04-14 13:55 - 2015-08-07 08:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-04-14 13:55 - 2014-08-04 21:56 - 00000000 ___HD C:\$AVG
2016-04-14 13:54 - 2015-05-29 09:42 - 00000000 ____D C:\Users\Owner\AppData\Local\Avg
2016-04-14 03:33 - 2016-03-10 10:42 - 00236088 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-14 03:31 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-04-14 03:31 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-04-14 03:31 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-04-14 03:31 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-04-14 03:30 - 2016-03-10 13:13 - 00000262 _____ C:\WINDOWS\Tasks\ASC8_SkipUac_Owner.job
2016-04-13 16:30 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-13 16:27 - 2014-08-04 21:28 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-13 16:24 - 2014-08-04 21:28 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-13 16:16 - 2014-08-04 21:56 - 00000000 ____D C:\ProgramData\IObit
2016-04-13 15:48 - 2015-08-22 15:32 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-13 15:30 - 2013-12-20 00:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2016-04-13 15:28 - 2014-08-04 20:10 - 00000000 ____D C:\Users\Owner\AppData\Local\clear.fi
2016-04-13 14:32 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\registration
2016-04-13 14:03 - 2014-12-02 12:20 - 00000000 ____D C:\Program Files (x86)\Browny02
2016-04-13 14:00 - 2016-03-10 12:42 - 00000000 ___RD C:\Users\Owner\3D Objects
2016-04-13 14:00 - 2015-10-30 03:24 - 00000000 ___SD C:\WINDOWS\system32\Nui
2016-04-13 14:00 - 2015-10-30 03:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-04-13 14:00 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\SystemResources
2016-04-13 14:00 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-04-13 14:00 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\L2Schemas
2016-04-13 14:00 - 2015-10-30 02:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-04-13 14:00 - 2015-10-30 02:28 - 00000000 ____D C:\WINDOWS\servicing
2016-04-13 14:00 - 2015-08-07 09:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-13 14:00 - 2015-08-07 09:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-13 14:00 - 2015-02-26 07:38 - 00000000 ____D C:\ProgramData\Avg_Update_0215tb
2016-04-13 14:00 - 2014-12-08 11:20 - 00000000 ____D C:\ProgramData\Avg_Update_1214tb
2016-04-13 14:00 - 2014-11-08 17:01 - 00000000 ____D C:\ProgramData\Avg_Update_1114tb
2016-04-13 14:00 - 2014-11-08 17:01 - 00000000 ____D C:\Program Files (x86)\AVG Security Toolbar
2016-04-13 14:00 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2016-04-13 13:59 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\Globalization
2016-04-13 13:59 - 2014-01-02 05:25 - 00000000 ____D C:\Program Files\Soluto
2016-04-13 13:46 - 2015-10-30 03:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-04-13 13:46 - 2015-10-30 03:24 - 00000000 ___SD C:\WINDOWS\system32\dsc
2016-04-13 13:45 - 2015-10-30 03:24 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-04-13 13:45 - 2015-10-30 03:24 - 00000000 ___SD C:\WINDOWS\system32\Configuration
2016-04-13 13:43 - 2014-09-19 09:44 - 00000000 ___RD C:\Users\Owner\AppData\Roaming\Brother
2016-04-13 13:43 - 2014-08-04 20:08 - 00000000 ____D C:\Users\Owner\AppData\Local\Packages
2016-04-13 13:41 - 2014-08-05 07:42 - 00000000 ____D C:\Users\Owner\AppData\Local\Google
2016-04-13 13:41 - 2013-12-20 00:19 - 00000000 ____D C:\Program Files (x86)\Acer
2016-04-13 13:40 - 2013-12-19 23:49 - 00000000 ___HD C:\OEM
2016-04-06 09:24 - 2015-12-20 18:29 - 00000000 ____D C:\agtg

==================== Files in the root of some directories =======

2016-03-10 10:45 - 2016-03-10 10:45 - 0000000 _____ () C:\ProgramData\DP45977C.lfl
2014-08-04 20:21 - 2014-08-04 20:21 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

Some files in TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\avguirn_081803694635.exe
C:\Users\Owner\AppData\Local\Temp\oct82B3.tmp.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-16 11:17

==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 Struppigel

Struppigel

    Karsten Hahn, G DATA Malware Analyst


  • Malware Response Team
  • 231 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:13 AM

Posted 22 April 2016 - 12:55 AM

Hello hateway

I am Marie Curie and will gladly help you with any malware-related problems.

I will be analysing your logs now and return as soon as possible with instructions. Please familiarize yourself with the following ground rules in the meanwhile.
 

  • Read my instructions thoroughly, carry out each step in the given order.
  • Do not make any changes to your system, or run any tools other than those I provided. Do not delete, fix, uninstall, or install anything unless I tell you to.
  • If you are unsure about anything or if you encounter any problems, please stop and inform me about it.
  • Stick with me until I tell you that your computer is clean. Absence of symptoms does not mean that your computer is free of malware.
  • Back up important files before we start.

 



#3 Struppigel

Struppigel

    Karsten Hahn, G DATA Malware Analyst


  • Malware Response Team
  • 231 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:13 AM

Posted 22 April 2016 - 01:36 AM

STEP 1
aA7bkRO.pngaswMBR

  • Please download aswMBR and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click aswMBR.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes when prompted to download avast! virus definitions. Wait until AVAST engine defs: ### appears.
  • If you are prompted to enable the use of "Virtualization Technology", click Yes.
  • Click the AV Scan: drop down box and click C:\.
  • Click Scan.
  • Upon completion, you will see Scan finished successfully. Click Save log. Save the log to your Desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.

Note: Do NOT click Fix or FixMBR.
Note: A file (MBR.dat) will be created on your Desktop. Do NOT click or delete it.

 

 

STEP 2
File Submission

  • Please go to my channel
  • Click Browse and locate one of the LNK files that replaced your documents.
  • Click Submit Query.

 

======================================================
 
STEP 3
pfNZP4A.pngLogs
In your next reply please include the following logs.

  • aswMBR log
  • Did you successfully upload one LNK file?

 

 

 



#4 Struppigel

Struppigel

    Karsten Hahn, G DATA Malware Analyst


  • Malware Response Team
  • 231 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:13 AM

Posted 25 April 2016 - 02:30 AM

Hello hateway,
 
I have not heard back from you in 3 days.

  • Do you still require help?
  • If you require additional time to complete my instructions, please let me know.
  • If after 48 hours you have not replied to this thread it will have to be closed.

     

 


Edited by Curie, 25 April 2016 - 02:31 AM.


#5 hateway

hateway
  • Topic Starter

  • Members
  • 163 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:13 PM

Posted 26 April 2016 - 07:25 AM

STEP 1
aA7bkRO.pngaswMBR

  • Please download aswMBR and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click aswMBR.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes when prompted to download avast! virus definitions. Wait until AVAST engine defs: ### appears.
  • If you are prompted to enable the use of "Virtualization Technology", click Yes.
  • Click the AV Scan: drop down box and click C:\.
  • Click Scan.
  • Upon completion, you will see Scan finished successfully. Click Save log. Save the log to your Desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.

Note: Do NOT click Fix or FixMBR.
Note: A file (MBR.dat) will be created on your Desktop. Do NOT click or delete it.

 

 

STEP 2
File Submission

  • Please go to my channel
  • Click Browse and locate one of the LNK files that replaced your documents.
  • Click Submit Query.

 

======================================================
 
STEP 3
pfNZP4A.pngLogs
In your next reply please include the following logs.

  • aswMBR log
  • Did you successfully upload one LNK file?

 

 

 

 

 

Hello hateway,
 
I have not heard back from you in 3 days.

  • Do you still require help?
  • If you require additional time to complete my instructions, please let me know.
  • If after 48 hours you have not replied to this thread it will have to be closed.

     

 

 

Yes, sorry I didn't have access to the machine until now. I will post now. Thanks!



#6 hateway

hateway
  • Topic Starter

  • Members
  • 163 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:13 PM

Posted 26 April 2016 - 07:34 AM

When I tried to attach any LNK file via your channel, I could select the file but it wouldn't attach. How about a snip of its properties?

 

Here is the log from aswMBR:

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2016-04-26 07:58:59
-----------------------------
07:58:59.254    OS Version: Windows x64 6.2.9200
07:58:59.255    Number of processors: 4 586 0x3703
07:58:59.256    ComputerName: GOLDSMITH  UserName: Owner
07:59:00.809    Initialize success
07:59:00.943    VM: initialized successfully
07:59:00.972    VM: Intel CPU supported
07:59:03.659    VM: disk I/O storahci.sys
07:59:53.596    AVAST engine defs: 16042500
08:00:05.760    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000023
08:00:05.764    Disk 0 Vendor: ST1000DM003-1CH162 CC47 Size: 953869MB BusType: 11
08:00:06.101    Disk 0 MBR read successfully
08:00:06.103    Disk 0 MBR scan
08:00:06.114    Disk 0 unknown MBR code
08:00:06.146    Disk 0 Partition 1 00     EE          GPT           2097151 MB offset 1
08:00:06.485    Disk 0 scanning C:\WINDOWS\system32\drivers
08:01:02.093    Service scanning
08:01:33.486    Modules scanning
08:01:33.498    Disk 0 trace - called modules:
08:01:33.527    ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll storahci.sys
08:01:33.535    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe001acdfa060]
08:01:33.543    3 CLASSPNP.SYS[fffff80078667d95] -> nt!IofCallDriver -> \Device\00000023[0xffffe001acdfe060]
08:01:35.108    AVAST engine scan C:\WINDOWS
08:02:54.636    AVAST engine scan C:\WINDOWS\system32
08:11:09.237    AVAST engine scan C:\WINDOWS\system32\drivers
08:12:06.972    AVAST engine scan C:\Users\Owner
08:21:31.379    AVAST engine scan C:\ProgramData
08:23:11.129    Disk 0 statistics 3982147/0/0 @ 44.49 MB/s
08:23:11.146    Scan finished successfully
08:26:34.676    Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\AGTG222\MBR.dat"
08:26:34.684    The log file has been saved successfully to "C:\Users\Owner\Desktop\AGTG222\aswMBR.txt"
 



#7 Struppigel

Struppigel

    Karsten Hahn, G DATA Malware Analyst


  • Malware Response Team
  • 231 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:13 AM

Posted 26 April 2016 - 08:05 AM

STEP 1
Lnk-Parser
  • Please download this file: Attached File  lnkparser.zip   63.22KB   4 downloads
  • Right-click lnkparser.zip and click Extract All
  • There should be two files now, lnkparser.bat and lnk_parser_cmd.exe, make sure that both are in the same folder.
  • Drag and drop one of the suspicious lnk files into lnkparser.bat
  • Notepad will open with a report. Copy and paste the report here.


#8 hateway

hateway
  • Topic Starter

  • Members
  • 163 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:13 PM

Posted 27 April 2016 - 07:13 AM

STEP 1
Lnk-Parser

  • Please download this file: attachicon.giflnkparser.zip
  • Right-click lnkparser.zip and click Extract All
  • There should be two files now, lnkparser.bat and lnk_parser_cmd.exe, make sure that both are in the same folder.
  • Drag and drop one of the suspicious lnk files into lnkparser.bat
  • Notepad will open with a report. Copy and paste the report here.

 

[Filename]:                C:\Users\Owner\Desktop\Documents\Course Information.lnk

[Header]
Date created:                03/30/2015 (12:54:05.831) [UTC]
Last accessed:                03/30/2015 (12:54:05.831) [UTC]
Last modified:                03/30/2015 (12:54:05.831) [UTC]
File size:                14847 bytes
File attributes:            0x00000020    (FILE_ATTRIBUTE_ARCHIVE)
Icon index:                0
ShowWindow value:            1        (SW_SHOWNORMAL / SW_NORMAL)
Hot key value:                0x0000        (None)
Link flags:                0x0020009b    (HasLinkTargetIDList, HasLinkInfo, HasRelativePath, HasWorkingDir, IsUnicode, DisableKnownFolderTracking)

[Link Target ID List]

Last modified:                03/30/2015 (12:54:06.0) [UTC]
Folder attributes:            0x00000030    (FILE_ATTRIBUTE_DIRECTORY, FILE_ATTRIBUTE_ARCHIVE)
Short directory name:            Documents
Date created:                08/05/2014 (19:02:26.0) [UTC]
Last accessed:                03/30/2015 (12:54:06.0) [UTC]
Long directory name:            Documents

File size:                14847 bytes
Last modified:                03/30/2015 (12:54:06.0) [UTC]
File attributes:            0x00000020    (FILE_ATTRIBUTE_ARCHIVE)
8.3 filename:                Course Information.odt
Date created:                03/30/2015 (12:54:06.0) [UTC]
Last accessed:                03/30/2015 (12:54:06.0) [UTC]
Long filename:                Course Information.odt

[Link Info]
Location flags:                0x00000003    (VolumeIDAndLocalBasePath, CommonNetworkRelativeLinkAndPathSuffix)
Drive type:                3        (DRIVE_FIXED)
Drive serial number:            6c96-608f
Volume label (ASCII):            Acer
Local path (ASCII):            C:\Users\
Network share flags:            0x00000002    (ValidNetType)
Network provider type:            0x00020000    (WNNC_NET_LANMAN)
Network share name (ASCII):        \\GOLDSMITH\Users
Common path (ASCII):            Owner\SkyDrive\Documents\Course Information.odt

[String Data]
Relative path (UNICODE):        ..\..\..\..\..\SkyDrive\Documents\Course Information.odt
Working Directory (UNICODE):        C:\Users\Owner\SkyDrive\Documents

[Metadata Property Store]
Property set GUID:            46588ae2-4cbc-4338-bbfc-139326986dce

[Distributed Link Tracker Properties]
Version:                0
NetBIOS name:                goldsmith
Droid volume identifier:        c261d93e-e132-4322-8a07-10959c37c763
Droid file identifier:            f1ff0067-d336-11e4-8287-40f02fbe59a2
Birth droid volume identifier:        c261d93e-e132-4322-8a07-10959c37c763
Birth droid file identifier:        f1ff0067-d336-11e4-8287-40f02fbe59a2
MAC address:                40:f0:2f:be:59:a2
UUID timestamp:                03/25/2015 (21:36:06.967) [UTC]
UUID sequence number:            647

 



#9 Struppigel

Struppigel

    Karsten Hahn, G DATA Malware Analyst


  • Malware Response Team
  • 231 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:13 AM

Posted 27 April 2016 - 11:01 AM

Very good. You can drag those files lnkparser.bat and lnk_parser_cmd.exe into the recycle bin. We don't need them anymore.

Your system is not infected with any worm.; but it has an adware infection that we need to address. The LNK file points to a path in your SkyDrive documents folder and is not related to any malware. However, I cannot tell you why the file suddenly points to nowhere or why there is a shortcut in the first place. Maybe you tried to move them, but created shortcuts instead?

 

Please read the following warning before you proceed

 

 

goGMWSt.gifRegistry Cleaner Warning
------------------------------
 
I see you have registry cleaner/optimization software (IObit Advanced System Care) installed on your computer. Registry cleaners and optimization tools that claim to speed up your computer should be avoided, and are potentially dangerous. By running a registry cleaner you risk rendering your machine unbootable. There is no statistical evidence to back claims that cleaning the registry will improve performance. Advertisements to do so are borderline scams intended to goad users into using an unnecessary and potential dangerous product.

  • Some registry cleaners employ aggressive cleaning routines that may cause substantial damage to your system, and could render your machine unbootable.
  • Not all registry cleaners backup the registry. If an issue arises you may not have a backup to rely on.
  • The usefulness of cleaning the registry is disputable; there is no statistical evidence to support the claim that cleaning the registry will improve system performance.
Please refer to the following article on why you should not use registry cleaner software. I suggest reading why Microsoft does not support the use of registry cleaners as well.

 

 

I found a few potentially unwanted programs on your system. These programs are not malicious, but they might be on your computer without your consent. Some of them are known to deliver ads, bundle additional software, or have questionable privacy policies.
Please tell me for each of the following programs if you want to keep them:

  • Advanced System Care
  • Wildtangent Games (may also be called 'Acer Games' on your system)

Edited by Curie, 27 April 2016 - 11:03 AM.


#10 hateway

hateway
  • Topic Starter

  • Members
  • 163 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:13 PM

Posted 27 April 2016 - 01:34 PM

 

Very good. You can drag those files lnkparser.bat and lnk_parser_cmd.exe into the recycle bin. We don't need them anymore.

Your system is not infected with any worm.; but it has an adware infection that we need to address. The LNK file points to a path in your SkyDrive documents folder and is not related to any malware. However, I cannot tell you why the file suddenly points to nowhere or why there is a shortcut in the first place. Maybe you tried to move them, but created shortcuts instead?

 

Please read the following warning before you proceed

 

 

goGMWSt.gifRegistry Cleaner Warning
------------------------------
 
I see you have registry cleaner/optimization software (IObit Advanced System Care) installed on your computer. Registry cleaners and optimization tools that claim to speed up your computer should be avoided, and are potentially dangerous. By running a registry cleaner you risk rendering your machine unbootable. There is no statistical evidence to back claims that cleaning the registry will improve performance. Advertisements to do so are borderline scams intended to goad users into using an unnecessary and potential dangerous product.

  • Some registry cleaners employ aggressive cleaning routines that may cause substantial damage to your system, and could render your machine unbootable.
  • Not all registry cleaners backup the registry. If an issue arises you may not have a backup to rely on.
  • The usefulness of cleaning the registry is disputable; there is no statistical evidence to support the claim that cleaning the registry will improve system performance.
Please refer to the following article on why you should not use registry cleaner software. I suggest reading why Microsoft does not support the use of registry cleaners as well.

 

 

I found a few potentially unwanted programs on your system. These programs are not malicious, but they might be on your computer without your consent. Some of them are known to deliver ads, bundle additional software, or have questionable privacy policies.
Please tell me for each of the following programs if you want to keep them:

  • Advanced System Care
  • Wildtangent Games (may also be called 'Acer Games' on your system)

 

Thanks for your help, but unfortunately the steps I followed led to no resolution. I have used iObit for over 5 years now on 1,000+ remotely managed computers and only saw positive results. Wild Tangent can be considered a LIGHT risk. As I asked in my first query 2 weeks ago, "I've run ESET online scanner, Malwarebytes, RKill, AVG, Advanced System Care and all kinds of scrpts in CMD prompt and followed all the steps on http://www.techchore.com/flashdrive-shortcut-virus-and-two-2-methods-to-get-rid-of-it/ as it applies to the C drive. I've searched for shortcut virus and found all kinds of software to d/l & run, but it all points to flash drives, and it seems so sketchy."? Seems this query has been bypassed. I appreciate you picking this up since no one else responded, however, NO, no one moved files to create shortcuts RE: "Maybe you tried to move them, but created shortcuts instead?"
Can this topic be forwarded to another MOD or another tier? Sorry, not everyone has to agree with everyone and I don't agree with this direction becuase it doesn't solve the issue to removed iObit and Wild Tangent. Next? ,
 



#11 Struppigel

Struppigel

    Karsten Hahn, G DATA Malware Analyst


  • Malware Response Team
  • 231 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:13 AM

Posted 28 April 2016 - 02:16 AM

Hello hateway
 

Thanks for your help, but unfortunately the steps I followed led to no resolution.


We have only done diagnosis so far. So we are not at a point where we can see any results. The usual procedure is
  • system diagnosis
  • malware removal
  • confirmation that malware is gone

I have used iObit for over 5 years now on 1,000+ remotely managed computers and only saw positive results. Wild Tangent can be considered a LIGHT risk. [...]
Can this topic be forwarded to another MOD or another tier? Sorry, not everyone has to agree with everyone and I don't agree with this direction becuase it doesn't solve the issue to removed iObit and Wild Tangent. Next?


I will not push you to remove any of those programmes. I told you my reasons for Advanced Systemcare and I respect your decision to keep it.
A lot of people who seek for help here have programmes on their systems that they did not knowingly install. These programmes were preinstalled, bundled with other software or have been installed without consent by adware. I only know if that is the case by asking, which is what I did.
 

As I asked in my first query 2 weeks ago, "I've run ESET online scanner, Malwarebytes, RKill, AVG, Advanced System Care and all kinds of scrpts in CMD prompt and followed all the steps on http://www.techchore.com/flashdrive-shortcut-virus-and-two-2-methods-to-get-rid-of-it/ as it applies to the C drive. I've searched for shortcut virus and found all kinds of software to d/l & run, but it all points to flash drives, and it seems so sketchy."? Seems this query has been bypassed.


As I take it from your query, you made the assumption that your system is infected by any malware that creates these shortcuts. That assumption is reasonable with the symptoms at hand. You seeked for assistance in the "Am I Infected" forum to check-up and clean your system. I am doing exactly that.
  • I made a system diagnosis for malware and found an infection with Pokki adware. But before starting any fix I asked for the potentially unwanted programmes to avoid any redundant steps. This is a good practice, because it means less work for you.
  • I researched other reasons for shortcuts to appear related to SkyDrive, and one of them was this link.
    That link is the reason I asked you whether you moved the files. People who seek for help have very different backgrounds and technical knowledge. Sometimes a solution to a problem is that simple. I do not know your technical background, so don't take it personally that I assumed a less tech-savvy person.
  • I checked your shortcuts. Adware may create or modify shortcuts, e.g., to open browsers with the advertised website. Worms create shortcuts that will run the malicious code, often alongside the legitimate file they are pointing at. All those things would show in the lnk-parser log. But your system does not have any worm, which is why your previous attempts to solve the problem did not work.
What is now left to do is to tackle the adware on your system. We can only tell if that solves your shortcut problem after we actually removed it.

If the shortcut problem remains, then it is not malware related and I will forward you to a technical expert. The technician will have an easier job to pinpoint the culprit knowing that your system is clean.

STEP 1
EtQetiM.png Uninstall Software
  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the following programmes, right-click and click Uninstall.
    • Pokki Start Menu
    • Host App Service (Pokki)
    • Acer Games (Pokki)
    • Amazon 1Button App
    • AOL (Pokki)
  • Follow the prompts.
  • Note: If you are offered the choice to install additional software, ensure you decline.
  • Reboot if necessary.
STEP 2
E3feWj5.pngJunkware Removal Tool (JRT)
  • Please download Junkware Removal Tool and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click JRT.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts and allow the scan to run uninterrupted.
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of JRT.txt and paste in your next reply.
STEP 3
BY4dvz9.pngAdwCleaner
  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts.
  • Click Scan.
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate.
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
  • Follow the prompts and allow your computer to reboot.
  • After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.
-- File and folder backups are made for items removed using this tool. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

======================================================

STEP 4
pfNZP4A.pngLogs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.
  • Did you successfully uninstall the programmes in Step 1?
  • JRT.txt
  • AdwCleaner[S0].txt

Edited by Curie, 28 April 2016 - 02:48 AM.


#12 hateway

hateway
  • Topic Starter

  • Members
  • 163 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:13 PM

Posted 28 April 2016 - 11:10 AM

Thanks for your reply. I have removed all software you mentioned, and here are the logs:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 10 Home x64
Ran by Owner (Administrator) on Thu 04/28/2016 at 12:00:32.13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 16

Successfully deleted: C:\ProgramData\Avg_Update_0516av (Folder)
Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen (Folder)
Successfully deleted: C:\Users\Owner\AppData\Roaming\productdata (Folder)
Successfully deleted: C:\Users\Public\Desktop\ebay.lnk (Shortcut)
Successfully deleted: C:\WINDOWS\system32\Tasks\Driver Booster SkipUAC (Owner) (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Uninstaller_SkipUac_Administrator (Task)
Successfully deleted: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job (Task)
Successfully deleted: C:\Program Files (x86)\avg security toolbar (Folder)
Successfully deleted: C:\WINDOWS\prefetch\FREEBIGUPGRADE.EXE-81FFD241.pf (File)
Successfully deleted: C:\WINDOWS\prefetch\FREEBIGUPGRADE.EXE-8BC5F024.pf (File)
Successfully deleted: C:\WINDOWS\prefetch\GOOGLETOOLBARINSTALLER_UPDATE-7C63FAF5.pf (File)
Successfully deleted: C:\WINDOWS\prefetch\GOOGLETOOLBARMANAGER_A6282D74-32661EF9.pf (File)
Successfully deleted: C:\WINDOWS\prefetch\GOOGLETOOLBARMANAGER_F3B2E431-91187305.pf (File)
Successfully deleted: C:\WINDOWS\prefetch\GOOGLETOOLBARNOTIFIER.EXE-B25C45A8.pf (File)
Successfully deleted: C:\WINDOWS\prefetch\GOOGLETOOLBARUSER_32.EXE-992C17DF.pf (File)



Registry: 3

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 04/28/2016 at 12:04:03.53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

adwCleaner:

# AdwCleaner v5.109 - Logfile created 06/04/2016 at 09:09:03
# Updated 04/04/2016 by Xplode
# Database : 2016-04-05.1 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : Owner - GOLDSMITH
# Running from : C:\Users\Owner\Desktop\adwcleaner_5.109.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

Folder Found : C:\Program Files (x86)\AVG Security Toolbar
Folder Found : C:\ProgramData\AVG Security Toolbar
Folder Found : C:\ProgramData\Avg_Update_0215tb
Folder Found : C:\ProgramData\Avg_Update_1114tb
Folder Found : C:\ProgramData\Avg_Update_1214tb
Folder Found : C:\ProgramData\Application Data\AVG Security Toolbar
Folder Found : C:\ProgramData\Application Data\Avg_Update_0215tb
Folder Found : C:\ProgramData\Application Data\Avg_Update_1114tb
Folder Found : C:\ProgramData\Application Data\Avg_Update_1214tb
Folder Found : C:\Users\Owner\AppData\Local\SweetLabs App Platform
Folder Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen
Folder Found : C:\WINDOWS\SysNative\Tasks\SweetLabs App Platform

***** [ Files ] *****

File Found : C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Pokki Start Menu.lnk
File Found : C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\PC App Store.lnk
File Found : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
File Found : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
File Found : C:\Users\Public\Desktop\eBay.lnk

***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

Task Found : SweetLabs App Platform

***** [ Registry ] *****

Key Found : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
Key Found : HKCU\Software\Classes\Directory\shell\pokki
Key Found : HKCU\Software\Classes\Drive\shell\pokki
Key Found : HKCU\Software\Classes\lnkfile\shell\pokki
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_03d432a7e610c3e908213e7689d4342ce2111caf
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_b6e646d11b719eb1b6efa13bd5a9bd1897ee4eb5
Key Found : HKCU\Software\Classes\pokki
Key Found : HKLM\SOFTWARE\Classes\protector_dll.Protector
Key Found : HKLM\SOFTWARE\Classes\protector_dll.Protector.1
Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
Key Found : HKU\S-1-5-21-2986362171-3745760491-3342823073-1001\Software\Classes\pokki
Key Found : HKLM\SOFTWARE\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : HKCU\Software\SweetLabs App Platform
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}
Key Found : HKU\S-1-5-21-2986362171-3745760491-3342823073-1001\Software\SweetLabs App Platform
Key Found : HKU\S-1-5-21-2986362171-3745760491-3342823073-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
Key Found : HKU\S-1-5-21-2986362171-3745760491-3342823073-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
Key Found : [x64] HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Key Found : HKU\S-1-5-21-2986362171-3745760491-3342823073-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKU\S-1-5-21-2986362171-3745760491-3342823073-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Value Found : HKU\S-1-5-21-2986362171-3745760491-3342823073-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Pokki]

***** [ Web browsers ] *****


*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [6823 bytes] - [06/04/2016 09:09:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [6896 bytes] ##########
# AdwCleaner v5.114 - Logfile created 28/04/2016 at 12:06:02
# Updated 27/04/2016 by Xplode
# Database : 2016-04-27.1 [Server]
# Operating system : Windows 10 Home  (X64)
# Username : Owner - GOLDSMITH
# Running from : C:\Users\Owner\Downloads\adwcleaner_5.114.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

Folder Found : C:\ProgramData\Avg_Update_0215tb
Folder Found : C:\ProgramData\Avg_Update_1114tb
Folder Found : C:\ProgramData\Avg_Update_1214tb
Folder Found : C:\ProgramData\Application Data\Avg_Update_0215tb
Folder Found : C:\ProgramData\Application Data\Avg_Update_1114tb
Folder Found : C:\ProgramData\Application Data\Avg_Update_1214tb

***** [ Files ] *****


***** [ DLL ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Classes\pokki
Key Found : HKLM\SOFTWARE\Classes\protector_dll.Protector
Key Found : HKLM\SOFTWARE\Classes\protector_dll.Protector.1
Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
Key Found : HKU\S-1-5-21-2986362171-3745760491-3342823073-1001\Software\Classes\pokki
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Value Found : HKU\S-1-5-21-2986362171-3745760491-3342823073-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Pokki]

***** [ Web browsers ] *****


*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [6764 bytes] - [06/04/2016 09:24:54]
C:\AdwCleaner\AdwCleaner[S1].txt - [9506 bytes] - [06/04/2016 09:09:03]
C:\AdwCleaner\AdwCleaner[S2].txt - [7084 bytes] - [06/04/2016 09:21:36]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [9652 bytes] ##########



#13 Struppigel

Struppigel

    Karsten Hahn, G DATA Malware Analyst


  • Malware Response Team
  • 231 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:13 AM

Posted 29 April 2016 - 06:16 AM

Hello hateway.

 

AdwCleaner has found several entries. Did you also remove them with AdwCleaner?

 

STEP 1
SystemLook

  • Please download SystemLook (64-bit) by jpshortstuff and save it to your desktop
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following code box into the main textfield:
:dir /s
C:\[Smad-Cage]
C:\$AVG
C:\Program Files\WindowsApps
C:\OEM
C:\OneDriveTemp

:filefind
*.doc*
  • Click the Look button to start the scan (may take 10 ... 30 min.)
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

  • Please attach the log to your next reply.

 

STEP 2
xlK5Hdb.pngFarbar Recovery Scan Tool (FRST) Scan

  • Double-Click FRST64.exe to run the programme.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Attach the logs in your next reply.

 

======================================================
 
STEP 3
pfNZP4A.pngLogs
In your next reply please include the following logs.

  • SystemLook.txt
  • FRST.txt
  • Addition.txt

 

Please notify me if the shortcut problem is there again.



#14 hateway

hateway
  • Topic Starter

  • Members
  • 163 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:13 PM

Posted 29 April 2016 - 09:32 AM

SystemLook 30.07.11 by jpshortstuff
Log created at 10:12 on 29/04/2016 by Owner
Administrator - Elevation successful

Invalid Context: dir /s

No Context: C:\[Smad-Cage]

No Context: C:\$AVG

No Context: C:\Program Files\WindowsApps

No Context: C:\OEM

No Context: C:\OneDriveTemp

========== filefind ==========

Searching for "*.doc*"
C:\$Recycle.Bin\S-1-5-21-2986362171-3745760491-3342823073-1001\$I1MCHJ9.doc    --a---- 146 bytes    [23:08 13/04/2016]    [23:08 13/04/2016] 1976C35D50FDF8C5001BA5E4F9167F5D
C:\$Recycle.Bin\S-1-5-21-2986362171-3745760491-3342823073-1001\$I5XLSIX.doc    --a---- 150 bytes    [23:08 13/04/2016]    [23:08 13/04/2016] 0EA3D9C8F0BC81C8BD7043B91B293761
C:\$Recycle.Bin\S-1-5-21-2986362171-3745760491-3342823073-1001\$IJ3VLIP.doc    --a---- 544 bytes    [16:49 29/01/2015]    [16:49 29/01/2015] BC79E54FB2A3A88781136B13AB8AAC64
C:\$Recycle.Bin\S-1-5-21-2986362171-3745760491-3342823073-1001\$R5XLSIX.doc    --a---- 26112 bytes    [22:52 13/04/2016]    [20:33 31/08/2012] D8A18AF7CEA85A1F79AACAC1DD42E518
C:\Program Files (x86)\OpenOffice 4\program\python-core-2.7.6\lib\pdb.doc    --a---- 7913 bytes    [16:06 15/04/2014]    [16:06 15/04/2014] 9A049066ECE38337BCE5D40DB6599C5D
C:\Users\Owner\Desktop\Resume 2.doc    --a---- 31744 bytes    [16:26 05/11/2015]    [16:29 30/10/2013] 869DEDDC72A415A534E87190D8232864
C:\Users\Owner\Desktop\Documents\C T I housing form.doc    --a---- 20480 bytes    [16:17 02/02/2015]    [18:57 06/04/2010] 2477CBABAF325C820414FECB261CB0C2
C:\Users\Owner\Desktop\Documents\Directions to Ashley River Creative Arts Elementary.doc    --a---- 20480 bytes    [16:18 02/02/2015]    [16:48 08/03/2010] ADBF68339CC514A24BE717492E8DF2D2
C:\Users\Owner\Desktop\Documents\Generalguidelines 2014.doc    --a---- 26112 bytes    [16:18 02/02/2015]    [14:15 28/03/2014] 968988154C73ABE51122158CA862BC69
C:\Users\Owner\Desktop\Documents\Generalguidelines 2016.doc    --a---- 15360 bytes    [17:37 15/03/2016]    [10:43 11/04/2016] 92C5DCEEA9D60ADCCD8B321421E555C0
C:\Users\Owner\Desktop\Documents\Important Information.doc    --a---- 24576 bytes    [22:53 13/04/2016]    [14:04 26/07/2010] 68B67AF78C1C552A59D569A805E50F0F
C:\Users\Owner\Desktop\Documents\Music Chapter 2.doc    --a---- 24064 bytes    [16:17 23/11/2014]    [18:28 06/02/2015] D2A3659E967091779644E094BCA01E05
C:\Users\Owner\Desktop\Documents\Music reading 2.doc    --a---- 35840 bytes    [14:31 06/01/2015]    [13:40 17/03/2015] 06222F37A78E5179BD42346B66F0FD53
C:\Users\Owner\Desktop\Documents\Ticket Out.doc    --a---- 10240 bytes    [16:19 02/02/2015]    [19:38 07/04/2016] 489D825031FBB166B0FDD860060094FC
C:\Users\Owner\SkyDrive\Documents\C T I housing form Mt Pleasant.doc    --a---- 11264 bytes    [17:58 07/02/2015]    [17:58 07/02/2015] 5EE6397CD62E65B4311F5F56939C04F7
C:\Users\Owner\SkyDrive\Documents\Generalguidelines 2015.doc    --a---- 14848 bytes    [18:02 07/02/2015]    [18:02 07/02/2015] DA5E7A36B67956072424ED7ECC0E38C2
C:\Users\Owner\SkyDrive\Documents\Music reading 2 revised.doc    --a---- 36864 bytes    [15:00 06/01/2015]    [15:00 06/01/2015] 7BFCE0EEAE07614C8E1426179C43FC8E
C:\Users\Owner\SkyDrive\Documents\Ticket Out.doc    --a---- 10240 bytes    [17:54 07/02/2015]    [17:54 07/02/2015] 52B760D10E940B0A0CD80EB2A1C7A5C2
C:\Windows\System32\MSDRM\MsoIrmProtector.doc    --a---- 24064 bytes    [07:17 30/10/2015]    [07:17 30/10/2015] 33E940FBEB47478645B849EFC85BAB08
C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc    --a---- 24064 bytes    [07:18 30/10/2015]    [07:18 30/10/2015] 33E940FBEB47478645B849EFC85BAB08
C:\Windows\WinSxS\amd64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.10586.0_none_9a50c8929fd3e917\MsoIrmProtector.doc    --a---- 24064 bytes    [07:17 30/10/2015]    [07:17 30/10/2015] 33E940FBEB47478645B849EFC85BAB08
C:\Windows\WinSxS\Manifests\amd64_microsoft-windows-i..document-deployment_31bf3856ad364e35_10.0.10586.0_none_083aa9f279a3423b.manifest    --a---- 270 bytes    [07:15 30/10/2015]    [07:15 30/10/2015] 87861208BB7192714B5AE5CC002C55AA
C:\Windows\WinSxS\Manifests\amd64_microsoft-windows-p..documenttargetprint_31bf3856ad364e35_10.0.10586.0_none_20e4c8e5131402d1.manifest    --a---- 638 bytes    [07:13 30/10/2015]    [07:13 30/10/2015] 6B1FA3B3C681F079C33E1157292307CA
C:\Windows\WinSxS\Manifests\amd64_microsoft-windows-s..docs-main.resources_31bf3856ad364e35_10.0.10586.0_en-us_f04e578c096b9aea.manifest    --a---- 515 bytes    [09:01 30/10/2015]    [09:01 30/10/2015] 3B3BDBC752E268B6F1D587C107988E7C
C:\Windows\WinSxS\Manifests\wow64_microsoft-windows-i..document-deployment_31bf3856ad364e35_10.0.10586.0_none_128f5444ae040436.manifest    --a---- 266 bytes    [07:15 30/10/2015]    [07:15 30/10/2015] 16409563D8FCE167D1670F2BDB973222
C:\Windows\WinSxS\Manifests\x86_microsoft-windows-p..documenttargetprint_31bf3856ad364e35_10.0.10586.0_none_c4c62d615ab6919b.manifest    --a---- 636 bytes    [07:13 30/10/2015]    [07:13 30/10/2015] BF214737C01636E163848D3B59ADD77A
C:\Windows\WinSxS\wow64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.10586.0_none_a4a572e4d434ab12\MsoIrmProtector.doc    --a---- 24064 bytes    [07:18 30/10/2015]    [07:18 30/10/2015] 33E940FBEB47478645B849EFC85BAB08

-= EOF =-

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-04-2016
Ran by Owner (administrator) on GOLDSMITH (29-04-2016 10:26:07)
Running from C:\Users\Owner\Desktop\AGTG222
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Soluto) C:\Program Files\Soluto\SolutoService.exe
(Soluto) C:\Program Files\Soluto\SolutoLauncherService.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Soluto) C:\Program Files\Soluto\Soluto.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
(Microsoft Corporation) C:\Windows\System32\sdiagnhost.exe
() C:\Program Files\WindowsApps\Microsoft.ConnectivityStore_1.1604.4.0_x64__8wekyb3d8bbwe\ConnectivityStore.Windows.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Desktop.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-08-04] (Realtek Semiconductor)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2013-12-19] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3930384 2016-04-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-04-14] (AVG Technologies CZ, s.r.o.)
HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit,
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
HKU\S-1-5-21-2986362171-3745760491-3342823073-1001\...\Run: [AcerPortal] => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2732760 2016-01-19] (Acer)
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-03-12] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-03-12] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-03-12] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{37ed7bc8-a1a5-45dc-bf58-326b0c52b5bb}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{f7d0a7f7-5876-4b87-b325-f7599b47dca3}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2986362171-3745760491-3342823073-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll => No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-24] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-24] (Google Inc.)
Toolbar: HKU\S-1-5-21-2986362171-3745760491-3342823073-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab

FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll [2016-03-20] ()

Chrome:
=======
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [638456 2016-04-06] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3993088 2016-04-06] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1074448 2016-04-14] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [593880 2016-04-06] (AVG Technologies CZ, s.r.o.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2860760 2016-01-14] (Acer Incorporated)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-03-20] (WildTangent)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328624 2015-10-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel® Corporation)
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2904864 2015-06-02] (IObit)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-08-07] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-08-07] (McAfee, Inc.)
R2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [222168 2013-01-29] (Soluto)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162592 2016-02-16] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [306976 2016-03-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-26] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [246560 2016-03-07] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-12-04] (AVG Technologies CZ, s.r.o.)
R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [71456 2016-03-08] (AVG Technologies CZ, s.r.o.)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-08-07] (McAfee, Inc.)
R3 cpuz136; C:\WINDOWS\TEMP\cpuz136\cpuz136_x64.sys [23856 2016-04-14] (CPUID)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-09] (Intel Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-08-07] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-08-07] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69264 2013-08-07] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519064 2013-08-07] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [776168 2013-08-07] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343568 2013-08-07] (McAfee, Inc.)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-08-04] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-29 10:09 - 2016-04-29 10:12 - 00010026 _____ C:\Users\Owner\Desktop\SystemLook.txt
2016-04-28 16:45 - 2016-04-28 16:45 - 00002058 _____ C:\Users\Public\Desktop\abMusic.lnk
2016-04-28 12:05 - 2016-04-28 12:05 - 03581504 _____ C:\Users\Owner\Downloads\adwcleaner_5.114.exe
2016-04-28 12:04 - 2016-04-28 12:04 - 00002320 _____ C:\Users\Owner\Desktop\JRT.txt
2016-04-27 08:12 - 2016-04-27 08:12 - 00002387 _____ C:\Users\Owner\Desktop\Documents\lnklog.txt
2016-04-21 10:26 - 2016-04-29 10:24 - 00000000 ____D C:\Users\Owner\Desktop\AGTG222
2016-04-21 10:20 - 2016-04-29 10:26 - 00000000 ____D C:\FRST
2016-04-18 14:07 - 2016-04-18 14:07 - 00002410 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-04-18 14:07 - 2016-04-18 14:07 - 00000000 ___HD C:\OneDriveTemp
2016-04-14 13:55 - 2016-04-14 13:55 - 00001013 _____ C:\Users\Public\Desktop\AVG Protection.lnk
2016-04-14 10:46 - 2016-04-14 10:47 - 00012446 _____ C:\Users\Owner\Desktop\Documents\Important Information 2016.odt
2016-04-13 18:48 - 2016-04-13 18:48 - 00000887 _____ C:\Users\Owner\Desktop\Documents\Goldsmith Financial Statement (2).lnk
2016-04-13 15:47 - 2016-04-01 23:14 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-04-13 15:47 - 2016-03-29 06:20 - 07474016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-04-13 15:47 - 2016-03-29 06:20 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 15:47 - 2016-03-29 06:18 - 02152280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-04-13 15:47 - 2016-03-29 05:37 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-04-13 15:47 - 2016-03-29 04:41 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-04-13 15:47 - 2016-03-29 04:06 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-04-13 15:47 - 2016-03-29 04:02 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-04-13 15:47 - 2016-03-29 04:01 - 00541304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-04-13 15:47 - 2016-03-29 03:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-04-13 15:47 - 2016-03-29 03:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-04-13 15:47 - 2016-03-29 03:46 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-04-13 15:47 - 2016-03-29 03:36 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-04-13 15:47 - 2016-03-29 03:19 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-04-13 15:47 - 2016-03-29 03:15 - 01714688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-04-13 15:47 - 2016-03-29 03:15 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-04-13 15:47 - 2016-03-29 03:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-04-13 15:47 - 2016-03-29 03:12 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-04-13 15:47 - 2016-03-29 03:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-04-13 15:47 - 2016-03-29 03:10 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-04-13 15:47 - 2016-03-29 03:07 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-04-13 15:47 - 2016-03-29 03:02 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-04-13 15:47 - 2016-03-29 03:02 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-04-13 15:47 - 2016-03-29 03:00 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-04-13 15:47 - 2016-03-29 02:42 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-04-13 15:47 - 2016-03-29 02:37 - 01444352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-04-13 15:47 - 2016-03-29 02:37 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-04-13 15:47 - 2016-03-29 02:37 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-04-13 15:47 - 2016-03-29 02:32 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-04-13 15:47 - 2016-03-29 02:31 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-04-13 15:47 - 2016-03-29 02:28 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-04-13 15:47 - 2016-03-29 02:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-04-13 15:47 - 2016-03-29 02:26 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-04-13 15:47 - 2016-03-29 02:05 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-04-13 15:47 - 2016-03-29 02:05 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-04-13 15:47 - 2016-03-29 02:02 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-04-13 15:47 - 2016-03-29 02:01 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-04-13 15:47 - 2016-03-29 01:56 - 16985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-04-13 15:47 - 2016-03-29 01:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-04-13 15:47 - 2016-03-29 01:51 - 22378496 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-04-13 15:47 - 2016-03-29 01:51 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-04-13 15:47 - 2016-03-29 01:41 - 24602112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-04-13 15:47 - 2016-03-29 01:41 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-04-13 15:47 - 2016-03-29 01:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-04-13 15:47 - 2016-03-29 01:38 - 18673664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-04-13 15:47 - 2016-03-29 01:37 - 19340800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-04-13 15:47 - 2016-03-29 01:27 - 07836160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-04-13 15:47 - 2016-03-29 01:27 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-04-13 15:46 - 2016-04-02 00:13 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-04-13 15:46 - 2016-04-02 00:10 - 00770640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2016-04-13 15:46 - 2016-04-02 00:10 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-04-13 15:46 - 2016-04-02 00:10 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-04-13 15:46 - 2016-04-01 23:30 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-04-13 15:46 - 2016-04-01 23:29 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-04-13 15:46 - 2016-04-01 23:29 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-04-13 15:46 - 2016-04-01 23:26 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-04-13 15:46 - 2016-04-01 23:25 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2016-04-13 15:46 - 2016-04-01 23:25 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2016-04-13 15:46 - 2016-04-01 23:23 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-04-13 15:46 - 2016-04-01 23:23 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-04-13 15:46 - 2016-04-01 23:21 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-04-13 15:46 - 2016-04-01 23:19 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-04-13 15:46 - 2016-04-01 23:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-04-13 15:46 - 2016-04-01 23:15 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-04-13 15:46 - 2016-04-01 23:09 - 01832448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-04-13 15:46 - 2016-04-01 23:08 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-04-13 15:46 - 2016-04-01 23:07 - 03575296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-04-13 15:46 - 2016-04-01 23:07 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-04-13 15:46 - 2016-04-01 23:03 - 04774912 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-04-13 15:46 - 2016-04-01 23:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-04-13 15:46 - 2016-03-29 06:23 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-04-13 15:46 - 2016-03-29 06:22 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-04-13 15:46 - 2016-03-29 06:22 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-04-13 15:46 - 2016-03-29 06:20 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-04-13 15:46 - 2016-03-29 06:20 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-04-13 15:46 - 2016-03-29 06:15 - 00100232 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2016-04-13 15:46 - 2016-03-29 06:11 - 00686976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-04-13 15:46 - 2016-03-29 06:05 - 01152864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-04-13 15:46 - 2016-03-29 06:02 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-04-13 15:46 - 2016-03-29 06:02 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-04-13 15:46 - 2016-03-29 05:56 - 01297752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-04-13 15:46 - 2016-03-29 05:28 - 00696664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-04-13 15:46 - 2016-03-29 05:28 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-04-13 15:46 - 2016-03-29 05:28 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-04-13 15:46 - 2016-03-29 05:25 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-04-13 15:46 - 2016-03-29 05:25 - 00058400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-04-13 15:46 - 2016-03-29 05:19 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-04-13 15:46 - 2016-03-29 05:18 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-04-13 15:46 - 2016-03-29 05:17 - 00300104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-04-13 15:46 - 2016-03-29 05:13 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-04-13 15:46 - 2016-03-29 05:11 - 00605440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-04-13 15:46 - 2016-03-29 05:11 - 00074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2016-04-13 15:46 - 2016-03-29 05:10 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-04-13 15:46 - 2016-03-29 05:09 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-04-13 15:46 - 2016-03-29 05:08 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-04-13 15:46 - 2016-03-29 05:08 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2016-04-13 15:46 - 2016-03-29 05:07 - 00081144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-04-13 15:46 - 2016-03-29 04:44 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-04-13 15:46 - 2016-03-29 04:44 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-04-13 15:46 - 2016-03-29 04:41 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-04-13 15:46 - 2016-03-29 04:32 - 00253088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-04-13 15:46 - 2016-03-29 04:26 - 02403680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-04-13 15:46 - 2016-03-29 04:26 - 01089888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-04-13 15:46 - 2016-03-29 04:26 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
2016-04-13 15:46 - 2016-03-29 04:25 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
2016-04-13 15:46 - 2016-03-29 04:24 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-04-13 15:46 - 2016-03-29 04:23 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
2016-04-13 15:46 - 2016-03-29 04:21 - 00378208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2016-04-13 15:46 - 2016-03-29 04:17 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-04-13 15:46 - 2016-03-29 04:16 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-04-13 15:46 - 2016-03-29 04:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2016-04-13 15:46 - 2016-03-29 04:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2016-04-13 15:46 - 2016-03-29 04:07 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-04-13 15:46 - 2016-03-29 04:07 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2016-04-13 15:46 - 2016-03-29 04:07 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll
2016-04-13 15:46 - 2016-03-29 04:06 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll
2016-04-13 15:46 - 2016-03-29 04:00 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-04-13 15:46 - 2016-03-29 04:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2016-04-13 15:46 - 2016-03-29 04:00 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-04-13 15:46 - 2016-03-29 03:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2016-04-13 15:46 - 2016-03-29 03:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-04-13 15:46 - 2016-03-29 03:57 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-04-13 15:46 - 2016-03-29 03:57 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-04-13 15:46 - 2016-03-29 03:57 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-04-13 15:46 - 2016-03-29 03:55 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-04-13 15:46 - 2016-03-29 03:55 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
2016-04-13 15:46 - 2016-03-29 03:55 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2016-04-13 15:46 - 2016-03-29 03:54 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-04-13 15:46 - 2016-03-29 03:54 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-04-13 15:46 - 2016-03-29 03:53 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-04-13 15:46 - 2016-03-29 03:52 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2016-04-13 15:46 - 2016-03-29 03:51 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2016-04-13 15:46 - 2016-03-29 03:51 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-04-13 15:46 - 2016-03-29 03:51 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-04-13 15:46 - 2016-03-29 03:50 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2016-04-13 15:46 - 2016-03-29 03:50 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-04-13 15:46 - 2016-03-29 03:50 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-04-13 15:46 - 2016-03-29 03:50 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-04-13 15:46 - 2016-03-29 03:50 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2016-04-13 15:46 - 2016-03-29 03:49 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthLEEnum.sys
2016-04-13 15:46 - 2016-03-29 03:49 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-04-13 15:46 - 2016-03-29 03:48 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2016-04-13 15:46 - 2016-03-29 03:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-04-13 15:46 - 2016-03-29 03:46 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-04-13 15:46 - 2016-03-29 03:44 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2016-04-13 15:46 - 2016-03-29 03:42 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-04-13 15:46 - 2016-03-29 03:39 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-04-13 15:46 - 2016-03-29 03:38 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-04-13 15:46 - 2016-03-29 03:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-04-13 15:46 - 2016-03-29 03:36 - 00530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2016-04-13 15:46 - 2016-03-29 03:35 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2016-04-13 15:46 - 2016-03-29 03:35 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2016-04-13 15:46 - 2016-03-29 03:34 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-04-13 15:46 - 2016-03-29 03:34 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-04-13 15:46 - 2016-03-29 03:34 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2016-04-13 15:46 - 2016-03-29 03:34 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2016-04-13 15:46 - 2016-03-29 03:33 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2016-04-13 15:46 - 2016-03-29 03:32 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-04-13 15:46 - 2016-03-29 03:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-04-13 15:46 - 2016-03-29 03:30 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-04-13 15:46 - 2016-03-29 03:30 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-04-13 15:46 - 2016-03-29 03:28 - 00460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-04-13 15:46 - 2016-03-29 03:27 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-04-13 15:46 - 2016-03-29 03:26 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-04-13 15:46 - 2016-03-29 03:23 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2016-04-13 15:46 - 2016-03-29 03:23 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-04-13 15:46 - 2016-03-29 03:23 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-04-13 15:46 - 2016-03-29 03:22 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2016-04-13 15:46 - 2016-03-29 03:21 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-13 15:46 - 2016-03-29 03:20 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-04-13 15:46 - 2016-03-29 03:20 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-04-13 15:46 - 2016-03-29 03:20 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2016-04-13 15:46 - 2016-03-29 03:20 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll
2016-04-13 15:46 - 2016-03-29 03:19 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-04-13 15:46 - 2016-03-29 03:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacchooks.dll
2016-04-13 15:46 - 2016-03-29 03:18 - 00676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2016-04-13 15:46 - 2016-03-29 03:17 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-04-13 15:46 - 2016-03-29 03:17 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-04-13 15:46 - 2016-03-29 03:17 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-04-13 15:46 - 2016-03-29 03:16 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-04-13 15:46 - 2016-03-29 03:16 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-04-13 15:46 - 2016-03-29 03:14 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-04-13 15:46 - 2016-03-29 03:14 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-04-13 15:46 - 2016-03-29 03:14 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-04-13 15:46 - 2016-03-29 03:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-04-13 15:46 - 2016-03-29 03:12 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-04-13 15:46 - 2016-03-29 03:11 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-04-13 15:46 - 2016-03-29 03:11 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2016-04-13 15:46 - 2016-03-29 03:11 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-04-13 15:46 - 2016-03-29 03:11 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-04-13 15:46 - 2016-03-29 03:11 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-04-13 15:46 - 2016-03-29 03:11 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
2016-04-13 15:46 - 2016-03-29 03:10 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-04-13 15:46 - 2016-03-29 03:09 - 01239552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2016-04-13 15:46 - 2016-03-29 03:09 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-04-13 15:46 - 2016-03-29 03:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2016-04-13 15:46 - 2016-03-29 03:08 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-04-13 15:46 - 2016-03-29 03:08 - 00841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-04-13 15:46 - 2016-03-29 03:08 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-04-13 15:46 - 2016-03-29 03:07 - 01902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-04-13 15:46 - 2016-03-29 03:06 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-04-13 15:46 - 2016-03-29 03:06 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-04-13 15:46 - 2016-03-29 03:06 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2016-04-13 15:46 - 2016-03-29 03:05 - 01395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-04-13 15:46 - 2016-03-29 03:05 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2016-04-13 15:46 - 2016-03-29 03:04 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2016-04-13 15:46 - 2016-03-29 03:03 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-04-13 15:46 - 2016-03-29 03:02 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-04-13 15:46 - 2016-03-29 03:00 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-04-13 15:46 - 2016-03-29 03:00 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-04-13 15:46 - 2016-03-29 03:00 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-04-13 15:46 - 2016-03-29 02:59 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-04-13 15:46 - 2016-03-29 02:59 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2016-04-13 15:46 - 2016-03-29 02:59 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-04-13 15:46 - 2016-03-29 02:56 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-04-13 15:46 - 2016-03-29 02:56 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-04-13 15:46 - 2016-03-29 02:55 - 01052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2016-04-13 15:46 - 2016-03-29 02:53 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2016-04-13 15:46 - 2016-03-29 02:53 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2016-04-13 15:46 - 2016-03-29 02:52 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-04-13 15:46 - 2016-03-29 02:52 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2016-04-13 15:46 - 2016-03-29 02:49 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2016-04-13 15:46 - 2016-03-29 02:48 - 00346624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-04-13 15:46 - 2016-03-29 02:44 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-04-13 15:46 - 2016-03-29 02:43 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll
2016-04-13 15:46 - 2016-03-29 02:42 - 01410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-04-13 15:46 - 2016-03-29 02:42 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-13 15:46 - 2016-03-29 02:41 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2016-04-13 15:46 - 2016-03-29 02:40 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-04-13 15:46 - 2016-03-29 02:39 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2016-04-13 15:46 - 2016-03-29 02:39 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2016-04-13 15:46 - 2016-03-29 02:39 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-04-13 15:46 - 2016-03-29 02:38 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-04-13 15:46 - 2016-03-29 02:36 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-04-13 15:46 - 2016-03-29 02:36 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-04-13 15:46 - 2016-03-29 02:35 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-04-13 15:46 - 2016-03-29 02:34 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-04-13 15:46 - 2016-03-29 02:34 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-04-13 15:46 - 2016-03-29 02:34 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2016-04-13 15:46 - 2016-03-29 02:34 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-04-13 15:46 - 2016-03-29 02:32 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-04-13 15:46 - 2016-03-29 02:32 - 01098240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-04-13 15:46 - 2016-03-29 02:32 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2016-04-13 15:46 - 2016-03-29 02:32 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-04-13 15:46 - 2016-03-29 02:32 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-04-13 15:46 - 2016-03-29 02:32 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-04-13 15:46 - 2016-03-29 02:32 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2016-04-13 15:46 - 2016-03-29 02:31 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-04-13 15:46 - 2016-03-29 02:31 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-04-13 15:46 - 2016-03-29 02:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-04-13 15:46 - 2016-03-29 02:30 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-04-13 15:46 - 2016-03-29 02:29 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-04-13 15:46 - 2016-03-29 02:29 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-04-13 15:46 - 2016-03-29 02:28 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-04-13 15:46 - 2016-03-29 02:27 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-04-13 15:46 - 2016-03-29 02:27 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-04-13 15:46 - 2016-03-29 02:27 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-04-13 15:46 - 2016-03-29 02:27 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-04-13 15:46 - 2016-03-29 02:23 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2016-04-13 15:46 - 2016-03-29 02:22 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-04-13 15:46 - 2016-03-29 02:19 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-04-13 15:46 - 2016-03-29 02:17 - 00765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-04-13 15:46 - 2016-03-29 02:14 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2016-04-13 15:46 - 2016-03-29 02:13 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2016-04-13 15:46 - 2016-03-29 02:10 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-04-13 15:46 - 2016-03-29 02:06 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-04-13 15:46 - 2016-03-29 02:05 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-04-13 15:46 - 2016-03-29 02:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-04-13 15:46 - 2016-03-29 02:05 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-04-13 15:46 - 2016-03-29 02:05 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-04-13 15:46 - 2016-03-29 02:04 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-04-13 15:46 - 2016-03-29 02:04 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-04-13 15:46 - 2016-03-29 02:01 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-04-13 15:46 - 2016-03-29 02:00 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-04-13 15:46 - 2016-03-29 01:58 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-04-13 15:46 - 2016-03-29 01:49 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-04-13 15:46 - 2016-03-29 01:45 - 03078144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-04-13 15:46 - 2016-03-29 01:45 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2016-04-13 15:46 - 2016-03-29 01:43 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-04-13 15:46 - 2016-03-29 01:43 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-04-13 15:46 - 2016-03-29 01:38 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-04-13 15:46 - 2016-03-29 01:36 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-04-13 15:46 - 2016-03-29 01:35 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2016-04-13 15:46 - 2016-03-29 01:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2016-04-13 15:46 - 2016-03-29 01:27 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-04-13 15:46 - 2016-03-29 01:26 - 00958976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-04-13 15:46 - 2016-03-29 01:26 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-04-13 15:46 - 2016-03-29 01:25 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-04-13 15:46 - 2016-03-29 01:25 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-04-13 15:46 - 2016-03-29 01:21 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-04-13 15:45 - 2016-04-13 15:45 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-04-13 15:45 - 2016-04-13 15:45 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-13 15:38 - 2016-04-13 15:38 - 35528704 _____ C:\WINDOWS\system32\config\components.iobit
2016-04-13 15:38 - 2016-04-13 15:38 - 05771264 _____ C:\WINDOWS\system32\config\drivers.iobit
2016-04-13 15:35 - 2016-04-13 15:35 - 00000000 ____D C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2016-04-13 11:46 - 2016-04-18 12:00 - 00014662 _____ C:\Users\Owner\Desktop\Craig Resume.odt
2016-04-12 18:46 - 2016-04-13 13:59 - 00000000 ____D C:\ProgramData\RogueKiller
2016-04-12 18:46 - 2016-04-13 13:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-04-12 18:46 - 2016-04-13 13:59 - 00000000 ____D C:\Program Files\RogueKiller
2016-04-12 18:44 - 2016-04-13 13:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SMADAV Antivirus
2016-04-12 18:44 - 2016-04-13 13:59 - 00000000 ____D C:\Program Files (x86)\SMADAV
2016-04-12 18:44 - 2016-04-12 18:44 - 00000000 __SHD C:\[Smad-Cage]
2016-04-12 18:44 - 2016-04-12 18:44 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Smadav
2016-04-12 18:43 - 2016-04-13 13:58 - 00000000 ____D C:\Users\Owner\Desktop\RogueKiller 11.0.6
2016-04-12 18:43 - 2016-04-12 18:43 - 00001624 _____ C:\Users\Owner\Desktop\Rkill.txt
2016-04-11 12:11 - 2016-04-11 13:52 - 00009898 _____ C:\Users\Owner\Desktop\Documents\received - instruction.odt
2016-04-11 07:00 - 2016-04-11 07:00 - 00011380 _____ C:\Users\Owner\Desktop\Documents\Ruth medications April 2016.odt
2016-04-09 10:56 - 2016-04-09 10:56 - 00178586 _____ C:\Users\Owner\Desktop\Documents\Kulenovic, Maya Bio.pdf
2016-04-06 16:15 - 2016-04-07 09:35 - 00011582 _____ C:\Users\Owner\Desktop\Creative Budget 2016.odt
2016-04-06 09:08 - 2016-04-28 16:42 - 00000000 ____D C:\AdwCleaner
2016-04-06 08:59 - 2016-04-07 11:13 - 00010549 _____ C:\Users\Owner\Desktop\Documents\Checks Concert Association.odt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-29 09:38 - 2016-02-01 21:33 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-29 02:15 - 2014-08-04 20:19 - 00000000 ____D C:\ProgramData\MFAData
2016-04-28 20:38 - 2016-02-01 21:33 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-28 16:47 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-28 16:47 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-28 16:45 - 2013-12-20 00:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2016-04-28 16:43 - 2014-08-04 20:10 - 00000000 ____D C:\Users\Owner\AppData\Local\clear.fi
2016-04-28 16:41 - 2016-03-10 11:21 - 00000000 ____D C:\Users\Owner\IntelGraphicsProfiles
2016-04-28 16:41 - 2014-08-05 15:02 - 00000000 __RDO C:\Users\Owner\SkyDrive
2016-04-28 12:17 - 2016-03-10 11:06 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-28 12:17 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2016-04-28 12:12 - 2016-03-10 11:07 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-28 12:12 - 2015-10-30 02:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-04-28 12:12 - 2014-08-04 21:56 - 00000000 ____D C:\Program Files (x86)\IObit
2016-04-28 11:54 - 2016-03-10 09:29 - 00000000 ____D C:\Program Files (x86)\Belarc
2016-04-28 09:52 - 2014-08-05 07:42 - 00000000 ____D C:\Users\Owner\AppData\Local\Google
2016-04-28 06:03 - 2014-08-04 20:11 - 00004010 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9FDBA0FA-8748-4DEF-90BC-3F3C86CEA9B0}
2016-04-22 14:09 - 2015-10-30 02:28 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2016-04-17 15:20 - 2016-03-10 10:49 - 00000000 ____D C:\Users\Owner
2016-04-16 11:20 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\rescache
2016-04-14 13:55 - 2015-08-07 08:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-04-14 13:55 - 2014-08-04 21:56 - 00000000 ___HD C:\$AVG
2016-04-14 13:54 - 2015-05-29 09:42 - 00000000 ____D C:\Users\Owner\AppData\Local\Avg
2016-04-14 03:33 - 2016-03-10 10:42 - 00236088 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-14 03:31 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-04-14 03:31 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-04-14 03:31 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-04-14 03:31 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-04-13 16:30 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-13 16:27 - 2014-08-04 21:28 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-13 16:24 - 2014-08-04 21:28 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-13 16:16 - 2014-08-04 21:56 - 00000000 ____D C:\ProgramData\IObit
2016-04-13 15:48 - 2015-08-22 15:32 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-13 14:32 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\registration
2016-04-13 14:03 - 2014-12-02 12:20 - 00000000 ____D C:\Program Files (x86)\Browny02
2016-04-13 14:00 - 2016-03-10 12:42 - 00000000 ___RD C:\Users\Owner\3D Objects
2016-04-13 14:00 - 2015-10-30 03:24 - 00000000 ___SD C:\WINDOWS\system32\Nui
2016-04-13 14:00 - 2015-10-30 03:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-04-13 14:00 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\SystemResources
2016-04-13 14:00 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-04-13 14:00 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\L2Schemas
2016-04-13 14:00 - 2015-10-30 02:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-04-13 14:00 - 2015-10-30 02:28 - 00000000 ____D C:\WINDOWS\servicing
2016-04-13 14:00 - 2015-08-07 09:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-13 14:00 - 2015-08-07 09:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-13 14:00 - 2015-02-26 07:38 - 00000000 ____D C:\ProgramData\Avg_Update_0215tb
2016-04-13 14:00 - 2014-12-08 11:20 - 00000000 ____D C:\ProgramData\Avg_Update_1214tb
2016-04-13 14:00 - 2014-11-08 17:01 - 00000000 ____D C:\ProgramData\Avg_Update_1114tb
2016-04-13 14:00 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2016-04-13 13:59 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\Globalization
2016-04-13 13:59 - 2014-01-02 05:25 - 00000000 ____D C:\Program Files\Soluto
2016-04-13 13:46 - 2015-10-30 03:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-04-13 13:46 - 2015-10-30 03:24 - 00000000 ___SD C:\WINDOWS\system32\dsc
2016-04-13 13:45 - 2015-10-30 03:24 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-04-13 13:45 - 2015-10-30 03:24 - 00000000 ___SD C:\WINDOWS\system32\Configuration
2016-04-13 13:43 - 2014-09-19 09:44 - 00000000 ___RD C:\Users\Owner\AppData\Roaming\Brother
2016-04-13 13:43 - 2014-08-04 20:08 - 00000000 ____D C:\Users\Owner\AppData\Local\Packages
2016-04-13 13:41 - 2013-12-20 00:19 - 00000000 ____D C:\Program Files (x86)\Acer
2016-04-13 13:40 - 2013-12-19 23:49 - 00000000 ___HD C:\OEM
2016-04-06 09:24 - 2015-12-20 18:29 - 00000000 ____D C:\agtg

==================== Files in the root of some directories =======

2016-03-10 10:45 - 2016-03-10 10:45 - 0000000 _____ () C:\ProgramData\DP45977C.lfl
2014-08-04 20:21 - 2014-08-04 20:21 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

Some files in TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\avguirn_081803694635.exe
C:\Users\Owner\AppData\Local\Temp\oct82B3.tmp.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-26 11:58

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-04-2016
Ran by Owner (2016-04-29 10:27:32)
Running from C:\Users\Owner\Desktop\AGTG222
Windows 10 Home Version 1511 (X64) (2016-03-10 15:12:05)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2986362171-3745760491-3342823073-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2986362171-3745760491-3342823073-503 - Limited - Disabled)
Guest (S-1-5-21-2986362171-3745760491-3342823073-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2986362171-3745760491-3342823073-1003 - Limited - Enabled)
Owner (S-1-5-21-2986362171-3745760491-3342823073-1001 - Administrator - Enabled) => C:\Users\Owner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.09.2001 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2001 - Acer Incorporated)
abMusic (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 3.00.2004.0 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.09.2002 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8102 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.00.3007 - Acer Incorporated)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.15.2000.1 - Acer Incorporated)
AVG (Version: 16.61.7539 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4563 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.61.7539 - AVG Technologies)
Classic Shell (HKLM\...\{FEA1590B-540A-41FC-A95C-664493C82A21}) (Version: 3.6.8 - IvoSoft)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3323.57 - CyberLink Corp.)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FMW 1 (Version: 1.73.2 - AVG Technologies) Hidden
Game Channels (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 9.2.0.11 - WildTangent, Inc.)
Game Channels (HKLM-x32\...\WildTangentGameProvider-acer-main) (Version: 9.2.0.11 - WildTangent, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
HL-L2360D series (HKLM-x32\...\{46B58839-2405-48D6-A59D-F8246158A6ED}) (Version: 0.0.13.0 - Brother Industries, Ltd.)
Hotkey Utility (HKLM-x32\...\{A6DC88AD-501A-44BC-884D-57435F972E2C}) (Version: 3.00.8101 - Acer Incorporated)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8100 - Acer Incorporated)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.70.305.16316 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2009 - Acer)
OpenOffice 4.1.0 (HKLM-x32\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.306 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.11 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Soluto (HKLM\...\{A40888FC-B545-46F3-8628-6AE98C1C75C6}) (Version: 1.3.1193.1 - Soluto)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.1.57.ge7405149 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.44109 - TeamViewer)
The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.32 - WildTangent) Hidden
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.11.14 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2986362171-3745760491-3342823073-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2986362171-3745760491-3342823073-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04A43EC4-60B2-4CD4-9F5A-2314CF0C4BFB} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {0588B80F-5000-4416-9AC6-0F41261BB1EE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {0B0DAE35-ED43-4A73-BC82-5BA5586C48F9} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {0FDA1890-2101-4A2F-B57E-2F5177C97E55} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {4265F409-EF61-485D-94DF-377B97A46D37} - System32\Tasks\Hotkey Utility => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [2013-08-22] (Acer Incorporated)
Task: {513575F3-AA31-408D-8395-8F892F46F70B} - System32\Tasks\abDocsDllLoader => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe [2015-11-23] ()
Task: {5D8A47DB-C9B6-4C95-A8D1-9B3E3B35644C} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {65984C22-7D04-4C7E-9DAA-400D35980F67} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {67F9AD64-1C90-4451-9AEF-8346714731CE} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2016-01-14] (Acer Incorporated)
Task: {7D349549-68A8-4DE7-A6F8-6EC0D03B421D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {88269990-2CEC-4DD9-8DB3-65812D893D4D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {8CD0F914-2E38-4CD1-A2FC-EFC0608452E0} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2013-11-07] (Acer Incorporated)
Task: {9436AFE0-B3AC-463F-B4F8-4239656A3208} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-04-13] (Microsoft Corporation)
Task: {990CC474-F33D-4FB7-85C2-3A71B1FA5A47} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {9C0B2D02-0AEA-4969-AFD0-F7A7C2BB0A6A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {A601412F-F287-490C-9C4D-717EBFCEC889} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {BC647621-7A2C-49A2-94B3-7AEFA5501BCE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {C486FCD6-7DBE-4943-9AAF-C38F364F33E3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {DC889C8F-0000-404B-9D73-27B7B58DAC73} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2016-01-19] (Acer)
Task: {E6FD989E-A2C9-4696-AABC-FD6FFCEC8BD7} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {F06B5F8D-40C6-45DB-B33C-2F1C3EF39813} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()
Task: {FF501DA3-4439-4578-BF22-0A18CC3BD8D8} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2013-01-29 16:28 - 2013-01-29 16:28 - 00109024 _____ () C:\Program Files\Soluto\PCGDllExportInspector.dll
2013-01-29 16:28 - 2013-01-29 16:28 - 00055352 ____R () C:\Program Files\Soluto\PCGDeviceScanLib.dll
2016-04-18 11:20 - 2016-04-18 11:20 - 00150528 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Management\c4b8ea8692accd6445a24b9c8398003d\Windows.Management.ni.dll
2016-04-14 11:11 - 2016-04-14 11:11 - 04276736 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.App640a3541#\d2b7c683dc1e85d376103d969fcf24f2\Windows.ApplicationModel.ni.dll
2016-04-14 11:11 - 2016-04-14 11:11 - 00462848 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.System\e25cb86a646752c821c9fccdadd74866\Windows.System.ni.dll
2016-04-14 11:11 - 2016-04-14 11:11 - 00497664 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\a55d1aa8413de7ec76aab7958a344629\Windows.Foundation.ni.dll
2016-04-13 15:47 - 2016-03-29 06:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 15:47 - 2016-03-29 06:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-04-18 14:07 - 2016-04-18 14:07 - 00959176 _____ () C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\ClientTelemetry.dll
2013-01-29 16:28 - 2013-01-29 16:28 - 00109024 _____ () c:\program files\soluto\PCGDllExportInspector.dll
2016-04-19 05:42 - 2016-04-19 05:42 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-03-10 13:36 - 2016-03-10 13:36 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-04-13 15:46 - 2016-04-01 23:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-04-13 15:46 - 2016-04-01 23:03 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-04-13 15:46 - 2016-04-01 22:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-04-13 15:46 - 2016-04-01 22:59 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-04-13 15:47 - 2016-04-01 23:02 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2014-01-02 05:31 - 2013-07-30 22:11 - 00110152 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2015-11-23 19:44 - 2015-11-23 19:44 - 01769312 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
2015-11-23 19:44 - 2015-11-23 19:44 - 00091488 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
2016-04-28 16:47 - 2016-04-28 16:47 - 00016384 _____ () C:\Program Files\WindowsApps\Microsoft.ConnectivityStore_1.1604.4.0_x64__8wekyb3d8bbwe\ConnectivityStore.Windows.exe
2016-04-28 16:47 - 2016-04-28 16:47 - 05063168 _____ () C:\Program Files\WindowsApps\Microsoft.ConnectivityStore_1.1604.4.0_x64__8wekyb3d8bbwe\ConnectivityStore.Windows.dll
2016-04-19 05:42 - 2016-04-19 05:42 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 05:42 - 2016-04-19 05:42 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-01-19 16:06 - 2016-01-19 16:06 - 00194048 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
2016-01-19 16:06 - 2016-01-19 16:06 - 00110592 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll
2016-04-18 14:07 - 2016-04-18 14:07 - 00679624 _____ () C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\ClientTelemetry.dll
2014-12-02 12:19 - 2009-02-27 17:38 - 00139264 _____ () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2016-03-11 11:33 - 2016-03-11 11:32 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
2016-03-10 10:51 - 2016-03-10 10:51 - 00015064 _____ () C:\WINDOWS\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2016-01-14 18:12 - 2016-01-14 18:12 - 00013016 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2016-01-14 18:11 - 2016-01-14 18:11 - 00277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2015-11-23 19:44 - 2015-11-23 19:44 - 00277856 _____ () C:\Program Files (x86)\Acer\abDocs\libcurl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-2986362171-3745760491-3342823073-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2986362171-3745760491-3342823073-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2986362171-3745760491-3342823073-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2986362171-3745760491-3342823073-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2986362171-3745760491-3342823073-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2986362171-3745760491-3342823073-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2986362171-3745760491-3342823073-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2986362171-3745760491-3342823073-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2986362171-3745760491-3342823073-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2986362171-3745760491-3342823073-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2986362171-3745760491-3342823073-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2986362171-3745760491-3342823073-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2986362171-3745760491-3342823073-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2986362171-3745760491-3342823073-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2986362171-3745760491-3342823073-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2986362171-3745760491-3342823073-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2986362171-3745760491-3342823073-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2986362171-3745760491-3342823073-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2986362171-3745760491-3342823073-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2986362171-3745760491-3342823073-1001\...\1-se.com -> 1-se.com

There are 11410 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2016-03-02 13:52 - 00451017 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com
127.0.0.1    www.123moviedownload.com

There are 15471 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2986362171-3745760491-3342823073-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img10.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdvancedSystemCareService8 => 2
MSCONFIG\Services: IMFservice => 2
MSCONFIG\Services: LiveUpdateSvc => 2
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "IObit Malware Fighter"
HKU\S-1-5-21-2986362171-3745760491-3342823073-1001\...\StartupApproved\Run: => "Advanced SystemCare 7"
HKU\S-1-5-21-2986362171-3745760491-3342823073-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"
HKU\S-1-5-21-2986362171-3745760491-3342823073-1001\...\StartupApproved\Run: => "Advanced SystemCare 8"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{1AD2BB79-7EDC-465D-8C3F-F94F66278870}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{8C3E0EA2-CD3A-4B9E-BC4C-A336FD7DB75B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{49F852EB-481B-41D3-A0F6-D53CC96DB76C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{6095AC88-26F2-4608-9B5A-EB0A8D3AC2AB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{949848E2-7885-4248-A71B-F61849C7D3C0}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{5355C52D-CD6D-4F7E-9368-ABA8B4FF1A8C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{1DABFD1B-701F-4190-A408-9837EDFACAC4}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{6F9FB041-A673-4D52-A71A-57B7E9F73B44}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{0ACE2A0A-42E8-4184-87C9-7BFE56AB67EA}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{8AC3A07D-BE30-4BBF-8765-7B5F41301E4C}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{6A6F9A90-093C-4125-B607-56F3068FB1BA}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{2D72653B-D3B2-467F-A756-760230466853}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{78AE7C34-6D43-4047-B15B-D042DC6B8374}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{2C091D2D-8142-4BD6-9437-768A9EA6D24C}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{3C02D10B-63C8-4F6F-A410-F96BD66A7F73}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{F3DE2E2C-BB50-4100-9225-7CA31CF7C82C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{9F138555-1A4E-4460-8ECC-F72E84B985E9}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{77AEF598-74F2-467D-B33E-31D019839E2E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{C87036FE-CBEC-49AB-B21B-4A6A8C8E212A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{F6C5C3DF-0273-4F39-AF6C-74D84098AD92}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{502FBD39-DE92-4AC8-BB57-25009F713596}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{BA128549-6143-412D-8CB8-0E5E64E8774A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{D53FCE20-A1C7-4B69-BE6B-88753B97CC40}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{973F4C83-DA9E-4DB0-A129-796CB6632298}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{70182365-5ED0-49D8-97BE-32FB7220D3FD}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{B8A29061-C930-42B0-97BF-1B5538CFE882}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{D51E32FC-0BCF-45F1-8633-844A3EBFFF10}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{BDEC2D41-50BA-460A-87BA-0A001164805C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{92D966E0-6706-43BF-A018-3B8682C69368}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{6A576723-64E9-4E54-8BC2-C51B392711F1}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{FA140604-54D7-4F61-9A5C-2EEAF928412D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{43CCF211-11F7-479F-A96A-31E09EC8AE58}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{89D8199F-D02B-4AD7-AF8A-762270FD436B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{E74F2EBA-080A-4346-93E6-5EEA391D7B9D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{49E9F6AE-F9D3-4DE5-8ADD-671BF61FB2A5}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{0D870C78-504A-42AB-8114-DB095CD94A16}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{E2E2EB3B-1F28-4A64-BE0C-A072E3AF8EF3}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{A166BF41-A4CF-4154-831B-D83F35855E9C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{BBF0B038-8E03-4331-A0C7-034317801E90}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{F5CA423A-F292-4195-8FE3-829FB9372A1A}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{7532D59C-7786-47E9-AE86-C12797EE95F4}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{A06218DC-2F28-400D-8330-E91721F1FF2D}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{E66B3F90-48CE-4C43-B50E-2368E1083EDE}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{AA8087C3-D439-44F3-A1B1-183AF82C6C90}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{55164026-12F6-4B38-844E-2B8087A3AE93}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{7494014A-1313-46B2-8A2E-C9BD26F9E1D4}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{43AB73EA-EF0C-4DAB-871B-1E7A9E29E87B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{2574CCE9-EC95-4048-BC6B-E86F5499523F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{BB8E9A6B-286C-4608-94EB-0A9B1676F0C8}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{D4C91393-7143-4BDE-8A67-B4FC3C3D0902}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{827DB4A8-6C0D-4DEC-802D-1960DDC89EC4}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{738B6375-AED2-411F-9A4C-0D6DCA3C228A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{9E81361C-A614-4A76-8682-B30E05F70DE3}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{F3CEEAC3-58A4-4DBF-B6DE-D4B9577DC735}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{5E08E25B-4D34-4673-87F8-91D32B84C5DC}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{02BAB080-EE2F-4973-9427-79556B65C59D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{9FCAB04D-8DB9-40D3-B589-3BD18291F2D9}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{445B9268-8CC3-42C7-9DB4-8F30E61E9196}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{20E054EA-AC7C-45CB-BAB7-DF89F47D362F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{FCE46472-24A1-4CD0-8EA9-68718FBE9A61}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{A4468E1A-36B5-4CE4-BC9E-98F3958D4EF9}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{178332C1-0B94-403F-A236-EFFCA108A334}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{07694901-BA23-40E3-A69D-A1FF3215A0D9}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{CA3D142E-87B8-422B-9ADF-AD4DC2629667}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{B5C76701-9D66-4943-AE38-608E4D9DACF7}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{A9B617D1-DC99-460A-9E72-DE4E96DAD795}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{97902EF1-218D-44B2-96F6-79791AFDF5B4}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{7425A6E0-D9C0-46C4-B30F-2EBB063D359D}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{8B9983AC-8DBD-41A2-86CF-16FC0CD7D038}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{B63EDDC2-AFDC-49C7-9759-1FBE5DD70F9F}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{566E010B-935B-466B-8915-E98769857D2D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{C300E07E-BD0A-41E6-9CA5-D39C03AC45E3}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{0345EACB-BB6F-426C-A746-2B5B63D9E674}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{BF7103B2-5B5E-4D56-AD3B-225F952F7B5C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{E7C321D5-175C-4057-8081-272968FE929C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{D1F2EB4B-747D-48A3-9189-159E3B9AF56C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{D80CB86B-25E2-4B7D-89CB-A05789F22E54}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{B7D6714A-3E5A-41D1-9A91-E57C844ADEA8}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{CF80DD69-6EFF-4F77-AE6A-A364B2FBEA09}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{0E66BDB8-7D2D-432F-9257-12C2AFCA0D09}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{6F3AA66D-19B4-4C18-9D70-3B3C7DE2E1D7}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{AB25E5F4-5746-45C1-A22A-A36F0E7EFB1B}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{325D8C91-5CA6-45E5-A593-D01E6A3675A9}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{732D50B8-BF91-4D3F-9404-2EB1412362CE}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{26F18E93-09EB-4AA8-9E4C-509C481A6006}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{8ED7883F-E9AC-4786-8361-49EFBB74CC48}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{B87450E2-E2E8-44DC-A1F0-6F1E0DD24378}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{4D736EE5-BA73-4EF0-83E6-D296F3D969B5}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{FCE8E6FF-8AB1-4859-AA5D-0CAF71C06EB9}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{7BF00E79-1303-4BDD-93DC-E275E0CD6B31}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{8AD7EFD4-0D53-48F6-9CCC-03F40EE764E1}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{3FA7E9D4-796E-411F-8F8C-255342869DDB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{DDAA594E-FBBA-4779-A231-8D56596F477A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{E141A364-742B-4EE4-B5CA-14732FD37323}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{5C4B3420-92B2-42D0-864B-977455092ED7}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{09D171A8-2A12-40C2-B9C5-C6C423CED97B}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{C2A89615-1D17-4C4E-BE70-B39643CE9DFE}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{D04C492E-9037-4E21-BBCA-F0799F7E1F51}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{C48ABA06-BAE6-491C-9925-B86D82A771B2}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{3BEFBD51-4C3C-492B-9A41-6991BEC1C301}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{6CE2D8BE-4141-4830-AD80-84C8C611B5C6}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{14576B99-B2B4-488A-9F1E-19DC4D3C1914}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{5783B739-74FE-40F5-83EA-3730DC2DAC64}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{802DE459-169D-463B-9EF6-C8E099C5DE71}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{5356C399-AD51-4089-ADA5-6D45F0396300}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{6F57B365-5BA1-4843-A13C-4785B47BEF2D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{F648BA79-4258-498F-B708-E676BF301521}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{58CA5ECC-F64C-4816-A748-0DC97DC0ECB6}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{057DE6C7-56C2-4B85-B8E3-98A261A349F8}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{0C6F898E-6C19-4C0E-B7B7-1EB4D68EBF35}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{404DCCAD-B9AB-410E-8D56-CA93CB8B7A71}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{3330BBE2-C12B-494F-9406-8F71CAF84887}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{35B84CA8-0DF8-474B-B380-6FAE74F97EE4}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{72A8F311-9740-4109-B36D-0725C9410D75}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{A07B88C6-4AFC-43F7-9891-52BFD3B42AEA}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{84E054A4-6922-411E-BF78-91BEF79368AA}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{456B7584-40F8-4503-9300-FA3D29372D84}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{9539351B-9516-42D5-B1F0-DD2790F5A551}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{3B1B7BAD-D50D-4D2F-BA09-9C5BCC7221FF}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{BBC8C085-C5E7-406C-ADB7-07E1821FA315}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{F057D30A-9B73-458E-885E-E9FD7E7ACFDB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{283E4FC0-C2EB-46EE-8602-2D52A5948D11}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{94E93984-3D98-425C-A445-D7E294557720}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{8F084B89-0BF0-4C44-B23B-10772AB64F30}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{D27D2398-A0F0-41C2-8761-2E966BD439D4}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{B28B1BA7-9791-4837-A8B8-E8B2393D6974}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{A18266C0-1F63-4937-8ECB-FB96E5629CA1}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{D9DCFBA6-78D7-4C73-9D23-8596BA26E219}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{7361414E-C652-4DAD-AFC4-9D3FEB22D624}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{E66FE1D1-D1B5-49CD-A4A9-9443679BEE69}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{77EBD6FD-B44B-4C22-BDCA-EDE7976F49C5}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{4986CB3B-8937-4B8C-BCCC-28D9794B8001}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{2B8705BD-1A35-421F-AB0E-31A27497FB8F}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{87753BAE-C812-4327-9581-4D7646381AE3}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{5E87DE2E-298A-4D2A-B1F7-4780BEFDBEC6}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{0FC27B93-4E53-4F77-B3E4-0B68FC84BBEF}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{785803C9-F031-4B6D-B744-62C4A0591863}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{C532CC1C-E8C4-4EFB-B40E-8F6CD2796458}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{E10B7F20-9214-4BDE-8020-29A974493728}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{34F7A584-F4FF-4308-9D50-314FB0B0B50B}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{88657215-2D63-4661-BF61-A546038857B1}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{B1798262-B495-41E4-BEFE-F7CE009B4185}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{5A4AC2AE-AA24-4B82-9851-F4DE880D5BBF}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{90C27840-C225-4427-9CE6-98898B4E1FCD}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{D9779824-2723-4EE7-B723-9171C9AF2A01}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{D871B194-832B-4E36-AECA-F83B1163A4FD}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{5745DCAE-6392-4AD4-94CC-6FD141B16837}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{A48C0663-808F-4E47-ACA4-22E88EDBF2FE}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{A226C45C-A7C6-41DE-9A19-707CEB344030}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{0FFEB110-DF0D-4A99-A1DC-33A370B81870}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{56CF430A-C4E6-4754-971E-D1592E7B3851}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{8BF93829-82C1-40EB-895B-B35078389B73}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{A044BF1E-7DF1-4C5F-8642-335939A93B5B}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{F64912FC-8D74-41BC-BFEE-DEF8179AF4AA}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{64AEFD10-1DC0-4B3B-A0B4-F813199EFE6B}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{43DD80C4-F617-406B-A7F0-3303965B6339}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{681F0C5C-953B-4617-A6A9-9C3B66EFE78D}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{CD74A583-D38D-48FE-9675-F956C724A8FE}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{BEF5060F-93D2-45A7-8CFF-6C892E6B84ED}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{21B54FCB-7B4E-49E0-BF63-72C6C1EB17FD}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{AFF6D767-DF49-4B20-B5B7-65402A4C0007}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{B8D1626D-D506-419C-AAC9-364F39FCFAF0}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{DD805806-1690-4DA0-90D6-223987E0316D}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{B089F84C-7912-4ED0-ACBD-C9440836C49C}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{3D38E53C-A641-480E-902E-CFA2AA678A2F}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{DB9EC9D5-180B-4727-A39F-0F283354E617}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{CFFA07C3-9307-4660-B4A2-A765D04A8FD4}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{94BBA6FA-AA97-4B21-B74B-5B666A2F545B}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{FE0224D7-F1BB-4839-8658-1A6F66B0D685}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{CA11AE55-49E8-43D0-AB73-F5376B882447}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{633B3370-651F-47AD-86D4-0AC48FE59E49}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{A766B9BC-DB25-4655-AE18-746F34DB3D52}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{754E86E9-706C-4F02-8F91-8E7250462049}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{0650CCF4-7171-4340-B93D-EB1FE596A501}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{EE0CC9E8-9675-41D0-B032-BD0E8CF5BC5E}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{79FA0575-7082-4D85-A097-80C428F42682}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{5769E9AB-4FB4-4D3C-A4A2-8EA1FFD4AB18}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{4C5D5EB0-8317-4F09-A6C5-6891C782095F}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{452C5FA8-8F05-4FFA-B329-300237F75008}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{12D546D8-CB73-4159-9A92-71EB4B0A9B7D}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{611A4DA3-22BE-4834-954D-77E3BA732220}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{2DD3E9BA-09BA-4A21-A35D-35027982A25F}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{B40EEB19-8859-4F7E-B678-68BDAF457242}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{D7B592B5-B8E1-4122-9CFC-1C9A98DD8B4C}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{7930D3A8-5E64-48B0-A428-2A0CAB9B67E6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{17025976-20D9-4CDE-A57D-2A36EF1DC5E8}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{1726260E-6DB8-4E2C-8CDA-585F8D592EE2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{56B92AAF-EEA6-4289-A53B-2F11467C62FE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{7304E53E-515C-4C98-8074-C8AEB84DDC70}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{797674D4-64E4-4A35-AF34-0B83BDB9FA4C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{24C8C849-9570-4824-8A4F-7869B7BE7093}] => (Allow) C:\Program Files\Soluto\Soluto.exe
FirewallRules: [{68E65A50-B6CD-4000-978D-FFDAB3F62F93}] => (Allow) C:\Program Files\Soluto\SolutoService.exe
FirewallRules: [{C7A2124C-A427-4261-81E6-C36F167411F2}] => (Allow) C:\Program Files\Soluto\SolutoUpdateService.exe
FirewallRules: [{FE2D787A-EC3D-402F-AEBB-F8B6ADDE931F}] => (Allow) C:\Program Files\Soluto\SolutoConsole.exe
FirewallRules: [{CDC8CD80-8474-4580-A3B4-6DCD9664CFCF}] => (Allow) C:\Program Files\Soluto\SolutoCleanup.exe
FirewallRules: [{F1869656-3495-41AE-A962-D86EAF3C9C12}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{785F13E3-F159-4725-AFB4-DCDCBE6572B6}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{5A5A68E0-6913-4E8C-815F-D74EC7A2C49F}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{6FCD40AB-CCCD-4B5D-BA3F-DE033816AE12}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{E225FBDA-09E8-448B-945D-33B5D7521E53}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{81ABF029-79EF-4EEB-8F21-47794ADB92E3}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{F5F0C90D-AFD6-45AD-8B3D-044AE3BD45A5}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{1F100328-2EF3-46B5-B330-A53C2433830C}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{34742437-EB7D-4080-A7A0-70162D0B5E11}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{45111A0D-9CE9-4245-A256-9DA8FFDA2A53}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{662F8AF5-87A6-4C7E-94FE-6326A3DB427F}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{4B0764E9-2CC8-4B22-B8D5-50A0ABCDB023}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{8BDBF5C8-17B0-4368-9A07-8C3429514C1A}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{17C2DA57-4AC9-4463-A4E3-DFE469C446C7}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{A94310FA-82C0-4418-9755-722685F570BC}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{C32E4F7A-727F-4043-855A-68AED307BB11}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe

==================== Restore Points =========================

21-04-2016 10:59:26 Scheduled Checkpoint
28-04-2016 11:53:31 Removed Amazon 1Button App
28-04-2016 12:00:32 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/29/2016 08:03:30 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (04/29/2016 08:03:24 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (04/28/2016 09:57:03 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (04/28/2016 09:07:13 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (04/28/2016 09:05:42 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (04/28/2016 06:48:00 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (04/28/2016 06:47:58 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (04/28/2016 05:35:54 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (04/28/2016 04:54:35 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (04/28/2016 04:54:31 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.


System errors:
=============
Error: (04/29/2016 09:43:42 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {F3B4E234-7A68-4E43-B813-E4BA55A065F6}

Error: (04/28/2016 12:11:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_4caae6 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/28/2016 12:11:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_4caae6 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/28/2016 12:11:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_4caae6 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/28/2016 12:11:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_4caae6 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/28/2016 12:11:45 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/28/2016 11:53:20 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Advanced SystemCare Service 8 service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/28/2016 09:42:58 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {F3B4E234-7A68-4E43-B813-E4BA55A065F6}

Error: (04/27/2016 11:54:34 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {F3B4E234-7A68-4E43-B813-E4BA55A065F6}

Error: (04/26/2016 12:00:25 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {F3B4E234-7A68-4E43-B813-E4BA55A065F6}


CodeIntegrity:
===================================
  Date: 2016-04-16 03:00:41.617
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-14 03:34:43.955
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-13 14:05:36.716
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-13 14:02:46.546
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\BTHUSB.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-04-13 14:02:44.813
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\portcls.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-04-13 14:02:44.108
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\dfsc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-04-13 03:04:54.088
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-12 21:11:19.969
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-23 03:51:07.076
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-17 16:12:54.685
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Pentium® CPU J2900 @ 2.41GHz
Percentage of memory in use: 26%
Total physical RAM: 8080.12 MB
Available physical RAM: 5927.26 MB
Total Virtual: 24080.12 MB
Available Virtual: 21748.53 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:914.89 GB) (Free:863.34 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: E3EDBCE0)

Partition: GPT.

==================== End of Addition.txt ============================

 

Yes, the shortcut issue persists, thanks



#15 Struppigel

Struppigel

    Karsten Hahn, G DATA Malware Analyst


  • Malware Response Team
  • 231 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:13 AM

Posted 29 April 2016 - 03:25 PM

It looks like Pokki is gone, but I will be looking for leftovers as well as possibly hidden, quarantined or moved documents of yours.
Do you want to recover those documents that turned into LNK files or do you have backups of them?
 
The following step will search the whole registry, so it may take some time to complete.
 
STEP 1
SystemLook

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following code box into the main textfield:
:dir
C:\[Smad-Cage] /s
C:\$AVG /s
C:\Program Files\WindowsApps /s
C:\OEM /s
C:\OneDriveTemp /s
C:\Users\Owner\SkyDrive\Documents\ /s

:filefind
*Pokki*
*.odt*
*.ods*
*.odp*
*.rtf* 

:regfind
Pokki
SweetLabs
  • Click the Look button to start the scan (may take 10 ... 30 min.)
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

  • The log might become large, so attach it instead of pasting it (press the button More Reply Options and Choose Files...).





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users