Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SYSWOW64 VIRUS/MALWARE


  • This topic is locked This topic is locked
18 replies to this topic

#1 Clayton86

Clayton86

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:04 AM

Posted 18 January 2017 - 12:19 PM

I HAVE BEEN INFECTED WITH THE SYSWOW64 VIRUS . I WAS TOLD THAT THIS "VIRUS" IS BAD AND THAT IT AFFECTS ALOT OF AREAS .

 

I WAS ADVISED NOT TO DO ANY REMOVAL !!! AND THAT IS WHY I NEED YOUR HELP

 

I DONE THE SCAN WITH FARBAR AS TOLD TO DO AND I CAN SEE MANY AREAS WITH SYSWOW64

 

HOPE YOU GUYS CAN HELP / FIX PROBLEM

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-01-2017
Ran by tony (administrator) on TONYD86 (19-01-2017 03:50:52)
Running from C:\Users\tony\Downloads
Loaded Profiles: tony (Available Profiles: tony)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\Everything\Everything.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(IObit) C:\Program Files (x86)\IObit\Classic Start\SMService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag\Pub\PubMonitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\Everything\Everything.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glarysoft\Malware Hunter\mhtray.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glarysoft\Malware Hunter\MalwareHunter.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Farbar) C:\Users\tony\Downloads\FRST64(1).exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16734728 2016-11-22] (Realtek Semiconductor)
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [1441792 2014-08-06] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [MalTray] => C:\Program Files (x86)\Glarysoft\Malware Hunter\mhtray.exe [896976 2016-10-09] (Glarysoft Ltd)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [6004512 2017-01-11] (IObit)
HKU\S-1-5-21-2285785116-1953552596-3447252386-1002\...\Run: [Advanced SystemCare 10] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [2913568 2016-12-16] (IObit)
HKU\S-1-5-21-2285785116-1953552596-3447252386-1002\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-2285785116-1953552596-3447252386-1002\...\MountPoints2: {fa308699-cfbd-11e6-8268-6c626d0d9c12} - "K:\WD Drive Unlock.exe" autoplay=true

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 61.9.134.49 61.9.133.193
Tcpip\..\Interfaces\{250F8180-C14D-449C-B1ED-E516F613CD21}: [DhcpNameServer] 61.9.134.49 61.9.133.193

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2016-10-18] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2016-10-18] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-12-21] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2016-10-18] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-21] (Oracle Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-10-18] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-10-18] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-10-18] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-10-18] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default [2017-01-19]
FF Homepage: Mozilla\Firefox\Profiles\gjsu6r0d.default -> hxxps://www.google.com.au/
FF Extension: (All In 1 Search Bar) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\07bce030@pribic.am [2016-12-21]
FF Extension: (All-in-one Toolbar) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\allinoneengines@firefox.com.xpi [2016-12-21]
FF Extension: (GitHub Extensions) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\ayltai-github-extensions@github.com.xpi [2016-12-21]
FF Extension: (DeeperWeb for Google) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\bizdom@wizbites.com.xpi [2016-12-21]
FF Extension: (All search engines on your tab) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\brais33@gmail.com [2016-12-21]
FF Extension: (DivHTTP) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\divhttp@divel.xpi [2016-12-21]
FF Extension: (search_avptube) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\djamolpatil@gmail.com.xpi [2016-12-21]
FF Extension: (Enhancer for YouTube™) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\enhancerforyoutube@maximerf.addons.mozilla.org.xpi [2016-12-21]
FF Extension: (Firebug) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\firebug@software.joehewitt.com.xpi [2016-12-21]
FF Extension: (Sourcegraph for GitHub) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\firefox-extension@sourcegraph.com.xpi [2016-12-21]
FF Extension: (Ghostery) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\firefox@ghostery.com.xpi [2016-12-21]
FF Extension: (iCloud Bookmarks) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\firefoxdav@icloud.com [2016-12-21]
FF Extension: (FoxyProxy Standard) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\foxyproxy@eric.h.jung [2016-12-21]
FF Extension: (Google Code Wiki Viewer) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\GoogleCodeWikiViewer@atte.kemppila.xpi [2016-12-21]
FF Extension: (Link Virus Checker: Security Plus) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\jid0-DjsrWcAS3Wgq2xyyqqVL8Dqk1Lo@jetpack.xpi [2016-12-21]
FF Extension: (Dictionary (Google™ Translate) Anywhere) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\jid0-fbHwsGfb6kJyq2hj65KnbGte3yT@jetpack.xpi [2016-12-21]
FF Extension: (IP Address and Domain Information) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\jid0-jJRRRBMgoShUhb07IvnxTBAl29w@jetpack.xpi [2016-12-21]
FF Extension: (YouTube HTML5-Video) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\jid0-MXvUXM1npF7yTcY3bpZVht72AR4@jetpack.xpi [2016-12-21]
FF Extension: (Just Disable Stuff) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\jid1-8J7ayxTha4KqKQ@jetpack.xpi [2016-12-21]
FF Extension: (GitHub Repo Widget) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\jid1-Ahuh7zraL1y8YQ@jetpack.xpi [2016-12-21]
FF Extension: (HTML5 Player for YouTube™) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\jid1-e3wSQaH5t1HqKp@jetpack.xpi [2016-12-21]
FF Extension: (YouTube™ Flash® Player) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\jid1-HAV2inXAnQPIeA@jetpack.xpi [2017-01-10]
FF Extension: (Text to PDF file) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\jid1-JobPqtvtwG9w0A@jetpack.xpi [2016-12-21]
FF Extension: (copy-code) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\jid1-OQHFznWHvjDIIg@jetpack.xpi [2016-12-21]
FF Extension: (Flash Control) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\jid1-sNL73VCI4UB0Fw@jetpack.xpi [2016-12-21]
FF Extension: (Reddit Enhancement Suite) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2016-12-21]
FF Extension: (DuckDuckGo Plus) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2016-12-21]
FF Extension: (JavaScript Deobfuscator) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\jsdeobfuscator@adblockplus.org.xpi [2016-12-21]
FF Extension: (JSONView) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\jsonview@brh.numbera.com.xpi [2017-01-15]
FF Extension: (M3Uripiton) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\m3uripiton@logyattra.hu.xpi [2016-12-21]
FF Extension: (Magnetz) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\magnetz@apps.aalaap.com.xpi [2016-12-21]
FF Extension: (PHP Developer Toolbar) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\php_dev_bar@php_dev_bar.org.xpi [2016-12-21]
FF Extension: (Qwant for Firefox) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\qwantcomforfirefox@jetpack.xpi [2016-12-31]
FF Extension: (S3.Google Translator) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\s3google@translator.xpi [2016-12-21]
FF Extension: (SimilarPages) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\similarpages@similarpages.com.xpi [2016-12-21]
FF Extension: (Smplayer context menu) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\smplayerplaylist@luperrouch.fr.xpi [2016-12-21]
FF Extension: (TableTools2) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\tabletools2@mingyi.org [2016-12-21]
FF Extension: (Torrent Finder Toolbar) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\TFToolbarX@torrent-finder.xpi [2016-12-21]
FF Extension: (Tiny JavaScript Debugger) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\tinyjsdebugger@enigmail.net.xpi [2016-12-21]
FF Extension: (Boounce) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\toolbar@boounce.com [2016-12-21]
FF Extension: (Google Translator for Firefox) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\translator@zoli.bod.xpi [2016-12-21]
FF Extension: (Vlc context menu) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\vlcplaylist@helgatauscher.de.xpi [2016-12-21]
FF Extension: (VLC Youtube Shortcut) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\vlc_shortcut@kosan.kosan.xpi [2016-12-21]
FF Extension: (HTML5 WebDb-to-XMLA Bridge) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\xmlastorage@openlinksw.com [2016-12-21]
FF Extension: (TV-Fox) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4} [2016-12-21]
FF Extension: (PDF Download) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi [2016-12-21]
FF Extension: (JavaScript on-off applet) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\{54e46280-0211-11e3-b778-0800200c9a66}.xpi [2016-12-21]
FF Extension: (ChatZilla) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2016-12-21]
FF Extension: (FoxySpider) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\{75df891f-e299-4725-b14f-7d52f086dea2}.xpi [2016-12-21]
FF Extension: (GitHub Extension Installer) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\{86054B0A-BD85-42F9-8E58-8794EC6F6EA1}.xpi [2016-12-21]
FF Extension: (Context Search) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\{902D2C4A-457A-4EF9-AD43-7014562929FF}.xpi [2016-12-21]
FF Extension: (Web Developer) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2016-12-21]
FF Extension: (Bitdefender QuickScan) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2016-12-21]
FF Extension: (Greasemonkey) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-12-21]
FF Extension: (QuickJava) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2016-12-21]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-04-27] (VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-10-18] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-21] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-10-18] (Microsoft Corporation)

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxp://search.tb.ask.com/search/GGmain.jhtml?searchfor={searchTerms}&redirect=CPC
CHR DefaultSearchKeyword: Default -> askwebsearch
CHR DefaultSuggestURL: Default -> hxxp://ss.search.ask.com/ss?li=ff&sstype=prefix&limit=10&hl=en&q={searchTerms}
CHR Profile: C:\Users\tony\AppData\Local\Google\Chrome\User Data\Default [2017-01-17]
CHR Extension: (Google Slides) - C:\Users\tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-21]
CHR Extension: (Google Docs) - C:\Users\tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-21]
CHR Extension: (Google Drive) - C:\Users\tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-21]
CHR Extension: (YouTube) - C:\Users\tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-21]
CHR Extension: (OnlineMapFinder) - C:\Users\tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccjkfhdggacbjbbolmfgkfocaiccnnbd [2017-01-13]
CHR Extension: (Google Sheets) - C:\Users\tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-21]
CHR Extension: (Google Docs Offline) - C:\Users\tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-21]
CHR Extension: (Ask Web Search) - C:\Users\tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmengapaekgmapkcophhdmppmjinpogo [2017-01-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-21]
CHR Extension: (Gmail) - C:\Users\tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-21]
CHR Extension: (Chrome Media Router) - C:\Users\tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-21]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService10; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [462624 2016-12-12] (IObit)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
R2 Everything; C:\Program Files\Everything\Everything.exe [1441792 2014-08-06] () [File not signed]
S3 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2017-01-11] (SurfRight B.V.)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [1740576 2017-01-10] (IObit)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [3046688 2016-12-16] (IObit)
R2 SMService; C:\Program Files (x86)\IObit\Classic Start\SMService.exe [1077536 2016-12-05] (IObit)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 gfiutil; C:\WINDOWS\System32\drivers\gfiutil.sys [32400 2016-03-04] (ThreatTrack Security)
R3 GUMHFilters; C:\Program Files (x86)\Glarysoft\Malware Hunter\Native\winxp_x64\GUMHFilter.sys [34104 2016-10-09] (GlarySoft Ltd)
R1 GUSBootStartup; C:\WINDOWS\System32\drivers\GUSBootStartup.sys [20160 2016-12-21] (Glarysoft Ltd)
R2 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [155912 2016-03-31] (BitDefender LLC)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-01-17] (REALiX™)
S4 IMFFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\IMFFilter.sys [22208 2016-12-16] (IObit)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.)
S3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2016-12-16] (IObit.com)
R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [21360 2016-03-22] (IObit)
S3 Trufos; C:\WINDOWS\System32\DRIVERS\TRUFOS.sys [452040 2016-03-31] (BitDefender S.R.L.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

========================== Drivers MD5 =======================

C:\WINDOWS\System32\drivers\1394ohci.sys E1832BD9FD7E0FC2DC9FA5935DE3E8C1
C:\WINDOWS\System32\drivers\3ware.sys AD508A1A46EC21B740AB31C28EFDFDB1
C:\WINDOWS\System32\drivers\ACPI.sys E796AE43DDD1844281DB4D57294D17C0
C:\WINDOWS\System32\Drivers\acpiex.sys AC8279D229398BCF05C3154ADCA86813
C:\WINDOWS\System32\drivers\acpipagr.sys A8970D9BF23CD309E0403978A1B58F3F
C:\WINDOWS\System32\drivers\acpipmi.sys 111A89C99C5B4F1A7BCE5F643DD86F65
C:\WINDOWS\System32\drivers\acpitime.sys 5758387D68A20AE7D3245011B07E36E7
C:\WINDOWS\System32\drivers\ADP80XX.SYS 7C1FDF1B48298CBA7CE4BDD4978951AD
C:\WINDOWS\system32\drivers\afd.sys A460C3AF3755A2A79A3C8EFE72E147B5
C:\WINDOWS\System32\drivers\agp440.sys 7DFAEBA9AD62D20102B576D5CAC45EC8
C:\WINDOWS\System32\DRIVERS\ahcache.sys FE14D249D39368CA62D8DA6BC94AC694
C:\WINDOWS\System32\drivers\amdk8.sys 7589DE749DB6F71A68489DCE04158729
C:\WINDOWS\System32\drivers\amdppm.sys B46D2D89AFF8A9490FA8C98C7A5616E3
C:\WINDOWS\System32\drivers\amdsata.sys D2BF2F94A47D332814910FD47C6BBCD2
C:\WINDOWS\System32\drivers\amdsbs.sys A8E04943C7BBA7219AA50400272C3C6E
C:\WINDOWS\System32\drivers\amdxata.sys CEA5F4F27CFC08E3A44D576811B35F50
C:\WINDOWS\system32\drivers\appid.sys 415DD71628795197F7AFC176CBADC74E
C:\WINDOWS\System32\drivers\arcsas.sys 65045784366F7EC5FB4E71BCF923187B
C:\WINDOWS\System32\drivers\atapi.sys 74B14192CF79A72F7536B27CB8814FBD
C:\WINDOWS\System32\drivers\bxvbda.sys A4A73F631FE2AA2826FBE4A399B04DEF
C:\WINDOWS\System32\drivers\BasicDisplay.sys 8CC7F7E4AFCBA605921B137ED7992C68
C:\WINDOWS\System32\drivers\BasicRender.sys 38A82F4EE8C416A6744B6D30381ED768
C:\WINDOWS\System32\drivers\bcmfn2.sys C1ABB0F7E3BEA48A0417BDF6FF14AB21
C:\Windows\System32\Drivers\Beep.sys EC19013E4CF87609534165DF897274D6
C:\WINDOWS\System32\DRIVERS\bowser.sys 4938A9236300A356F97E378491EE4844
C:\WINDOWS\System32\drivers\BthAvrcpTg.sys A8F23D453A424FF4DE04989C4727ECC7
C:\WINDOWS\System32\drivers\bthhfenum.sys 272A62B660A48AEF366F8A1836CED19F
C:\WINDOWS\System32\drivers\BthHFHid.sys 71FE2A48E4C93DDB9798C024880B6C07
C:\WINDOWS\System32\drivers\bthmodem.sys EF4B9E7C9AD88C00C18A12B0D22D1894
C:\WINDOWS\System32\DRIVERS\cdfs.sys 2FA6510E33F7DEFEC03658B74101A9B9
C:\WINDOWS\System32\drivers\cdrom.sys C6796EA22B513E3457514D92DCDB1A3D
C:\WINDOWS\System32\drivers\circlass.sys BE9936EDD3267FAAFF94A7835867F00B
C:\WINDOWS\System32\drivers\CLFS.sys 9DA497AEAF35AA7BF7710132FC2A9906
C:\WINDOWS\System32\drivers\CmBatt.sys EF6EF85DADC3184A10D8F2F7159973CB
C:\WINDOWS\System32\Drivers\cng.sys EFC79D3224D19FD926FFEA0A24729FEF
C:\WINDOWS\System32\drivers\CompositeBus.sys 03AAED827C36F35D70900558B8274905
C:\WINDOWS\System32\drivers\condrv.sys A1FF7DFBFBE164CF92603C651D304DD2
C:\WINDOWS\System32\drivers\csc.sys 0270B74E1A81AB3A3E977A88B2B0438D
C:\WINDOWS\System32\drivers\dam.sys 389C998C64319CD97625B0550E52ECFA
C:\WINDOWS\System32\Drivers\dfsc.sys FBFF94FC1FE0699A6BC5ACE270AB9EA1
C:\WINDOWS\System32\drivers\disk.sys 8B1E62881D5AC68E673CD94B136B34AC
C:\WINDOWS\System32\drivers\dmvsc.sys EB70A894708D1BC176AFD690FF06085F
C:\WINDOWS\system32\drivers\drmkaud.sys 00C594D5A1DBD22AD8B2902B9F6EFF94
C:\WINDOWS\System32\drivers\dxgkrnl.sys F74B839FA0F4E6060CA1DA6B8DA17941
C:\WINDOWS\system32\DRIVERS\E1G6032E.sys CCED99682127E8582E5F716ECE775EF8
C:\WINDOWS\System32\drivers\evbda.sys 114BCFDF367FF37C3F1B0A96AF542E4D
C:\WINDOWS\System32\drivers\EhStorClass.sys 43531A5993380CC5113242C29D265FD9
C:\WINDOWS\System32\drivers\EhStorTcgDrv.sys 6F8E738A9505A388B1157FDDE7B3101B
C:\WINDOWS\System32\drivers\errdev.sys DFFFAE1442BA4076E18EED5E406FA0D3
C:\Windows\System32\Drivers\exfat.sys 7729D294A555C7AEB281ED8E4D0E01E4
C:\Windows\System32\Drivers\fastfat.sys 7C4E0D5900B2A1D11EDD626D6DDB937B
C:\WINDOWS\System32\drivers\fdc.sys 5D8402613E778B3BD45E687A8372710B
C:\WINDOWS\System32\drivers\fileinfo.sys BCFD8B149B3ADF92D0DB1E909CAF0265
C:\WINDOWS\System32\drivers\filetrace.sys A1A66C4FDAFD6B0289523232AFB7D8AF
C:\WINDOWS\System32\drivers\flpydisk.sys BE743083CF7063C486A4398E3AEFE59A
C:\WINDOWS\System32\drivers\fltmgr.sys C1FB505A73FA2E9019D32444AB33B75A
C:\WINDOWS\System32\drivers\FsDepends.sys A7C31B168F371E8E6796219F23E354DB
C:\Windows\System32\Drivers\Fs_Rec.sys 09F460AFEDCA03F3BF6E07D1CCC9AC42
C:\WINDOWS\System32\DRIVERS\fvevol.sys D4AB6EE3D715BC44C00277FD934FAACF
C:\WINDOWS\System32\drivers\fxppm.sys 9591D0B9351ED489EAFD9D1CE52A8015
C:\WINDOWS\System32\drivers\gagp30kx.sys FC3EF65EE20D39F8749C2218DBA681CA
C:\WINDOWS\System32\drivers\vmgencounter.sys 0BF5CAD281E25F1418E5B8875DC5ADD1
C:\WINDOWS\System32\drivers\gfiutil.sys 8A93EF289B0F9355E513C4AC08EBF8ED
C:\WINDOWS\System32\Drivers\msgpioclx.sys 8DF1254093B5C354CE725EB6B9B0DE19
C:\Program Files (x86)\Glarysoft\Malware Hunter\Native\winxp_x64\GUMHFilter.sys 7126C398A55047061E9207145E71E7C1
C:\WINDOWS\System32\drivers\GUSBootStartup.sys E4626B663B94E5FEB90F497395B5C059
C:\WINDOWS\System32\DRIVERS\gzflt.sys C8B54E81501386A91B0E0BD596965C9B
C:\WINDOWS\system32\drivers\HdAudio.sys 56F69F7C25FB67C970997D7066DBC593
C:\WINDOWS\System32\drivers\HDAudBus.sys D4B7ED39C7900384D9E5C1283F1E7926
C:\WINDOWS\System32\drivers\HidBatt.sys 10A70BC1871CD955D85CD88372724906
C:\WINDOWS\System32\drivers\hidbth.sys 42F88B57CAE42FC10059C887B3FCFCEA
C:\WINDOWS\System32\drivers\hidi2c.sys C241A8BAFBBFC90176EA0F5240EACC17
C:\WINDOWS\System32\drivers\hidir.sys 9BDDEE26255421017E161CCB9D5EDA95
C:\WINDOWS\System32\drivers\hidusb.sys 49676FEC898AB2A11B157F848269A56E
C:\WINDOWS\System32\drivers\HpSAMD.sys A6AACEA4C785789BDA5912AD1FEDA80D
C:\WINDOWS\System32\drivers\HTTP.sys 76A6FDA32A21515B67633497D8FDB1E4
C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS EF558A02D734A1403583E95CCEEC2487
C:\WINDOWS\System32\drivers\hwpolicy.sys 90656C0B3864804B090434EFC582404F
C:\WINDOWS\System32\drivers\hyperkbd.sys 6D6F9E3BF0484967E52F7E846BFF1CA1
C:\WINDOWS\system32\DRIVERS\HyperVideo.sys 907C870F8C31F8DDD6F090857B46AB25
C:\WINDOWS\System32\drivers\i8042prt.sys 49EE0AE9E5B64FFBBD06D55C4984B598
C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys 5D90E32E36CE5D4C535D17CE08AEAF05
C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys DD05E7E80F52ADE9AEB292819920F32C
C:\WINDOWS\System32\drivers\iaStorAV.sys 08BFE413B0B4AA8DFA4B5684CE06D3DC
C:\WINDOWS\System32\drivers\iaStorV.sys A2200C3033FA4EF249FC096A7A7D02A2
C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\IMFFilter.sys E9857F4C30CCD4FEECF2B33EF3D6DCDB
C:\WINDOWS\system32\drivers\RTKVHD64.sys EB6CEFB9CE7A92E103965453C2CA97F1
C:\WINDOWS\System32\drivers\intelide.sys 4E448FCFFD00E8D657CD9E48D3E47157
C:\WINDOWS\System32\drivers\intelpep.sys 7AA01AB1C110916825E6E1389F1B9AF2
C:\WINDOWS\System32\drivers\intelppm.sys 47E74A8E53C7C24DCE38311E1451C1D9
C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys 9DB76D7F9E4E53EFE5DD8C53DE837514
C:\WINDOWS\System32\drivers\IPMIDrv.sys C800DCD904016B2BF6AB541083770A3A
C:\WINDOWS\System32\drivers\ipnat.sys B7342B3C58E91107F6E946A93D9D4EFD
C:\WINDOWS\System32\drivers\irenum.sys AE44C526AB5F8A487D941CEB57B10C97
C:\WINDOWS\System32\drivers\isapnp.sys 8AFEEA3955AA43616A60F133B1D25F21
C:\WINDOWS\System32\drivers\msiscsi.sys AD3C1F4BD9167420F04052FDA197CF29
C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys E489D12FF435AEEF4A5474C47D329590
C:\WINDOWS\System32\drivers\jraid.sys 23A70C99813D554337500396188B9A07
C:\WINDOWS\System32\drivers\kbdclass.sys 5917AFE4A3F695A54B99C1849C8207FE
C:\WINDOWS\System32\drivers\kbdhid.sys 8CD840A062F6BDF41DDE3ACB96164B72
C:\WINDOWS\System32\drivers\kbldfltr.sys DB7A09BC90DF20F44F16F8B0F9ED3491
C:\WINDOWS\system32\DRIVERS\kdnic.sys 813871C7D402A05F2E3A7075F9584A05
C:\WINDOWS\System32\Drivers\ksecdd.sys 304DA394D958BC3B62AF6DF514005B01
C:\WINDOWS\System32\Drivers\ksecpkg.sys 3D4AE520CD6F6FFE549DD195C1F515BE
C:\WINDOWS\system32\drivers\ksthunk.sys 11AFB527AA370B1DAFD5C36F35F6D45F
C:\WINDOWS\system32\DRIVERS\lltdio.sys C09010B3680860131631F53E8FE7BAD8
C:\WINDOWS\System32\drivers\lsi_sas.sys C755AE4635457AA2A11F79C0DF857ABC
C:\WINDOWS\System32\drivers\lsi_sas2.sys ADAC09CBE7A2040B7F68B5E5C9A75141
C:\WINDOWS\System32\drivers\lsi_sas3.sys 04D1274BB9BBCCF12BD12374002AA191
C:\WINDOWS\System32\drivers\lsi_sss.sys 327469EEF3833D0C584B7E88A76AEC0C
C:\WINDOWS\system32\drivers\luafv.sys DDEE191AB32DFC22C6465002ECDF5EE4
C:\WINDOWS\System32\drivers\megasas.sys EB5C03A070F30D64A6DF80E53B22F53F
C:\WINDOWS\System32\drivers\megasr.sys F6F13533196DE7A582D422B0241E4363
C:\WINDOWS\System32\drivers\modem.sys 8B38C44F69259987C95135C9627E2378
C:\WINDOWS\System32\drivers\monitor.sys 601589000CC90F0DF8DA2CC254A3CCC9
C:\WINDOWS\System32\drivers\mouclass.sys 08374E4E5B8914DE6067CBA99F61E930
C:\WINDOWS\System32\drivers\mouhid.sys 5FCBAB60598AE119E02B4C27DE6B99EA
C:\WINDOWS\System32\drivers\mountmgr.sys 24DABC0A77FAFDC0E379AB3B30F61BB6
C:\WINDOWS\System32\drivers\mpsdrv.sys 6FC047578785B0435F4E2660946D1ADC
C:\WINDOWS\system32\drivers\mrxdav.sys 3F818C1518DA702C8F10259095C9BDE0
C:\WINDOWS\System32\DRIVERS\mrxsmb.sys C3B0566DE49265AE98405825938C20A1
C:\WINDOWS\System32\DRIVERS\mrxsmb10.sys 15D7AF1A26CCEBA32DF21A8E2098F463
C:\WINDOWS\System32\DRIVERS\mrxsmb20.sys 0790EEB1EC199F8BE8259E47B373ED23
C:\WINDOWS\system32\DRIVERS\bridge.sys F3C060444777A59FC63D920719E43CCD
C:\Windows\System32\Drivers\Msfs.sys D13329FBF8345B28AB30F44CC247DC08
C:\WINDOWS\System32\drivers\msgpiowin32.sys C6B474E46F9E543B875981ED3FFE6ADD
C:\WINDOWS\System32\drivers\mshidkmdf.sys 65C92EB9D08DB5C69F28C7FFD4E84E31
C:\WINDOWS\System32\drivers\mshidumdf.sys 52299F086AC2DAFD100DD5DC4A8614BA
C:\WINDOWS\System32\drivers\msisadrv.sys 36D92AF3343C3A3E57FEF11C449AEA4C
C:\WINDOWS\system32\drivers\MSKSSRV.sys A9BBBD2BAE6142253B9195E949AC2E8D
C:\WINDOWS\system32\DRIVERS\mslldp.sys 51B3AC0560848CD6D65AC2033E293113
C:\WINDOWS\system32\drivers\MSPCLOCK.sys 7B2128EB875DCBC006E6A913211006D6
C:\WINDOWS\system32\drivers\MSPQM.sys 1E88171579B218115C7A772F8DE04BD8
C:\Windows\System32\Drivers\MsRPC.sys BBE2A455053E63BECBF42C2F9B21FAE0
C:\WINDOWS\System32\drivers\mssmbios.sys 8D6B7D515C5CBCDB75B928A0B73C3C5E
C:\WINDOWS\system32\drivers\MSTEE.sys 115019AE01E0EB9C048530D2928AB4A2
C:\WINDOWS\System32\drivers\MTConfig.sys 96D604A35070360F0DD4A7A8AF410B5E
C:\WINDOWS\System32\Drivers\mup.sys 438EA7A2D8D4F9B8AFB64748ACA70BA8
C:\WINDOWS\System32\drivers\mvumis.sys B8C35C94DCB2DFEAF03BB42131F2F77F
C:\WINDOWS\system32\DRIVERS\nwifi.sys 008F7CED69FD5B30CBDE1E03C6F36A27
C:\WINDOWS\System32\drivers\ndis.sys 97DC5967F65503213FD1F1B3E4A6F983
C:\WINDOWS\system32\DRIVERS\ndiscap.sys 8CECC8DA55F3274181FD1EA28AD76664
C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys 269882812E9A68FFF1AFE1283D428322
C:\WINDOWS\system32\DRIVERS\ndistapi.sys DC1D9F692C2AD84C214584C28501C1F7
C:\WINDOWS\system32\DRIVERS\ndisuio.sys B832B35055BA2B7B4181861FF94D8E59
C:\WINDOWS\System32\drivers\NdisVirtualBus.sys 1F58E48EF75F34C35D8E93A0DC535CFE
C:\WINDOWS\system32\DRIVERS\ndiswan.sys C3755FCF9A0B5C6FE8ED9E873B85D3CE
C:\WINDOWS\system32\DRIVERS\ndiswan.sys C3755FCF9A0B5C6FE8ED9E873B85D3CE
C:\Windows\System32\Drivers\NDProxy.sys B8F36CBC72FC5C8B8A30AD850165EA8E
C:\WINDOWS\System32\drivers\Ndu.sys 3083926D1CC5B56EA0786527B557DD1B
C:\WINDOWS\System32\DRIVERS\netbios.sys 42FF4975D032CAE558AE4BB8448F6E5A
C:\WINDOWS\System32\DRIVERS\netbt.sys 9DC17B7D9D84C37C102D379FCC7D4942
C:\WINDOWS\System32\drivers\netvsc63.sys D4DCE03870314D3354F3501F9DDD4123
C:\Windows\System32\Drivers\Npfs.sys 8F44A2F57C9F1A19AC9C6288C10FB351
C:\WINDOWS\System32\drivers\npsvctrig.sys CBDB4F0871C88DF930FC0E8588CA67FC
C:\WINDOWS\System32\drivers\nsiproxy.sys 0E046FF5823B95326D10CF1B4AF23541
C:\Windows\System32\Drivers\Ntfs.sys 9980B262DBE439AE6BDC91AA985F19EE
C:\Windows\System32\Drivers\Null.sys EF1B290FC9F0E47CC0B537292BEE5904
C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys 6CDBB991A07C096287DE8A05F12B79A3
C:\WINDOWS\System32\drivers\nvraid.sys BC6B5942AFF25EBAF62DE43C3807EDF8
C:\WINDOWS\System32\drivers\nvstor.sys 1F43ABFFAC3D6CA356851D517392966E
C:\WINDOWS\System32\drivers\nv_agp.sys 6934A936A7369DFE37B7DBA93F5E5E49
C:\WINDOWS\System32\drivers\parport.sys 57DCE4FB0467986AE78E1C6FC5240D32
C:\WINDOWS\System32\drivers\partmgr.sys BAFF6122CFC9F95CA175AD8C348179A4
C:\WINDOWS\System32\drivers\pci.sys 91ED124E261EA8FAA1C0FFDF2A71B0C4
C:\WINDOWS\System32\drivers\pciide.sys 346E38FCC6859A727DD28AFAD1F0AFF4
C:\WINDOWS\System32\drivers\pcmcia.sys 4D3BDCC1C7B40C9D7B6AD990E6DEC397
C:\WINDOWS\System32\drivers\pcw.sys BF28771D1436C88BE1D297D3098B0F7D
C:\WINDOWS\System32\drivers\pdc.sys ED54A75050211DC77F9B98C41E026858
C:\WINDOWS\System32\drivers\peauth.sys 0ECEE590F2E2EF969FB74A6FC583A1E6
C:\WINDOWS\System32\drivers\processr.sys ECD373F9571C745894367CC2635EA44F
C:\WINDOWS\system32\DRIVERS\pacer.sys FC0141B4A5AD6D637D883C1A89FC45C5
C:\WINDOWS\system32\drivers\qwavedrv.sys 83868EB2924E6BC21A54337C65D614D1
C:\WINDOWS\System32\DRIVERS\rasacd.sys B337B1F1E82A83E20A1743E008E25C0F
C:\WINDOWS\system32\DRIVERS\raspppoe.sys 5247F308C4103CDC4FE12AE1D235800A
C:\WINDOWS\System32\DRIVERS\rdbss.sys D67ED4AB59D1EF66B05AD1A81AC28B26
C:\WINDOWS\System32\drivers\rdpbus.sys 6B21EBF892CD8CACB71669B35AB5DE32
C:\WINDOWS\System32\drivers\rdpdr.sys 680C1DAE268B6FB67FA21B389A8B79EF
C:\WINDOWS\System32\drivers\rdpvideominiport.sys BC8A79C625568DDB7DCA49D0C2741A64
C:\WINDOWS\System32\drivers\rdyboost.sys A26AEC49F318FEE141DDDB2C5F99B3E6
C:\Windows\System32\Drivers\ReFS.sys 2D39BCFA4DD1081B8F282B623456B858
C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys 5623E2CC4F1F6DE24BE9DB3319E42D23
C:\WINDOWS\System32\DRIVERS\revoflt.sys 9C3AC71A9934B884FAC567A8807E9C4D
C:\WINDOWS\system32\DRIVERS\rspndr.sys 2D05A5508F4685412F2B89E8C2189ABC
C:\WINDOWS\system32\DRIVERS\Rt630x64.sys 77AB486E7706FB27C971D5BD1CC21306
C:\WINDOWS\System32\drivers\vms3cap.sys 1A063730F221B2746FF00457AE17E4F0
C:\WINDOWS\System32\drivers\sbp2port.sys C624A1B32211C3166EDB3F4AB02A30B7
C:\WINDOWS\System32\DRIVERS\scfilter.sys 13BEA6C882D4D877A5A85CA149C86BC1
C:\WINDOWS\System32\drivers\sdbus.sys C54B6B2170BF628FD42F799A66956D75
C:\WINDOWS\System32\drivers\sdstor.sys 0B1E929D11A8E358106955603FAC65E8
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\WINDOWS\System32\drivers\SerCx.sys DB2FF24CE0BDD15FE75870AFE312BA89
C:\WINDOWS\System32\drivers\SerCx2.sys 0044B31F93946D5D41982314381FE431
C:\WINDOWS\System32\drivers\serenum.sys 1F0135949A6AD6025F363F80FE268251
C:\WINDOWS\System32\drivers\serial.sys 81633C87B42B63BA484A6177179AC750
C:\WINDOWS\System32\drivers\sermouse.sys 148195AE95D9BC7375A08846439FDAC1
C:\WINDOWS\System32\drivers\sfloppy.sys 472B7A5AC181C050888DB454663DD764
C:\WINDOWS\System32\drivers\SiSRaid2.sys 2F518D13DD6F3053837FE606F1A2EA1F
C:\WINDOWS\System32\drivers\sisraid4.sys 1AC9A200A9C49C4508F04AAFFCA34A3F
C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys 306EE29C824E85BB28D4579B23EFA55A
C:\WINDOWS\System32\drivers\spaceport.sys 546B88E6906EE9813EFE314DC95E3488
C:\WINDOWS\System32\drivers\SpbCx.sys F337BE11071818FC3F5DC2940B6BDE34
C:\WINDOWS\System32\DRIVERS\srv.sys 36B082C7A764A34FB1DC72D975870B61
C:\WINDOWS\System32\DRIVERS\srv2.sys F5849909D4B29B4E3D4445F943E5C7E3
C:\WINDOWS\System32\DRIVERS\srvnet.sys FABC49666708EA562549E78E6FBF3191
C:\WINDOWS\System32\drivers\stexstor.sys 366DEA74BBA65B362BCCFC6FC2ADFD8B
C:\WINDOWS\System32\drivers\storahci.sys 0ED2E318ABB68C1A35A8B8038BDB4C90
C:\WINDOWS\System32\drivers\vmstorfl.sys 8B9486B64E5FC17FB9CC04CA10B77A34
C:\WINDOWS\System32\drivers\stornvme.sys 0EDD1F4D470C775740625B06A60C9DD5
C:\WINDOWS\System32\drivers\storvsc.sys 548759755BC73DAD663250239D7E0B9F
C:\WINDOWS\System32\drivers\storvsp.sys 74B2D810FC976CCDB80193AB8BFBF281
C:\WINDOWS\System32\drivers\swenum.sys 65454187E0F8B6C0DCECB0287D06EC43
C:\WINDOWS\System32\drivers\tcpip.sys 2F10C145F517419E17203632FCDA0A13
C:\WINDOWS\system32\DRIVERS\tcpip.sys 2F10C145F517419E17203632FCDA0A13
C:\WINDOWS\System32\drivers\tcpipreg.sys 41CF802064F72E55F50CA0A221FD36D4
C:\WINDOWS\system32\DRIVERS\tdx.sys E0BD2D83875464FEEEB242CBA8B7E073
C:\WINDOWS\System32\drivers\terminpt.sys 232D185D2337F141311D0CF1983E1431
C:\WINDOWS\system32\drivers\tpm.sys 80A2FC1A089A71F2DBE5D8394FFB009F
C:\WINDOWS\System32\DRIVERS\TRUFOS.sys 3E75A47D2DEFD2683DCA409572FBE8B2
C:\WINDOWS\System32\drivers\tsusbflt.sys BF8F54CA37E9C9D6582C31C5761F8C93
C:\WINDOWS\System32\drivers\TsUsbGD.sys 20185BEB7512EDE4EFECDFA148AC9F99
C:\WINDOWS\system32\DRIVERS\tunnel.sys E85916632CD3B9E9B546968DB950BF42
C:\WINDOWS\System32\drivers\uagp35.sys F6EEAD052943B5A3104C1405BB856C54
C:\WINDOWS\System32\drivers\uaspstor.sys FE6067B1FD4E63650C667B33D080565B
C:\WINDOWS\System32\drivers\ucx01000.sys 807F8CF3E973305FC435C61CBBEE2A49
C:\WINDOWS\System32\DRIVERS\udfs.sys C61EAF8E1E4B2F62BA4FDF457440B2C6
C:\WINDOWS\System32\drivers\UEFI.sys 9578691F297E1B1F519970FE6D47CB21
C:\WINDOWS\System32\drivers\uliagpkx.sys 5EAB5117DDB24FC4D39E6FFFCF1837B9
C:\WINDOWS\System32\drivers\umbus.sys DA34C39A18E60E7C3FA0630566408034
C:\WINDOWS\System32\drivers\umpass.sys AE8294875E5446E359B1E8035D40C05E
C:\WINDOWS\System32\Drivers\usbaapl64.sys F957092C63CD71D85903CA0D8370F473
C:\WINDOWS\System32\drivers\usbccgp.sys FF78D053A05E5A394F4E3C1816CC65A8
C:\WINDOWS\System32\drivers\usbcir.sys 0139248F6B95CF0D837B5B46A2722D40
C:\WINDOWS\System32\drivers\usbehci.sys C996CBEF922B5653A01E3F50DDCE2F86
C:\WINDOWS\System32\drivers\usbhub.sys CD81683F4553677B9BF5163A922153EB
C:\WINDOWS\System32\drivers\UsbHub3.sys 5C90D5379B53590FBB24BBAD4FA682EE
C:\WINDOWS\System32\drivers\usbohci.sys A0F0484C97D6441ED6A75D7426ECCC9E
C:\WINDOWS\System32\drivers\usbprint.sys 4D655E3B684BE9B0F7FFD8A2935C348C
C:\WINDOWS\system32\DRIVERS\usbscan.sys 0F030491BA4A27BD46F8B8ACEEE83F1A
C:\WINDOWS\System32\drivers\USBSTOR.SYS 9D168BFA334D47BE404367EB58D4E130
C:\WINDOWS\System32\drivers\usbuhci.sys FC974B03C8B87455F44F734C8F31A3C8
C:\WINDOWS\System32\drivers\USBXHCI.SYS 44603DA5A87FB491EF59C889EBBB4DDB
C:\WINDOWS\System32\drivers\vdrvroot.sys FEB26E3B8345A7E8D62F945C4AE86562
C:\WINDOWS\System32\drivers\VerifierExt.sys A026EDEAA5EECAE0B08E2748B616D4BD
C:\WINDOWS\System32\drivers\vhdmp.sys 8ABB4BABF59F092DF0B43778D8FD1884
C:\WINDOWS\System32\drivers\viaide.sys 06D38968028E9AB19DE9B618C7B6D199
C:\WINDOWS\System32\drivers\Vid.sys 3CE922E34DB12D9F3C0EA856BC09687C
C:\WINDOWS\System32\drivers\vmbus.sys 511AD3FF957A0127E6BD336FF6F89C38
C:\WINDOWS\System32\drivers\VMBusHID.sys DA40BEA0A863CE768C940CA9723BF81F
C:\WINDOWS\System32\drivers\vmbusr.sys 68F8C26DEA2D42E8DEC0778943433C80
C:\WINDOWS\System32\drivers\volmgr.sys 436E1A724E7E683F6B612D3D58F04241
C:\WINDOWS\System32\drivers\volmgrx.sys CCB9E901F7254BF96D28EB1B0E5329B7
C:\WINDOWS\System32\drivers\volsnap.sys 17F7B0F2298D97F4B6C7A69511033D3D
C:\WINDOWS\System32\drivers\vpci.sys DAC438FB5FF85A9E72806E2341D5D732
C:\WINDOWS\System32\drivers\vpcivsp.sys BEE38B3B44364E01BF28640EE8B5617E
C:\WINDOWS\System32\drivers\vsmraid.sys 4539F45F9F4C9757A86A56C949421E07
C:\WINDOWS\System32\drivers\vstxraid.sys 0849B7260F26FE05EA56DED0672E2F4B
C:\WINDOWS\System32\drivers\vwifibus.sys 71066FF95C487327E44C8AF1B72EBE8B
C:\WINDOWS\System32\drivers\wacompen.sys 0910AB9ED404C1434E2D0376C2AD5D8B
C:\WINDOWS\system32\drivers\WdBoot.sys 81285DDC994F03379DB46419300B2DCB
C:\WINDOWS\System32\drivers\wdcsam64.sys A556768CC1FA4F36022BEE2F0EDE2566
C:\WINDOWS\System32\drivers\Wdf01000.sys CB6C63FF8342B467E2EF76E98D5B934D
C:\WINDOWS\system32\drivers\WdFilter.sys 26B8FED3F3B85F5F0C4BD03FD00B9941
C:\WINDOWS\System32\Drivers\WdNisDrv.sys CE67080F00E0AF32755096CEA6430ABA
C:\WINDOWS\System32\DRIVERS\wfplwfs.sys 715ABA3DD164D06457A2A3C92F6EA9D5
C:\WINDOWS\System32\drivers\wimmount.sys 5F66B7BB330AA80067FC66149A692620
C:\WINDOWS\System32\drivers\wmiacpi.sys 2834D9D3B4F554A39C72F00EA3F0E128
C:\Windows\System32\Drivers\Wof.sys 7FC5667DF73D4B04AA457CC3A4180E09
C:\WINDOWS\System32\DRIVERS\wpcfltr.sys A2468CC3509394A33C4C32F99563D845
C:\WINDOWS\System32\drivers\WpdUpFltr.sys 9F2904B55F6CECCD1A8D986B5CE2609A
C:\WINDOWS\system32\drivers\ws2ifsl.sys AE072B0339D0A18E455DC21666CAD572
C:\WINDOWS\System32\drivers\WudfPf.sys 481286719402E4BAEFEA0604AB1B5113
C:\WINDOWS\System32\drivers\WUDFRd.sys D7B4859227B02BCC1055B279A63C937F
C:\WINDOWS\system32\DRIVERS\WUDFRd.sys D7B4859227B02BCC1055B279A63C937F

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-19 03:49 - 2017-01-19 03:49 - 00000187 _____ C:\Users\tony\Desktop\BLEEP-COMP.txt
2017-01-19 03:48 - 2017-01-19 03:48 - 02419200 _____ (Farbar) C:\Users\tony\Downloads\FRST64(1).exe
2017-01-19 02:41 - 2017-01-19 03:48 - 00000000 ____D C:\Users\tony\AppData\Roaming\FreeFixer
2017-01-19 02:41 - 2017-01-19 03:48 - 00000000 ____D C:\Users\tony\AppData\Local\FreeFixer
2017-01-19 02:41 - 2017-01-19 02:41 - 00000000 ____D C:\Users\tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer
2017-01-19 02:41 - 2017-01-19 02:41 - 00000000 ____D C:\Program Files\FreeFixer
2017-01-19 02:40 - 2017-01-19 02:40 - 02704615 _____ (Kephyr) C:\Users\tony\Downloads\freefixersetup.exe
2017-01-17 19:10 - 2017-01-17 19:10 - 00002814 _____ C:\WINDOWS\System32\Tasks\ASC10_SkipUac_tony
2017-01-17 19:10 - 2017-01-17 19:10 - 00002388 _____ C:\WINDOWS\System32\Tasks\Uninstaller_Install_tony
2017-01-17 19:10 - 2017-01-17 19:10 - 00002292 _____ C:\Users\Public\Desktop\Advanced SystemCare 10.lnk
2017-01-17 19:10 - 2017-01-17 19:10 - 00002221 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2017-01-17 19:10 - 2017-01-17 19:10 - 00000290 _____ C:\WINDOWS\Tasks\Uninstaller_Install_tony.job
2017-01-17 18:51 - 2016-09-13 10:48 - 00085680 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-01-17 18:51 - 2016-09-10 00:38 - 01629184 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-01-17 18:51 - 2016-09-10 00:38 - 01226752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-01-17 18:51 - 2016-09-10 00:38 - 00586752 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-01-17 18:51 - 2016-09-10 00:38 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-01-17 18:51 - 2016-09-10 00:38 - 00314368 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-01-17 18:51 - 2016-09-10 00:38 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\centel.dll
2017-01-17 18:51 - 2016-09-10 00:38 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-01-17 18:51 - 2016-09-10 00:38 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-01-17 18:51 - 2016-06-04 04:11 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2017-01-17 16:37 - 2017-01-17 19:10 - 00003010 _____ C:\WINDOWS\System32\Tasks\ASC10_PerformanceMonitor
2017-01-17 16:37 - 2017-01-17 19:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
2017-01-17 16:37 - 2017-01-17 18:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu 8
2017-01-17 16:37 - 2017-01-17 18:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag
2017-01-17 16:37 - 2017-01-17 18:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 4
2017-01-17 16:37 - 2017-01-17 16:37 - 00027552 _____ (REALiX™) C:\WINDOWS\SysWOW64\Drivers\HWiNFO64A.SYS
2017-01-17 16:37 - 2017-01-17 16:37 - 00003250 _____ C:\WINDOWS\System32\Tasks\Driver Booster Scheduler
2017-01-17 16:37 - 2017-01-17 16:37 - 00003162 _____ C:\WINDOWS\System32\Tasks\SmartDefrag_AutoAnalyze
2017-01-17 16:37 - 2017-01-17 16:37 - 00003010 _____ C:\WINDOWS\System32\Tasks\SmartDefrag_Startup
2017-01-17 16:37 - 2017-01-17 16:37 - 00003008 _____ C:\WINDOWS\System32\Tasks\SmartDefrag_Update
2017-01-17 16:37 - 2017-01-17 16:37 - 00002882 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (tony)
2017-01-17 16:37 - 2017-01-17 16:37 - 00002278 _____ C:\WINDOWS\System32\Tasks\StartMenu8_Start
2017-01-17 16:37 - 2017-01-17 16:37 - 00000240 _____ C:\WINDOWS\Tasks\StartMenu8_Start.job
2017-01-17 16:37 - 2017-01-17 16:37 - 00000000 ____D C:\WINDOWS\IObit
2017-01-17 16:37 - 2017-01-17 16:37 - 00000000 ____D C:\ProgramData\BDLogging
2017-01-17 16:37 - 2017-01-17 16:37 - 00000000 ____D C:\ProgramData\{EAAB5A83-3809-4B0E-83A6-E4B0DBF2157E}
2017-01-17 16:37 - 2016-11-09 13:00 - 00036288 _____ (IObit) C:\WINDOWS\system32\SmartDefragBootTime.exe
2017-01-17 16:37 - 2016-03-31 17:54 - 00452040 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys
2017-01-17 16:37 - 2016-03-31 17:54 - 00155912 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
2017-01-17 16:37 - 2016-03-25 14:33 - 00128288 _____ (IObit) C:\WINDOWS\system32\IObitSmartDefragExtension.dll
2017-01-17 16:37 - 2016-03-22 11:02 - 00021360 _____ (IObit) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
2017-01-17 16:36 - 2017-01-17 18:43 - 00000000 ____D C:\Users\tony\AppData\Roaming\ProductData
2017-01-17 16:35 - 2017-01-17 18:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2017-01-17 16:34 - 2017-01-17 16:34 - 00000000 ____D C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
2017-01-17 15:40 - 2017-01-17 15:40 - 00002376 _____ C:\Users\tony\Downloads\htmltoPDFfile.pdf
2017-01-17 15:36 - 2017-01-17 15:36 - 00116448 _____ C:\Users\tony\Downloads\07785875.pdf
2017-01-17 11:07 - 2017-01-17 11:07 - 00338807 _____ C:\Users\tony\Downloads\Sapphic Erotica SiteRip 2016 1080p WEB-DL [IPT].torrent
2017-01-17 11:06 - 2017-01-17 11:06 - 00106923 _____ C:\Users\tony\Downloads\Los Consoladores Siterip Jun-Nov 1080p WEB-DL AAC AVC-Viet3X [IPT].torrent
2017-01-17 11:05 - 2017-01-17 11:05 - 00019863 _____ C:\Users\tony\Downloads\Virgin.Threesome.Party.4.torrent
2017-01-17 11:03 - 2017-01-17 11:03 - 00095835 _____ C:\Users\tony\Downloads\Seducing.Teens.With.Sodomy.2.XXX.DVDRip.x264-UPPERCUT.torrent
2017-01-17 11:01 - 2017-01-17 11:01 - 00118129 _____ C:\Users\tony\Downloads\Anal.Pack.torrent
2017-01-17 10:58 - 2017-01-17 10:58 - 00052165 _____ C:\Users\tony\Downloads\Rocco's.Italian.Porn.Boot.Camp.1-2.Collection.torrent
2017-01-17 10:58 - 2017-01-17 10:58 - 00052165 _____ C:\Users\tony\Downloads\Rocco's.Italian.Porn.Boot.Camp.1-2.Collection(1).torrent
2017-01-17 10:37 - 2017-01-17 10:37 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2017-01-17 10:06 - 2017-01-17 18:43 - 00000000 ____D C:\Users\tony\AppData\LocalLow\IObit
2017-01-17 10:06 - 2017-01-17 16:37 - 00000000 ____D C:\ProgramData\ProductData
2017-01-17 10:06 - 2017-01-17 10:06 - 00000000 ____D C:\WINDOWS\Tasks\ImCleanDisabled
2017-01-17 10:06 - 2017-01-17 10:06 - 00000000 ____D C:\ProgramData\{74E9F814-C737-42CC-B721-DBBC4059367A}
2017-01-17 10:05 - 2017-01-17 18:43 - 00000000 ____D C:\Users\tony\AppData\Roaming\IObit
2017-01-17 10:05 - 2017-01-17 18:43 - 00000000 ____D C:\ProgramData\IObit
2017-01-17 10:05 - 2017-01-17 18:43 - 00000000 ____D C:\Program Files (x86)\IObit
2017-01-17 09:55 - 2017-01-17 09:55 - 00000000 ____D C:\Users\tony\Documents\10-Strike
2017-01-17 09:55 - 2017-01-17 09:55 - 00000000 ____D C:\Users\tony\AppData\Roaming\10-Strike
2017-01-17 09:55 - 2017-01-17 09:55 - 00000000 ____D C:\Users\tony\AppData\LocalLow\Temp
2017-01-17 09:54 - 2017-01-17 09:54 - 02025085 _____ C:\Users\tony\Downloads\ip-tools.exe
2017-01-17 09:54 - 2017-01-17 09:54 - 01866520 _____ (10-Strike Software ) C:\Users\tony\Downloads\network-scanner.exe
2017-01-17 09:49 - 2017-01-17 09:49 - 03236759 _____ C:\Users\tony\Downloads\ipscan-3.5-setup.exe
2017-01-17 07:18 - 2017-01-17 07:18 - 00892416 _____ (Farbar) C:\Users\tony\Downloads\MiniToolBox.exe
2017-01-17 07:18 - 2017-01-17 07:18 - 00031035 _____ C:\Users\tony\Downloads\MTB.txt
2017-01-17 07:16 - 2017-01-17 07:16 - 01761280 _____ (Farbar) C:\Users\tony\Downloads\FRST(1).exe
2017-01-17 07:15 - 2017-01-17 07:15 - 01761280 _____ (Farbar) C:\Users\tony\Downloads\FRST.exe
2017-01-17 07:05 - 2017-01-17 07:05 - 00000000 _____ C:\Users\tony\Desktop\22.txt
2017-01-17 07:03 - 2017-01-17 07:19 - 00023428 _____ C:\Users\tony\Desktop\66.txt
2017-01-17 05:56 - 2017-01-17 05:56 - 74067419 _____ C:\Users\tony\Downloads\For_The_Ladies-(DatPiff.com).zip
2017-01-17 05:55 - 2017-01-17 05:55 - 95319395 _____ C:\Users\tony\Downloads\The_Documentary_4-(DatPiff.com).zip
2017-01-17 05:52 - 2017-01-17 05:53 - 243577114 _____ C:\Users\tony\Downloads\Unreleased-(DatPiff.com).zip
2017-01-17 05:48 - 2017-01-17 05:49 - 101363222 _____ C:\Users\tony\Downloads\Worknation_Radio_2-(DatPiff.com).zip
2017-01-17 05:47 - 2017-01-17 05:47 - 42013238 _____ C:\Users\tony\Downloads\100k-(DatPiff.com).zip
2017-01-17 05:46 - 2017-01-17 05:46 - 74870379 _____ C:\Users\tony\Downloads\Back_In_My_Zone-(DatPiff.com).zip
2017-01-17 05:44 - 2017-01-17 05:44 - 60858277 _____ C:\Users\tony\Downloads\Fresh_Smoke-(DatPiff.com).zip
2017-01-17 05:43 - 2017-01-17 05:44 - 86262118 _____ C:\Users\tony\Downloads\Mixrhymez-(DatPiff.com) (1).zip
2017-01-17 05:43 - 2017-01-17 05:43 - 86262118 _____ C:\Users\tony\Downloads\Mixrhymez-(DatPiff.com).zip
2017-01-17 05:41 - 2017-01-17 05:42 - 198485737 _____ C:\Users\tony\Downloads\Bismillah-(DatPiff.com).zip
2017-01-17 05:41 - 2017-01-17 05:41 - 109132502 _____ C:\Users\tony\Downloads\Bad_Guy-(DatPiff.com).zip
2017-01-17 05:38 - 2017-01-17 05:38 - 00001460 _____ C:\Users\tony\Downloads\streetkings62(1).torrent
2017-01-17 05:23 - 2017-01-17 05:23 - 00084010 _____ C:\Users\tony\Downloads\Tropical.Heat.Down.Below.2016.XXX.HDTVRiP.x264-REDX.torrent
2017-01-17 05:23 - 2017-01-17 05:23 - 00075012 _____ C:\Users\tony\Downloads\Treasure.My.Feet.2016.XXX.HDTVRiP.x264-REDX.torrent
2017-01-17 05:22 - 2017-01-17 05:22 - 00135843 _____ C:\Users\tony\Downloads\Stacked.5.XXX.DVDRip.x264-CiCXXX.torrent
2017-01-17 05:22 - 2017-01-17 05:22 - 00121732 _____ C:\Users\tony\Downloads\Geeky.Gals.2016.XXX.DVDRip.x264-WaLMaRT.torrent
2017-01-17 05:22 - 2017-01-17 05:22 - 00100875 _____ C:\Users\tony\Downloads\Mandingo.bleep.The.Archangels.XXX.DVDRip.x264-CiCXXX.torrent
2017-01-16 16:22 - 2017-01-16 16:22 - 00215264 _____ C:\TDSSKiller.3.1.0.12_16.01.2017_16.22.15_log.txt
2017-01-16 16:21 - 2017-01-16 16:21 - 00000000 ____D C:\TDSSKiller_Quarantine
2017-01-16 16:19 - 2017-01-16 16:21 - 00420332 _____ C:\TDSSKiller.3.1.0.12_16.01.2017_16.19.26_log.txt
2017-01-16 16:18 - 2017-01-16 16:19 - 04747704 _____ (AO Kaspersky Lab) C:\Users\tony\Downloads\tdsskiller.exe
2017-01-16 16:17 - 2017-01-16 16:17 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\tony\Downloads\rkill.exe
2017-01-16 16:07 - 2017-01-19 03:50 - 00042435 _____ C:\Users\tony\Downloads\FRST.txt
2017-01-16 16:07 - 2017-01-16 16:08 - 00028065 _____ C:\Users\tony\Downloads\Addition.txt
2017-01-16 16:06 - 2017-01-16 16:06 - 02419200 _____ (Farbar) C:\Users\tony\Downloads\FRST64.exe
2017-01-16 15:44 - 2017-01-16 15:44 - 00266736 _____ C:\Users\tony\AppData\Local\census.cache
2017-01-16 15:44 - 2017-01-16 15:44 - 00113895 _____ C:\Users\tony\AppData\Local\ars.cache
2017-01-16 15:27 - 2017-01-16 15:27 - 02406064 _____ (Trend Micro Inc.) C:\Users\tony\Downloads\HousecallLauncher64.exe
2017-01-16 15:27 - 2017-01-16 15:27 - 00000036 _____ C:\Users\tony\AppData\Local\housecall.guid.cache
2017-01-15 20:13 - 2017-01-15 20:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow x64
2017-01-15 20:10 - 2017-01-15 20:10 - 05023797 _____ (ffdshow ) C:\Users\tony\Downloads\ffdshow_rev4531_20140628_x64.exe
2017-01-15 20:09 - 2017-01-15 20:09 - 02030080 _____ C:\Users\tony\Downloads\ffdshow-20041012.exe
2017-01-15 19:49 - 2017-01-15 19:50 - 00161944 _____ C:\Users\tony\Downloads\Vids. for DVD.txt
2017-01-15 19:29 - 2017-01-15 19:29 - 123461526 _____ (Igor Pavlov) C:\Users\tony\Downloads\opencv-3.2.0-vc14.exe
2017-01-15 19:21 - 2017-01-15 19:22 - 01142240 _____ C:\Users\tony\Downloads\libjpeg-turbo-1.5.1-gcc.exe
2017-01-15 19:21 - 2017-01-15 19:21 - 00821448 _____ C:\Users\tony\Downloads\nandub-binary-1.0rc2.rar
2017-01-15 17:57 - 2017-01-15 17:57 - 00017523 _____ C:\Users\tony\Downloads\Red.Dog.2011.720p.BRRiP.XViD.AC3-REFiLL [IPT].torrent
2017-01-15 17:57 - 2017-01-15 17:57 - 00017523 _____ C:\Users\tony\Downloads\Red.Dog.2011.720p.BRRiP.XViD.AC3-REFiLL [IPT](1).torrent
2017-01-15 13:08 - 2017-01-15 13:08 - 00001460 _____ C:\Users\tony\Downloads\streetkings62.torrent
2017-01-15 11:10 - 2017-01-15 11:10 - 00034613 _____ C:\Users\tony\Downloads\Blackmailed.Teens.XXX.WEB-DL.x264-TRB.torrent
2017-01-15 11:09 - 2017-01-15 11:09 - 00046389 _____ C:\Users\tony\Downloads\bleep.Flexible.2.XXX.WEB-DL.x264-TRB.torrent
2017-01-15 11:00 - 2017-01-15 11:00 - 00164788 _____ C:\Users\tony\Downloads\Too.Young.To.Know.Better.5.XXX.720p.WEBRip.MP4-VSEX.torrent
2017-01-15 10:58 - 2017-01-15 10:58 - 00195757 _____ C:\Users\tony\Downloads\Slutty.Times.At.Innocent.High.1-12-PussyT-Collection.torrent
2017-01-15 10:57 - 2017-01-15 10:57 - 00168235 _____ C:\Users\tony\Downloads\Penthouse.My.Hungarian.Girlfriend.XXX.2014.HDTV.720p.x264-SHDXXX.torrent
2017-01-15 10:54 - 2017-01-15 10:54 - 00215536 _____ C:\Users\tony\Downloads\21Naturals.Erotic.Anal.Full.SiteRip.1080p.WEB-DL.AAC2.0.H.264-sweety.torrent
2017-01-15 10:51 - 2017-01-15 10:52 - 00102855 _____ C:\Users\tony\Downloads\Top.10.Most.Viewed.Pornstars.in.PornHub.All.Time.XXX.PACK.torrent
2017-01-15 10:49 - 2017-01-15 10:49 - 00058500 _____ C:\Users\tony\Downloads\All.DaughterSwap.Videos.For.2016.The.Best.NEW.XXX.PACK.torrent
2017-01-15 10:42 - 2017-01-15 10:42 - 00037182 _____ C:\Users\tony\Downloads\Corrupt.Schoolgirls.14.XXX.WEB-DL.x264-TRB.torrent
2017-01-15 10:40 - 2017-01-15 10:40 - 00035797 _____ C:\Users\tony\Downloads\Dogfart.Invades.Europe!.2.XXX.WEB-DL.x264-TRB.torrent
2017-01-15 10:36 - 2017-01-15 10:36 - 00307308 _____ C:\Users\tony\Downloads\Outdoor.Pleasure.Games.2.XXX.720p.WEBRip.MP4-VSEX.torrent
2017-01-15 10:34 - 2017-01-15 10:34 - 00609930 _____ C:\Users\tony\Downloads\bleepes.Abroad.Siterip.Jan-Nov.2016.1080p.WEB-DL.AAC.AVC-Viet3X.torrent
2017-01-15 10:29 - 2017-01-15 10:29 - 00179405 _____ C:\Users\tony\Downloads\Angels.Of.Debauchery.-.1-.9.Collection.torrent
2017-01-15 10:28 - 2017-01-15 10:28 - 00117411 _____ C:\Users\tony\Downloads\MyPickupGirls.XXX.NEW.2016.Russian.Videos.Pack.torrent
2017-01-15 10:24 - 2017-01-15 10:25 - 00042048 _____ C:\Users\tony\Downloads\Nurses.Takin.On.Big.Dicks.1-3.Collection.torrent
2017-01-15 09:11 - 2017-01-15 09:18 - 00068096 ___SH C:\Users\tony\Downloads\Thumbs.db
2017-01-15 06:47 - 2017-01-15 06:47 - 00917046 _____ C:\Users\tony\Downloads\Ha-c-k-i-n-g_Mad-e-_Simple_-_Kiril_Valtchev.pdf
2017-01-15 06:47 - 2017-01-15 06:47 - 00410134 _____ C:\Users\tony\Downloads\Ha-c-k-i-ng for B-e-g-in-n-ers - Nicholas Brown.pdf
2017-01-15 03:31 - 2017-01-15 03:32 - 500723649 _____ C:\Users\tony\Downloads\BDM-2630(1).rar
2017-01-11 22:24 - 2016-12-23 09:42 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-01-11 22:24 - 2016-12-23 09:42 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-11 02:14 - 2017-01-11 02:14 - 01283465 _____ C:\Users\tony\Downloads\plugin.video.tvmix-1.0.4.zip
2017-01-11 02:08 - 2017-01-11 02:08 - 00705391 _____ C:\Users\tony\Downloads\repository.Agent-47-1.0.1.zip
2017-01-11 02:05 - 2017-01-11 02:06 - 12758485 _____ C:\Users\tony\Downloads\plugin.video.all_addons_stream_light-1.0.8.zip
2017-01-11 01:38 - 2017-01-11 01:38 - 00001909 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2017-01-11 01:38 - 2017-01-11 01:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2017-01-11 01:37 - 2017-01-11 01:37 - 00000000 ____D C:\Users\tony\Desktop\HITMAN
2017-01-11 01:32 - 2017-01-11 01:43 - 00000000 ____D C:\ProgramData\HitmanPro
2017-01-11 01:32 - 2017-01-11 01:38 - 00000000 ____D C:\Program Files\HitmanPro
2017-01-10 21:05 - 2017-01-10 21:05 - 00433503 _____ C:\Users\tony\Downloads\repository.mdrepo-1.0.2-8-04.01.2017.zip
2017-01-10 21:04 - 2017-01-10 21:04 - 02801920 _____ C:\Users\tony\Downloads\plugin.video.Kratos002v0.0.1-04.01.2017.zip
2017-01-10 20:59 - 2017-01-10 20:59 - 00512316 _____ C:\Users\tony\Downloads\plugin.video.IPTV--2016.zip
2017-01-10 20:22 - 2017-01-10 20:22 - 00000000 ____D C:\Users\tony\AppData\Local\CEF
2017-01-10 20:02 - 2017-01-10 20:02 - 00000000 ____D C:\Users\tony\Documents\Any Video Converter Ultimate
2017-01-10 20:01 - 2017-01-10 20:27 - 00000000 ____D C:\Users\tony\AppData\Roaming\Anvsoft
2017-01-10 20:01 - 2017-01-10 20:01 - 00001326 _____ C:\Users\tony\Desktop\Any Video Converter Ultimate.lnk
2017-01-10 20:01 - 2017-01-10 20:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvsoft
2017-01-10 20:01 - 2017-01-10 20:01 - 00000000 ____D C:\Program Files (x86)\Anvsoft
2017-01-10 19:58 - 2017-01-10 19:58 - 00000000 ____D C:\normalize.css
2017-01-10 18:31 - 2016-03-04 11:26 - 00032400 _____ (ThreatTrack Security) C:\WINDOWS\system32\Drivers\gfiutil.sys
2017-01-10 18:30 - 2017-01-10 18:30 - 00000000 ____D C:\Users\tony\AppData\Local\Apple
2017-01-10 18:22 - 2017-01-10 18:22 - 01072960 _____ (SafeBytes Software Inc.) C:\ProgramData\InstallDriverAssist41.exe
2017-01-10 18:21 - 2017-01-10 19:39 - 00000000 ____D C:\ProgramData\PC1Data
2017-01-10 16:11 - 2017-01-10 16:11 - 100016533 _____ C:\Users\tony\Downloads\Cosmic.Gate-Wake.Your.Mind.Radio.144-SAT-01-09-2017-TALiON.rar
2017-01-10 01:25 - 2017-01-10 01:25 - 00000000 ____D C:\ProgramData\Western Digital
2017-01-10 01:01 - 2017-01-17 17:39 - 00000000 ____D C:\Users\tony\AppData\Local\ElevatedDiagnostics
2016-12-30 19:42 - 2016-12-30 19:42 - 00000207 ____H C:\Users\tony\.swfinfo
2016-12-30 10:04 - 2016-12-30 10:06 - 00000000 ____D C:\Users\tony\AppData\LocalLow\KMPlayer
2016-12-30 10:04 - 2016-12-30 10:04 - 00000000 ____D C:\Users\tony\AppData\Roaming\Macromedia
2016-12-30 08:32 - 2017-01-17 13:55 - 00000000 ____D C:\Users\tony\AppData\Roaming\Kodi
2016-12-30 08:32 - 2016-12-30 08:32 - 00001362 _____ C:\Users\tony\Desktop\Kodi - Shortcut.lnk
2016-12-28 12:09 - 2016-12-28 12:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2016-12-28 12:09 - 2016-12-28 12:09 - 00000000 ____D C:\ProgramData\EPSON
2016-12-28 12:09 - 2016-12-28 12:09 - 00000000 ____D C:\Program Files\Common Files\EPSON
2016-12-27 23:07 - 2016-11-30 17:34 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2016-12-27 23:07 - 2016-11-30 17:27 - 00030400 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2016-12-26 22:22 - 2016-06-19 07:06 - 00590688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-12-26 22:22 - 2016-06-19 07:06 - 00072408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
2016-12-26 22:22 - 2016-06-12 06:52 - 00057184 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2016-12-26 22:22 - 2016-06-12 05:05 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpresult.exe
2016-12-26 22:22 - 2016-06-12 04:14 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpresult.exe
2016-12-26 22:22 - 2016-06-12 03:50 - 00987136 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-12-26 22:22 - 2016-06-12 03:46 - 00482304 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
2016-12-26 22:22 - 2016-06-12 03:44 - 00509440 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2016-12-26 22:22 - 2016-06-12 03:37 - 00796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-12-26 22:22 - 2016-06-12 03:24 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-12-26 22:22 - 2016-06-12 03:20 - 00413184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2016-12-26 22:22 - 2016-06-12 03:16 - 00626176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-12-26 22:22 - 2016-06-11 14:44 - 00107984 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2016-12-26 22:22 - 2016-06-11 14:44 - 00091416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2016-12-26 22:22 - 2016-06-11 08:34 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storvsp.sys
2016-12-26 22:22 - 2016-06-11 07:07 - 03820544 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2016-12-26 22:22 - 2016-06-11 05:11 - 06521800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2016-12-26 22:22 - 2016-06-11 05:11 - 01487992 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-12-26 22:22 - 2016-06-11 05:11 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-12-26 22:22 - 2016-06-11 05:11 - 00125024 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptxml.dll
2016-12-26 22:22 - 2016-06-11 05:10 - 00099136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptxml.dll
2016-12-26 22:22 - 2016-06-11 05:07 - 03273728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2016-12-26 22:22 - 2016-06-10 06:32 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2016-12-26 22:22 - 2016-06-10 05:18 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2016-12-26 22:22 - 2016-06-08 05:10 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\hbaapi.dll
2016-12-26 22:22 - 2016-06-08 04:13 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hbaapi.dll
2016-12-26 22:22 - 2016-05-19 08:54 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\certenc.dll
2016-12-26 22:22 - 2016-05-19 08:15 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certenc.dll
2016-12-26 22:22 - 2016-05-19 07:56 - 01291776 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2016-12-26 22:22 - 2016-05-19 07:33 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2016-12-26 22:22 - 2016-05-19 07:28 - 02635264 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2016-12-26 22:22 - 2016-05-19 07:16 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2016-12-26 22:22 - 2016-05-15 07:26 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-12-26 22:22 - 2016-05-14 16:19 - 01134768 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-12-26 22:22 - 2016-05-14 10:08 - 00111616 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-12-26 22:22 - 2016-05-14 10:08 - 00032768 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys
2016-12-26 22:22 - 2016-05-14 10:08 - 00032512 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2016-12-26 22:22 - 2016-05-14 09:24 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-12-26 22:22 - 2016-05-14 08:42 - 03667968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-12-26 22:22 - 2016-05-14 08:30 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2016-12-26 22:22 - 2016-05-14 08:29 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2016-12-26 22:22 - 2016-05-14 08:27 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2016-12-26 22:22 - 2016-05-14 08:27 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2016-12-26 22:22 - 2016-05-14 08:26 - 02230784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2016-12-26 22:22 - 2016-05-14 08:26 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-12-26 22:22 - 2016-05-14 08:18 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2016-12-26 22:22 - 2016-05-14 08:18 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2016-12-26 22:22 - 2016-05-14 08:16 - 00727040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-12-26 22:22 - 2016-05-14 08:16 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2016-12-26 22:22 - 2016-05-13 05:36 - 00034600 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserAccountBroker.exe
2016-12-26 22:22 - 2016-05-13 04:39 - 00030984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserAccountBroker.exe
2016-12-26 22:22 - 2016-05-07 08:59 - 00331608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2016-12-26 22:22 - 2016-05-06 04:18 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2016-12-26 22:22 - 2016-05-06 03:37 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2016-12-26 22:22 - 2016-04-10 09:15 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll
2016-12-26 22:22 - 2016-04-10 09:14 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Geolocation.dll
2016-12-26 22:22 - 2016-04-10 09:10 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2016-12-26 22:22 - 2016-04-10 09:09 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2016-12-26 22:22 - 2016-04-10 09:02 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationApi.dll
2016-12-26 22:22 - 2016-04-10 08:59 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Geolocation.dll
2016-12-26 22:22 - 2016-04-10 08:59 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfapigp.dll
2016-12-26 22:22 - 2016-04-10 08:56 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2016-12-26 22:22 - 2016-04-10 08:55 - 00881152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-12-26 22:22 - 2016-04-10 08:52 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationApi.dll
2016-12-26 22:22 - 2016-04-08 03:06 - 00927744 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2016-12-26 22:22 - 2016-04-07 08:21 - 00114528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mup.sys
2016-12-26 22:22 - 2016-04-07 08:13 - 00137976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2016-12-26 22:22 - 2016-04-07 05:20 - 00559104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\csc.sys
2016-12-26 22:22 - 2016-04-07 05:20 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-12-26 22:22 - 2016-04-07 05:17 - 18825216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-12-26 22:22 - 2016-04-07 04:49 - 00120384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2016-12-26 22:22 - 2016-04-07 03:25 - 15158272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-12-26 22:22 - 2016-04-06 09:37 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndiswan.sys
2016-12-26 22:22 - 2016-04-03 01:09 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfg.exe
2016-12-26 22:22 - 2016-04-03 00:58 - 00108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2016-12-26 22:22 - 2016-04-02 04:40 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2016-12-26 22:22 - 2016-04-02 03:53 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-12-26 22:22 - 2016-04-02 03:50 - 00737280 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-12-26 22:22 - 2016-02-05 03:57 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxp.dll
2016-12-26 22:22 - 2016-02-05 03:49 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2016-12-26 22:22 - 2016-02-05 03:39 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2016-12-26 22:19 - 2016-08-21 10:45 - 07076864 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2016-12-26 22:19 - 2016-08-21 10:22 - 00435200 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-12-26 22:19 - 2016-08-21 10:05 - 05273600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll
2016-12-26 22:19 - 2016-08-21 09:50 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-12-26 22:19 - 2016-08-21 09:42 - 07795712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-12-26 22:19 - 2016-08-21 09:27 - 05268480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-12-26 22:19 - 2016-08-10 09:47 - 00803176 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2016-12-26 22:19 - 2016-08-10 09:47 - 00611576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2016-12-26 22:19 - 2016-08-05 01:17 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2016-12-26 22:19 - 2016-08-04 05:06 - 00675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-12-26 22:19 - 2016-08-04 05:05 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2016-12-26 22:19 - 2016-05-13 05:38 - 00135336 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2016-12-26 22:19 - 2016-05-13 04:43 - 00115704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpapi.dll
2016-12-26 22:19 - 2016-05-13 03:24 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpprefcl.dll
2016-12-26 22:19 - 2016-05-13 03:17 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\polstore.dll
2016-12-26 22:19 - 2016-05-13 03:12 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpscript.dll
2016-12-26 22:19 - 2016-05-13 03:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\FwRemoteSvr.dll
2016-12-26 22:19 - 2016-05-13 03:07 - 01360896 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2016-12-26 22:19 - 2016-05-13 02:59 - 00398848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPSECSVC.DLL
2016-12-26 22:19 - 2016-05-13 02:48 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpprefcl.dll
2016-12-26 22:19 - 2016-05-13 02:43 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\polstore.dll
2016-12-26 22:19 - 2016-05-13 02:40 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpscript.dll
2016-12-26 22:19 - 2016-05-13 02:37 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FwRemoteSvr.dll
2016-12-26 22:19 - 2016-05-07 02:45 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2016-12-26 22:19 - 2016-05-07 02:23 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2016-12-26 22:19 - 2016-04-10 15:21 - 01763376 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-12-26 22:19 - 2016-04-10 15:21 - 01489088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-12-26 22:19 - 2016-04-10 08:58 - 00534016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-12-26 22:19 - 2016-04-10 08:50 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-12-26 22:19 - 2016-03-11 04:03 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsparse.dll
2016-12-26 22:19 - 2016-03-11 03:48 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsparse.dll
2016-12-26 22:18 - 2016-06-26 05:13 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
2016-12-26 22:18 - 2016-06-26 03:24 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
2016-12-26 22:18 - 2016-06-26 03:05 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
2016-12-26 22:18 - 2016-03-31 17:50 - 01307328 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-12-26 22:18 - 2016-03-31 14:40 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-12-26 22:17 - 2016-11-20 08:24 - 00567152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-12-26 22:17 - 2016-11-20 08:24 - 00152856 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2016-12-26 22:17 - 2016-11-20 06:29 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-12-26 22:17 - 2016-11-20 05:44 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-12-26 22:17 - 2016-11-20 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-12-26 22:17 - 2016-11-20 04:22 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2016-12-26 22:17 - 2016-11-17 08:49 - 00377176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-12-26 22:17 - 2016-11-13 08:06 - 00738104 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-12-26 22:17 - 2016-11-13 06:38 - 00613632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-12-26 22:17 - 2016-11-13 06:25 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-12-26 22:17 - 2016-11-13 06:08 - 25759744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-12-26 22:17 - 2016-11-13 06:07 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-12-26 22:17 - 2016-11-13 05:53 - 06049280 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-12-26 22:17 - 2016-11-13 05:29 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-12-26 22:17 - 2016-11-13 05:23 - 01033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-12-26 22:17 - 2016-11-13 05:17 - 20302848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-12-26 22:17 - 2016-11-13 05:14 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-12-26 22:17 - 2016-11-13 05:10 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-12-26 22:17 - 2016-11-13 04:45 - 00880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-12-26 22:17 - 2016-11-13 04:41 - 15257088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-12-26 22:17 - 2016-11-13 04:38 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-12-26 22:17 - 2016-11-13 04:37 - 04608000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-12-26 22:17 - 2016-11-13 04:35 - 02920960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-12-26 22:17 - 2016-11-13 04:21 - 13653504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-12-26 22:17 - 2016-11-13 04:20 - 01543680 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-12-26 22:17 - 2016-11-13 04:11 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-12-26 22:17 - 2016-11-13 04:05 - 02444800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-12-26 22:17 - 2016-11-13 04:02 - 01312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-12-26 22:17 - 2016-11-13 04:02 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-12-26 22:17 - 2016-11-11 13:33 - 01541240 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-12-26 22:17 - 2016-11-10 04:25 - 01376768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-12-26 22:17 - 2016-11-06 07:46 - 00422744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2016-12-26 22:17 - 2016-11-06 05:35 - 04169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-12-26 22:17 - 2016-11-06 04:57 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-12-26 22:17 - 2016-11-06 04:11 - 03606528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-12-26 22:17 - 2016-11-06 02:56 - 02778624 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-12-26 22:17 - 2016-11-06 02:46 - 02463744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-12-26 22:17 - 2016-11-03 07:48 - 00372568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-12-26 22:17 - 2016-11-03 07:48 - 00315224 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-12-26 22:17 - 2016-11-03 01:03 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-12-26 22:17 - 2016-11-03 01:00 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-12-26 22:17 - 2016-10-28 13:56 - 01380048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-12-26 22:17 - 2016-10-28 05:51 - 02896384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-12-26 22:17 - 2016-10-28 05:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-12-26 22:17 - 2016-10-28 05:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-12-26 22:17 - 2016-10-28 05:05 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-12-26 22:17 - 2016-10-28 04:49 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2016-12-26 22:17 - 2016-10-28 04:47 - 00378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-12-26 22:17 - 2016-10-28 04:46 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-12-26 22:17 - 2016-10-28 04:44 - 02131456 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-12-26 22:17 - 2016-10-28 01:28 - 01097728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-12-26 22:17 - 2016-10-23 04:34 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2016-12-26 22:17 - 2016-10-23 04:27 - 02287616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-12-26 22:17 - 2016-10-23 03:58 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2016-12-26 22:17 - 2016-10-23 03:57 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-12-26 22:17 - 2016-10-23 03:56 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-12-26 22:17 - 2016-10-23 03:46 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2016-12-26 22:17 - 2016-10-23 03:45 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-12-26 22:17 - 2016-10-23 03:43 - 02055680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-12-26 22:17 - 2016-10-14 06:06 - 01385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-12-26 22:17 - 2016-10-14 06:06 - 01124376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-12-26 22:17 - 2016-10-13 08:49 - 00379224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-12-26 22:17 - 2016-10-13 08:11 - 00922968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2016-12-26 22:17 - 2016-10-12 07:21 - 00497448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-12-26 22:17 - 2016-10-12 07:21 - 00399776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-12-26 22:17 - 2016-10-12 05:34 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-12-26 22:17 - 2016-10-12 04:47 - 00263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\input.dll
2016-12-26 22:17 - 2016-10-12 03:55 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\input.dll
2016-12-26 22:17 - 2016-10-12 03:45 - 00175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-12-26 22:17 - 2016-10-11 10:31 - 00990040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-12-26 22:17 - 2016-10-11 08:17 - 00444248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-12-26 22:17 - 2016-10-11 08:17 - 00333656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-12-26 22:17 - 2016-10-11 05:18 - 00069976 _____ (Microsoft Corporation) C:\WINDOWS\system32\apisetschema.dll
2016-12-26 22:17 - 2016-10-11 05:18 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cmimcext.sys
2016-12-26 22:17 - 2016-10-10 09:59 - 00551256 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2016-12-26 22:17 - 2016-10-10 01:17 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionQueue.dll
2016-12-26 22:17 - 2016-10-10 01:08 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsetup.dll
2016-12-26 22:17 - 2016-10-10 01:08 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shsetup.dll
2016-12-26 22:17 - 2016-10-09 09:53 - 03754496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2016-12-26 22:17 - 2016-10-09 09:24 - 00658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-12-26 22:17 - 2016-10-09 09:21 - 01445376 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-12-26 22:17 - 2016-10-09 09:18 - 00840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2016-12-26 22:17 - 2016-10-09 09:07 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAnimation.dll
2016-12-26 22:17 - 2016-10-09 08:49 - 02410496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2016-12-26 22:17 - 2016-10-09 08:31 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-12-26 22:17 - 2016-10-09 08:21 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAnimation.dll
2016-12-26 22:17 - 2016-10-09 08:10 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-12-26 22:17 - 2016-10-08 12:34 - 01660040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-12-26 22:17 - 2016-10-08 12:34 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-12-26 22:17 - 2016-10-06 01:01 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2016-12-26 22:17 - 2016-10-06 01:00 - 00868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2016-12-26 22:17 - 2016-10-06 01:00 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2016-12-26 22:17 - 2016-10-06 00:52 - 00513456 _____ C:\WINDOWS\SysWOW64\locale.nls
2016-12-26 22:17 - 2016-10-06 00:52 - 00513456 _____ C:\WINDOWS\system32\locale.nls
2016-12-26 22:17 - 2016-10-05 15:15 - 01969944 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-12-26 22:17 - 2016-10-05 15:15 - 01613528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-12-26 22:17 - 2016-10-05 15:15 - 00324896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2016-12-26 22:17 - 2016-10-05 15:15 - 00245320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2016-12-26 22:17 - 2016-10-05 07:39 - 00101376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2016-12-26 22:17 - 2016-10-05 07:23 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-12-26 22:17 - 2016-10-05 07:08 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-12-26 22:17 - 2016-10-05 07:08 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-12-26 22:17 - 2016-10-01 11:22 - 07444312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-12-26 22:17 - 2016-09-28 07:16 - 00445873 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-12-26 22:17 - 2016-09-21 09:30 - 02462040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-12-26 22:17 - 2016-09-18 05:16 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\system32\adsmsext.dll
2016-12-26 22:17 - 2016-09-18 04:21 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adsmsext.dll
2016-12-26 22:17 - 2016-09-14 12:53 - 01663184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-12-26 22:17 - 2016-09-14 12:53 - 01523208 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-12-26 22:17 - 2016-09-14 12:53 - 01490112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-12-26 22:17 - 2016-09-14 12:53 - 01358952 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-12-26 22:17 - 2016-09-13 09:03 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2016-12-26 22:17 - 2016-09-13 08:01 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2016-12-26 22:17 - 2016-09-10 09:14 - 00275800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2016-12-26 22:17 - 2016-09-10 01:15 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2016-12-26 22:17 - 2016-09-10 01:09 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2016-12-26 22:17 - 2016-09-10 01:04 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-12-26 22:17 - 2016-09-10 01:03 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiwmi.dll
2016-12-26 22:17 - 2016-09-10 01:02 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsiwmi.dll
2016-12-26 22:17 - 2016-09-09 07:41 - 00121176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2016-12-26 22:17 - 2016-09-09 01:00 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-12-26 22:17 - 2016-09-09 01:00 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-12-26 22:17 - 2016-09-08 09:07 - 01988096 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2016-12-26 22:17 - 2016-09-08 08:59 - 01754112 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-12-26 22:17 - 2016-09-08 08:59 - 01377792 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2016-12-26 22:17 - 2016-09-08 08:57 - 01560064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2016-12-26 22:17 - 2016-09-08 08:56 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-12-26 22:17 - 2016-09-04 05:20 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsidsc.dll
2016-12-26 22:17 - 2016-09-04 05:06 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiexe.dll
2016-12-26 22:17 - 2016-09-04 04:21 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsidsc.dll
2016-12-26 22:17 - 2016-09-04 04:18 - 00825856 _____ (Microsoft Corporation) C:\WINDOWS\system32\pmcsnap.dll
2016-12-26 22:17 - 2016-09-04 03:12 - 00512512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2016-12-26 22:17 - 2016-09-04 03:05 - 01094656 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2016-12-26 22:17 - 2016-09-04 02:58 - 00397824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2016-12-26 22:17 - 2016-09-03 01:05 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pdh.dll
2016-12-26 22:17 - 2016-09-03 01:05 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pdh.dll
2016-12-26 22:17 - 2016-09-02 01:33 - 00377856 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmrdvcore.dll
2016-12-26 22:17 - 2016-09-02 01:33 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SessEnv.dll
2016-12-26 22:17 - 2016-09-02 01:31 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SessEnv.dll
2016-12-26 22:17 - 2016-08-31 01:11 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2016-12-26 22:17 - 2016-08-30 13:45 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\xolehlp.dll
2016-12-26 22:17 - 2016-08-30 13:18 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
2016-12-26 22:17 - 2016-08-30 13:18 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xolehlp.dll
2016-12-26 22:17 - 2016-08-30 13:03 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2016-12-26 22:17 - 2016-08-26 07:50 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-12-26 22:17 - 2016-08-26 06:40 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-12-26 22:17 - 2016-08-23 00:34 - 01628672 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-12-26 22:17 - 2016-08-13 11:05 - 09323008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmploc.DLL
2016-12-26 22:17 - 2016-08-13 11:03 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifibus.sys
2016-12-26 22:17 - 2016-08-13 11:02 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys
2016-12-26 22:17 - 2016-08-13 11:01 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2016-12-26 22:17 - 2016-08-13 09:35 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2016-12-26 22:17 - 2016-08-13 09:19 - 09323008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmploc.DLL
2016-12-26 22:17 - 2016-08-13 08:47 - 15431168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-12-26 22:17 - 2016-08-13 08:17 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2016-12-26 22:17 - 2016-08-13 07:52 - 13317120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-12-26 22:17 - 2016-08-12 12:58 - 02315496 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-12-26 22:17 - 2016-08-12 12:58 - 01946176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-12-26 22:17 - 2016-08-12 05:33 - 00096256 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\parport.sys
2016-12-26 22:17 - 2016-08-12 05:33 - 00083456 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
2016-12-26 22:17 - 2016-08-12 05:33 - 00023040 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serenum.sys
2016-12-26 22:17 - 2016-08-12 04:17 - 01574912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
2016-12-26 22:17 - 2016-08-04 02:42 - 01317888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2016-12-26 22:17 - 2016-08-04 02:36 - 01102848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2016-12-26 22:17 - 2016-08-04 02:36 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2016-12-26 22:17 - 2016-08-04 02:33 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2016-12-26 22:17 - 2016-08-02 17:20 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2016-12-26 22:17 - 2016-07-31 04:12 - 02896384 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-12-26 22:17 - 2016-07-31 03:36 - 02537472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-12-26 22:17 - 2016-07-27 00:40 - 00162850 _____ C:\WINDOWS\SysWOW64\C_932.NLS
2016-12-26 22:17 - 2016-07-27 00:40 - 00162850 _____ C:\WINDOWS\system32\C_932.NLS
2016-12-26 22:17 - 2016-07-24 05:18 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-12-26 22:17 - 2016-07-24 05:12 - 00954880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-12-26 22:17 - 2016-07-09 01:17 - 00696832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2016-12-26 22:17 - 2016-01-31 06:50 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2016-12-26 22:17 - 2016-01-31 06:00 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2016-12-26 22:17 - 2016-01-31 05:18 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2016-12-26 22:17 - 2016-01-31 04:48 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2016-12-26 22:16 - 2016-08-28 06:44 - 22360288 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-12-26 22:16 - 2016-08-28 06:44 - 02755504 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-12-26 22:16 - 2016-08-28 06:44 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\RestoreOptIn.exe
2016-12-26 22:16 - 2016-08-28 05:26 - 19789232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-12-26 22:16 - 2016-08-28 05:26 - 02411048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-12-26 22:16 - 2016-08-28 05:26 - 00113656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RestoreOptIn.exe
2016-12-26 22:16 - 2016-08-28 03:33 - 02881536 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-12-26 22:16 - 2016-08-28 03:11 - 01049600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-12-26 22:16 - 2016-08-28 03:09 - 14466560 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-12-26 22:16 - 2016-08-28 02:55 - 12879360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-12-26 22:16 - 2016-08-23 03:06 - 00179248 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2016-12-26 22:16 - 2016-08-23 03:06 - 00100184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2016-12-26 22:16 - 2016-08-21 12:03 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-12-26 22:16 - 2016-08-21 12:01 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-12-26 22:16 - 2016-08-21 09:55 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2016-12-26 22:16 - 2016-08-13 18:40 - 01737080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-12-26 22:16 - 2016-08-13 11:04 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2016-12-26 22:16 - 2016-08-12 03:26 - 01156608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2016-12-26 22:16 - 2016-08-12 03:17 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2016-12-26 22:16 - 2016-08-12 03:16 - 00455680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2016-12-26 22:16 - 2016-07-10 03:10 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2016-12-26 22:16 - 2016-07-09 09:35 - 00101208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2016-12-26 22:16 - 2016-07-09 01:17 - 00377344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll
2016-12-26 22:16 - 2016-07-09 01:17 - 00319488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprddm.dll
2016-12-26 22:16 - 2016-07-08 09:32 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2016-12-26 22:16 - 2016-07-08 09:18 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2016-12-26 22:16 - 2016-07-08 09:10 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprdim.dll
2016-12-26 22:16 - 2016-07-08 09:01 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasppp.dll
2016-12-26 22:16 - 2016-07-08 08:04 - 00173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
2016-12-26 22:16 - 2016-07-08 07:59 - 01080320 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-12-26 22:16 - 2016-07-08 07:44 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-12-26 22:16 - 2016-07-08 07:41 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2016-12-26 22:16 - 2016-07-08 07:34 - 00542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2016-12-26 22:16 - 2016-07-08 07:29 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2016-12-26 22:16 - 2016-07-08 07:29 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-12-26 22:16 - 2016-07-08 07:23 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
2016-12-26 22:16 - 2016-07-08 07:18 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprdim.dll
2016-12-26 22:16 - 2016-07-08 07:11 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasppp.dll
2016-12-26 22:16 - 2016-07-08 06:35 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
2016-12-26 22:16 - 2016-07-08 06:14 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-12-26 22:16 - 2016-07-04 16:09 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-12-26 22:16 - 2016-07-04 14:45 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2016-12-26 22:16 - 2016-07-02 07:39 - 00197352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssenh.dll
2016-12-26 22:16 - 2016-07-02 07:39 - 00157016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dssenh.dll
2016-12-26 22:16 - 2016-06-22 05:32 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2016-12-26 22:16 - 2016-06-22 01:12 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2016-12-26 22:16 - 2016-05-19 10:18 - 00397232 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2016-12-26 22:16 - 2016-05-19 10:16 - 00178016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-12-26 22:16 - 2016-05-19 09:28 - 00340880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2016-12-26 22:16 - 2016-05-15 07:01 - 00363104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ws2_32.dll
2016-12-26 22:16 - 2016-05-15 07:01 - 00320720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ws2_32.dll
2016-12-26 22:16 - 2016-05-14 10:07 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2016-12-26 22:16 - 2016-05-14 08:58 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswsock.dll
2016-12-26 22:16 - 2016-05-14 08:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswsock.dll
2016-12-26 22:16 - 2016-04-11 17:21 - 00074584 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2016-12-26 22:16 - 2016-04-10 16:37 - 01549144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-12-26 22:16 - 2016-03-15 03:50 - 00316760 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2016-12-26 22:16 - 2016-03-12 11:47 - 00160160 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPHLPAPI.DLL
2016-12-26 22:16 - 2016-03-12 11:47 - 00121912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IPHLPAPI.DLL
2016-12-26 22:16 - 2016-03-11 03:52 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2016-12-26 22:16 - 2016-03-06 04:44 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2016-12-26 22:16 - 2016-03-06 04:04 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2016-12-26 22:16 - 2016-01-11 04:08 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2016-12-26 22:15 - 2015-05-13 00:19 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2016-12-23 18:48 - 2016-12-23 18:48 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2016-12-22 07:25 - 2016-12-22 07:25 - 00000000 ____D C:\Windows.old
2016-12-22 07:24 - 2016-12-22 07:24 - 00262144 _____ C:\WINDOWS\system32\config\userdiff
2016-12-22 07:24 - 2016-12-22 07:24 - 00008192 ___SH C:\WINDOWS\system32\config\userdiff.LOG1
2016-12-22 07:24 - 2016-12-22 07:24 - 00000000 ___SH C:\WINDOWS\system32\config\userdiff.LOG2
2016-12-22 06:30 - 2017-01-17 23:14 - 00000000 ____D C:\WINDOWS\SoftwareDistribution
2016-12-22 06:30 - 2016-12-22 06:30 - 00002324 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2285785116-1953552596-3447252386-500
2016-12-22 06:28 - 2017-01-17 16:47 - 00000000 ____D C:\ProgramData\NVIDIA
2016-12-22 06:28 - 2016-09-13 07:00 - 06790080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-12-22 06:28 - 2016-09-13 07:00 - 03529152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-12-22 06:28 - 2016-09-13 07:00 - 02558328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-12-22 06:28 - 2016-09-13 07:00 - 00932912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2016-12-22 06:28 - 2016-09-13 07:00 - 00384888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-12-22 06:28 - 2016-09-13 07:00 - 00062512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-12-22 06:28 - 2016-09-07 23:14 - 07350875 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-12-22 06:27 - 2017-01-17 18:43 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-12-22 06:27 - 2016-12-22 06:27 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2016-12-22 06:27 - 2016-12-22 06:27 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-12-22 06:27 - 2016-12-22 06:27 - 00000000 ____D C:\WINDOWS\system32\DAX2
2016-12-22 06:27 - 2016-12-22 06:27 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-12-22 06:27 - 2016-12-22 06:27 - 00000000 ____D C:\Program Files\Realtek
2016-12-21 18:00 - 2016-12-21 18:00 - 00000000 ____D C:\Users\tony\AppData\Roaming\MediaInfo
2016-12-21 17:59 - 2016-12-21 18:00 - 00000000 ____D C:\Program Files\MediaInfo
2016-12-21 17:59 - 2016-12-21 17:59 - 00000923 _____ C:\Users\tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaInfo.lnk
2016-12-21 17:55 - 2016-12-21 17:55 - 00011473 _____ C:\Users\tony\Downloads\scanner exception list.xlsx
2016-12-21 17:48 - 2016-12-21 17:48 - 00000000 ____D C:\Users\tony\Documents\Tipard Studio
2016-12-21 16:28 - 2017-01-10 18:29 - 00000000 ____D C:\ProgramData\Apple
2016-12-21 16:28 - 2016-12-21 16:28 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-12-21 16:26 - 2016-12-21 16:26 - 00000000 ____D C:\Users\tony\AppData\Roaming\Apple Computer
2016-12-21 16:26 - 2016-12-21 16:26 - 00000000 ____D C:\Users\tony\AppData\Local\Tipard Studio
2016-12-21 16:21 - 2016-12-21 16:21 - 00001617 _____ C:\Users\Public\Desktop\Tipard iPhone Transfer Ultimate.lnk
2016-12-21 16:21 - 2016-12-21 16:21 - 00000000 ____D C:\ProgramData\Tipard Studio
2016-12-21 16:21 - 2016-12-21 16:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tipard
2016-12-21 16:21 - 2016-12-21 16:21 - 00000000 ____D C:\Program Files (x86)\Tipard Studio
2016-12-21 16:18 - 2016-12-21 16:18 - 00002786 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-12-21 16:18 - 2016-12-21 16:18 - 00000834 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-12-21 16:18 - 2016-12-21 16:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-12-21 16:17 - 2016-12-21 16:18 - 00000000 ____D C:\Program Files\CCleaner
2016-12-21 16:15 - 2016-12-21 16:15 - 00001343 _____ C:\Users\Public\Desktop\Ashampoo Burning Studio 2017.lnk
2016-12-21 16:15 - 2016-12-21 16:15 - 00000000 ____D C:\Users\tony\AppData\Roaming\Ashampoo
2016-12-21 16:15 - 2016-12-21 16:15 - 00000000 ____D C:\Users\tony\AppData\Local\ashampoo
2016-12-21 16:15 - 2016-12-21 16:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2016-12-21 16:14 - 2016-12-21 16:15 - 00000000 ____D C:\ProgramData\Ashampoo
2016-12-21 16:14 - 2016-12-21 16:14 - 00000000 ____D C:\Program Files (x86)\Ashampoo
2016-12-21 15:41 - 2016-12-21 15:41 - 00000000 ____D C:\ProgramData\Microsoft Toolkit
2016-12-21 15:33 - 2016-12-21 15:33 - 00000896 _____ C:\Users\tony\Documents\hosts.txt
2016-12-21 15:27 - 2016-12-21 15:27 - 00002899 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2016-12-21 15:27 - 2016-12-21 15:27 - 00002878 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-12-21 15:27 - 2016-12-21 15:27 - 00002873 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2016-12-21 15:27 - 2016-12-21 15:27 - 00002849 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-12-21 15:27 - 2016-12-21 15:27 - 00002827 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-12-21 15:27 - 2016-12-21 15:27 - 00002821 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-12-21 15:27 - 2016-12-21 15:27 - 00002801 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-12-21 15:27 - 2016-12-21 15:27 - 00002793 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-12-21 15:27 - 2016-12-21 15:27 - 00002785 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-12-21 15:27 - 2016-12-21 15:27 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2016-12-21 15:27 - 2016-12-21 15:27 - 00000000 ____D C:\WINDOWS\PCHEALTH
2016-12-21 15:27 - 2016-12-21 15:27 - 00000000 ____D C:\Program Files\Microsoft.NET
2016-12-21 15:27 - 2016-12-21 15:27 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2016-12-21 15:27 - 2016-12-21 15:27 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-12-21 15:27 - 2016-12-21 15:27 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2016-12-21 15:26 - 2016-12-21 15:32 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-12-21 15:26 - 2016-12-21 15:27 - 00000000 ____D C:\Program Files\Microsoft Office
2016-12-21 15:26 - 2016-12-21 15:26 - 00000000 ____D C:\Users\tony\AppData\Local\Microsoft Help
2016-12-21 15:26 - 2016-12-21 15:26 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2016-12-21 15:26 - 2016-12-21 15:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-12-21 15:26 - 2016-12-21 15:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2016-12-21 15:26 - 2016-11-14 07:16 - 00000000 ____D C:\Users\tony\Desktop\X64
2016-12-21 15:19 - 2017-01-17 19:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DLL Suite 9.0
2016-12-21 15:18 - 2017-01-17 18:43 - 00000000 ____D C:\Program Files (x86)\DLL Suite
2016-12-21 15:15 - 2016-12-21 15:24 - 00000000 ____D C:\Users\tony\AppData\Roaming\GlarySoft
2016-12-21 15:15 - 2016-12-21 15:15 - 00020160 _____ (Glarysoft Ltd) C:\WINDOWS\system32\Drivers\GUSBootStartup.sys
2016-12-21 15:15 - 2016-12-21 15:15 - 00002988 _____ C:\WINDOWS\System32\Tasks\GMHSkipUAC
2016-12-21 15:15 - 2016-12-21 15:15 - 00001244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malware Hunter.lnk
2016-12-21 15:15 - 2016-12-21 15:15 - 00001232 _____ C:\Users\Public\Desktop\Malware Hunter.lnk
2016-12-21 15:15 - 2016-12-21 15:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glarysoft
2016-12-21 15:15 - 2016-12-21 15:15 - 00000000 ____D C:\ProgramData\Glarysoft
2016-12-21 15:15 - 2016-12-21 15:15 - 00000000 ____D C:\Program Files (x86)\Glarysoft
2016-12-21 15:03 - 2017-01-17 09:32 - 00000000 ____D C:\Users\tony\AppData\Roaming\mIRC
2016-12-21 15:03 - 2016-12-21 15:03 - 00000967 _____ C:\Users\Public\Desktop\mIRC.lnk
2016-12-21 15:03 - 2016-12-21 15:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC
2016-12-21 15:03 - 2016-12-21 15:03 - 00000000 ____D C:\Program Files (x86)\mIRC
2016-12-21 15:01 - 2016-12-21 15:01 - 00000000 ____D C:\Users\tony\AppData\Roaming\Notepad++
2016-12-21 15:01 - 2016-12-21 15:01 - 00000000 ____D C:\Users\tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2016-12-21 15:01 - 2016-12-21 15:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2016-12-21 15:01 - 2016-12-21 15:01 - 00000000 ____D C:\Program Files (x86)\Notepad++
2016-12-21 14:59 - 2016-12-21 14:59 - 00001023 _____ C:\Users\Public\Desktop\UltraISO.lnk
2016-12-21 14:59 - 2016-12-21 14:59 - 00000000 ____D C:\Users\tony\Documents\My ISO Files
2016-12-21 14:59 - 2016-12-21 14:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO
2016-12-21 14:59 - 2016-12-21 14:59 - 00000000 ____D C:\Program Files (x86)\UltraISO
2016-12-21 14:56 - 2016-12-21 14:56 - 00001093 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2016-12-21 14:56 - 2016-12-21 14:56 - 00000000 ____D C:\Users\tony\AppData\Local\VS Revo Group
2016-12-21 14:56 - 2016-12-21 14:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2016-12-21 14:56 - 2016-12-21 14:56 - 00000000 ____D C:\Program Files\VS Revo Group
2016-12-21 14:56 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
2016-12-21 14:52 - 2016-12-21 14:52 - 00000000 ____D C:\ProgramData\VS Revo Group
2016-12-21 14:51 - 2016-12-21 14:51 - 00001109 _____ C:\Users\Public\Desktop\EPUB File Reader.lnk
2016-12-21 14:51 - 2016-12-21 14:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPUB File Reader
2016-12-21 14:51 - 2016-12-21 14:51 - 00000000 ____D C:\Program Files (x86)\EPUB File Reader
2016-12-21 14:49 - 2016-12-21 14:49 - 00001258 _____ C:\Users\Public\Desktop\Medieval CUE Splitter.lnk
2016-12-21 14:49 - 2016-12-21 14:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Medieval Software
2016-12-21 14:49 - 2016-12-21 14:49 - 00000000 ____D C:\Program Files (x86)\Medieval Software
2016-12-21 14:47 - 2016-12-21 14:48 - 00000000 ____D C:\Users\tony\AppData\Local\EZ CD Audio Converter
2016-12-21 14:47 - 2016-12-21 14:47 - 00000925 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZ CD Audio Converter.lnk
2016-12-21 14:47 - 2016-12-21 14:47 - 00000913 _____ C:\Users\Public\Desktop\EZ CD Audio Converter.lnk
2016-12-21 14:47 - 2016-12-21 14:47 - 00000000 ____D C:\Program Files\EZ CD Audio Converter
2016-12-21 14:42 - 2016-12-21 14:42 - 00000000 ____D C:\ProgramData\TEMP
2016-12-21 14:42 - 2016-12-21 14:42 - 00000000 ____D C:\ProgramData\Licenses
2016-12-21 14:42 - 2016-12-21 14:42 - 00000000 ____D C:\ProgramData\EZ CD Audio Converter
2016-12-21 14:41 - 2016-12-21 14:41 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-12-21 14:41 - 2016-12-21 14:41 - 00000000 ____D C:\Users\tony\AppData\Roaming\Sun
2016-12-21 14:41 - 2016-12-21 14:41 - 00000000 ____D C:\Users\tony\AppData\LocalLow\Sun
2016-12-21 14:41 - 2016-12-21 14:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-12-21 14:40 - 2016-12-21 14:41 - 00000000 ____D C:\ProgramData\Oracle
2016-12-21 14:40 - 2016-12-21 14:40 - 00000000 ____D C:\Program Files (x86)\Java
2016-12-21 14:39 - 2017-01-10 01:32 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-21 14:38 - 2016-12-21 14:38 - 00000000 ____D C:\Users\tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kodi
2016-12-21 14:38 - 2016-12-21 14:38 - 00000000 ____D C:\Program Files (x86)\Kodi
2016-12-21 14:37 - 2016-12-21 14:37 - 00001893 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
2016-12-21 14:37 - 2016-12-21 14:37 - 00001881 _____ C:\Users\Public\Desktop\ImgBurn.lnk
2016-12-21 14:37 - 2016-12-21 14:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2016-12-21 14:37 - 2016-12-21 14:37 - 00000000 ____D C:\Program Files (x86)\ImgBurn
2016-12-21 14:35 - 2017-01-17 11:45 - 00000000 ____D C:\Users\tony\AppData\Roaming\vlc
2016-12-21 14:35 - 2016-12-21 14:35 - 00000887 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-12-21 14:35 - 2016-12-21 14:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-12-21 14:35 - 2016-12-21 14:35 - 00000000 ____D C:\Program Files\VideoLAN
2016-12-21 14:33 - 2016-12-21 14:33 - 00000995 _____ C:\Users\Public\Desktop\Winamp.lnk
2016-12-21 14:33 - 2016-12-21 14:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
2016-12-21 14:33 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_42.dll
2016-12-21 14:33 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_31.dll
2016-12-21 14:32 - 2016-12-21 14:34 - 00000000 ____D C:\Users\tony\AppData\Roaming\Winamp
2016-12-21 14:32 - 2016-12-21 14:33 - 00000000 ____D C:\Program Files (x86)\Winamp
2016-12-21 14:26 - 2016-02-05 04:24 - 00603648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll.bak
2016-12-21 14:26 - 2014-11-21 19:14 - 03307112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll.bak
2016-12-21 14:26 - 2014-11-21 19:14 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe.bak
2016-12-21 14:26 - 2014-11-21 19:14 - 00821696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll.bak
2016-12-21 14:25 - 2016-12-21 14:25 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-12-21 14:25 - 2016-12-21 14:25 - 00000000 ____D C:\Users\tony\AppData\Roaming\Shark007
2016-12-21 14:25 - 2016-12-21 14:25 - 00000000 ____D C:\Users\tony\AppData\Roaming\Advanced
2016-12-21 14:25 - 2016-12-21 14:25 - 00000000 ____D C:\Users\tony\AppData\Local\Programs
2016-12-21 14:25 - 2016-12-21 14:25 - 00000000 ____D C:\ProgramData\Shark007
2016-12-21 14:25 - 2016-12-21 14:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shark007 Codecs
2016-12-21 14:25 - 2016-12-21 14:25 - 00000000 ____D C:\ProgramData\Advanced
2016-12-21 14:25 - 2016-12-21 14:25 - 00000000 ____D C:\Program Files\Shark007
2016-12-21 14:25 - 2016-12-21 14:25 - 00000000 ____D C:\Program Files (x86)\Shark007
2016-12-21 14:25 - 2016-05-08 05:19 - 03642880 _____ (x264vfw project) C:\WINDOWS\system32\x264vfw.dll
2016-12-21 14:25 - 2015-05-03 21:49 - 02034176 _____ (xy-VSFilter Team) C:\WINDOWS\system32\VSFilter.dll
2016-12-21 14:25 - 2015-03-04 20:45 - 00260184 _____ C:\WINDOWS\system32\unrar64.dll
2016-12-21 14:25 - 2013-04-06 06:26 - 01679360 _____ C:\WINDOWS\SysWOW64\ac3filter.acm.new
2016-12-21 14:25 - 2013-04-06 00:27 - 02231296 _____ C:\WINDOWS\system32\ac3filter.acm.new
2016-12-21 14:25 - 2013-04-06 00:27 - 02231296 _____ C:\WINDOWS\system32\ac3filter.acm
2016-12-21 14:25 - 2013-04-06 00:27 - 00324608 _____ (IntelleSoft) C:\WINDOWS\system32\BugTrap-x64.dll
2016-12-21 14:25 - 2009-08-11 21:22 - 00580096 _____ C:\WINDOWS\system32\ac3filter.acm.old
2016-12-21 14:25 - 2009-01-23 01:51 - 00124909 _____ (Open Source Software community project) C:\WINDOWS\system32\pthreadGC2.dll
2016-12-21 14:24 - 2017-01-17 10:58 - 00000000 ____D C:\Users\tony\AppData\LocalLow\uTorrent
2016-12-21 14:24 - 2016-12-21 14:24 - 00002679 _____ C:\Users\tony\Desktop\µTorrent.lnk
2016-12-21 14:23 - 2017-01-17 18:48 - 00000000 ____D C:\Users\tony\AppData\Roaming\uTorrent
2016-12-21 14:16 - 2016-12-21 14:16 - 00002291 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-21 14:16 - 2016-12-21 14:16 - 00002279 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-21 14:15 - 2016-12-21 22:41 - 00000000 ____D C:\Users\tony\AppData\Local\Google
2016-12-21 14:15 - 2016-12-21 14:20 - 00003330 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-21 14:15 - 2016-12-21 14:20 - 00003202 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-21 14:15 - 2016-12-21 14:16 - 00000000 ____D C:\Program Files (x86)\Google
2016-12-21 13:15 - 2017-01-19 03:49 - 00000000 ____D C:\Users\tony\AppData\Roaming\Everything
2016-12-21 13:15 - 2016-12-21 13:15 - 00000000 ____D C:\Users\tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything
2016-12-21 13:15 - 2016-12-21 13:15 - 00000000 ____D C:\Program Files\Everything
2016-12-21 13:11 - 2017-01-19 02:36 - 00000000 ____D C:\Users\tony\AppData\LocalLow\Mozilla
2016-12-21 13:11 - 2016-12-21 13:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-21 13:09 - 2016-12-23 19:14 - 00000000 ____D C:\Users\tony\AppData\Local\Mozilla
2016-12-21 13:09 - 2016-12-21 15:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-21 13:09 - 2016-12-21 13:11 - 00001175 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-12-21 13:09 - 2016-12-21 13:11 - 00001163 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-12-21 13:09 - 2016-12-21 13:09 - 00000000 ____D C:\Users\tony\AppData\Roaming\Mozilla
2016-12-21 13:09 - 2016-12-21 13:09 - 00000000 _____ C:\WINDOWS\nsreg.dat
2016-12-21 13:04 - 2017-01-19 02:24 - 00003918 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{820FB677-52CC-4C9C-8967-AF92866809F0}
2016-12-21 13:03 - 2017-01-11 01:43 - 00000000 ____D C:\Users\tony\Desktop\APPS
2016-12-21 13:02 - 2016-12-21 13:02 - 00000000 ____D C:\Users\tony\Desktop\DAD-MIX-BRUCE-SPRINGSTEEN
2016-12-21 13:01 - 2017-01-15 13:15 - 00000000 ____D C:\Users\tony\Desktop\ASHLEIGH
2016-12-21 13:01 - 2017-01-10 18:24 - 00000000 ____D C:\Users\tony\Desktop\RATIOMASTER
2016-12-21 13:01 - 2017-01-10 15:04 - 00000000 ____D C:\Users\tony\Desktop\DADS-MIX-NEW
2016-12-21 13:01 - 2017-01-08 16:17 - 00000000 ____D C:\Users\tony\Desktop\FRANK_WORK
2016-12-21 13:01 - 2016-12-21 13:01 - 00000000 ____D C:\Users\tony\Desktop\M3U Detective
2016-12-21 13:01 - 2016-12-21 13:01 - 00000000 ____D C:\Users\tony\Desktop\fffg
2016-12-21 12:56 - 2016-12-21 12:56 - 00000000 ____D C:\Users\tony\AppData\Local\MSfree Inc
2016-12-21 12:54 - 2016-12-21 12:54 - 00001752 _____ C:\Users\Public\Desktop\PowerArchiver 2016.lnk
2016-12-21 12:54 - 2016-12-21 12:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerArchiver 2016
2016-12-21 12:54 - 2016-12-21 12:54 - 00000000 ____D C:\ProgramData\Caphyon
2016-12-21 12:54 - 2016-12-21 12:54 - 00000000 ____D C:\Program Files (x86)\PowerArchiver
2016-12-21 12:49 - 2016-12-21 12:49 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2016-12-21 12:47 - 2017-01-19 02:46 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2285785116-1953552596-3447252386-1002
2016-12-21 12:45 - 2017-01-19 02:22 - 00000000 ___RD C:\Users\tony\OneDrive
2016-12-21 12:42 - 2017-01-15 09:08 - 00000000 ____D C:\Users\tony\AppData\Local\Packages
2016-12-21 12:42 - 2017-01-10 18:26 - 00000282 ___SH C:\Users\tony\Downloads\desktop.ini
2016-12-21 12:42 - 2017-01-10 18:26 - 00000282 ___SH C:\Users\tony\Desktop\desktop.ini
2016-12-21 12:42 - 2016-12-28 11:54 - 00000402 ___SH C:\Users\tony\Documents\desktop.ini
2016-12-21 12:42 - 2016-12-28 11:54 - 00000174 ___SH C:\Users\tony\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
2016-12-21 12:42 - 2016-12-28 11:54 - 00000000 ___RD C:\Users\tony\Searches
2016-12-21 12:42 - 2016-12-28 11:54 - 00000000 ___RD C:\Users\tony\Contacts
2016-12-21 12:42 - 2016-12-28 11:54 - 00000000 ___RD C:\Users\tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2016-12-21 12:42 - 2016-12-28 11:54 - 00000000 ___RD C:\Users\tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2016-12-21 12:42 - 2016-12-21 12:42 - 00001446 _____ C:\Users\tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-12-21 12:42 - 2016-12-21 12:42 - 00000000 ____D C:\Users\tony\AppData\Roaming\Adobe
2016-12-21 12:42 - 2016-12-21 12:42 - 00000000 ____D C:\Users\tony\AppData\Local\VirtualStore
2016-12-21 12:40 - 2017-01-19 03:51 - 00000000 ____D C:\Users\tony\AppData\Local\Temp
2016-12-21 12:40 - 2017-01-19 03:49 - 00000000 ___RD C:\Users\tony\Desktop
2016-12-21 12:40 - 2017-01-19 03:48 - 00000000 ___RD C:\Users\tony\Downloads
2016-12-21 12:40 - 2017-01-19 02:41 - 00000000 ___RD C:\Users\tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
2016-12-21 12:40 - 2017-01-19 02:41 - 00000000 ____D C:\Users\tony\AppData\Roaming
2016-12-21 12:40 - 2017-01-19 02:41 - 00000000 ____D C:\Users\tony\AppData\Local
2016-12-21 12:40 - 2017-01-17 23:14 - 01835008 ___SH C:\Users\tony\ntuser.dat
2016-12-21 12:40 - 2017-01-17 18:45 - 00000000 ____D C:\Users\tony
2016-12-21 12:40 - 2017-01-17 10:06 - 00000000 ____D C:\Users\tony\AppData\LocalLow
2016-12-21 12:40 - 2017-01-17 09:55 - 00000000 ___RD C:\Users\tony\Documents
2016-12-21 12:40 - 2017-01-10 21:33 - 00000000 ___SD C:\Users\tony\AppData\Roaming\Microsoft
2016-12-21 12:40 - 2017-01-10 01:15 - 00000000 ____D C:\Users\tony\AppData\Local\Microsoft
2016-12-21 12:40 - 2016-12-28 11:54 - 00000564 ___SH C:\Users\tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
2016-12-21 12:40 - 2016-12-28 11:54 - 00000000 ___RD C:\Users\tony\Videos
2016-12-21 12:40 - 2016-12-28 11:54 - 00000000 ___RD C:\Users\tony\Saved Games
2016-12-21 12:40 - 2016-12-28 11:54 - 00000000 ___RD C:\Users\tony\Pictures
2016-12-21 12:40 - 2016-12-28 11:54 - 00000000 ___RD C:\Users\tony\Music
2016-12-21 12:40 - 2016-12-28 11:54 - 00000000 ___RD C:\Users\tony\Links
2016-12-21 12:40 - 2016-12-28 11:54 - 00000000 ___RD C:\Users\tony\Favorites
2016-12-21 12:40 - 2016-12-21 13:03 - 00000000 ___SD C:\Users\tony\AppData\LocalLow\Microsoft
2016-12-21 12:40 - 2016-12-21 12:41 - 00524288 ___SH C:\Users\tony\NTUSER.DAT{bbed3e3b-0b41-11e3-8249-d6927d06400b}.TMContainer00000000000000000002.regtrans-ms
2016-12-21 12:40 - 2016-12-21 12:41 - 00524288 ___SH C:\Users\tony\NTUSER.DAT{bbed3e3b-0b41-11e3-8249-d6927d06400b}.TMContainer00000000000000000001.regtrans-ms
2016-12-21 12:40 - 2016-12-21 12:41 - 00065536 ___SH C:\Users\tony\NTUSER.DAT{bbed3e3b-0b41-11e3-8249-d6927d06400b}.TM.blf
2016-12-21 12:40 - 2016-12-21 12:40 - 02048000 ___SH C:\Users\tony\ntuser.dat.LOG1
2016-12-21 12:40 - 2016-12-21 12:40 - 00327680 ___SH C:\Users\tony\ntuser.dat.LOG2
2016-12-21 12:40 - 2016-12-21 12:40 - 00000020 ___SH C:\Users\tony\ntuser.ini
2016-12-21 12:40 - 2016-12-21 12:40 - 00000000 _SHDL C:\Users\tony\Templates
2016-12-21 12:40 - 2016-12-21 12:40 - 00000000 _SHDL C:\Users\tony\Start Menu
2016-12-21 12:40 - 2016-12-21 12:40 - 00000000 _SHDL C:\Users\tony\SendTo
2016-12-21 12:40 - 2016-12-21 12:40 - 00000000 _SHDL C:\Users\tony\Recent
2016-12-21 12:40 - 2016-12-21 12:40 - 00000000 _SHDL C:\Users\tony\PrintHood
2016-12-21 12:40 - 2016-12-21 12:40 - 00000000 _SHDL C:\Users\tony\NetHood
2016-12-21 12:40 - 2016-12-21 12:40 - 00000000 _SHDL C:\Users\tony\My Documents
2016-12-21 12:40 - 2016-12-21 12:40 - 00000000 _SHDL C:\Users\tony\Local Settings
2016-12-21 12:40 - 2016-12-21 12:40 - 00000000 _SHDL C:\Users\tony\Documents\My Videos
2016-12-21 12:40 - 2016-12-21 12:40 - 00000000 _SHDL C:\Users\tony\Documents\My Pictures
2016-12-21 12:40 - 2016-12-21 12:40 - 00000000 _SHDL C:\Users\tony\Documents\My Music
2016-12-21 12:40 - 2016-12-21 12:40 - 00000000 _SHDL C:\Users\tony\Cookies
2016-12-21 12:40 - 2016-12-21 12:40 - 00000000 _SHDL C:\Users\tony\Application Data
2016-12-21 12:40 - 2016-12-21 12:40 - 00000000 _SHDL C:\Users\tony\AppData\Local\Temporary Internet Files
2016-12-21 12:40 - 2016-12-21 12:40 - 00000000 _SHDL C:\Users\tony\AppData\Local\History
2016-12-21 12:40 - 2016-12-21 12:40 - 00000000 _SHDL C:\Users\tony\AppData\Local\Application Data
2016-12-21 12:40 - 2016-12-21 12:40 - 00000000 ___HD C:\Users\tony\AppData
2016-12-21 12:40 - 2016-04-17 07:21 - 00000000 ___RD C:\Users\tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2016-12-21 12:40 - 2016-04-17 07:21 - 00000000 ___RD C:\Users\tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2016-12-21 12:40 - 2014-11-22 02:14 - 00000000 ___RD C:\Users\tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2016-12-21 12:40 - 2014-11-21 18:48 - 00000369 _____ C:\Users\tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2016-12-21 12:40 - 2014-11-21 18:48 - 00000369 _____ C:\Users\tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2016-12-21 12:40 - 2013-08-23 02:36 - 00000000 ____D C:\Users\tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2016-12-21 12:32 - 2016-12-21 12:32 - 00000000 ____D C:\WINDOWS\CSC
2016-12-21 12:11 - 2016-12-21 12:18 - 00000000 ___HD C:\$WINDOWS.~BT
2016-12-20 10:56 - 2016-12-20 10:56 - 00000000 ____D C:\uninst

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-19 03:50 - 2016-12-07 12:08 - 00000000 ____D C:\FRST
2017-01-17 19:20 - 2014-11-21 18:38 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-17 19:20 - 2013-08-23 00:36 - 00000000 ____D C:\WINDOWS\Inf
2017-01-17 19:13 - 2013-08-23 01:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-17 18:51 - 2016-04-17 07:21 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-01-17 18:51 - 2014-11-22 02:14 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2017-01-17 18:51 - 2013-08-23 02:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-17 18:44 - 2013-08-23 02:36 - 00000000 ____D C:\Program Files\Windows Defender
2017-01-17 18:43 - 2013-08-23 02:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-17 18:43 - 2013-08-23 02:36 - 00000000 ____D C:\WINDOWS\registration
2017-01-17 18:39 - 2013-08-23 02:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-01-17 10:45 - 2013-08-23 00:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2017-01-17 10:10 - 2016-04-16 20:07 - 00000000 ___DC C:\WINDOWS\Panther
2017-01-13 22:53 - 2016-04-17 06:23 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-13 22:51 - 2016-04-17 06:23 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-12-30 21:56 - 2013-08-23 02:36 - 00000000 ____D C:\WINDOWS\rescache
2016-12-30 19:55 - 2013-08-23 02:36 - 00000000 ____D C:\WINDOWS\system32\wdi
2016-12-30 12:40 - 2016-12-07 12:00 - 00000000 ___HD C:\$GlaryQuarantine
2016-12-28 14:51 - 2013-08-23 02:36 - 00000000 ___RD C:\WINDOWS\assembly
2016-12-28 13:26 - 2016-04-16 19:12 - 00524288 ___SH C:\WINDOWS\system32\config\COMPONENTS{42b82173-0b2e-11e3-93f4-90b11c2eb9f2}.TMContainer00000000000000000001.regtrans-ms
2016-12-28 12:09 - 2013-08-23 00:36 - 00000000 ____D C:\Program Files\Common Files
2016-12-28 11:54 - 2014-10-29 11:48 - 00000000 __SHD C:\Boot
2016-12-28 11:53 - 2013-08-23 01:44 - 00473552 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-27 23:57 - 2016-04-16 19:07 - 00524288 ___SH C:\WINDOWS\system32\config\DRIVERS{e1793794-0b3d-11e3-9dfe-80de722c933b}.TMContainer00000000000000000001.regtrans-ms
2016-12-27 23:57 - 2016-04-16 19:07 - 00065536 ___SH C:\WINDOWS\system32\config\DRIVERS{e1793794-0b3d-11e3-9dfe-80de722c933b}.TM.blf
2016-12-27 23:56 - 2014-11-21 18:18 - 00000000 ____D C:\WINDOWS\ShellNew
2016-12-27 23:56 - 2014-11-21 17:54 - 00000000 ____D C:\WINDOWS\system32\Drivers\en-US
2016-12-27 23:56 - 2013-08-23 02:36 - 00000000 ___RD C:\WINDOWS\ToastData
2016-12-27 23:56 - 2013-08-23 02:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2016-12-27 23:56 - 2013-08-23 02:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2016-12-27 23:56 - 2013-08-23 02:36 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2016-12-27 23:56 - 2013-08-23 02:36 - 00000000 ____D C:\WINDOWS\SysWOW64\en-US
2016-12-27 23:56 - 2013-08-23 02:36 - 00000000 ____D C:\WINDOWS\system32\setup
2016-12-27 23:56 - 2013-08-23 02:36 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-12-27 23:56 - 2013-08-23 02:36 - 00000000 ____D C:\WINDOWS\system32\en-US
2016-12-27 23:56 - 2013-08-23 02:36 - 00000000 ____D C:\Program Files\Internet Explorer
2016-12-27 23:56 - 2013-08-23 02:36 - 00000000 ____D C:\Program Files (x86)\Internet Explorer
2016-12-27 23:56 - 2013-08-23 00:36 - 00000000 ____D C:\WINDOWS\SysWOW64\wbem
2016-12-27 23:56 - 2013-08-23 00:36 - 00000000 ____D C:\WINDOWS\SysWOW64\migration
2016-12-27 23:56 - 2013-08-23 00:36 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-12-27 23:56 - 2013-08-23 00:36 - 00000000 ____D C:\WINDOWS\system32\migration
2016-12-27 23:56 - 2013-08-23 00:36 - 00000000 ____D C:\WINDOWS\system32\Boot
2016-12-26 22:13 - 2016-04-17 05:31 - 01501488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-12-23 18:58 - 2013-08-23 02:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-23 18:48 - 2013-08-23 02:33 - 00000000 ____D C:\WINDOWS\system32\Drivers\UMDF
2016-12-22 07:25 - 2013-08-23 02:36 - 00262144 _____ C:\WINDOWS\system32\config\BCD-Template
2016-12-22 07:25 - 2013-08-23 02:36 - 00000000 ____D C:\WINDOWS\system32\Recovery
2016-12-22 06:31 - 2013-08-23 00:25 - 00262144 ___SH C:\Users\Default\NTUSER.DAT
2016-12-22 06:30 - 2016-04-17 01:59 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2016-12-22 06:28 - 2015-02-21 14:39 - 00000000 __SHD C:\Recovery
2016-12-21 15:30 - 2013-08-23 00:25 - 00000167 _____ C:\WINDOWS\win.ini
2016-12-21 15:27 - 2013-08-23 02:36 - 00001556 ___SH C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
2016-12-21 15:27 - 2013-08-23 02:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-12-21 15:27 - 2013-08-23 02:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-12-21 15:27 - 2013-08-23 02:36 - 00000000 ____D C:\Program Files (x86)\Microsoft.NET
2016-12-21 15:27 - 2013-08-23 00:36 - 00000000 __RSD C:\WINDOWS\Fonts
2016-12-21 15:26 - 2013-08-23 02:36 - 00000000 ____D C:\WINDOWS\System32\Tasks\Microsoft
2016-12-21 15:26 - 2013-08-23 02:36 - 00000000 ____D C:\Program Files\Common Files\System
2016-12-21 15:12 - 2013-08-23 00:25 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
2016-12-21 12:49 - 2016-04-17 06:37 - 00000000 ____D C:\ProgramData\Skype
2016-12-21 12:49 - 2013-08-23 02:36 - 00000000 ____D C:\WINDOWS\system32\restore
2016-12-21 12:42 - 2013-08-23 02:36 - 00000000 __SHD C:\$Recycle.Bin
2016-12-21 12:40 - 2013-08-23 00:36 - 00000000 ___RD C:\Users
2016-12-21 12:18 - 2014-10-29 11:48 - 00008192 __RSH C:\BOOTSECT.BAK
2016-12-20 10:54 - 2016-10-05 16:50 - 00000000 _____ C:\TOSTACK

==================== Files in the root of some directories =======

2017-01-16 15:44 - 2017-01-16 15:44 - 0113895 _____ () C:\Users\tony\AppData\Local\ars.cache
2017-01-16 15:44 - 2017-01-16 15:44 - 0266736 _____ () C:\Users\tony\AppData\Local\census.cache
2017-01-16 15:27 - 2017-01-16 15:27 - 0000036 _____ () C:\Users\tony\AppData\Local\housecall.guid.cache
2016-12-22 06:27 - 2016-12-22 06:27 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2017-01-10 18:22 - 2017-01-10 18:22 - 1072960 _____ (SafeBytes Software Inc.) C:\ProgramData\InstallDriverAssist41.exe

Files to move or delete:
====================
C:\ProgramData\InstallDriverAssist41.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=C:
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
integrityservices       Enable
default                 {current}
resumeobject            {5f64e188-c7bb-11e6-a7ac-bc6f45f9721e}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Windows Boot Loader
-------------------
identifier              {338ef398-b111-11e6-a68b-bc52214378a6}
device                  ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{338ef399-b111-11e6-a68b-bc52214378a6}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{338ef399-b111-11e6-a68b-bc52214378a6}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {42eaf5d0-5f05-11e4-bdc0-b6b330632011}
device                  ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{42eaf5d1-5f05-11e4-bdc0-b6b330632011}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
osdevice                ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{42eaf5d1-5f05-11e4-bdc0-b6b330632011}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {5b90880c-b0fa-11e6-9558-ca4f3a5acc69}
device                  ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{5b90880d-b0fa-11e6-9558-ca4f3a5acc69}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{5b90880d-b0fa-11e6-9558-ca4f3a5acc69}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \WINDOWS\system32\winload.exe
description             Windows 8.1
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {aa945f9b-c7bb-11e6-a7ac-bc6f45f9721e}
integrityservices       Enable
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
osdevice                partition=C:
systemroot              \WINDOWS
resumeobject            {5f64e188-c7bb-11e6-a7ac-bc6f45f9721e}
nx                      OptIn
bootmenupolicy          Standard

Windows Boot Loader
-------------------
identifier              {aa945f9b-c7bb-11e6-a7ac-bc6f45f9721e}
device                  ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{aa945f9c-c7bb-11e6-a7ac-bc6f45f9721e}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{aa945f9c-c7bb-11e6-a7ac-bc6f45f9721e}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {f93c65fc-b1b3-11e6-a3fa-eabe7201d213}
device                  ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{f93c65fd-b1b3-11e6-a3fa-eabe7201d213}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{f93c65fd-b1b3-11e6-a3fa-eabe7201d213}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {360f6d75-b0fa-11e6-9558-ca4f3a5acc69}
device                  partition=C:
path                    \WINDOWS\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {5b90880c-b0fa-11e6-9558-ca4f3a5acc69}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Resume from Hibernate
---------------------
identifier              {42eaf5ce-5f05-11e4-bdc0-b6b330632011}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {42eaf5d0-5f05-11e4-bdc0-b6b330632011}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Resume from Hibernate
---------------------
identifier              {5f64e188-c7bb-11e6-a7ac-bc6f45f9721e}
device                  partition=C:
path                    \WINDOWS\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {aa945f9b-c7bb-11e6-a7ac-bc6f45f9721e}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Resume from Hibernate
---------------------
identifier              {c21ed650-b1b3-11e6-a3fa-eabe7201d213}
device                  partition=C:
path                    \WINDOWS\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {f93c65fc-b1b3-11e6-a3fa-eabe7201d213}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Resume from Hibernate
---------------------
identifier              {e0b53e5c-b110-11e6-a68b-bc52214378a6}
device                  partition=C:
path                    \WINDOWS\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {338ef398-b111-11e6-a68b-bc52214378a6}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 No

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {338ef399-b111-11e6-a68b-bc52214378a6}
description             Windows Recovery
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {42eaf5d1-5f05-11e4-bdc0-b6b330632011}
description             Windows Recovery
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {4d72519b-b05a-11e6-83a7-6c626d0d9c12}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier              {5b90880d-b0fa-11e6-9558-ca4f3a5acc69}
description             Windows Recovery
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {7c022b13-c71b-11e6-8288-6c626d0d9c12}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier              {aa945f9c-c7bb-11e6-a7ac-bc6f45f9721e}
description             Windows Recovery
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {da65c577-b113-11e6-825b-6c626d0d9c12}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier              {f93c65fd-b1b3-11e6-a3fa-eabe7201d213}
description             Windows Recovery
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {fd3051cc-b070-11e6-825c-6c626d0d9c12}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi


LastRegBack: 2017-01-10 07:41

==================== End of FRST.txt ============================


Edited by hamluis, 18 January 2017 - 01:08 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:04 PM

Posted 19 January 2017 - 11:56 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CHR DefaultSearchURL: Default -> hxxp://search.tb.ask.com/search/GGmain.jhtml?searchfor={searchTerms}&redirect=CPC
CHR DefaultSearchKeyword: Default -> askwebsearch
CHR DefaultSuggestURL: Default -> hxxp://ss.search.ask.com/ss?li=ff&sstype=prefix&limit=10&hl=en&q={searchTerms}
CHR Extension: (Ask Web Search) - C:\Users\tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmengapaekgmapkcophhdmppmjinpogo [2017-01-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-21]
CHR Extension: (Chrome Media Router) - C:\Users\tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-21]

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please post the Fixlog.txt and include the Addition.txt file that was created by the Farbar tool.
Let me know what problem persists with this computer.

p.s.
DO NOT do anything with the SYSWOW64 folder it's part of the Operating system.

#3 Clayton86

Clayton86
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:04 AM

Posted 23 January 2017 - 09:15 AM

HEY I DID WHAT U ASKED .THANKS FOR HELP .



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:04 PM

Posted 23 January 2017 - 11:18 AM

Hope everything is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

==

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:04 PM

Posted 31 January 2017 - 07:42 AM

Re-opened at the request of the owner.

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zoek tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.
===

Also, please provide an update on how the computer is behaving after running the above script.

#6 Clayton86

Clayton86
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:04 AM

Posted 01 February 2017 - 07:02 AM

HEY MAN THANKS FOR REPLYING WITH THE INFO MUCH APPRECIATED .. I AM AT WORK NOW . I WILL BE ABLE TO DO AS U ASKED WITHIN A FEW DAYS .

 

1 QUESTION I NEED TO ASK IS ABOUT STEP 7 . {{ If a Windows opens to explain what [PUM's] are, read about it. }}

 

NOT SURE WHAT PUM MEANS .

 

THANKS AGAIN I WILL HAVE IT DONE WITHIN NEXT FEW DAYS



#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:04 PM

Posted 01 February 2017 - 09:18 AM

1 QUESTION I NEED TO ASK IS ABOUT STEP 7 . {{ If a Windows opens to explain what [PUM's] are, read about it. }}


You will see the information when running the tool.

#8 Clayton86

Clayton86
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:04 AM

Posted 02 February 2017 - 08:30 AM

RogueKiller V12.9.6.0 (x64) [Jan 30 2017] (Premium) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Normal mode
User : tony [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 02/02/2017 23:45:01 (Duration : 00:18:27)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 855 (Driver: Loaded) ¤¤¤
[IRP:Addr(Microsoft)] \Driver\atapi - IRP_MJ_CREATE[0] : C:\Windows\System32\drivers\ataport.sys @ 0xfffff8018576add8
[IRP:Addr(Microsoft)] \Driver\atapi - IRP_MJ_CREATE_NAMED_PIPE[1] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800ee703dd0
[IRP:Addr(Microsoft)] \Driver\atapi - IRP_MJ_CLOSE[2] : C:\Windows\System32\drivers\ataport.sys @ 0xfffff8018576add8
[IRP:Addr(Microsoft)] \Driver\atapi - IRP_MJ_READ[3] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800ee703dd0
[IRP:Addr(Microsoft)] \Driver\atapi - IRP_MJ_WRITE[4] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800ee703dd0
[IRP:Addr(Microsoft)] \Driver\atapi - IRP_MJ_QUERY_INFORMATION[5] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800ee703dd0
[IRP:Addr(Microsoft)] \Driver\atapi - IRP_MJ_SET_INFORMATION[6] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800ee703dd0
[IRP:Addr(Microsoft)] \Driver\atapi - IRP_MJ_QUERY_EA[7] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800ee703dd0
[IRP:Addr(Microsoft)] \Driver\atapi - IRP_MJ_SET_EA[8] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800ee703dd0
[IRP:Addr(Microsoft)] \Driver\atapi - IRP_MJ_FLUSH_BUFFERS[9] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800ee703dd0
[IRP:Addr(Microsoft)] \Driver\atapi - IRP_MJ_QUERY_VOLUME_INFORMATION[10] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800ee703dd0
[IRP:Addr(Microsoft)] \Driver\atapi - IRP_MJ_SET_VOLUME_INFORMATION[11] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800ee703dd0
[IRP:Addr(Microsoft)] \Driver\atapi - IRP_MJ_DIRECTORY_CONTROL[12] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800ee703dd0
[IRP:Addr(Microsoft)] \Driver\atapi - IRP_MJ_FILE_SYSTEM_CONTROL[13] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800ee703dd0
[IRP:Addr(Microsoft)] \Driver\atapi - IRP_MJ_DEVICE_CONTROL[14] : C:\Windows\System32\drivers\ataport.sys @ 0xfffff80185746288
[IRP:Addr(Microsoft)] \Driver\atapi - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : C:\Windows\System32\drivers\ataport.sys @ 0xfffff8018574dfa8
[IRP:Addr(Microsoft)] \Driver\atapi - IRP_MJ_SHUTDOWN[16] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800ee703dd0
[IRP:Addr(Microsoft)] \Driver\atapi - IRP_MJ_LOCK_CONTROL[17] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800ee703dd0
[IRP:Addr(Microsoft)] \Driver\atapi - IRP_MJ_CLEANUP[18] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800ee703dd0
[IRP:Addr(Microsoft)] \Driver\atapi - IRP_MJ_CREATE_MAILSLOT[19] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800ee703dd0
[IRP:Addr(Microsoft)] \Driver\atapi - IRP_MJ_QUERY_SECURITY[20] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800ee703dd0
[IRP:Addr(Microsoft)] \Driver\atapi - IRP_MJ_SET_SECURITY[21] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800ee703dd0
[IRP:Addr(Microsoft)] \Driver\atapi - IRP_MJ_POWER[22] : C:\Windows\System32\drivers\ataport.sys @ 0xfffff80185745d64
[IRP:Addr(Microsoft)] \Driver\atapi - IRP_MJ_SYSTEM_CONTROL[23] : C:\Windows\System32\drivers\ataport.sys @ 0xfffff80185766dbc
[IRP:Addr(Microsoft)] \Driver\atapi - IRP_MJ_DEVICE_CHANGE[24] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800ee703dd0
[IRP:Addr(Microsoft)] \Driver\atapi - IRP_MJ_QUERY_QUOTA[25] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800ee703dd0
[IRP:Addr(Microsoft)] \Driver\atapi - IRP_MJ_SET_QUOTA[26] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800ee703dd0
[IRP:Addr(Microsoft)] \Driver\atapi - IRP_MJ_PNP[27] : C:\Windows\System32\drivers\ataport.sys @ 0xfffff801857604b0
[IRP:Addr(Microsoft)] \Driver\atapi - DriverUnload[29] : C:\Windows\System32\drivers\ataport.sys @ 0xfffff80185766de4
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_CREATE[0] : C:\Windows\System32\drivers\Classpnp.sys @ 0xfffff80186184810
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_CREATE_NAMED_PIPE[1] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800ee703dd0
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_CLOSE[2] : C:\Windows\System32\drivers\Classpnp.sys @ 0xfffff80186184810
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_READ[3] : C:\Windows\System32\drivers\Classpnp.sys @ 0xfffff80186184810
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_WRITE[4] : C:\Windows\System32\drivers\Classpnp.sys @ 0xfffff80186184810
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_QUERY_INFORMATION[5] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800ee703dd0
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_SET_INFORMATION[6] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800ee703dd0
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_QUERY_EA[7] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800ee703dd0
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_SET_EA[8] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800ee703dd0
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_FLUSH_BUFFERS[9] : C:\Windows\System32\drivers\Classpnp.sys @ 0xfffff80186184810
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_QUERY_VOLUME_INFORMATION[10] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800ee703dd0
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_SET_VOLUME_INFORMATION[11] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800ee703dd0
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_DIRECTORY_CONTROL[12] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800ee703dd0
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_FILE_SYSTEM_CONTROL[13] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800ee703dd0
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_DEVICE_CONTROL[14] : C:\Windows\System32\drivers\Classpnp.sys @ 0xfffff80186184810
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : C:\Windows\System32\drivers\Classpnp.sys @ 0xfffff80186184810
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_SHUTDOWN[16] : C:\Windows\System32\drivers\Classpnp.sys @ 0xfffff80186184810
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_LOCK_CONTROL[17] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800ee703dd0
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_CLEANUP[18] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800ee703dd0
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_CREATE_MAILSLOT[19] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800ee703dd0
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_QUERY_SECURITY[20] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800ee703dd0
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_SET_SECURITY[21] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800ee703dd0
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_POWER[22] : C:\Windows\System32\drivers\Classpnp.sys @ 0xfffff80186184810
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_SYSTEM_CONTROL[23] : C:\Windows\System32\drivers\Classpnp.sys @ 0xfffff80186184810
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_DEVICE_CHANGE[24] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800ee703dd0
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_QUERY_QUOTA[25] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800ee703dd0
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_SET_QUOTA[26] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800ee703dd0
[IRP:Addr(Microsoft)] \Driver\disk - IRP_MJ_PNP[27] : C:\Windows\System32\drivers\Classpnp.sys @ 0xfffff80186184810
[IRP:Addr(Microsoft)] \Driver\disk - DriverUnload[29] : C:\Windows\System32\drivers\Classpnp.sys @ 0xfffff801861c5e00
[IRP:Addr(Microsoft)] \Driver\kbdclass - IRP_MJ_CREATE_NAMED_PIPE[1] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800ee703dd0
[IRP:Addr(Microsoft)] \Driver\kbdclass - IRP_MJ_WRITE[4] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800ee703dd0
[IRP:Addr(Microsoft)] \Driver\kbdclass - IRP_MJ_QUERY_INFORMATION[5] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800ee703dd0
[IRP:Addr(Microsoft)] \Driver\kbdclass - IRP_MJ_SET_INFORMATION[6] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800ee703dd0
[IRP:Addr(Microsoft)] \Driver\kbdclass - IRP_MJ_QUERY_EA[7] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800ee703dd0
[IRP:Addr(Microsoft)] \Driver\kbdclass - IRP_MJ_SET_EA[8] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800ee703dd0
[IRP:Addr(Microsoft)] \Driver\kbdclass - IRP_MJ_QUERY_VOLUME_INFORMATION[10] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800ee703dd0
[IRP:Addr(Microsoft)] \Driver\kbdclass - IRP_MJ_SET_VOLUME_INFORMATION[11] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800ee703dd0
[IRP:Addr(Microsoft)] \Driver\kbdclass - IRP_MJ_DIRECTORY_CONTROL[12] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800ee703dd0
[IRP:Addr(Microsoft)] \Driver\kbdclass - IRP_MJ_FILE_SYSTEM_CONTROL[13] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800ee703dd0
[IRP:Addr(Microsoft)] \Driver\kbdclass - IRP_MJ_SHUTDOWN[16] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800ee703dd0
[IRP:Addr(Microsoft)] \Driver\kbdclass - IRP_MJ_LOCK_CONTROL[17] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800ee703dd0
[IRP:Addr(Microsoft)] \Driver\kbdclass - IRP_MJ_CREATE_MAILSLOT[19] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800ee703dd0
[IRP:Addr(Microsoft)] \Driver\kbdclass - IRP_MJ_QUERY_SECURITY[20] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800ee703dd0
[IRP:Addr(Microsoft)] \Driver\kbdclass - IRP_MJ_SET_SECURITY[21] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800ee703dd0
[IRP:Addr(Microsoft)] \Driver\kbdclass - IRP_MJ_DEVICE_CHANGE[24] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800ee703dd0
[IRP:Addr(Microsoft)] \Driver\kbdclass - IRP_MJ_QUERY_QUOTA[25] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800ee703dd0
[IRP:Addr(Microsoft)] \Driver\kbdclass - IRP_MJ_SET_QUOTA[26] : C:\Windows\System32\ntoskrnl.exe @ 0xfffff800ee703dd0
[IAT:Addr] (explorer.exe) user32!DefWindowProcA : C:\Windows\System32\ntdll.dll @ 0x7ff9d49603b0
[IAT:Addr] (explorer.exe) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9d49603c0
[IAT:Addr(Microsoft)] (explorer.exe @ apphelp.dll) kernel32!PackageIdFromFullName : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9d1e18f30
[IAT:Addr(Microsoft)] (explorer.exe @ apphelp.dll) kernel32!GetPackageFullName : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9d1e17530
[IAT:Addr] (explorer.exe @ advapi32.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490bf40
[IAT:Addr] (explorer.exe @ advapi32.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b6a0
[IAT:Addr] (explorer.exe @ advapi32.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9d4900c30
[IAT:Addr] (explorer.exe @ advapi32.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9d4945c70
[IAT:Addr] (explorer.exe @ advapi32.dll) kernel32!DecodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9d4925f40
[IAT:Addr] (explorer.exe @ advapi32.dll) kernel32!EncodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9d4933ce0
[IAT:Addr] (explorer.exe @ advapi32.dll) kernel32!FreeLibraryWhenCallbackReturns : C:\Windows\System32\ntdll.dll @ 0x7ff9d4940700
[IAT:Addr] (explorer.exe @ advapi32.dll) kernel32!CloseThreadpoolIo : C:\Windows\System32\ntdll.dll @ 0x7ff9d4934fd0
[IAT:Addr] (explorer.exe @ advapi32.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492e670
[IAT:Addr] (explorer.exe @ advapi32.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492dcb0
[IAT:Addr] (explorer.exe @ advapi32.dll) kernel32!StartThreadpoolIo : C:\Windows\System32\ntdll.dll @ 0x7ff9d490dee0
[IAT:Addr] (explorer.exe @ advapi32.dll) kernel32!CancelThreadpoolIo : C:\Windows\System32\ntdll.dll @ 0x7ff9d4948c00
[IAT:Addr] (explorer.exe @ advapi32.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9d48ff040
[IAT:Addr] (explorer.exe @ shlwapi.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9d49603c0
[IAT:Addr] (explorer.exe @ shlwapi.dll) user32!DefWindowProcA : C:\Windows\System32\ntdll.dll @ 0x7ff9d49603b0
[IAT:Addr] (explorer.exe @ shell32.dll) user32!DefWindowProcA : C:\Windows\System32\ntdll.dll @ 0x7ff9d49603b0
[IAT:Addr] (explorer.exe @ shell32.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9d49603c0
[IAT:Addr] (explorer.exe @ uxtheme.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9d49603c0
[IAT:Addr] (explorer.exe @ duser.dll) user32!DefWindowProcA : C:\Windows\System32\ntdll.dll @ 0x7ff9d49603b0
[IAT:Addr] (explorer.exe @ dui70.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9d49603c0
[IAT:Addr] (explorer.exe @ dui70.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9d4945c70
[IAT:Addr(Microsoft)] (explorer.exe @ dui70.dll) kernel32!GetCurrentPackageId : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9d1e08ba0
[IAT:Addr] (explorer.exe @ slc.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9d4945c70
[IAT:Addr] (explorer.exe @ slc.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9d4900c30
[IAT:Addr] (explorer.exe @ dxgi.dll) user32!DefWindowProcA : C:\Windows\System32\ntdll.dll @ 0x7ff9d49603b0
[IAT:Addr] (explorer.exe @ sppc.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9d4945c70
[IAT:Addr] (explorer.exe @ sppc.dll) kernel32!EncodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9d4933ce0
[IAT:Addr] (explorer.exe @ sppc.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492e670
[IAT:Addr] (explorer.exe @ sppc.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b6a0
[IAT:Addr] (explorer.exe @ sppc.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490bf40
[IAT:Addr] (explorer.exe @ sppc.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9d4900c30
[IAT:Addr] (explorer.exe @ sppc.dll) kernel32!DecodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9d4925f40
[IAT:Addr] (explorer.exe @ imm32.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9d49603c0
[IAT:Addr] (explorer.exe @ msctf.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9d49603c0
[IAT:Addr] (explorer.exe @ ole32.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9d4945c70
[IAT:Addr] (explorer.exe @ ole32.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9d49603c0
[IAT:Addr(Microsoft)] (explorer.exe @ comctl32.dll) kernel32!GetCurrentPackageId : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9d1e08ba0
[IAT:Addr] (explorer.exe @ comctl32.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9d49603c0
[IAT:Addr] (explorer.exe @ SndVolSSO.DLL) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9d49603c0
[IAT:Addr] (explorer.exe @ SndVolSSO.DLL) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9d4945c70
[IAT:Addr] (explorer.exe @ oleacc.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9d49603c0
[IAT:Addr] (explorer.exe @ twinui.dll) user32!DefWindowProcA : C:\Windows\System32\ntdll.dll @ 0x7ff9d49603b0
[IAT:Addr] (explorer.exe @ twinui.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9d49603c0
[IAT:Addr(Microsoft)] (explorer.exe @ twinui.dll) kernel32!GetSystemAppDataKey : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9d1e279d0
[IAT:Addr(Microsoft)] (explorer.exe @ twinui.dll) kernel32!CloseState : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9d1e27360
[IAT:Addr(Microsoft)] (explorer.exe @ twinui.dll) kernel32!GetStateFolder : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9d1e28170
[IAT:Addr(Microsoft)] (explorer.exe @ twinui.dll) kernel32!OpenStateExplicit : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9d1e27870
[IAT:Addr(Microsoft)] (explorer.exe @ twinui.dll) kernel32!OpenState : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9d1e29710
[IAT:Addr(Microsoft)] (explorer.exe @ twinui.dll) kernel32!GetCurrentPackageInfo : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9d1e368f0
[IAT:Addr(Microsoft)] (explorer.exe @ twinui.dll) kernel32!ParseApplicationUserModelId : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9d1e4e1c0
[IAT:Addr] (explorer.exe @ Windows.UI.Immersive.dll) user32!DefWindowProcA : C:\Windows\System32\ntdll.dll @ 0x7ff9d49603b0
[IAT:Addr] (explorer.exe @ Windows.UI.Immersive.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9d49603c0
[IAT:Addr] (explorer.exe @ Windows.UI.Immersive.dll) kernel32!WaitForThreadpoolWaitCallbacks : C:\Windows\System32\ntdll.dll @ 0x7ff9d4937ea0
[IAT:Addr] (explorer.exe @ Windows.UI.Immersive.dll) kernel32!CloseThreadpoolWait : C:\Windows\System32\ntdll.dll @ 0x7ff9d48eddd0
[IAT:Addr] (explorer.exe @ Windows.UI.Immersive.dll) kernel32!SetThreadpoolWait : C:\Windows\System32\ntdll.dll @ 0x7ff9d48ee2a0
[IAT:Addr] (explorer.exe @ explorerframe.dll) kernel32!WaitForThreadpoolTimerCallbacks : C:\Windows\System32\ntdll.dll @ 0x7ff9d4937fb0
[IAT:Addr] (explorer.exe @ explorerframe.dll) kernel32!CloseThreadpoolTimer : C:\Windows\System32\ntdll.dll @ 0x7ff9d4911e90
[IAT:Addr] (explorer.exe @ explorerframe.dll) kernel32!FreeLibraryWhenCallbackReturns : C:\Windows\System32\ntdll.dll @ 0x7ff9d4940700
[IAT:Addr] (explorer.exe @ explorerframe.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9d48ff040
[IAT:Addr] (explorer.exe @ explorerframe.dll) kernel32!ReleaseSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b610
[IAT:Addr] (explorer.exe @ explorerframe.dll) kernel32!AcquireSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9d490ab40
[IAT:Addr] (explorer.exe @ explorerframe.dll) kernel32!SetThreadpoolTimer : C:\Windows\System32\ntdll.dll @ 0x7ff9d49407a0
[IAT:Addr] (explorer.exe @ explorerframe.dll) kernel32!AcquireSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b900
[IAT:Addr] (explorer.exe @ explorerframe.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b6a0
[IAT:Addr] (explorer.exe @ explorerframe.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490bf40
[IAT:Addr] (explorer.exe @ explorerframe.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492e670
[IAT:Addr] (explorer.exe @ explorerframe.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9d4900c30
[IAT:Addr] (explorer.exe @ explorerframe.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492dcb0
[IAT:Addr] (explorer.exe @ explorerframe.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9d4945c70
[IAT:Addr] (explorer.exe @ explorerframe.dll) kernel32!ReleaseSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x7ff9d490bfc0
[IAT:Addr] (explorer.exe @ explorerframe.dll) advapi32!EventEnabled : C:\Windows\System32\ntdll.dll @ 0x7ff9d491f4f0
[IAT:Addr] (explorer.exe @ explorerframe.dll) advapi32!TraceMessage : C:\Windows\System32\ntdll.dll @ 0x7ff9d4922050
[IAT:Addr] (explorer.exe @ explorerframe.dll) advapi32!EventUnregister : C:\Windows\System32\ntdll.dll @ 0x7ff9d48ec900
[IAT:Addr] (explorer.exe @ explorerframe.dll) advapi32!EventRegister : C:\Windows\System32\ntdll.dll @ 0x7ff9d48f1b30
[IAT:Addr] (explorer.exe @ explorerframe.dll) advapi32!UnregisterTraceGuids : C:\Windows\System32\ntdll.dll @ 0x7ff9d48ec910
[IAT:Addr] (explorer.exe @ explorerframe.dll) advapi32!RegisterTraceGuidsW : C:\Windows\System32\ntdll.dll @ 0x7ff9d48f1a50
[IAT:Addr] (explorer.exe @ explorerframe.dll) advapi32!GetTraceEnableFlags : C:\Windows\System32\ntdll.dll @ 0x7ff9d4944fd0
[IAT:Addr] (explorer.exe @ explorerframe.dll) advapi32!GetTraceEnableLevel : C:\Windows\System32\ntdll.dll @ 0x7ff9d4945010
[IAT:Addr] (explorer.exe @ explorerframe.dll) advapi32!GetTraceLoggerHandle : C:\Windows\System32\ntdll.dll @ 0x7ff9d4944e00
[IAT:Addr] (explorer.exe @ explorerframe.dll) advapi32!EventWrite : C:\Windows\System32\ntdll.dll @ 0x7ff9d491efb0
[IAT:Addr] (explorer.exe @ explorerframe.dll) user32!DefWindowProcA : C:\Windows\System32\ntdll.dll @ 0x7ff9d49603b0
[IAT:Addr] (explorer.exe @ explorerframe.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9d49603c0
[IAT:Addr(Microsoft)] (explorer.exe @ wldp.dll) kernel32!GetPackageFullName : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9d1e17530
[IAT:Addr] (explorer.exe @ wldp.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492dcb0
[IAT:Addr] (explorer.exe @ wldp.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492e670
[IAT:Addr] (explorer.exe @ wldp.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490bf40
[IAT:Addr] (explorer.exe @ wldp.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b6a0
[IAT:Addr] (explorer.exe @ wldp.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9d4900c30
[IAT:Addr] (explorer.exe @ wldp.dll) advapi32!EventUnregister : C:\Windows\System32\ntdll.dll @ 0x7ff9d48ec900
[IAT:Addr] (explorer.exe @ wldp.dll) advapi32!EventRegister : C:\Windows\System32\ntdll.dll @ 0x7ff9d48f1b30
[IAT:Addr] (explorer.exe @ wtsapi32.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9d4945c70
[IAT:Addr] (explorer.exe @ nvwgf2umx.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b6a0
[IAT:Addr] (explorer.exe @ nvwgf2umx.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490bf40
[IAT:Addr] (explorer.exe @ nvwgf2umx.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492e670
[IAT:Addr] (explorer.exe @ nvwgf2umx.dll) kernel32!HeapSize : C:\Windows\System32\ntdll.dll @ 0x7ff9d4927380
[IAT:Addr] (explorer.exe @ nvwgf2umx.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9d48ff040
[IAT:Addr] (explorer.exe @ nvwgf2umx.dll) kernel32!ExitThread : C:\Windows\System32\ntdll.dll @ 0x7ff9d48e85a0
[IAT:Addr] (explorer.exe @ nvwgf2umx.dll) kernel32!DecodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9d4925f40
[IAT:Addr] (explorer.exe @ nvwgf2umx.dll) kernel32!EncodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9d4933ce0
[IAT:Addr] (explorer.exe @ nvwgf2umx.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9d4900c30
[IAT:Addr] (explorer.exe @ nvwgf2umx.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492dcb0
[IAT:Addr] (explorer.exe @ nvwgf2umx.dll) kernel32!VerSetConditionMask : C:\Windows\System32\ntdll.dll @ 0x7ff9d493dd30
[IAT:Addr] (explorer.exe @ nvwgf2umx.dll) kernel32!GetCurrentProcessorNumber : C:\Windows\System32\ntdll.dll @ 0x7ff9d49602d0
[IAT:Addr] (explorer.exe @ nvwgf2umx.dll) advapi32!RegisterTraceGuidsA : C:\Windows\System32\ntdll.dll @ 0x7ff9d48ee670
[IAT:Addr] (explorer.exe @ nvwgf2umx.dll) advapi32!UnregisterTraceGuids : C:\Windows\System32\ntdll.dll @ 0x7ff9d48ec910
[IAT:Addr] (explorer.exe @ nvwgf2umx.dll) advapi32!GetTraceLoggerHandle : C:\Windows\System32\ntdll.dll @ 0x7ff9d4944e00
[IAT:Addr] (explorer.exe @ nvwgf2umx.dll) advapi32!GetTraceEnableLevel : C:\Windows\System32\ntdll.dll @ 0x7ff9d4945010
[IAT:Addr] (explorer.exe @ nvwgf2umx.dll) advapi32!GetTraceEnableFlags : C:\Windows\System32\ntdll.dll @ 0x7ff9d4944fd0
[IAT:Addr] (explorer.exe @ nvwgf2umx.dll) advapi32!TraceEvent : C:\Windows\System32\ntdll.dll @ 0x7ff9d4945460
[IAT:Addr] (explorer.exe @ nvwgf2umx.dll) advapi32!EventRegister : C:\Windows\System32\ntdll.dll @ 0x7ff9d48f1b30
[IAT:Addr] (explorer.exe @ nvwgf2umx.dll) advapi32!EventUnregister : C:\Windows\System32\ntdll.dll @ 0x7ff9d48ec900
[IAT:Addr] (explorer.exe @ nvwgf2umx.dll) advapi32!EventWrite : C:\Windows\System32\ntdll.dll @ 0x7ff9d491efb0
[IAT:Addr] (explorer.exe @ InputSwitch.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9d49603c0
[IAT:Addr] (explorer.exe @ InputSwitch.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9d4945c70
[IAT:Addr] (explorer.exe @ lockscreencn.dll) advapi32!EventUnregister : C:\Windows\System32\ntdll.dll @ 0x7ff9d48ec900
[IAT:Addr] (explorer.exe @ lockscreencn.dll) advapi32!EventRegister : C:\Windows\System32\ntdll.dll @ 0x7ff9d48f1b30
[IAT:Addr] (explorer.exe @ lockscreencn.dll) advapi32!EventWrite : C:\Windows\System32\ntdll.dll @ 0x7ff9d491efb0
[IAT:Addr(Microsoft)] (explorer.exe @ lockscreencn.dll) kernel32!InitOnceExecuteOnce : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9d1e020d0
[IAT:Addr] (explorer.exe @ lockscreencn.dll) kernel32!FreeLibraryWhenCallbackReturns : C:\Windows\System32\ntdll.dll @ 0x7ff9d4940700
[IAT:Addr] (explorer.exe @ lockscreencn.dll) kernel32!CloseThreadpoolTimer : C:\Windows\System32\ntdll.dll @ 0x7ff9d4911e90
[IAT:Addr] (explorer.exe @ lockscreencn.dll) kernel32!WaitForThreadpoolTimerCallbacks : C:\Windows\System32\ntdll.dll @ 0x7ff9d4937fb0
[IAT:Addr] (explorer.exe @ lockscreencn.dll) kernel32!SetThreadpoolTimer : C:\Windows\System32\ntdll.dll @ 0x7ff9d49407a0
[IAT:Addr] (explorer.exe @ lockscreencn.dll) kernel32!InitializeSRWLock : C:\Windows\System32\ntdll.dll @ 0x7ff9d493b500
[IAT:Addr(Microsoft)] (explorer.exe @ lockscreencn.dll) kernel32!GetSystemAppDataKey : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9d1e279d0
[IAT:Addr(Microsoft)] (explorer.exe @ lockscreencn.dll) kernel32!CloseState : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9d1e27360
[IAT:Addr(Microsoft)] (explorer.exe @ lockscreencn.dll) kernel32!OpenStateExplicit : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9d1e27870
[IAT:Addr] (explorer.exe @ lockscreencn.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492dcb0
[IAT:Addr] (explorer.exe @ lockscreencn.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492e670
[IAT:Addr] (explorer.exe @ lockscreencn.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b6a0
[IAT:Addr] (explorer.exe @ lockscreencn.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490bf40
[IAT:Addr] (explorer.exe @ lockscreencn.dll) kernel32!DecodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9d4925f40
[IAT:Addr] (explorer.exe @ lockscreencn.dll) kernel32!ReleaseSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b610
[IAT:Addr] (explorer.exe @ lockscreencn.dll) kernel32!AcquireSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9d490ab40
[IAT:Addr] (explorer.exe @ lockscreencn.dll) kernel32!EncodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9d4933ce0
[IAT:Addr] (explorer.exe @ lockscreencn.dll) kernel32!ReleaseSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x7ff9d490bfc0
[IAT:Addr] (explorer.exe @ lockscreencn.dll) kernel32!AcquireSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b900
[IAT:Addr] (explorer.exe @ lockscreencn.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9d49603c0
[IAT:Addr] (explorer.exe @ stobject.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9d49603c0
[IAT:Addr] (explorer.exe @ stobject.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492dcb0
[IAT:Addr] (explorer.exe @ stobject.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b6a0
[IAT:Addr] (explorer.exe @ stobject.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492e670
[IAT:Addr] (explorer.exe @ stobject.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490bf40
[IAT:Addr] (explorer.exe @ stobject.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9d4900c30
[IAT:Addr] (explorer.exe @ stobject.dll) kernel32!DecodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9d4925f40
[IAT:Addr(Microsoft)] (explorer.exe @ stobject.dll) kernel32!InitOnceExecuteOnce : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9d1e020d0
[IAT:Addr] (explorer.exe @ stobject.dll) kernel32!EncodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9d4933ce0
[IAT:Addr] (explorer.exe @ batmeter.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9d4945c70
[IAT:Addr] (explorer.exe @ batmeter.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490bf40
[IAT:Addr] (explorer.exe @ batmeter.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b6a0
[IAT:Addr] (explorer.exe @ batmeter.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492e670
[IAT:Addr] (explorer.exe @ batmeter.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492dcb0
[IAT:Addr] (explorer.exe @ sxs.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9d4945c70
[IAT:Addr(Microsoft)] (explorer.exe @ prnfldr.dll) kernel32!InitOnceExecuteOnce : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9d1e020d0
[IAT:Addr] (explorer.exe @ prnfldr.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9d4945c70
[IAT:Addr] (explorer.exe @ prnfldr.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492e670
[IAT:Addr] (explorer.exe @ prnfldr.dll) kernel32!ReleaseSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b610
[IAT:Addr] (explorer.exe @ prnfldr.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490bf40
[IAT:Addr] (explorer.exe @ prnfldr.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9d4900c30
[IAT:Addr] (explorer.exe @ prnfldr.dll) kernel32!AcquireSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9d490ab40
[IAT:Addr] (explorer.exe @ prnfldr.dll) kernel32!InitializeSRWLock : C:\Windows\System32\ntdll.dll @ 0x7ff9d493b500
[IAT:Addr] (explorer.exe @ prnfldr.dll) kernel32!ReleaseSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x7ff9d490bfc0
[IAT:Addr] (explorer.exe @ prnfldr.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b6a0
[IAT:Addr] (explorer.exe @ prnfldr.dll) kernel32!AcquireSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b900
[IAT:Addr] (explorer.exe @ prnfldr.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492dcb0
[IAT:Addr] (explorer.exe @ prnfldr.dll) advapi32!EventUnregister : C:\Windows\System32\ntdll.dll @ 0x7ff9d48ec900
[IAT:Addr] (explorer.exe @ prnfldr.dll) advapi32!EventRegister : C:\Windows\System32\ntdll.dll @ 0x7ff9d48f1b30
[IAT:Addr] (explorer.exe @ prnfldr.dll) advapi32!UnregisterTraceGuids : C:\Windows\System32\ntdll.dll @ 0x7ff9d48ec910
[IAT:Addr] (explorer.exe @ prnfldr.dll) advapi32!RegisterTraceGuidsW : C:\Windows\System32\ntdll.dll @ 0x7ff9d48f1a50
[IAT:Addr] (explorer.exe @ prnfldr.dll) advapi32!GetTraceEnableFlags : C:\Windows\System32\ntdll.dll @ 0x7ff9d4944fd0
[IAT:Addr] (explorer.exe @ prnfldr.dll) advapi32!GetTraceEnableLevel : C:\Windows\System32\ntdll.dll @ 0x7ff9d4945010
[IAT:Addr] (explorer.exe @ prnfldr.dll) advapi32!GetTraceLoggerHandle : C:\Windows\System32\ntdll.dll @ 0x7ff9d4944e00
[IAT:Addr] (explorer.exe @ prnfldr.dll) advapi32!EventWrite : C:\Windows\System32\ntdll.dll @ 0x7ff9d491efb0
[IAT:Addr] (explorer.exe @ prnfldr.dll) advapi32!TraceMessage : C:\Windows\System32\ntdll.dll @ 0x7ff9d4922050
[IAT:Addr(Microsoft)] (explorer.exe @ winspool.drv) kernel32!GetCurrentPackageFamilyName : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9d1e16ef0
[IAT:Addr] (explorer.exe @ DXP.dll) advapi32!EventRegister : C:\Windows\System32\ntdll.dll @ 0x7ff9d48f1b30
[IAT:Addr] (explorer.exe @ DXP.dll) advapi32!TraceMessage : C:\Windows\System32\ntdll.dll @ 0x7ff9d4922050
[IAT:Addr] (explorer.exe @ DXP.dll) advapi32!GetTraceLoggerHandle : C:\Windows\System32\ntdll.dll @ 0x7ff9d4944e00
[IAT:Addr] (explorer.exe @ DXP.dll) advapi32!EventWrite : C:\Windows\System32\ntdll.dll @ 0x7ff9d491efb0
[IAT:Addr] (explorer.exe @ DXP.dll) advapi32!UnregisterTraceGuids : C:\Windows\System32\ntdll.dll @ 0x7ff9d48ec910
[IAT:Addr] (explorer.exe @ DXP.dll) advapi32!RegisterTraceGuidsW : C:\Windows\System32\ntdll.dll @ 0x7ff9d48f1a50
[IAT:Addr] (explorer.exe @ DXP.dll) advapi32!GetTraceEnableFlags : C:\Windows\System32\ntdll.dll @ 0x7ff9d4944fd0
[IAT:Addr] (explorer.exe @ DXP.dll) advapi32!GetTraceEnableLevel : C:\Windows\System32\ntdll.dll @ 0x7ff9d4945010
[IAT:Addr] (explorer.exe @ DXP.dll) advapi32!EventUnregister : C:\Windows\System32\ntdll.dll @ 0x7ff9d48ec900
[IAT:Addr] (explorer.exe @ DXP.dll) kernel32!InterlockedPushEntrySList : C:\Windows\System32\ntdll.dll @ 0x7ff9d4931a70
[IAT:Addr] (explorer.exe @ DXP.dll) kernel32!DecodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9d4925f40
[IAT:Addr] (explorer.exe @ DXP.dll) kernel32!InterlockedPopEntrySList : C:\Windows\System32\ntdll.dll @ 0x7ff9d4962280
[IAT:Addr] (explorer.exe @ DXP.dll) kernel32!EncodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9d4933ce0
[IAT:Addr] (explorer.exe @ DXP.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9d4945c70
[IAT:Addr] (explorer.exe @ DXP.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b6a0
[IAT:Addr] (explorer.exe @ DXP.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490bf40
[IAT:Addr] (explorer.exe @ DXP.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492dcb0
[IAT:Addr] (explorer.exe @ DXP.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492e670
[IAT:Addr] (explorer.exe @ DXP.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9d4900c30
[IAT:Addr] (explorer.exe @ DXP.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9d49603c0
[IAT:Addr] (explorer.exe @ GdiPlus.dll) user32!DefWindowProcA : C:\Windows\System32\ntdll.dll @ 0x7ff9d49603b0
[IAT:Addr] (explorer.exe @ GdiPlus.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9d4945c70
[IAT:Addr] (explorer.exe @ shdocvw.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9d4945c70
[IAT:Addr] (explorer.exe @ shdocvw.dll) kernel32!AcquireSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9d490ab40
[IAT:Addr] (explorer.exe @ shdocvw.dll) kernel32!ReleaseSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b610
[IAT:Addr] (explorer.exe @ shdocvw.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9d4900c30
[IAT:Addr] (explorer.exe @ shdocvw.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9d49603c0
[IAT:Addr] (explorer.exe @ Actioncenter.dll) kernel32!AcquireSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9d490ab40
[IAT:Addr] (explorer.exe @ Actioncenter.dll) kernel32!ReleaseSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b610
[IAT:Addr] (explorer.exe @ Actioncenter.dll) kernel32!AcquireSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b900
[IAT:Addr] (explorer.exe @ Actioncenter.dll) kernel32!ReleaseSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x7ff9d490bfc0
[IAT:Addr] (explorer.exe @ Actioncenter.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492dcb0
[IAT:Addr] (explorer.exe @ Actioncenter.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492e670
[IAT:Addr] (explorer.exe @ Actioncenter.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b6a0
[IAT:Addr] (explorer.exe @ Actioncenter.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490bf40
[IAT:Addr] (explorer.exe @ Actioncenter.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9d4900c30
[IAT:Addr] (explorer.exe @ Actioncenter.dll) kernel32!SubmitThreadpoolWork : C:\Windows\System32\ntdll.dll @ 0x7ff9d490d970
[IAT:Addr] (explorer.exe @ Actioncenter.dll) kernel32!CloseThreadpoolWork : C:\Windows\System32\ntdll.dll @ 0x7ff9d4938100
[IAT:Addr] (explorer.exe @ Actioncenter.dll) advapi32!EventWrite : C:\Windows\System32\ntdll.dll @ 0x7ff9d491efb0
[IAT:Addr] (explorer.exe @ Actioncenter.dll) advapi32!EventUnregister : C:\Windows\System32\ntdll.dll @ 0x7ff9d48ec900
[IAT:Addr] (explorer.exe @ Actioncenter.dll) advapi32!EventRegister : C:\Windows\System32\ntdll.dll @ 0x7ff9d48f1b30
[IAT:Addr] (explorer.exe @ Actioncenter.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9d49603c0
[IAT:Addr] (explorer.exe @ Syncreg.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9d4900c30
[IAT:Addr] (explorer.exe @ Syncreg.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b6a0
[IAT:Addr] (explorer.exe @ Syncreg.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490bf40
[IAT:Addr] (explorer.exe @ Syncreg.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492e670
[IAT:Addr] (explorer.exe @ Syncreg.dll) advapi32!GetTraceLoggerHandle : C:\Windows\System32\ntdll.dll @ 0x7ff9d4944e00
[IAT:Addr] (explorer.exe @ Syncreg.dll) advapi32!TraceMessage : C:\Windows\System32\ntdll.dll @ 0x7ff9d4922050
[IAT:Addr] (explorer.exe @ Syncreg.dll) advapi32!UnregisterTraceGuids : C:\Windows\System32\ntdll.dll @ 0x7ff9d48ec910
[IAT:Addr] (explorer.exe @ Syncreg.dll) advapi32!RegisterTraceGuidsW : C:\Windows\System32\ntdll.dll @ 0x7ff9d48f1a50
[IAT:Addr] (explorer.exe @ Syncreg.dll) advapi32!GetTraceEnableFlags : C:\Windows\System32\ntdll.dll @ 0x7ff9d4944fd0
[IAT:Addr] (explorer.exe @ Syncreg.dll) advapi32!GetTraceEnableLevel : C:\Windows\System32\ntdll.dll @ 0x7ff9d4945010
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!AcquireSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b900
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!CancelThreadpoolIo : C:\Windows\System32\ntdll.dll @ 0x7ff9d4948c00
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!StartThreadpoolIo : C:\Windows\System32\ntdll.dll @ 0x7ff9d490dee0
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!CloseThreadpoolIo : C:\Windows\System32\ntdll.dll @ 0x7ff9d4934fd0
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9d4900c30
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b6a0
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490bf40
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492dcb0
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492e670
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9d48ff040
[IAT:Addr(Microsoft)] (explorer.exe @ wininet.dll) kernel32!InitOnceExecuteOnce : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9d1e020d0
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!InitializeConditionVariable : C:\Windows\System32\ntdll.dll @ 0x7ff9d493b500
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!WakeAllConditionVariable : C:\Windows\System32\ntdll.dll @ 0x7ff9d493f0f0
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!InitializeSRWLock : C:\Windows\System32\ntdll.dll @ 0x7ff9d493b500
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!ReleaseSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b610
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!ReleaseSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x7ff9d490bfc0
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!AcquireSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9d490ab40
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!HeapSize : C:\Windows\System32\ntdll.dll @ 0x7ff9d4927380
[IAT:Addr(Microsoft)] (explorer.exe @ wininet.dll) kernel32!SleepConditionVariableCS : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9d1e38150
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!CloseThreadpoolWork : C:\Windows\System32\ntdll.dll @ 0x7ff9d4938100
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!SubmitThreadpoolWork : C:\Windows\System32\ntdll.dll @ 0x7ff9d490d970
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!WaitForThreadpoolWorkCallbacks : C:\Windows\System32\ntdll.dll @ 0x7ff9d4937f70
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!CloseThreadpoolTimer : C:\Windows\System32\ntdll.dll @ 0x7ff9d4911e90
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!SetThreadpoolTimer : C:\Windows\System32\ntdll.dll @ 0x7ff9d49407a0
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!WaitForThreadpoolTimerCallbacks : C:\Windows\System32\ntdll.dll @ 0x7ff9d4937fb0
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!CloseThreadpoolWait : C:\Windows\System32\ntdll.dll @ 0x7ff9d48eddd0
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!SetThreadpoolWait : C:\Windows\System32\ntdll.dll @ 0x7ff9d48ee2a0
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!WaitForThreadpoolWaitCallbacks : C:\Windows\System32\ntdll.dll @ 0x7ff9d4937ea0
[IAT:Addr] (explorer.exe @ wininet.dll) kernel32!FreeLibraryWhenCallbackReturns : C:\Windows\System32\ntdll.dll @ 0x7ff9d4940700
[IAT:Addr] (explorer.exe @ iertutil.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492dcb0
[IAT:Addr] (explorer.exe @ iertutil.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492e670
[IAT:Addr] (explorer.exe @ iertutil.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b6a0
[IAT:Addr] (explorer.exe @ iertutil.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490bf40
[IAT:Addr] (explorer.exe @ iertutil.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9d4900c30
[IAT:Addr] (explorer.exe @ iertutil.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9d48ff040
[IAT:Addr(Microsoft)] (explorer.exe @ iertutil.dll) kernel32!DeleteProcThreadAttributeList : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9d1e05e60
[IAT:Addr(Microsoft)] (explorer.exe @ iertutil.dll) kernel32!UpdateProcThreadAttribute : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9d1e43880
[IAT:Addr(Microsoft)] (explorer.exe @ iertutil.dll) kernel32!InitializeProcThreadAttributeList : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9d1e439b0
[IAT:Addr] (explorer.exe @ iertutil.dll) kernel32!InitializeSRWLock : C:\Windows\System32\ntdll.dll @ 0x7ff9d493b500
[IAT:Addr] (explorer.exe @ iertutil.dll) kernel32!AcquireSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9d490ab40
[IAT:Addr] (explorer.exe @ iertutil.dll) kernel32!ReleaseSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b610
[IAT:Addr] (explorer.exe @ iertutil.dll) kernel32!AcquireSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b900
[IAT:Addr] (explorer.exe @ iertutil.dll) kernel32!ReleaseSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x7ff9d490bfc0
[IAT:Addr] (explorer.exe @ iertutil.dll) kernel32!EncodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9d4933ce0
[IAT:Addr] (explorer.exe @ iertutil.dll) kernel32!DecodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9d4925f40
[IAT:Addr] (explorer.exe @ ntshrui.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9d49603c0
[IAT:Addr] (explorer.exe @ linkinfo.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9d4945c70
[IAT:Addr] (explorer.exe @ wpdshserviceobj.dll) advapi32!TraceEvent : C:\Windows\System32\ntdll.dll @ 0x7ff9d4945460
[IAT:Addr] (explorer.exe @ wpdshserviceobj.dll) advapi32!UnregisterTraceGuids : C:\Windows\System32\ntdll.dll @ 0x7ff9d48ec910
[IAT:Addr] (explorer.exe @ wpdshserviceobj.dll) advapi32!RegisterTraceGuidsW : C:\Windows\System32\ntdll.dll @ 0x7ff9d48f1a50
[IAT:Addr] (explorer.exe @ wpdshserviceobj.dll) advapi32!GetTraceEnableFlags : C:\Windows\System32\ntdll.dll @ 0x7ff9d4944fd0
[IAT:Addr] (explorer.exe @ wpdshserviceobj.dll) advapi32!GetTraceEnableLevel : C:\Windows\System32\ntdll.dll @ 0x7ff9d4945010
[IAT:Addr] (explorer.exe @ wpdshserviceobj.dll) advapi32!GetTraceLoggerHandle : C:\Windows\System32\ntdll.dll @ 0x7ff9d4944e00
[IAT:Addr] (explorer.exe @ wpdshserviceobj.dll) advapi32!TraceMessage : C:\Windows\System32\ntdll.dll @ 0x7ff9d4922050
[IAT:Addr] (explorer.exe @ wpdshserviceobj.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9d4945c70
[IAT:Addr] (explorer.exe @ wpdshserviceobj.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490bf40
[IAT:Addr] (explorer.exe @ wpdshserviceobj.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b6a0
[IAT:Addr] (explorer.exe @ wpdshserviceobj.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492dcb0
[IAT:Addr] (explorer.exe @ wpdshserviceobj.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492e670
[IAT:Addr] (explorer.exe @ wpdshserviceobj.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9d4900c30
[IAT:Addr] (explorer.exe @ wpdshserviceobj.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9d48ff040
[IAT:Addr] (explorer.exe @ wpdshserviceobj.dll) kernel32!HeapSize : C:\Windows\System32\ntdll.dll @ 0x7ff9d4927380
[IAT:Addr] (explorer.exe @ wpdshserviceobj.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9d49603c0
[IAT:Addr] (explorer.exe @ PortableDeviceApi.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9d4945c70
[IAT:Addr] (explorer.exe @ SettingMonitor.dll) kernel32!InitializeSRWLock : C:\Windows\System32\ntdll.dll @ 0x7ff9d493b500
[IAT:Addr] (explorer.exe @ SettingMonitor.dll) kernel32!SubmitThreadpoolWork : C:\Windows\System32\ntdll.dll @ 0x7ff9d490d970
[IAT:Addr] (explorer.exe @ SettingMonitor.dll) kernel32!CloseThreadpoolWork : C:\Windows\System32\ntdll.dll @ 0x7ff9d4938100
[IAT:Addr] (explorer.exe @ SettingMonitor.dll) kernel32!SetThreadpoolWait : C:\Windows\System32\ntdll.dll @ 0x7ff9d48ee2a0
[IAT:Addr] (explorer.exe @ SettingMonitor.dll) kernel32!WaitForThreadpoolWaitCallbacks : C:\Windows\System32\ntdll.dll @ 0x7ff9d4937ea0
[IAT:Addr] (explorer.exe @ SettingMonitor.dll) kernel32!CloseThreadpoolWait : C:\Windows\System32\ntdll.dll @ 0x7ff9d48eddd0
[IAT:Addr(Microsoft)] (explorer.exe @ SettingMonitor.dll) kernel32!InitOnceExecuteOnce : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9d1e020d0
[IAT:Addr] (explorer.exe @ SettingMonitor.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9d49603c0
[IAT:Addr] (explorer.exe @ AltTab.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9d4945c70
[IAT:Addr] (explorer.exe @ AltTab.dll) kernel32!SetThreadpoolTimer : C:\Windows\System32\ntdll.dll @ 0x7ff9d49407a0
[IAT:Addr] (explorer.exe @ AltTab.dll) kernel32!WaitForThreadpoolTimerCallbacks : C:\Windows\System32\ntdll.dll @ 0x7ff9d4937fb0
[IAT:Addr] (explorer.exe @ AltTab.dll) kernel32!CloseThreadpoolTimer : C:\Windows\System32\ntdll.dll @ 0x7ff9d4911e90
[IAT:Addr] (explorer.exe @ AltTab.dll) kernel32!FreeLibraryWhenCallbackReturns : C:\Windows\System32\ntdll.dll @ 0x7ff9d4940700
[IAT:Addr] (explorer.exe @ AltTab.dll) kernel32!AcquireSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9d490ab40
[IAT:Addr] (explorer.exe @ AltTab.dll) kernel32!ReleaseSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b610
[IAT:Addr] (explorer.exe @ AltTab.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9d49603c0
[IAT:Addr] (explorer.exe @ wpnprv.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9d49603c0
[IAT:Addr] (explorer.exe @ authui.dll) user32!DefWindowProcA : C:\Windows\System32\ntdll.dll @ 0x7ff9d49603b0
[IAT:Addr] (explorer.exe @ authui.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9d49603c0
[IAT:Addr] (explorer.exe @ authui.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9d48ff040
[IAT:Addr] (explorer.exe @ authui.dll) kernel32!InitializeSRWLock : C:\Windows\System32\ntdll.dll @ 0x7ff9d493b500
[IAT:Addr(Microsoft)] (explorer.exe @ authui.dll) kernel32!InitOnceExecuteOnce : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9d1e020d0
[IAT:Addr] (explorer.exe @ authui.dll) kernel32!FreeLibraryWhenCallbackReturns : C:\Windows\System32\ntdll.dll @ 0x7ff9d4940700
[IAT:Addr] (explorer.exe @ authui.dll) kernel32!CloseThreadpoolTimer : C:\Windows\System32\ntdll.dll @ 0x7ff9d4911e90
[IAT:Addr] (explorer.exe @ authui.dll) kernel32!WaitForThreadpoolTimerCallbacks : C:\Windows\System32\ntdll.dll @ 0x7ff9d4937fb0
[IAT:Addr] (explorer.exe @ authui.dll) kernel32!SetThreadpoolTimer : C:\Windows\System32\ntdll.dll @ 0x7ff9d49407a0
[IAT:Addr] (explorer.exe @ authui.dll) kernel32!HeapSize : C:\Windows\System32\ntdll.dll @ 0x7ff9d4927380
[IAT:Addr(Microsoft)] (explorer.exe @ authui.dll) kernel32!OpenPackageInfoByFullName : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9d1e1f3e0
[IAT:Addr(Microsoft)] (explorer.exe @ authui.dll) kernel32!GetPackageInfo : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9d1e20120
[IAT:Addr(Microsoft)] (explorer.exe @ authui.dll) kernel32!ClosePackageInfo : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9d1e200c0
[IAT:Addr] (explorer.exe @ pnidui.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9d49603c0
[IAT:Addr] (explorer.exe @ AepRoam.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9d4945c70
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b6a0
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490bf40
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492e670
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492dcb0
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9d4900c30
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!InitializeSRWLock : C:\Windows\System32\ntdll.dll @ 0x7ff9d493b500
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!AcquireSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9d490ab40
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!ReleaseSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b610
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!AcquireSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b900
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!ReleaseSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x7ff9d490bfc0
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!EncodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9d4933ce0
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!DecodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9d4925f40
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!ExitThread : C:\Windows\System32\ntdll.dll @ 0x7ff9d48e85a0
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!TryEnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d48fba30
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!CloseThreadpoolWork : C:\Windows\System32\ntdll.dll @ 0x7ff9d4938100
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!CloseThreadpoolTimer : C:\Windows\System32\ntdll.dll @ 0x7ff9d4911e90
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!WaitForThreadpoolTimerCallbacks : C:\Windows\System32\ntdll.dll @ 0x7ff9d4937fb0
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!SetThreadpoolTimer : C:\Windows\System32\ntdll.dll @ 0x7ff9d49407a0
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!WaitForThreadpoolWorkCallbacks : C:\Windows\System32\ntdll.dll @ 0x7ff9d4937f70
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!SubmitThreadpoolWork : C:\Windows\System32\ntdll.dll @ 0x7ff9d490d970
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!SetThreadpoolWait : C:\Windows\System32\ntdll.dll @ 0x7ff9d48ee2a0
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!CloseThreadpoolWait : C:\Windows\System32\ntdll.dll @ 0x7ff9d48eddd0
[IAT:Addr] (explorer.exe @ urlmon.dll) kernel32!WaitForThreadpoolWaitCallbacks : C:\Windows\System32\ntdll.dll @ 0x7ff9d4937ea0
[IAT:Addr] (explorer.exe @ urlmon.dll) user32!DefWindowProcA : C:\Windows\System32\ntdll.dll @ 0x7ff9d49603b0
[IAT:Addr] (explorer.exe @ bthprops.cpl) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9d49603c0
[IAT:Addr] (explorer.exe @ PackageStateRoaming.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9d4945c70
[IAT:Addr] (explorer.exe @ ieframe.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9d4900c30
[IAT:Addr] (explorer.exe @ ieframe.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492dcb0
[IAT:Addr] (explorer.exe @ ieframe.dll) kernel32!TryEnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d48fba30
[IAT:Addr(Microsoft)] (explorer.exe @ ieframe.dll) kernel32!InitOnceExecuteOnce : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9d1e020d0
[IAT:Addr] (explorer.exe @ ieframe.dll) kernel32!AcquireSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b900
[IAT:Addr] (explorer.exe @ ieframe.dll) kernel32!ReleaseSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x7ff9d490bfc0
[IAT:Addr] (explorer.exe @ ieframe.dll) kernel32!InitializeSRWLock : C:\Windows\System32\ntdll.dll @ 0x7ff9d493b500
[IAT:Addr] (explorer.exe @ ieframe.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9d48ff040
[IAT:Addr] (explorer.exe @ ieframe.dll) kernel32!EncodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9d4933ce0
[IAT:Addr] (explorer.exe @ ieframe.dll) kernel32!InitializeSListHead : C:\Windows\System32\ntdll.dll @ 0x7ff9d4931be0
[IAT:Addr] (explorer.exe @ ieframe.dll) kernel32!InterlockedPushEntrySList : C:\Windows\System32\ntdll.dll @ 0x7ff9d4931a70
[IAT:Addr] (explorer.exe @ ieframe.dll) kernel32!QueryDepthSList : C:\Windows\System32\ntdll.dll @ 0x7ff9d4931c10
[IAT:Addr] (explorer.exe @ ieframe.dll) kernel32!InterlockedFlushSList : C:\Windows\System32\ntdll.dll @ 0x7ff9d4935790
[IAT:Addr] (explorer.exe @ ieframe.dll) kernel32!VerSetConditionMask : C:\Windows\System32\ntdll.dll @ 0x7ff9d493dd30
[IAT:Addr(Microsoft)] (explorer.exe @ ieframe.dll) kernel32!SetWaitableTimerEx : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9d1e017f0
[IAT:Addr] (explorer.exe @ ieframe.dll) kernel32!WaitForThreadpoolWorkCallbacks : C:\Windows\System32\ntdll.dll @ 0x7ff9d4937f70
[IAT:Addr] (explorer.exe @ ieframe.dll) kernel32!SubmitThreadpoolWork : C:\Windows\System32\ntdll.dll @ 0x7ff9d490d970
[IAT:Addr] (explorer.exe @ ieframe.dll) kernel32!CloseThreadpoolWork : C:\Windows\System32\ntdll.dll @ 0x7ff9d4938100
[IAT:Addr] (explorer.exe @ ieframe.dll) kernel32!SetThreadpoolTimer : C:\Windows\System32\ntdll.dll @ 0x7ff9d49407a0
[IAT:Addr] (explorer.exe @ ieframe.dll) kernel32!CloseThreadpoolTimer : C:\Windows\System32\ntdll.dll @ 0x7ff9d4911e90
[IAT:Addr] (explorer.exe @ ieframe.dll) kernel32!WaitForThreadpoolTimerCallbacks : C:\Windows\System32\ntdll.dll @ 0x7ff9d4937fb0
[IAT:Addr] (explorer.exe @ ieframe.dll) kernel32!InterlockedPopEntrySList : C:\Windows\System32\ntdll.dll @ 0x7ff9d4962280
[IAT:Addr] (explorer.exe @ ieframe.dll) kernel32!DecodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9d4925f40
[IAT:Addr] (explorer.exe @ ieframe.dll) kernel32!AcquireSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9d490ab40
[IAT:Addr] (explorer.exe @ ieframe.dll) kernel32!ReleaseSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b610
[IAT:Addr] (explorer.exe @ ieframe.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492e670
[IAT:Addr] (explorer.exe @ ieframe.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b6a0
[IAT:Addr] (explorer.exe @ ieframe.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490bf40
[IAT:Addr] (explorer.exe @ ieframe.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9d49603c0
[IAT:Addr] (explorer.exe @ cscui.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b6a0
[IAT:Addr] (explorer.exe @ cscui.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490bf40
[IAT:Addr] (explorer.exe @ cscui.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492dcb0
[IAT:Addr] (explorer.exe @ cscui.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492e670
[IAT:Addr] (explorer.exe @ cscui.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9d4945c70
[IAT:Addr] (explorer.exe @ cscui.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9d48ff040
[IAT:Addr] (explorer.exe @ cscui.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9d4900c30
[IAT:Addr] (explorer.exe @ cscdll.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492e670
[IAT:Addr] (explorer.exe @ cscdll.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b6a0
[IAT:Addr] (explorer.exe @ cscdll.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490bf40
[IAT:Addr] (explorer.exe @ cscdll.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492dcb0
[IAT:Addr] (explorer.exe @ cscdll.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9d4945c70
[IAT:Addr] (explorer.exe @ cscobj.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9d4945c70
[IAT:Addr] (explorer.exe @ sqmapi.dll) advapi32!GetTraceEnableLevel : C:\Windows\System32\ntdll.dll @ 0x7ff9d4945010
[IAT:Addr] (explorer.exe @ sqmapi.dll) advapi32!UnregisterTraceGuids : C:\Windows\System32\ntdll.dll @ 0x7ff9d48ec910
[IAT:Addr] (explorer.exe @ sqmapi.dll) advapi32!RegisterTraceGuidsW : C:\Windows\System32\ntdll.dll @ 0x7ff9d48f1a50
[IAT:Addr] (explorer.exe @ sqmapi.dll) advapi32!GetTraceEnableFlags : C:\Windows\System32\ntdll.dll @ 0x7ff9d4944fd0
[IAT:Addr] (explorer.exe @ sqmapi.dll) advapi32!GetTraceLoggerHandle : C:\Windows\System32\ntdll.dll @ 0x7ff9d4944e00
[IAT:Addr] (explorer.exe @ sqmapi.dll) advapi32!TraceMessage : C:\Windows\System32\ntdll.dll @ 0x7ff9d4922050
[IAT:Addr] (explorer.exe @ sqmapi.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492dcb0
[IAT:Addr] (explorer.exe @ sqmapi.dll) kernel32!VerSetConditionMask : C:\Windows\System32\ntdll.dll @ 0x7ff9d493dd30
[IAT:Addr] (explorer.exe @ sqmapi.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492e670
[IAT:Addr] (explorer.exe @ sqmapi.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b6a0
[IAT:Addr] (explorer.exe @ sqmapi.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490bf40
[IAT:Addr] (explorer.exe @ srchadmin.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9d49603c0
[IAT:Addr] (explorer.exe @ srchadmin.dll) kernel32!HeapSize : C:\Windows\System32\ntdll.dll @ 0x7ff9d4927380
[IAT:Addr] (explorer.exe @ srchadmin.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9d48ff040
[IAT:Addr] (explorer.exe @ srchadmin.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9d4945c70
[IAT:Addr] (explorer.exe @ srchadmin.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9d4900c30
[IAT:Addr] (explorer.exe @ srchadmin.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490bf40
[IAT:Addr] (explorer.exe @ srchadmin.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b6a0
[IAT:Addr] (explorer.exe @ srchadmin.dll) kernel32!CloseThreadpoolWork : C:\Windows\System32\ntdll.dll @ 0x7ff9d4938100
[IAT:Addr] (explorer.exe @ srchadmin.dll) kernel32!SubmitThreadpoolWork : C:\Windows\System32\ntdll.dll @ 0x7ff9d490d970
[IAT:Addr] (explorer.exe @ srchadmin.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492e670
[IAT:Addr] (explorer.exe @ srchadmin.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492dcb0
[IAT:Addr] (explorer.exe @ mdnsNSP.dll) kernel32!HeapSize : C:\Windows\System32\ntdll.dll @ 0x7ff9d4927380
[IAT:Addr] (explorer.exe @ mdnsNSP.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490bf40
[IAT:Addr] (explorer.exe @ mdnsNSP.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b6a0
[IAT:Addr] (explorer.exe @ mdnsNSP.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492e670
[IAT:Addr] (explorer.exe @ mdnsNSP.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492dcb0
[IAT:Addr] (explorer.exe @ mdnsNSP.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9d48ff040
[IAT:Addr] (explorer.exe @ mdnsNSP.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9d4900c30
[IAT:Addr] (explorer.exe @ mdnsNSP.dll) kernel32!EncodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9d4933ce0
[IAT:Addr] (explorer.exe @ mdnsNSP.dll) kernel32!DecodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9d4925f40
[IAT:Addr] (explorer.exe @ Windows.UI.Search.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9d4900c30
[IAT:Addr(Microsoft)] (explorer.exe @ Windows.UI.Search.dll) kernel32!GetSystemAppDataKey : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9d1e279d0
[IAT:Addr(Microsoft)] (explorer.exe @ Windows.UI.Search.dll) kernel32!PackageIdFromFullName : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9d1e18f30
[IAT:Addr(Microsoft)] (explorer.exe @ Windows.UI.Search.dll) kernel32!GetCurrentPackageInfo : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9d1e368f0
[IAT:Addr(Microsoft)] (explorer.exe @ Windows.UI.Search.dll) kernel32!OpenPackageInfoByFullName : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9d1e1f3e0
[IAT:Addr(Microsoft)] (explorer.exe @ Windows.UI.Search.dll) kernel32!GetPackageInfo : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9d1e20120
[IAT:Addr(Microsoft)] (explorer.exe @ Windows.UI.Search.dll) kernel32!GetPackageFullName : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9d1e17530
[IAT:Addr] (explorer.exe @ Windows.UI.Search.dll) kernel32!IsThreadpoolTimerSet : C:\Windows\System32\ntdll.dll @ 0x7ff9d490fb80
[IAT:Addr(Microsoft)] (explorer.exe @ Windows.UI.Search.dll) kernel32!InitOnceExecuteOnce : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9d1e020d0
[IAT:Addr] (explorer.exe @ Windows.UI.Search.dll) kernel32!FreeLibraryWhenCallbackReturns : C:\Windows\System32\ntdll.dll @ 0x7ff9d4940700
[IAT:Addr] (explorer.exe @ Windows.UI.Search.dll) kernel32!CloseThreadpoolTimer : C:\Windows\System32\ntdll.dll @ 0x7ff9d4911e90
[IAT:Addr] (explorer.exe @ Windows.UI.Search.dll) kernel32!WaitForThreadpoolTimerCallbacks : C:\Windows\System32\ntdll.dll @ 0x7ff9d4937fb0
[IAT:Addr] (explorer.exe @ Windows.UI.Search.dll) kernel32!SetThreadpoolTimer : C:\Windows\System32\ntdll.dll @ 0x7ff9d49407a0
[IAT:Addr] (explorer.exe @ Windows.UI.Search.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9d4945c70
[IAT:Addr(Microsoft)] (explorer.exe @ Windows.UI.Search.dll) kernel32!ClosePackageInfo : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9d1e200c0
[IAT:Addr(Microsoft)] (explorer.exe @ Windows.UI.Search.dll) kernel32!CloseState : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9d1e27360
[IAT:Addr(Microsoft)] (explorer.exe @ Windows.UI.Search.dll) kernel32!GetStateFolder : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9d1e28170
[IAT:Addr(Microsoft)] (explorer.exe @ Windows.UI.Search.dll) kernel32!OpenStateExplicit : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9d1e27870
[IAT:Addr(Microsoft)] (explorer.exe @ Windows.UI.Search.dll) kernel32!OpenState : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9d1e29710
[IAT:Addr] (explorer.exe @ Windows.UI.Search.dll) user32!DefWindowProcA : C:\Windows\System32\ntdll.dll @ 0x7ff9d49603b0
[IAT:Addr] (explorer.exe @ Windows.UI.Search.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9d49603c0
[IAT:Addr(Microsoft)] (explorer.exe @ WSShared.dll) kernel32!GetPackageFamilyName : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9d1e51380
[IAT:Addr(Microsoft)] (explorer.exe @ WSShared.dll) kernel32!PackageIdFromFullName : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9d1e18f30
[IAT:Addr(Microsoft)] (explorer.exe @ WSShared.dll) kernel32!FindPackagesByPackageFamily : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9d1e18410
[IAT:Addr] (explorer.exe @ SyncCenter.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9d49603c0
[IAT:Addr] (explorer.exe @ SyncCenter.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9d4945c70
[IAT:Addr] (explorer.exe @ SyncCenter.dll) kernel32!AcquireSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b900
[IAT:Addr] (explorer.exe @ SyncCenter.dll) kernel32!ReleaseSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x7ff9d490bfc0
[IAT:Addr] (explorer.exe @ SyncCenter.dll) kernel32!AcquireSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9d490ab40
[IAT:Addr(Microsoft)] (explorer.exe @ SyncCenter.dll) kernel32!SetWaitableTimerEx : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9d1e017f0
[IAT:Addr] (explorer.exe @ SyncCenter.dll) kernel32!ReleaseSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b610
[IAT:Addr] (explorer.exe @ SyncCenter.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b6a0
[IAT:Addr] (explorer.exe @ SyncCenter.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490bf40
[IAT:Addr] (explorer.exe @ SyncCenter.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9d4900c30
[IAT:Addr] (explorer.exe @ SyncCenter.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492dcb0
[IAT:Addr] (explorer.exe @ SyncCenter.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492e670
[IAT:Addr] (explorer.exe @ Windows.UI.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9d49603c0
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) advapi32!TraceEvent : C:\Windows\System32\ntdll.dll @ 0x7ff9d4945460
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) advapi32!UnregisterTraceGuids : C:\Windows\System32\ntdll.dll @ 0x7ff9d48ec910
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) advapi32!RegisterTraceGuidsW : C:\Windows\System32\ntdll.dll @ 0x7ff9d48f1a50
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) advapi32!GetTraceEnableFlags : C:\Windows\System32\ntdll.dll @ 0x7ff9d4944fd0
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) advapi32!GetTraceEnableLevel : C:\Windows\System32\ntdll.dll @ 0x7ff9d4945010
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) advapi32!GetTraceLoggerHandle : C:\Windows\System32\ntdll.dll @ 0x7ff9d4944e00
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) advapi32!TraceMessage : C:\Windows\System32\ntdll.dll @ 0x7ff9d4922050
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) advapi32!EventWrite : C:\Windows\System32\ntdll.dll @ 0x7ff9d491efb0
[IAT:Addr(Microsoft)] (explorer.exe @ Windows.UI.Xaml.dll) kernel32!PackageIdFromFullName : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9d1e18f30
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) kernel32!ReleaseSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x7ff9d490bfc0
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) kernel32!InitializeSRWLock : C:\Windows\System32\ntdll.dll @ 0x7ff9d493b500
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) kernel32!InitOnceInitialize : C:\Windows\System32\ntdll.dll @ 0x7ff9d493b500
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) kernel32!AcquireSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9d490ab40
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) kernel32!ReleaseSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b610
[IAT:Addr(Microsoft)] (explorer.exe @ Windows.UI.Xaml.dll) kernel32!GetCurrentPackageInfo : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9d1e368f0
[IAT:Addr(Microsoft)] (explorer.exe @ Windows.UI.Xaml.dll) kernel32!InitOnceExecuteOnce : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9d1e020d0
[IAT:Addr(Microsoft)] (explorer.exe @ Windows.UI.Xaml.dll) kernel32!CloseState : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9d1e27360
[IAT:Addr(Microsoft)] (explorer.exe @ Windows.UI.Xaml.dll) kernel32!GetStateFolder : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9d1e28170
[IAT:Addr(Microsoft)] (explorer.exe @ Windows.UI.Xaml.dll) kernel32!OpenState : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9d1e29710
[IAT:Addr(Microsoft)] (explorer.exe @ Windows.UI.Xaml.dll) kernel32!GetCurrentApplicationUserModelId : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9d1e17110
[IAT:Addr(Microsoft)] (explorer.exe @ Windows.UI.Xaml.dll) kernel32!GetCurrentPackageFullName : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9d1e34080
[IAT:Addr(Microsoft)] (explorer.exe @ Windows.UI.Xaml.dll) kernel32!GetCurrentPackagePath : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9d1e86dd0
[IAT:Addr(Microsoft)] (explorer.exe @ Windows.UI.Xaml.dll) kernel32!GetCurrentPackageId : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9d1e08ba0
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) kernel32!SubmitThreadpoolWork : C:\Windows\System32\ntdll.dll @ 0x7ff9d490d970
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) kernel32!CloseThreadpoolWork : C:\Windows\System32\ntdll.dll @ 0x7ff9d4938100
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) kernel32!WaitForThreadpoolWorkCallbacks : C:\Windows\System32\ntdll.dll @ 0x7ff9d4937f70
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) kernel32!CloseThreadpoolCleanupGroup : C:\Windows\System32\ntdll.dll @ 0x7ff9d4943ed0
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) kernel32!CloseThreadpoolCleanupGroupMembers : C:\Windows\System32\ntdll.dll @ 0x7ff9d4937940
[IAT:Addr(Microsoft)] (explorer.exe @ Windows.UI.Xaml.dll) kernel32!GetCurrentPackageFamilyName : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9d1e16ef0
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492dcb0
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492e670
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b6a0
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490bf40
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9d4900c30
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) kernel32!HeapSize : C:\Windows\System32\ntdll.dll @ 0x7ff9d4927380
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9d48ff040
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) kernel32!TryEnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d48fba30
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9d49603c0
[IAT:Addr] (explorer.exe @ GROOVEEX.DLL) advapi32!EventWrite : C:\Windows\System32\ntdll.dll @ 0x7ff9d491efb0
[IAT:Addr] (explorer.exe @ GROOVEEX.DLL) advapi32!EventUnregister : C:\Windows\System32\ntdll.dll @ 0x7ff9d48ec900
[IAT:Addr] (explorer.exe @ GROOVEEX.DLL) advapi32!EventRegister : C:\Windows\System32\ntdll.dll @ 0x7ff9d48f1b30
[IAT:Addr] (explorer.exe @ GROOVEEX.DLL) kernel32!QueryDepthSList : C:\Windows\System32\ntdll.dll @ 0x7ff9d4931c10
[IAT:Addr] (explorer.exe @ GROOVEEX.DLL) kernel32!EncodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9d4933ce0
[IAT:Addr] (explorer.exe @ GROOVEEX.DLL) kernel32!DecodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9d4925f40
[IAT:Addr] (explorer.exe @ GROOVEEX.DLL) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9d4900c30
[IAT:Addr] (explorer.exe @ GROOVEEX.DLL) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b6a0
[IAT:Addr] (explorer.exe @ GROOVEEX.DLL) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490bf40
[IAT:Addr] (explorer.exe @ GROOVEEX.DLL) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492e670
[IAT:Addr] (explorer.exe @ GROOVEEX.DLL) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492dcb0
[IAT:Addr] (explorer.exe @ GROOVEEX.DLL) kernel32!TryEnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d48fba30
[IAT:Addr] (explorer.exe @ GROOVEEX.DLL) kernel32!InitializeSListHead : C:\Windows\System32\ntdll.dll @ 0x7ff9d4931be0
[IAT:Addr] (explorer.exe @ GROOVEEX.DLL) kernel32!InterlockedPopEntrySList : C:\Windows\System32\ntdll.dll @ 0x7ff9d4962280
[IAT:Addr] (explorer.exe @ GROOVEEX.DLL) kernel32!InterlockedPushEntrySList : C:\Windows\System32\ntdll.dll @ 0x7ff9d4931a70
[IAT:Addr(Microsoft)] (explorer.exe @ VCRUNTIME140.dll) advapi32!SystemFunction036 : C:\Windows\System32\CRYPTBASE.dll @ 0x7ff9d18c1050
[IAT:Addr] (explorer.exe @ VCRUNTIME140.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492e670
[IAT:Addr] (explorer.exe @ VCRUNTIME140.dll) kernel32!EncodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9d4933ce0
[IAT:Addr] (explorer.exe @ VCRUNTIME140.dll) kernel32!InterlockedFlushSList : C:\Windows\System32\ntdll.dll @ 0x7ff9d4935790
[IAT:Addr] (explorer.exe @ VCRUNTIME140.dll) kernel32!InterlockedPushEntrySList : C:\Windows\System32\ntdll.dll @ 0x7ff9d4931a70
[IAT:Addr] (explorer.exe @ VCRUNTIME140.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b6a0
[IAT:Addr] (explorer.exe @ VCRUNTIME140.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490bf40
[IAT:Addr] (explorer.exe @ msvcp140.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b6a0
[IAT:Addr] (explorer.exe @ msvcp140.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490bf40
[IAT:Addr] (explorer.exe @ msvcp140.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492e670
[IAT:Addr] (explorer.exe @ msvcp140.dll) kernel32!EncodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9d4933ce0
[IAT:Addr] (explorer.exe @ msvcp140.dll) kernel32!DecodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9d4925f40
[IAT:Addr] (explorer.exe @ msvcp140.dll) kernel32!InitializeSListHead : C:\Windows\System32\ntdll.dll @ 0x7ff9d4931be0
[IAT:Addr] (explorer.exe @ msvcp140.dll) kernel32!TryEnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d48fba30
[IAT:Addr] (explorer.exe @ msi.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9d48ff040
[IAT:Addr] (explorer.exe @ msi.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9d4900c30
[IAT:Addr] (explorer.exe @ msi.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492dcb0
[IAT:Addr] (explorer.exe @ msi.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492e670
[IAT:Addr] (explorer.exe @ msi.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490bf40
[IAT:Addr] (explorer.exe @ msi.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b6a0
[IAT:Addr] (explorer.exe @ msi.dll) kernel32!ExitThread : C:\Windows\System32\ntdll.dll @ 0x7ff9d48e85a0
[IAT:Addr] (explorer.exe @ msi.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9d49603c0
[IAT:Addr] (explorer.exe @ searchfolder.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9d49603c0
[IAT:Addr(Microsoft)] (explorer.exe @ searchfolder.dll) kernel32!PackageIdFromFullName : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9d1e18f30
[IAT:Addr] (explorer.exe @ searchfolder.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9d48ff040
[IAT:Addr] (explorer.exe @ searchfolder.dll) kernel32!InitializeSRWLock : C:\Windows\System32\ntdll.dll @ 0x7ff9d493b500
[IAT:Addr] (explorer.exe @ searchfolder.dll) kernel32!FreeLibraryWhenCallbackReturns : C:\Windows\System32\ntdll.dll @ 0x7ff9d4940700
[IAT:Addr] (explorer.exe @ searchfolder.dll) kernel32!CloseThreadpoolTimer : C:\Windows\System32\ntdll.dll @ 0x7ff9d4911e90
[IAT:Addr] (explorer.exe @ searchfolder.dll) kernel32!WaitForThreadpoolTimerCallbacks : C:\Windows\System32\ntdll.dll @ 0x7ff9d4937fb0
[IAT:Addr] (explorer.exe @ searchfolder.dll) kernel32!SetThreadpoolTimer : C:\Windows\System32\ntdll.dll @ 0x7ff9d49407a0
[IAT:Addr] (explorer.exe @ searchfolder.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490bf40
[IAT:Addr] (explorer.exe @ searchfolder.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b6a0
[IAT:Addr] (explorer.exe @ searchfolder.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492dcb0
[IAT:Addr] (explorer.exe @ searchfolder.dll) kernel32!EncodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9d4933ce0
[IAT:Addr] (explorer.exe @ searchfolder.dll) kernel32!DecodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9d4925f40
[IAT:Addr] (explorer.exe @ searchfolder.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492e670
[IAT:Addr] (explorer.exe @ searchfolder.dll) kernel32!ReleaseSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x7ff9d490bfc0
[IAT:Addr] (explorer.exe @ searchfolder.dll) kernel32!AcquireSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b900
[IAT:Addr] (explorer.exe @ searchfolder.dll) kernel32!ReleaseSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b610
[IAT:Addr] (explorer.exe @ searchfolder.dll) kernel32!AcquireSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9d490ab40
[IAT:Addr] (explorer.exe @ searchfolder.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9d4900c30
[IAT:Addr] (explorer.exe @ imapi2.dll) advapi32!UnregisterTraceGuids : C:\Windows\System32\ntdll.dll @ 0x7ff9d48ec910
[IAT:Addr] (explorer.exe @ imapi2.dll) advapi32!RegisterTraceGuidsW : C:\Windows\System32\ntdll.dll @ 0x7ff9d48f1a50
[IAT:Addr] (explorer.exe @ imapi2.dll) advapi32!GetTraceEnableFlags : C:\Windows\System32\ntdll.dll @ 0x7ff9d4944fd0
[IAT:Addr] (explorer.exe @ imapi2.dll) advapi32!GetTraceEnableLevel : C:\Windows\System32\ntdll.dll @ 0x7ff9d4945010
[IAT:Addr] (explorer.exe @ imapi2.dll) advapi32!GetTraceLoggerHandle : C:\Windows\System32\ntdll.dll @ 0x7ff9d4944e00
[IAT:Addr] (explorer.exe @ imapi2.dll) advapi32!TraceMessage : C:\Windows\System32\ntdll.dll @ 0x7ff9d4922050
[IAT:Addr] (explorer.exe @ imapi2.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490bf40
[IAT:Addr] (explorer.exe @ imapi2.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b6a0
[IAT:Addr] (explorer.exe @ imapi2.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492dcb0
[IAT:Addr] (explorer.exe @ imapi2.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492e670
[IAT:Addr] (explorer.exe @ EhStorShell.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492dcb0
[IAT:Addr] (explorer.exe @ EhStorShell.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492e670
[IAT:Addr] (explorer.exe @ EhStorShell.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b6a0
[IAT:Addr] (explorer.exe @ EhStorShell.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490bf40
[IAT:Addr] (explorer.exe @ EhStorShell.dll) advapi32!TraceMessage : C:\Windows\System32\ntdll.dll @ 0x7ff9d4922050
[IAT:Addr] (explorer.exe @ EhStorShell.dll) advapi32!GetTraceLoggerHandle : C:\Windows\System32\ntdll.dll @ 0x7ff9d4944e00
[IAT:Addr] (explorer.exe @ EhStorShell.dll) advapi32!GetTraceEnableLevel : C:\Windows\System32\ntdll.dll @ 0x7ff9d4945010
[IAT:Addr] (explorer.exe @ EhStorShell.dll) advapi32!GetTraceEnableFlags : C:\Windows\System32\ntdll.dll @ 0x7ff9d4944fd0
[IAT:Addr] (explorer.exe @ EhStorShell.dll) advapi32!RegisterTraceGuidsW : C:\Windows\System32\ntdll.dll @ 0x7ff9d48f1a50
[IAT:Addr] (explorer.exe @ EhStorShell.dll) advapi32!UnregisterTraceGuids : C:\Windows\System32\ntdll.dll @ 0x7ff9d48ec910
[IAT:Addr] (explorer.exe @ msftedit.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9d49603c0
[IAT:Addr] (explorer.exe @ hgcpl.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9d49603c0
[IAT:Addr] (explorer.exe @ tiptsf.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9d49603c0
[IAT:Addr] (explorer.exe @ tiptsf.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9d4945c70
[IAT:Addr] (explorer.exe @ msiltcfg.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490bf40
[IAT:Addr] (explorer.exe @ msiltcfg.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b6a0
[IAT:Addr] (explorer.exe @ msiltcfg.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492dcb0
[IAT:Addr] (explorer.exe @ msiltcfg.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492e670
[IAT:Addr] (explorer.exe @ sfc_os.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9d4945c70
[IAT:Addr] (explorer.exe @ wscinterop.dll) kernel32!ReleaseSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b610
[IAT:Addr] (explorer.exe @ wscinterop.dll) kernel32!AcquireSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9d490ab40
[IAT:Addr] (explorer.exe @ wscinterop.dll) kernel32!ReleaseSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x7ff9d490bfc0
[IAT:Addr] (explorer.exe @ wscinterop.dll) kernel32!AcquireSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b900
[IAT:Addr] (explorer.exe @ wscinterop.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9d4945c70
[IAT:Addr] (explorer.exe @ wscinterop.dll) kernel32!InitializeSRWLock : C:\Windows\System32\ntdll.dll @ 0x7ff9d493b500
[IAT:Addr] (explorer.exe @ wscapi.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9d49603c0
[IAT:Addr] (explorer.exe @ wscapi.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9d4945c70
[IAT:Addr] (explorer.exe @ wscui.cpl) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9d49603c0
[IAT:Addr] (explorer.exe @ wscui.cpl) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9d4945c70
[IAT:Addr] (explorer.exe @ wscui.cpl) kernel32!EncodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9d4933ce0
[IAT:Addr] (explorer.exe @ wscui.cpl) kernel32!DecodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9d4925f40
[IAT:Addr] (explorer.exe @ werconcpl.dll) kernel32!EncodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9d4933ce0
[IAT:Addr] (explorer.exe @ werconcpl.dll) kernel32!InterlockedPopEntrySList : C:\Windows\System32\ntdll.dll @ 0x7ff9d4962280
[IAT:Addr] (explorer.exe @ werconcpl.dll) kernel32!DecodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9d4925f40
[IAT:Addr] (explorer.exe @ werconcpl.dll) kernel32!InterlockedPushEntrySList : C:\Windows\System32\ntdll.dll @ 0x7ff9d4931a70
[IAT:Addr] (explorer.exe @ werconcpl.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490bf40
[IAT:Addr] (explorer.exe @ werconcpl.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b6a0
[IAT:Addr] (explorer.exe @ werconcpl.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9d4945c70
[IAT:Addr] (explorer.exe @ werconcpl.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492dcb0
[IAT:Addr] (explorer.exe @ werconcpl.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492e670
[IAT:Addr] (explorer.exe @ werconcpl.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9d4900c30
[IAT:Addr] (explorer.exe @ werconcpl.dll) kernel32!IsThreadpoolTimerSet : C:\Windows\System32\ntdll.dll @ 0x7ff9d490fb80
[IAT:Addr] (explorer.exe @ werconcpl.dll) kernel32!CloseThreadpoolTimer : C:\Windows\System32\ntdll.dll @ 0x7ff9d4911e90
[IAT:Addr] (explorer.exe @ werconcpl.dll) kernel32!WaitForThreadpoolTimerCallbacks : C:\Windows\System32\ntdll.dll @ 0x7ff9d4937fb0
[IAT:Addr] (explorer.exe @ werconcpl.dll) kernel32!SetThreadpoolTimer : C:\Windows\System32\ntdll.dll @ 0x7ff9d49407a0
[IAT:Addr] (explorer.exe @ werconcpl.dll) kernel32!WakeAllConditionVariable : C:\Windows\System32\ntdll.dll @ 0x7ff9d493f0f0
[IAT:Addr(Microsoft)] (explorer.exe @ werconcpl.dll) kernel32!SleepConditionVariableCS : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9d1e38150
[IAT:Addr] (explorer.exe @ werconcpl.dll) kernel32!InitializeConditionVariable : C:\Windows\System32\ntdll.dll @ 0x7ff9d493b500
[IAT:Addr] (explorer.exe @ werconcpl.dll) kernel32!SubmitThreadpoolWork : C:\Windows\System32\ntdll.dll @ 0x7ff9d490d970
[IAT:Addr] (explorer.exe @ werconcpl.dll) kernel32!CloseThreadpoolWork : C:\Windows\System32\ntdll.dll @ 0x7ff9d4938100
[IAT:Addr] (explorer.exe @ werconcpl.dll) kernel32!WaitForThreadpoolWorkCallbacks : C:\Windows\System32\ntdll.dll @ 0x7ff9d4937f70
[IAT:Addr] (explorer.exe @ werconcpl.dll) kernel32!SetThreadpoolWait : C:\Windows\System32\ntdll.dll @ 0x7ff9d48ee2a0
[IAT:Addr] (explorer.exe @ werconcpl.dll) kernel32!WaitForThreadpoolWaitCallbacks : C:\Windows\System32\ntdll.dll @ 0x7ff9d4937ea0
[IAT:Addr] (explorer.exe @ werconcpl.dll) kernel32!CloseThreadpoolWait : C:\Windows\System32\ntdll.dll @ 0x7ff9d48eddd0
[IAT:Addr] (explorer.exe @ werconcpl.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9d48ff040
[IAT:Addr] (explorer.exe @ werconcpl.dll) advapi32!EventRegister : C:\Windows\System32\ntdll.dll @ 0x7ff9d48f1b30
[IAT:Addr] (explorer.exe @ werconcpl.dll) advapi32!EventUnregister : C:\Windows\System32\ntdll.dll @ 0x7ff9d48ec900
[IAT:Addr] (explorer.exe @ werconcpl.dll) advapi32!GetTraceLoggerHandle : C:\Windows\System32\ntdll.dll @ 0x7ff9d4944e00
[IAT:Addr] (explorer.exe @ werconcpl.dll) advapi32!GetTraceEnableLevel : C:\Windows\System32\ntdll.dll @ 0x7ff9d4945010
[IAT:Addr] (explorer.exe @ werconcpl.dll) advapi32!GetTraceEnableFlags : C:\Windows\System32\ntdll.dll @ 0x7ff9d4944fd0
[IAT:Addr] (explorer.exe @ werconcpl.dll) advapi32!RegisterTraceGuidsW : C:\Windows\System32\ntdll.dll @ 0x7ff9d48f1a50
[IAT:Addr] (explorer.exe @ werconcpl.dll) advapi32!UnregisterTraceGuids : C:\Windows\System32\ntdll.dll @ 0x7ff9d48ec910
[IAT:Addr] (explorer.exe @ werconcpl.dll) advapi32!EventWrite : C:\Windows\System32\ntdll.dll @ 0x7ff9d491efb0
[IAT:Addr] (explorer.exe @ werconcpl.dll) advapi32!TraceMessage : C:\Windows\System32\ntdll.dll @ 0x7ff9d4922050
[IAT:Addr] (explorer.exe @ werconcpl.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9d49603c0
[IAT:Addr] (explorer.exe @ wercplsupport.dll) advapi32!RegisterTraceGuidsW : C:\Windows\System32\ntdll.dll @ 0x7ff9d48f1a50
[IAT:Addr] (explorer.exe @ wercplsupport.dll) advapi32!GetTraceEnableLevel : C:\Windows\System32\ntdll.dll @ 0x7ff9d4945010
[IAT:Addr] (explorer.exe @ wercplsupport.dll) advapi32!UnregisterTraceGuids : C:\Windows\System32\ntdll.dll @ 0x7ff9d48ec910
[IAT:Addr] (explorer.exe @ wercplsupport.dll) advapi32!GetTraceLoggerHandle : C:\Windows\System32\ntdll.dll @ 0x7ff9d4944e00
[IAT:Addr] (explorer.exe @ wercplsupport.dll) advapi32!GetTraceEnableFlags : C:\Windows\System32\ntdll.dll @ 0x7ff9d4944fd0
[IAT:Addr] (explorer.exe @ wercplsupport.dll) advapi32!TraceMessage : C:\Windows\System32\ntdll.dll @ 0x7ff9d4922050
[IAT:Addr] (explorer.exe @ wercplsupport.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492dcb0
[IAT:Addr] (explorer.exe @ wercplsupport.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490bf40
[IAT:Addr] (explorer.exe @ wercplsupport.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b6a0
[IAT:Addr] (explorer.exe @ wercplsupport.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492e670
[IAT:Addr] (explorer.exe @ hcproviders.dll) kernel32!EncodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9d4933ce0
[IAT:Addr] (explorer.exe @ hcproviders.dll) kernel32!CloseThreadpoolWork : C:\Windows\System32\ntdll.dll @ 0x7ff9d4938100
[IAT:Addr] (explorer.exe @ hcproviders.dll) kernel32!CloseThreadpoolWait : C:\Windows\System32\ntdll.dll @ 0x7ff9d48eddd0
[IAT:Addr] (explorer.exe @ hcproviders.dll) kernel32!WaitForThreadpoolWaitCallbacks : C:\Windows\System32\ntdll.dll @ 0x7ff9d4937ea0
[IAT:Addr] (explorer.exe @ hcproviders.dll) kernel32!SubmitThreadpoolWork : C:\Windows\System32\ntdll.dll @ 0x7ff9d490d970
[IAT:Addr] (explorer.exe @ hcproviders.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9d4945c70
[IAT:Addr] (explorer.exe @ hcproviders.dll) kernel32!AcquireSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b900
[IAT:Addr] (explorer.exe @ hcproviders.dll) kernel32!ReleaseSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x7ff9d490bfc0
[IAT:Addr] (explorer.exe @ hcproviders.dll) kernel32!AcquireSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9d490ab40
[IAT:Addr] (explorer.exe @ hcproviders.dll) kernel32!ReleaseSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b610
[IAT:Addr] (explorer.exe @ hcproviders.dll) kernel32!SetThreadpoolWait : C:\Windows\System32\ntdll.dll @ 0x7ff9d48ee2a0
[IAT:Addr] (explorer.exe @ hcproviders.dll) kernel32!DecodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9d4925f40
[IAT:Addr] (explorer.exe @ nvshext.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490bf40
[IAT:Addr] (explorer.exe @ nvshext.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b6a0
[IAT:Addr] (explorer.exe @ nvshext.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492e670
[IAT:Addr] (explorer.exe @ nvshext.dll) kernel32!EncodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9d4933ce0
[IAT:Addr] (explorer.exe @ nvshext.dll) kernel32!DecodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9d4925f40
[IAT:Addr] (explorer.exe @ nvshext.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9d4900c30
[IAT:Addr] (explorer.exe @ nvshext.dll) kernel32!HeapSize : C:\Windows\System32\ntdll.dll @ 0x7ff9d4927380
[IAT:Addr] (explorer.exe @ nvshext.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9d48ff040
[IAT:Addr] (explorer.exe @ winmm.dll) user32!DefWindowProcA : C:\Windows\System32\ntdll.dll @ 0x7ff9d49603b0
[IAT:Addr] (explorer.exe @ winmm.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9d4945c70
[IAT:Addr] (explorer.exe @ midimap.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492dcb0
[IAT:Addr] (explorer.exe @ midimap.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490bf40
[IAT:Addr] (explorer.exe @ midimap.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b6a0
[IAT:Addr] (explorer.exe @ midimap.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492e670
[IAT:Addr] (explorer.exe @ UIRibbon.dll) advapi32!UnregisterTraceGuids : C:\Windows\System32\ntdll.dll @ 0x7ff9d48ec910
[IAT:Addr] (explorer.exe @ UIRibbon.dll) advapi32!RegisterTraceGuidsA : C:\Windows\System32\ntdll.dll @ 0x7ff9d48ee670
[IAT:Addr] (explorer.exe @ UIRibbon.dll) advapi32!TraceEvent : C:\Windows\System32\ntdll.dll @ 0x7ff9d4945460
[IAT:Addr] (explorer.exe @ UIRibbon.dll) advapi32!GetTraceEnableFlags : C:\Windows\System32\ntdll.dll @ 0x7ff9d4944fd0
[IAT:Addr] (explorer.exe @ UIRibbon.dll) advapi32!GetTraceEnableLevel : C:\Windows\System32\ntdll.dll @ 0x7ff9d4945010
[IAT:Addr] (explorer.exe @ UIRibbon.dll) advapi32!GetTraceLoggerHandle : C:\Windows\System32\ntdll.dll @ 0x7ff9d4944e00
[IAT:Addr] (explorer.exe @ UIRibbon.dll) advapi32!RegisterTraceGuidsW : C:\Windows\System32\ntdll.dll @ 0x7ff9d48f1a50
[IAT:Addr] (explorer.exe @ UIRibbon.dll) kernel32!QueryDepthSList : C:\Windows\System32\ntdll.dll @ 0x7ff9d4931c10
[IAT:Addr] (explorer.exe @ UIRibbon.dll) kernel32!InterlockedFlushSList : C:\Windows\System32\ntdll.dll @ 0x7ff9d4935790
[IAT:Addr] (explorer.exe @ UIRibbon.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9d48ff040
[IAT:Addr] (explorer.exe @ UIRibbon.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9d4900c30
[IAT:Addr] (explorer.exe @ UIRibbon.dll) kernel32!InterlockedPushEntrySList : C:\Windows\System32\ntdll.dll @ 0x7ff9d4931a70
[IAT:Addr] (explorer.exe @ UIRibbon.dll) kernel32!InterlockedPopEntrySList : C:\Windows\System32\ntdll.dll @ 0x7ff9d4962280
[IAT:Addr] (explorer.exe @ UIRibbon.dll) kernel32!InitializeSListHead : C:\Windows\System32\ntdll.dll @ 0x7ff9d4931be0
[IAT:Addr] (explorer.exe @ UIRibbon.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492dcb0
[IAT:Addr] (explorer.exe @ UIRibbon.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b6a0
[IAT:Addr] (explorer.exe @ UIRibbon.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490bf40
[IAT:Addr] (explorer.exe @ UIRibbon.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492e670
[IAT:Addr] (explorer.exe @ UIRibbon.dll) kernel32!ReleaseSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x7ff9d490bfc0
[IAT:Addr] (explorer.exe @ UIRibbon.dll) kernel32!AcquireSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b900
[IAT:Addr] (explorer.exe @ UIRibbon.dll) kernel32!ReleaseSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b610
[IAT:Addr] (explorer.exe @ UIRibbon.dll) kernel32!AcquireSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9d490ab40
[IAT:Addr(Microsoft)] (explorer.exe @ UIRibbon.dll) kernel32!InitOnceExecuteOnce : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9d1e020d0
[IAT:Addr] (explorer.exe @ UIRibbon.dll) kernel32!InitializeSRWLock : C:\Windows\System32\ntdll.dll @ 0x7ff9d493b500
[IAT:Addr] (explorer.exe @ UIRibbon.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9d4945c70
[IAT:Addr] (explorer.exe @ UIRibbon.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9d49603c0
[IAT:Addr] (explorer.exe @ UIRibbon.dll) user32!DefWindowProcA : C:\Windows\System32\ntdll.dll @ 0x7ff9d49603b0
[IAT:Addr] (explorer.exe @ WorkFoldersShell.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490bf40
[IAT:Addr] (explorer.exe @ WorkFoldersShell.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b6a0
[IAT:Addr] (explorer.exe @ WorkFoldersShell.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492dcb0
[IAT:Addr] (explorer.exe @ WorkFoldersShell.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492e670
[IAT:Addr] (explorer.exe @ WorkFoldersShell.dll) advapi32!TraceMessage : C:\Windows\System32\ntdll.dll @ 0x7ff9d4922050
[IAT:Addr] (explorer.exe @ WorkFoldersShell.dll) advapi32!UnregisterTraceGuids : C:\Windows\System32\ntdll.dll @ 0x7ff9d48ec910
[IAT:Addr] (explorer.exe @ WorkFoldersShell.dll) advapi32!RegisterTraceGuidsW : C:\Windows\System32\ntdll.dll @ 0x7ff9d48f1a50
[IAT:Addr] (explorer.exe @ WorkFoldersShell.dll) advapi32!GetTraceEnableFlags : C:\Windows\System32\ntdll.dll @ 0x7ff9d4944fd0
[IAT:Addr] (explorer.exe @ WorkFoldersShell.dll) advapi32!GetTraceEnableLevel : C:\Windows\System32\ntdll.dll @ 0x7ff9d4945010
[IAT:Addr] (explorer.exe @ WorkFoldersShell.dll) advapi32!GetTraceLoggerHandle : C:\Windows\System32\ntdll.dll @ 0x7ff9d4944e00
[IAT:Addr] (explorer.exe @ SkydriveShell.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9d4945c70
[IAT:Addr] (explorer.exe @ SkydriveShell.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b6a0
[IAT:Addr] (explorer.exe @ SkydriveShell.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490bf40
[IAT:Addr] (explorer.exe @ SkydriveShell.dll) kernel32!InitializeSRWLock : C:\Windows\System32\ntdll.dll @ 0x7ff9d493b500
[IAT:Addr] (explorer.exe @ SkydriveShell.dll) kernel32!FreeLibraryWhenCallbackReturns : C:\Windows\System32\ntdll.dll @ 0x7ff9d4940700
[IAT:Addr] (explorer.exe @ SkydriveShell.dll) kernel32!CloseThreadpoolTimer : C:\Windows\System32\ntdll.dll @ 0x7ff9d4911e90
[IAT:Addr] (explorer.exe @ SkydriveShell.dll) kernel32!WaitForThreadpoolTimerCallbacks : C:\Windows\System32\ntdll.dll @ 0x7ff9d4937fb0
[IAT:Addr] (explorer.exe @ SkydriveShell.dll) kernel32!SetThreadpoolTimer : C:\Windows\System32\ntdll.dll @ 0x7ff9d49407a0
[IAT:Addr] (explorer.exe @ NetworkExplorer.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9d4900c30
[IAT:Addr] (explorer.exe @ dlnashext.dll) advapi32!EventWrite : C:\Windows\System32\ntdll.dll @ 0x7ff9d491efb0
[IAT:Addr] (explorer.exe @ dlnashext.dll) advapi32!RegisterTraceGuidsW : C:\Windows\System32\ntdll.dll @ 0x7ff9d48f1a50
[IAT:Addr] (explorer.exe @ dlnashext.dll) advapi32!GetTraceEnableLevel : C:\Windows\System32\ntdll.dll @ 0x7ff9d4945010
[IAT:Addr] (explorer.exe @ dlnashext.dll) advapi32!EventRegister : C:\Windows\System32\ntdll.dll @ 0x7ff9d48f1b30
[IAT:Addr] (explorer.exe @ dlnashext.dll) advapi32!UnregisterTraceGuids : C:\Windows\System32\ntdll.dll @ 0x7ff9d48ec910
[IAT:Addr] (explorer.exe @ dlnashext.dll) advapi32!GetTraceLoggerHandle : C:\Windows\System32\ntdll.dll @ 0x7ff9d4944e00
[IAT:Addr] (explorer.exe @ dlnashext.dll) advapi32!EventUnregister : C:\Windows\System32\ntdll.dll @ 0x7ff9d48ec900
[IAT:Addr] (explorer.exe @ dlnashext.dll) advapi32!GetTraceEnableFlags : C:\Windows\System32\ntdll.dll @ 0x7ff9d4944fd0
[IAT:Addr] (explorer.exe @ dlnashext.dll) advapi32!TraceMessage : C:\Windows\System32\ntdll.dll @ 0x7ff9d4922050
[IAT:Addr] (explorer.exe @ dlnashext.dll) kernel32!HeapSize : C:\Windows\System32\ntdll.dll @ 0x7ff9d4927380
[IAT:Addr] (explorer.exe @ dlnashext.dll) kernel32!AcquireSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b900
[IAT:Addr] (explorer.exe @ dlnashext.dll) kernel32!InitializeSRWLock : C:\Windows\System32\ntdll.dll @ 0x7ff9d493b500
[IAT:Addr] (explorer.exe @ dlnashext.dll) kernel32!ReleaseSRWLockShared : C:\Windows\System32\ntdll.dll @ 0x7ff9d490bfc0
[IAT:Addr] (explorer.exe @ dlnashext.dll) kernel32!AcquireSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9d490ab40
[IAT:Addr] (explorer.exe @ dlnashext.dll) kernel32!ReleaseSRWLockExclusive : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b610
[IAT:Addr] (explorer.exe @ dlnashext.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9d4945c70
[IAT:Addr] (explorer.exe @ dlnashext.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9d48ff040
[IAT:Addr] (explorer.exe @ dlnashext.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492dcb0
[IAT:Addr] (explorer.exe @ dlnashext.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490bf40
[IAT:Addr] (explorer.exe @ dlnashext.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b6a0
[IAT:Addr] (explorer.exe @ dlnashext.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492e670
[IAT:Addr] (explorer.exe @ dlnashext.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9d4900c30
[IAT:Addr] (explorer.exe @ 7Z64.DLL) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492dcb0
[IAT:Addr] (explorer.exe @ 7Z64.DLL) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492e670
[IAT:Addr] (explorer.exe @ 7Z64.DLL) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490bf40
[IAT:Addr] (explorer.exe @ 7Z64.DLL) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b6a0
[IAT:Addr] (explorer.exe @ chartv.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9d49603c0
[IAT:Addr] (explorer.exe @ chartv.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9d4945c70
[IAT:Addr] (explorer.exe @ chartv.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492dcb0
[IAT:Addr] (explorer.exe @ chartv.dll) kernel32!HeapReAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9d48ff040
[IAT:Addr] (explorer.exe @ chartv.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9d4900c30
[IAT:Addr] (explorer.exe @ chartv.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490bf40
[IAT:Addr] (explorer.exe @ chartv.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b6a0
[IAT:Addr] (explorer.exe @ chartv.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492e670
[IAT:Addr] (explorer.exe @ qmgrprxy.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9d4945c70
[IAT:Addr] (explorer.exe @ timedate.cpl) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9d4945c70
[IAT:Addr] (explorer.exe @ timedate.cpl) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9d49603c0
[IAT:Addr] (explorer.exe @ atl.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9d4945c70
[IAT:Addr] (explorer.exe @ atl.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490bf40
[IAT:Addr] (explorer.exe @ atl.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b6a0
[IAT:Addr] (explorer.exe @ atl.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492e670
[IAT:Addr] (explorer.exe @ atl.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492dcb0
[IAT:Addr] (explorer.exe @ atl.dll) kernel32!EncodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9d4933ce0
[IAT:Addr] (explorer.exe @ atl.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9d4900c30
[IAT:Addr] (explorer.exe @ atl.dll) kernel32!InterlockedPopEntrySList : C:\Windows\System32\ntdll.dll @ 0x7ff9d4962280
[IAT:Addr] (explorer.exe @ atl.dll) kernel32!DecodePointer : C:\Windows\System32\ntdll.dll @ 0x7ff9d4925f40
[IAT:Addr] (explorer.exe @ atl.dll) kernel32!InterlockedPushEntrySList : C:\Windows\System32\ntdll.dll @ 0x7ff9d4931a70
[IAT:Addr] (explorer.exe @ atl.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9d49603c0
[IAT:Addr(Microsoft)] (explorer.exe @ comsvcs.dll) kernel32!GetCurrentPackageId : C:\Windows\System32\KERNELBASE.dll @ 0x7ff9d1e08ba0
[IAT:Addr] (explorer.exe @ powercpl.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9d4945c70
[IAT:Addr] (explorer.exe @ powercpl.dll) kernel32!HeapAlloc : C:\Windows\System32\ntdll.dll @ 0x7ff9d4900c30
[IAT:Addr] (explorer.exe @ powercpl.dll) kernel32!InitializeCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492dcb0
[IAT:Addr] (explorer.exe @ powercpl.dll) kernel32!DeleteCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d492e670
[IAT:Addr] (explorer.exe @ powercpl.dll) kernel32!EnterCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490b6a0
[IAT:Addr] (explorer.exe @ powercpl.dll) kernel32!LeaveCriticalSection : C:\Windows\System32\ntdll.dll @ 0x7ff9d490bf40
[IAT:Addr] (explorer.exe @ powercpl.dll) advapi32!EventWrite : C:\Windows\System32\ntdll.dll @ 0x7ff9d491efb0
[IAT:Addr] (explorer.exe @ powercpl.dll) advapi32!TraceMessage : C:\Windows\System32\ntdll.dll @ 0x7ff9d4922050
[IAT:Addr] (explorer.exe @ powercpl.dll) advapi32!EventUnregister : C:\Windows\System32\ntdll.dll @ 0x7ff9d48ec900
[IAT:Addr] (explorer.exe @ powercpl.dll) advapi32!EventRegister : C:\Windows\System32\ntdll.dll @ 0x7ff9d48f1b30
[IAT:Addr] (explorer.exe @ powercpl.dll) advapi32!UnregisterTraceGuids : C:\Windows\System32\ntdll.dll @ 0x7ff9d48ec910
[IAT:Addr] (explorer.exe @ powercpl.dll) advapi32!RegisterTraceGuidsW : C:\Windows\System32\ntdll.dll @ 0x7ff9d48f1a50
[IAT:Addr] (explorer.exe @ powercpl.dll) advapi32!GetTraceEnableFlags : C:\Windows\System32\ntdll.dll @ 0x7ff9d4944fd0
[IAT:Addr] (explorer.exe @ powercpl.dll) advapi32!GetTraceEnableLevel : C:\Windows\System32\ntdll.dll @ 0x7ff9d4945010
[IAT:Addr] (explorer.exe @ powercpl.dll) advapi32!GetTraceLoggerHandle : C:\Windows\System32\ntdll.dll @ 0x7ff9d4944e00
[IAT:Addr] (explorer.exe @ powercpl.dll) user32!DefWindowProcW : C:\Windows\System32\ntdll.dll @ 0x7ff9d49603c0
[IAT:Addr] (explorer.exe @ IconCodecService.dll) kernel32!ResolveDelayLoadedAPI : C:\Windows\System32\ntdll.dll @ 0x7ff9d4945c70

¤¤¤ Web browsers : 1 ¤¤¤
[PUP.Gen2][Firefox:Addon] gjsu6r0d.default : Boounce [toolbar@boounce.com] -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD40EZRX-00SPEB0 SCSI Disk Device +++++
--- User ---
[MBR] 0d1cd1b842fa38658ea086b38a7a5492
[BSP] 8d5a0498c62dc22b6222be1caf7395b2 : Empty|VT.Unknown MBR Code
Partition table:
0 - Microsoft reserved partition | Offset (sectors): 34 | Size: 128 MB
1 - Basic data partition | Offset (sectors): 264192 | Size: 3815318 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

+++++ PhysicalDrive1: WDC WD40EZRX-00SPEB0 ATA Device +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - Microsoft reserved partition | Offset (sectors): 34 | Size: 128 MB
1 - Basic data partition | Offset (sectors): 264192 | Size: 3815318 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: KINGSTON SH103S3240G ATA Device +++++
--- User ---
[MBR] 355d03b165108081c3624cbce81bd046
[BSP] fef2637a939e807a25e06c79f7795dbe : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 228934 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive3: WDC WD20EARS-00MVWB0 ATA Device +++++
--- User ---
[MBR] 156b53f3c96ac584ea8c082d59200124
[BSP] 3ce0a8a018dd46dc74e0bd792228ac43 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive4: WDC WD20EARX-00PASB0 ATA Device +++++
--- User ---
[MBR] cc574b215ec19657636f38bc8fd9be69
[BSP] 909f669bfdf75caccb2cb1d27d152eeb : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive5: ST8000AS0002-1NA17Z ATA Device +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - Microsoft reserved partition | Offset (sectors): 34 | Size: 128 MB
1 - Basic data partition | Offset (sectors): 264192 | Size: 7630756 MB
User = LL1 ... OK
User = LL2 ... OK

 



#9 Clayton86

Clayton86
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:04 AM

Posted 02 February 2017 - 08:50 AM

Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by tony on Fri 03/02/2017 at  0:32:48.49.
Microsoft Windows 8.1 Pro 6.3.9600  x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\tony\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

3/02/2017 12:34:17 AM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\ImTOO deleted successfully
C:\PROGRA~3\EZ CD Audio Converter deleted successfully
C:\PROGRA~3\Tipard Studio deleted successfully
C:\PROGRA~3\{74E9F814-C737-42CC-B721-DBBC4059367A} deleted successfully
C:\PROGRA~3\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705} deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\RK_Datony_ON_E_38FF\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B851AF-A4B9-43EF-97D3-28E1B4A5DB9B} deleted successfully
HKEY_USERS\RK_Datony_ON_E_38FF\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A} deleted successfully
HKEY_USERS\RK_Datony_ON_E_38FF\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\prefs.js:
user_pref("browser.startup.homepage", "https://www.google.com.au/");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default

user.js not found
---- Lines finder removed from prefs.js ----
user_pref("extensions.TorrentFinderToolbar.form.sitelist", "29|-|The Pirate Bay|-||-||-|*_*410|-|Torrent Downloads|-||-||-|*_*154|-|ToDo Torrents|-|1|
user_pref("extensions.TorrentFinderToolbar.lastupdate", "3");
---- Lines finder modified from prefs.js ----

user_pref("extensions.enabledAddons", "%7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:3.9,%7Be001c731-5e37-4538-a5cb-8168736a2360%7D:0.9.9.152,%7Bc45c406e
---- Lines searches removed from prefs.js ----
user_pref("browser.urlbar.suggest.searches", true);
---- FireFox user.js and prefs.js backups ----

prefs_20170302_1241_.backup

==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\ImTOO not found
C:\PROGRA~3\{74E9F814-C737-42CC-B721-DBBC4059367A} not found
C:\PROGRA~3\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705} not found
C:\Users\tony\.android deleted
C:\history.js deleted
C:\rb_config.js deleted
C:\Users\tony\AppData\Roaming\ProductData deleted
C:\PROGRA~3\ProductData deleted
C:\PROGRA~3\{EAAB5A83-3809-4B0E-83A6-E4B0DBF2157E} deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\tony\AppData\Local\CrashRpt deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\extensions\firefox@ghostery.com.xpi deleted
C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\jetpack deleted
C:\PROGRA~3\InstallDriverAssist41.exe deleted
C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\extensions\firefoxdav@icloud.com deleted
C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\extensions\TFToolbarX@torrent-finder.xpi deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

ProfilePath: C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default
- All In 1 Search Bar - %ProfilePath%\extensions\07bce030@pribic.am
- em:description[]]YouTubeDuckDuckGoGoogleThePiratebay em:creator em:developerbrais33 em:homepageURLhttp:all-io.net em:optionsURL - %ProfilePath%\extensions\brais33@gmail.com
- FoxyProxy Basic - %ProfilePath%\extensions\foxyproxy@eric.h.jung
- TableTools2 em:version1.17.1-signed.1-signed em:creatorMingyi Liu em:descriptionSort search filter chart summarize copy rearrange combine and compare HTML tables em:homepageURLhttp:www.mingyi.org em:iconURLchrome:tabletools2skinttool_small.png em:optionsURLchrome:tabletools2contenttabletoolsOptions.xul em:aboutURLchrome:tabletools2contentabout.xul em:contributorTT2 Charting function uses the canvasXpress package by Isaac Neuhaus - %ProfilePath%\extensions\tabletools2@mingyi.org
- Boounce em:descriptionFind more with more. em:creatorAccrue Search Concepts em:idtoolbar@boounce.com em:version0.6.1-signed.1-signed em:homepageURLhttp:www.boounce.com em:iconURLchrome:boounceskinimagesboounceLogo.ico em:optionsURLchrome:boouncecontentboounce-options.xul em:unpacktrue - %ProfilePath%\extensions\toolbar@boounce.com
- HTML5 WebDb-to-XMLA Bridge - %ProfilePath%\extensions\xmlastorage@openlinksw.com
- TV-Fox - %ProfilePath%\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}
- ChatZilla - %ProfilePath%\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
- Bitdefender QuickScan - %ProfilePath%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
- All-in-one Toolbar - %ProfilePath%\extensions\allinoneengines@firefox.com.xpi
- GitHub Extensions - %ProfilePath%\extensions\ayltai-github-extensions@github.com.xpi
- DeeperWeb for Google - %ProfilePath%\extensions\bizdom@wizbites.com.xpi
- DivHTTP - %ProfilePath%\extensions\divhttp@divel.xpi
- search_avptube - %ProfilePath%\extensions\djamolpatil@gmail.com.xpi
- Undetermined - %ProfilePath%\extensions\enhancerforyoutube@maximerf.addons.mozilla.org.xpi
- Firebug - %ProfilePath%\extensions\firebug@software.joehewitt.com.xpi
- Undetermined - %ProfilePath%\extensions\firefox-extension@sourcegraph.com.xpi
- Google Code Wiki Viewer - %ProfilePath%\extensions\GoogleCodeWikiViewer@atte.kemppila.xpi
- Link Virus Checker: Security Plus - %ProfilePath%\extensions\jid0-DjsrWcAS3Wgq2xyyqqVL8Dqk1Lo@jetpack.xpi
- Dictionary Google Translate Anywhere - %ProfilePath%\extensions\jid0-fbHwsGfb6kJyq2hj65KnbGte3yT@jetpack.xpi
- IP Address and Domain Information - %ProfilePath%\extensions\jid0-jJRRRBMgoShUhb07IvnxTBAl29w@jetpack.xpi
- Undetermined - %ProfilePath%\extensions\jid0-MXvUXM1npF7yTcY3bpZVht72AR4@jetpack.xpi
- Just Disable Stuff - %ProfilePath%\extensions\jid1-8J7ayxTha4KqKQ@jetpack.xpi
- GitHub Repo Widget - %ProfilePath%\extensions\jid1-Ahuh7zraL1y8YQ@jetpack.xpi
- HTML5 Player for YouTube - %ProfilePath%\extensions\jid1-e3wSQaH5t1HqKp@jetpack.xpi
- YouTube Flash Player - %ProfilePath%\extensions\jid1-HAV2inXAnQPIeA@jetpack.xpi
- Text to PDF file - %ProfilePath%\extensions\jid1-JobPqtvtwG9w0A@jetpack.xpi
- copy-code - %ProfilePath%\extensions\jid1-OQHFznWHvjDIIg@jetpack.xpi
- Flash Control - %ProfilePath%\extensions\jid1-sNL73VCI4UB0Fw@jetpack.xpi
- Reddit Enhancement Suite - %ProfilePath%\extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi
- DuckDuckGo Plus - %ProfilePath%\extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi
- JavaScript Deobfuscator - %ProfilePath%\extensions\jsdeobfuscator@adblockplus.org.xpi
- JSONView - %ProfilePath%\extensions\jsonview@brh.numbera.com.xpi
- M3Uripiton - %ProfilePath%\extensions\m3uripiton@logyattra.hu.xpi
- Magnetz - %ProfilePath%\extensions\magnetz@apps.aalaap.com.xpi
- PHP Developer Toolbar - %ProfilePath%\extensions\php_dev_bar@php_dev_bar.org.xpi
- Qwant for Firefox - %ProfilePath%\extensions\qwantcomforfirefox@jetpack.xpi
- S3.Google Translator - %ProfilePath%\extensions\s3google@translator.xpi
- SimilarPages - %ProfilePath%\extensions\similarpages@similarpages.com.xpi
- Smplayer context menu - %ProfilePath%\extensions\smplayerplaylist@luperrouch.fr.xpi
- Tiny JavaScript Debugger - %ProfilePath%\extensions\tinyjsdebugger@enigmail.net.xpi
- Google Translator for Firefox - %ProfilePath%\extensions\translator@zoli.bod.xpi
- Vlc context menu - %ProfilePath%\extensions\vlcplaylist@helgatauscher.de.xpi
- VLC Youtube - %ProfilePath%\extensions\vlc_shortcut@kosan.kosan.xpi
- PDF Download - %ProfilePath%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi
- JavaScript on-off applet - %ProfilePath%\extensions\{54e46280-0211-11e3-b778-0800200c9a66}.xpi
- FoxySpider - %ProfilePath%\extensions\{75df891f-e299-4725-b14f-7d52f086dea2}.xpi
- GitHub Extension Installer - %ProfilePath%\extensions\{86054B0A-BD85-42F9-8E58-8794EC6F6EA1}.xpi
- Context Search - %ProfilePath%\extensions\{902D2C4A-457A-4EF9-AD43-7014562929FF}.xpi
- Web Developer - %ProfilePath%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
- Greasemonkey - %ProfilePath%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
- QuickJava - %ProfilePath%\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

==== Firefox Plugins ======================


==== Chromium Look ======================

Chrome Media Router - tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Chromium Fix ======================

C:\Users\tony\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\tony\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\tony\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Users\tony\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\tony\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.similarsitesearch.com_0.localstorage deleted successfully
C:\Users\tony\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.similarsitesearch.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"

==== Reset Google Chrome ======================

C:\Users\tony\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\tony\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\tony\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences.bad was reset successfully
C:\Users\tony\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\tony\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\tony\AppData\Local\Google\Chrome\User Data\Default\Web Data.ReadOnly was reset successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\tony\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\tony\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\tony\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\tony\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

C:\Users\tony\AppData\Local\Mozilla\Firefox\Profiles\gjsu6r0d.default\cache2 emptied successfully
C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\storage\default\https+++www.youtube.com\cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\tony\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=99 folders=72 12171938 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\tony\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\tony\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Fri 03/02/2017 at  0:44:01.13 ======================
 



#10 Clayton86

Clayton86
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:04 AM

Posted 02 February 2017 - 08:56 AM

HEY MAN THANKS AGAIN FOR YOUR HELP !! MUCH APPRECIATED .

 

I NOTICED "SYSWOW64" AFTER READING REPORTS .

 

COULD YOU PLZ LET ME KNOW THE CURRENT STATUS ABOUT MY SYSTEM AND MAKING SURE ITS OK

 

AND STOP FUTHER INFECTIONS

 

THANKS AGAIN .



#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:04 PM

Posted 02 February 2017 - 01:41 PM

Please download Sophos Virus Removal Tool and save it to your computer's Desktop.
  • Right-click the icon and select Run as administrator.
  • Click Yes to accept any security warnings that may appear.
  • Click the Next button.
  • Select 'I accept the terms in the license agreement', then click Next twice.
  • Click the Install button and wait until the installation is complete.
  • Click the Finish button. The tool created a shortcut icon on the Desktop of your computer.
  • Now, double-click the Sophos Virus Removal Tool shortcut icon to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • After it updates and a "Start Scanning" button appears in the lower right:
    • Disconnect from the Internet or physically unplug your Internet cable connection.
    • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
    • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • Click the "Start Scanning" button in the lower right to start the scan.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, if it detected anything there will be a "Start Clean-up" button, click it and allow it to finish.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
  • If any threats are found click Details, then View Log file (bottom left-hand corner).
  • Copy and paste its contents in your next reply and note any errors encountered.
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup.
  • Click Exit to close the program.
  • If no threats were found, please confirm that result.
Note: Whenever necessary, the log will be in the following location:

Windows Vista and above:
C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log
 
Windows XP:
C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log
 
Please post the contents of the log in your next reply and note any errors encountered.
===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#12 Clayton86

Clayton86
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:04 AM

Posted 05 February 2017 - 05:51 AM

2017-02-05 07:16:04.251    Sophos Virus Removal Tool version 2.5.6
2017-02-05 07:16:04.251    Copyright © 2009-2016 Sophos Limited. All rights reserved.

2017-02-05 07:16:04.251    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2017-02-05 07:16:04.251    Windows version 6.2 SP 0.0  build 9200 SM=0x100 PT=0x1 WOW64
2017-02-05 07:16:04.251    Checking for updates...
2017-02-05 07:16:04.266    Update progress: proxy server not available
2017-02-05 07:16:12.329    Option all = no
2017-02-05 07:16:12.329    Option recurse = yes
2017-02-05 07:16:12.329    Option archive = no
2017-02-05 07:16:12.329    Option service = yes
2017-02-05 07:16:12.329    Option confirm = yes
2017-02-05 07:16:12.329    Option sxl = yes
2017-02-05 07:16:12.329    Option max-data-age = 35
2017-02-05 07:16:12.329    Option vdl-logging = yes
2017-02-05 07:16:12.344    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2017-02-05 07:16:12.344    Machine ID:    aff6a5a2f3df431387af523852e4431a
2017-02-05 07:16:12.344    Component SVRTcli.exe version 2.5.6
2017-02-05 07:16:12.344    Component control.dll version 2.5.6
2017-02-05 07:16:12.344    Component SVRTservice.exe version 2.5.6
2017-02-05 07:16:12.344    Component engine\osdp.dll version 1.44.1.2270
2017-02-05 07:16:12.344    Component engine\veex.dll version 3.67.0.2270
2017-02-05 07:16:12.344    Component engine\savi.dll version 9.0.5.2270
2017-02-05 07:16:12.344    Component rkdisk.dll version 1.5.31.1
2017-02-05 07:16:12.344    Version info:    Product version    2.5.6
2017-02-05 07:16:12.344    Version info:    Detection engine    3.67.0
2017-02-05 07:16:12.344    Version info:    Detection data    5.32
2017-02-05 07:16:12.344    Version info:    Build date    4/10/2016
2017-02-05 07:16:12.344    Version info:    Data files added    756
2017-02-05 07:16:12.344    Version info:    Last successful update    (not yet updated)
2017-02-05 07:16:12.438    Downloading updates...
2017-02-05 07:16:12.438    Update progress: [I96736] sdds.svrt_10: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1
2017-02-05 07:16:12.438    Update progress: [I95020] sdds.svrt_10: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-02-05 07:16:12.438    Update progress: [I22529] sdds.svrt_10: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-02-05 07:16:12.438    Update progress: [I49502] sdds.savi0910.xml: found supplement SAVIW32 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=]
2017-02-05 07:16:12.438    Update progress: [I95020] sdds.savi0910.xml: looking for packages included from product SAVIW32 LATEST path=
2017-02-05 07:16:12.438    Update progress: [I22529] sdds.savi0910.xml: looking for supplements included from product SAVIW32 LATEST path=
2017-02-05 07:16:12.438    Update progress: [I49502] sdds.data0910.xml: found supplement IDE536 LATEST path= baseVersion= [included from product SAVIW32 LATEST path=]
2017-02-05 07:16:12.438    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE536 LATEST path=
2017-02-05 07:16:12.438    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE536 LATEST path=
2017-02-05 07:16:12.438    Update progress: [I49502] sdds.data0910.xml: found supplement IDE537 LATEST path= baseVersion= [included from product IDE536 LATEST path=]
2017-02-05 07:16:12.438    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE537 LATEST path=
2017-02-05 07:16:12.438    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE537 LATEST path=
2017-02-05 07:16:12.438    Update progress: [I49502] sdds.data0910.xml: found supplement IDE538 LATEST path= baseVersion= [included from product IDE537 LATEST path=]
2017-02-05 07:16:12.438    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE538 LATEST path=
2017-02-05 07:16:12.438    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE538 LATEST path=
2017-02-05 07:16:12.438    Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-02-05 07:16:12.719    Update progress: [I19463] Syncing product SAVIW32 LATEST path=
2017-02-05 07:16:12.719    Update progress: [I19463] Product download size 156130248 bytes
2017-02-05 07:22:29.909    Update error: cancelled synchronise

2017-02-05 07:33:05.579    Could not open C:\Boot\BCD
2017-02-05 07:33:07.975    Could not open C:\hiberfil.sys
2017-02-05 07:33:08.298    Could not open C:\pagefile.sys
2017-02-05 07:36:44.006    Could not open C:\swapfile.sys
2017-02-05 07:36:44.085    Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-02-05 07:36:44.085    Could not open C:\System Volume Information\{7909cf74-eb5f-11e6-8294-6c626d0d9c12}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-02-05 07:36:44.085    Could not open C:\System Volume Information\{d8a13838-eb6e-11e6-8298-6c626d0d9c12}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-02-05 07:36:44.085    Could not open C:\System Volume Information\{f53ce052-eb62-11e6-8295-6c626d0d9c12}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-02-05 07:40:14.039    Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2017-02-05 07:40:14.039    Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2017-02-05 07:40:14.695    Could not open C:\Windows\System32\config\BBI
2017-02-05 07:40:14.695    Could not open C:\Windows\System32\config\components
2017-02-05 07:40:14.695    Could not open C:\Windows\System32\config\drivers
2017-02-05 07:40:14.710    Could not open C:\Windows\System32\config\RegBack\DEFAULT
2017-02-05 07:40:14.710    Could not open C:\Windows\System32\config\RegBack\SAM
2017-02-05 07:40:14.710    Could not open C:\Windows\System32\config\RegBack\SECURITY
2017-02-05 07:40:14.710    Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2017-02-05 07:40:14.710    Could not open C:\Windows\System32\config\RegBack\SYSTEM
2017-02-05 07:46:42.650    >>> Virus 'Mal/Agent-ACR' found in file C:\Windows.old\Program Files (x86)\mIRC\mirc.v7.46-patch.exe
2017-02-05 07:56:30.403    Could not check D:\TONYS_DATA_MIXED\TRANCE_ALBUMS_&_SINGLES__MIXED_2014\TRANCE-ALBUMS-2014-MAY\VA - Hed Kandi Collection\2012 - VA - Hed Kandi - Ibiza\Bonus DJ Mixes\Bonus DJ Mix 3\Tim Hidgem - House of Hidgem\Tracklisting.docx (corrupt)
2017-02-05 08:32:47.708    >>> Virus 'Mal/HiBrowLnk-A' found in file E:\Users\Datony\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
2017-02-05 08:32:47.927    >>> Virus 'Mal/HiBrowLnk-A' found in file E:\Users\Datony\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
2017-02-05 08:32:48.146    >>> Virus 'Mal/HiBrowLnk-A' found in file E:\Users\Datony\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
2017-02-05 08:32:57.599    >>> Virus 'Mal/HiBrowLnk-A' found in file E:\Users\Datony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-02-05 08:33:39.115    >>> Virus 'Mal/HiBrowLnk-A' found in file E:\Users\Public\Desktop\Google Chrome.lnk
2017-02-05 09:03:45.479    Could not open F:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-02-05 09:03:45.479    Could not open F:\System Volume Information\{7909cf73-eb5f-11e6-8294-6c626d0d9c12}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-02-05 09:03:45.479    Could not open F:\System Volume Information\{d8a13837-eb6e-11e6-8298-6c626d0d9c12}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-02-05 09:03:45.480    Could not open F:\System Volume Information\{f53ce051-eb62-11e6-8295-6c626d0d9c12}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-02-05 09:13:47.819    >>> Virus 'Mal/Generic-S' found in file G:\2016-LATEST-TORRENT-DOWNLOADS\2016-APPZ-AUGUST-23RD-2016-1-----------\CCleaner v5.19.5633 - Crack Inc.Pro + Business Addition - [SSEC]\CCleaner v5.19.5633 Pro.exe
2017-02-05 09:13:52.585    >>> Virus 'Troj/MDrop-GWI' found in file G:\2016-LATEST-TORRENT-DOWNLOADS\2016-APPZ-AUGUST-23RD-2016-1-----------\Malwarebytes Anti-Malware Premium 2.2.1.1043 + License Key\mbam-setup-2.2.1.1043.exe\FILE:0000
2017-02-05 09:13:52.585    Disinfection not offered
2017-02-05 09:14:18.010    >>> Virus 'Mal/Generic-S' found in file G:\2016-LATEST-TORRENT-DOWNLOADS\2016-APPZ-AUGUST-23RD-2016-1-----------\Wondershare Video Converter Ultimate 8.7.0.5 + Crack_\Wondershare Video Converter Ultimate 8.7.0.5 + Crack [TechTools.NET]\Crack\VideoConverterUltimate.exe
2017-02-05 09:15:31.614    >>> Virus 'Mal/Generic-S' found in file G:\2016-LATEST-TORRENT-DOWNLOADS\2016-APPZ-DECEMBER---2016-1-----------\DECEMBER-20TH-2016-APPZ\Gold Installer 2016  Software Pack 2016  By Computer Worms Team\Special Content [Dragon PC]\IPT-installer with built-in VPN! [Dragon PC].exe
2017-02-05 09:23:01.753    >>> Virus 'Mal/Generic-S' found in file G:\2016-LATEST-TORRENT-DOWNLOADS\2016-APPZ-NOVEMBER-1ST-2016-1-----------\NOVEMBER-16TH-2016-APPZ\Advanced SystemCare Pro 10.0.3.671 Multilingual+Activation\advanced-systemcare-setup.exe
2017-02-05 09:23:01.753    >>> Virus 'Mal/Generic-S' found in file G:\2016-LATEST-TORRENT-DOWNLOADS\2016-APPZ-NOVEMBER-1ST-2016-1-----------\NOVEMBER-16TH-2016-APPZ\Advanced SystemCare Pro 10.0.3.671 Multilingual+Activation\advanced-systemcare-setup.exe
2017-02-05 09:23:26.191    >>> Virus 'Mal/Generic-S' found in file G:\2016-LATEST-TORRENT-DOWNLOADS\2016-APPZ-NOVEMBER-1ST-2016-1-----------\NOVEMBER-16TH-2016-APPZ\Windows Repair Pro 3.9.16-Crack\Crack by The Hidden 2000\msinet.ocx
2017-02-05 09:23:26.191    >>> Virus 'Mal/Generic-S' found in file G:\2016-LATEST-TORRENT-DOWNLOADS\2016-APPZ-NOVEMBER-1ST-2016-1-----------\NOVEMBER-16TH-2016-APPZ\Windows Repair Pro 3.9.16-Crack\Crack by The Hidden 2000\msinet.ocx
2017-02-05 09:23:26.191    >>> Virus 'Mal/Generic-S' found in file G:\2016-LATEST-TORRENT-DOWNLOADS\2016-APPZ-NOVEMBER-1ST-2016-1-----------\NOVEMBER-16TH-2016-APPZ\Windows Repair Pro 3.9.16-Crack\Crack by The Hidden 2000\msinet.ocx
2017-02-05 09:23:26.191    >>> Virus 'Mal/Generic-S' found in file G:\2016-LATEST-TORRENT-DOWNLOADS\2016-APPZ-NOVEMBER-1ST-2016-1-----------\NOVEMBER-16TH-2016-APPZ\Windows Repair Pro 3.9.16-Crack\Crack by The Hidden 2000\msinet.ocx
2017-02-05 09:23:26.191    >>> Virus 'Mal/Generic-S' found in file G:\2016-LATEST-TORRENT-DOWNLOADS\2016-APPZ-NOVEMBER-1ST-2016-1-----------\NOVEMBER-16TH-2016-APPZ\Windows Repair Pro 3.9.16-Crack\Crack by The Hidden 2000\msinet.ocx
2017-02-05 09:23:33.535    >>> Virus 'Mal/Generic-S' found in file G:\2016-LATEST-TORRENT-DOWNLOADS\2016-APPZ-NOVEMBER-1ST-2016-1-----------\NOVEMBER-1ST-2016-APPZ\Binary.Fortress.Software.DisplayFusion.Pro.v8.1.0.MULTILINGUAL-CRD\keygen\go_robot.exe
2017-02-05 09:23:50.957    >>> Virus 'Mal/Generic-S' found in file G:\2016-LATEST-TORRENT-DOWNLOADS\2016-APPZ-NOVEMBER-1ST-2016-1-----------\NOVEMBER-1ST-2016-APPZ\DAEMON Tools PRO v8.0.0.0634 – Full\Setup.exe
2017-02-05 09:24:17.660    >>> Virus 'Mal/EncPk-ANL' found in file G:\2016-LATEST-TORRENT-DOWNLOADS\2016-APPZ-NOVEMBER-1ST-2016-1-----------\NOVEMBER-1ST-2016-APPZ\Nero 2017 Platinum 18.0.00300 VL + ContentPack\Nero2017_v18.x_Patch_DFoX_v2.4.zip\Nero2017_v18.x_Patch_DFoX_v2.4/Nero2017_v18.x_Patch_DFoX_v2.4.exe
2017-02-05 09:24:17.660    Disinfection not offered
2017-02-05 09:25:28.629    >>> Virus 'Mal/Generic-S' found in file G:\2016-LATEST-TORRENT-DOWNLOADS\2016-APPZ-NOVEMBER-1ST-2016-1-----------\NOVEMBER-8TH-2016-APPZ\Advanced SystemCare Pro 10.0.3.669 Multilingual-Patch\advanced-systemcare-setup.exe
2017-02-05 09:25:50.676    >>> Virus 'Mal/Generic-S' found in file G:\2016-LATEST-TORRENT-DOWNLOADS\2016-APPZ-NOVEMBER-1ST-2016-1-----------\NOVEMBER-8TH-2016-APPZ\Kindle Converter 3.17.1027.379-Crack\kindleconvertersetup.exe
2017-02-05 09:26:36.208    >>> Virus 'Mal/Generic-S' found in file G:\2016-LATEST-TORRENT-DOWNLOADS\2016-APPZ-OCTOBER---2016-1-----------\OCTOBER-11TH-2016\KMS Tools Ratiborus 19.09.2016 Portable\KMSTools.exe
2017-02-05 09:26:40.212    >>> Virus 'Mal/Generic-S' found in file G:\2016-LATEST-TORRENT-DOWNLOADS\2016-APPZ-OCTOBER---2016-1-----------\OCTOBER-11TH-2016\Microsoft Toolkit 2.6.2 Final (Windows -Office Activator)\Microsoft Toolkit.exe
2017-02-05 09:27:15.864    >>> Virus 'Mal/Generic-S' found in file G:\2016-LATEST-TORRENT-DOWNLOADS\2016-APPZ-OCTOBER---2016-1-----------\OCTOBER-18TH-2016\Ace Translator v16.3  with Serial Keys Full Version\atrans.exe
2017-02-05 09:27:22.052    >>> Virus 'Mal/Generic-S' found in file G:\2016-LATEST-TORRENT-DOWNLOADS\2016-APPZ-OCTOBER---2016-1-----------\OCTOBER-18TH-2016\ActiveState Komodo IDE 10.1.1.89474\Keygen\Keygen.exe
2017-02-05 09:27:22.052    >>> Virus 'Mal/Generic-S' found in file G:\2016-LATEST-TORRENT-DOWNLOADS\2016-APPZ-OCTOBER---2016-1-----------\OCTOBER-18TH-2016\ActiveState Komodo IDE 10.1.1.89474\Keygen\Keygen.exe
2017-02-05 09:29:02.412    >>> Virus 'Mal/EncPk-ANL' found in file G:\2016-LATEST-TORRENT-DOWNLOADS\2016-APPZ-OCTOBER---2016-1-----------\OCTOBER-18TH-2016\Nero 2017 Platinum 18.0.00300 VL + ContentPack\Nero2017_v18.x_Patch_DFoX_v2.4.zip\Nero2017_v18.x_Patch_DFoX_v2.4/Nero2017_v18.x_Patch_DFoX_v2.4.exe
2017-02-05 09:29:02.412    Disinfection not offered
2017-02-05 09:29:30.662    >>> Virus 'Mal/Generic-S' found in file G:\2016-LATEST-TORRENT-DOWNLOADS\2016-APPZ-OCTOBER---2016-1-----------\OCTOBER-25TH-2016\CCleaner v5.23.5808 + All Editions\Activator\CCleaner Universal Activator - [Fullstuff.net].exe
2017-02-05 09:36:01.011    >>> Virus 'Mal/EncPk-ANL' found in file G:\2016-LATEST-TORRENT-DOWNLOADS\2017-APPZ-FEB--2017----------1\FEB-STH-2017-APPS-1\Malwarebytes Premium 3.0.6.1458 Multilingual 2017 - Freeware Sys\MalwareBytes_Anti-Malware_Keygen_v1.5_URET.exe
2017-02-05 09:37:24.601    >>> Virus 'Mal/Generic-S' found in file G:\2016-LATEST-TORRENT-DOWNLOADS\2017-APPZ-JAN-15TH-2017----------1\JAN-15TH-2017-1\Driver.Reviver.5.15.1.2\crack-files\x32\Patcher.exe
2017-02-05 09:37:27.996    >>> Virus 'Mal/Generic-S' found in file G:\2016-LATEST-TORRENT-DOWNLOADS\2017-APPZ-JAN-15TH-2017----------1\JAN-15TH-2017-1\Driver.Reviver.5.15.1.2\crack-files\x64\Patcher.exe
2017-02-05 09:39:56.845    >>> Virus 'Mal/Generic-S' found in file G:\2016-LATEST-TORRENT-DOWNLOADS\2017-APPZ-JAN-15TH-2017----------1\JAN-15TH-2017-1\TweakBit.Driver.Updater.1.8.0.3\crack\Sil-Patcher.exe
2017-02-05 09:41:27.904    >>> Virus 'Mal/Agent-ACR' found in file G:\2016-LATEST-TORRENT-DOWNLOADS\APPS\MIRC.v7.45.REPACK-rG\Crack\mirc.v7.45-patch.exe
2017-02-05 09:54:11.948    Could not check G:\RECYCLE-BIN-RECOVERED-FILES\Recovered data 10-13-2015 at 10_22_11\NTFS\LostFiles\Visit to Italia Slideshow 16663.jpg (corrupt)
2017-02-05 09:58:00.118    Could not check G:\RECYCLE-BIN-RECOVERED-FILES\Recovered data 10-13-2015 at 10_22_11\NTFS\LostFiles\Visit to Italia Slideshow 77250.jpg (corrupt)
2017-02-05 09:58:32.820    Could not check G:\RECYCLE-BIN-RECOVERED-FILES\Recovered data 10-13-2015 at 10_22_11\NTFS\Users\Datony\AppData\Local\Mozilla\Firefox\Profiles\fbt2os84.default-1431560809237\cache2\entries\0AA4D50BCF6EB6378139B51F668DB1DEACBB1633 (corrupt)
2017-02-05 09:58:48.226    Could not check G:\RECYCLE-BIN-RECOVERED-FILES\Recovered data 10-13-2015 at 10_22_11\NTFS\Users\Datony\AppData\Local\Mozilla\Firefox\Profiles\fbt2os84.default-1431560809237\cache2\entries\B7391F7547E0A09C46CA23954EC34CDA80F96A21 (corrupt)
2017-02-05 10:01:07.462    Could not open LOGICAL:0008:00000000
2017-02-05 10:01:07.493    Could not open I:\
2017-02-05 10:01:07.493    Could not open LOGICAL:0009:00000000
2017-02-05 10:01:07.493    Could not open J:\
2017-02-05 10:01:29.744    The following items will be cleaned up:
2017-02-05 10:01:29.744    Mal/Agent-ACR
2017-02-05 10:01:29.744    Mal/Generic-S
2017-02-05 10:01:29.744    Mal/EncPk-ANL
2017-02-05 10:01:29.744    Mal/HiBrowLnk-A
2017-02-05 10:01:29.744    Mal/HiBrowLnk-A
2017-02-05 10:01:29.744    Mal/HiBrowLnk-A
2017-02-05 10:01:29.744    Mal/HiBrowLnk-A
2017-02-05 10:01:29.744    Mal/HiBrowLnk-A
2017-02-05 10:01:29.744    Troj/MDrop-GWI
2017-02-05 10:01:29.744    Mal/EncPk-ANL
2017-02-05 10:01:29.744    Mal/EncPk-ANL
 



#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:04 PM

Posted 05 February 2017 - 10:21 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:04 PM

Posted 12 May 2017 - 08:14 AM

Pasted from a PM message.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-05-2017
Ran by tony (administrator) on TONYD86 (12-05-2017 19:25:37)
Running from G:\2016-LATEST-TORRENT-DOWNLOADS\MALWARE\MIXED-APPS-
Loaded Profiles: tony (Available Profiles: tony)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Digital Care Solutions) C:\Program Files\BDServices\BitDefenderCOM.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(BitTorrent Inc.) C:\Users\tony\AppData\Roaming\uTorrent\uTorrent.exe
(BitTorrent Inc.) C:\Users\tony\AppData\Roaming\uTorrent\updates\3.5.0_43580\utorrentie.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\RegHunter\RegHunter.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AntGROUP) C:\Program Files (x86)\Ant Download Manager\antMR.exe
(AntGROUP) C:\Program Files (x86)\Ant Download Manager\AntDM.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(BitTorrent Inc.) C:\Users\tony\AppData\Roaming\uTorrent\uTorrent.exe
(BitTorrent Inc.) C:\Users\tony\AppData\Roaming\uTorrent\updates\3.5.0_43580\utorrentie.exe
(BitTorrent Inc.) C:\Users\tony\AppData\Roaming\uTorrent\updates\3.5.0_43580\utorrentie.exe
() C:\Program Files\Everything\Everything.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Farbar) G:\2016-LATEST-TORRENT-DOWNLOADS\MALWARE\MIXED-APPS-\FRST64 (1).exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16734728 2016-11-22] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKU\S-1-5-21-2285785116-1953552596-3447252386-1002\...\Run: [antMR] => C:\Program Files (x86)\Ant Download Manager\antMR.exe [163328 2017-01-31] (AntGROUP)
HKU\S-1-5-21-2285785116-1953552596-3447252386-1002\...\Run: [AntDM] => C:\Program Files (x86)\Ant Download Manager\AntDM.exe [6752768 2017-03-16] (AntGROUP)
HKU\S-1-5-21-2285785116-1953552596-3447252386-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9532120 2017-04-11] (Piriform Ltd)
HKU\S-1-5-21-2285785116-1953552596-3447252386-1002\...\Run: [uTorrent] => C:\Users\tony\AppData\Roaming\uTorrent\uTorrent.exe [2144448 2017-04-10] (BitTorrent Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
GroupPolicy: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 61.9.134.49 61.9.133.193
Tcpip\..\Interfaces\{250F8180-C14D-449C-B1ED-E516F613CD21}: [DhcpNameServer] 61.9.134.49 61.9.133.193

Internet Explorer:
==================
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2285785116-1953552596-3447252386-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2285785116-1953552596-3447252386-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-au/?ocid=iehp
URLSearchHook: [S-1-5-21-2285785116-1953552596-3447252386-1002] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2285785116-1953552596-3447252386-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2285785116-1953552596-3447252386-1002 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Ant Download Manager BHO -> {8ABC6AE5-74BD-4c73-BB34-44526792D2AE} -> C:\Program Files (x86)\Ant Download Manager\antIE\antIE64.dll [2017-03-05] (AntGROUP)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2017-02-22] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2017-02-22] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-21] (Oracle Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default [2017-05-12]
FF NewTab: Mozilla\Firefox\Profiles\gjsu6r0d.default -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\gjsu6r0d.default -> Bing
FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\gjsu6r0d.default -> Bing
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\gjsu6r0d.default -> Bing
FF Homepage: Mozilla\Firefox\Profiles\gjsu6r0d.default -> about:home
FF Keyword.URL: Mozilla\Firefox\Profiles\gjsu6r0d.default -> hxxp://www.bing.com/search?FORM=U270DF&PC=U270&q=
FF NetworkProxy: Mozilla\Firefox\Profiles\gjsu6r0d.default -> type", 0
FF Extension: (All In 1 Search Bar) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\07bce030@pribic.am [2016-12-21]
FF Extension: (Google Docs Viewer) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\adonis.cuhk@gmail.com.xpi [2017-02-07]
FF Extension: (All-in-one Toolbar) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\allinoneengines@firefox.com.xpi [2016-12-21]
FF Extension: (GitHub Extensions) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\ayltai-github-extensions@github.com.xpi [2016-12-21]
FF Extension: (Bing Search) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\bingsearch.full@microsoft.com.xpi [2017-04-11]
FF Extension: (DeeperWeb for Google) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\bizdom@wizbites.com.xpi [2016-12-21]
FF Extension: (All search engines on your tab) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\brais33@gmail.com [2016-12-21]
FF Extension: (DivHTTP) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\divhttp@divel.xpi [2016-12-21]
FF Extension: (search_avptube) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\djamolpatil@gmail.com.xpi [2016-12-21]
FF Extension: (dorktools) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\dorktools@mozilla.org [2017-02-07]
FF Extension: (Enhancer for YouTube™) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\enhancerforyoutube@maximerf.addons.mozilla.org.xpi [2016-12-21]
FF Extension: (Firebug) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\firebug@software.joehewitt.com.xpi [2017-03-01]
FF Extension: (Sourcegraph for GitHub) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\firefox-extension@sourcegraph.com.xpi [2016-12-21]
FF Extension: (FoxyProxy Standard) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\foxyproxy@eric.h.jung [2017-01-30]
FF Extension: (Google Code Wiki Viewer) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\GoogleCodeWikiViewer@atte.kemppila.xpi [2016-12-21]
FF Extension: (Link Virus Checker: Security Plus) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\jid0-DjsrWcAS3Wgq2xyyqqVL8Dqk1Lo@jetpack.xpi [2016-12-21]
FF Extension: (Dictionary (Google™ Translate) Anywhere) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\jid0-fbHwsGfb6kJyq2hj65KnbGte3yT@jetpack.xpi [2016-12-21]
FF Extension: (IP Address and Domain Information) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\jid0-jJRRRBMgoShUhb07IvnxTBAl29w@jetpack.xpi [2016-12-21]
FF Extension: (YouTube HTML5-Video) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\jid0-MXvUXM1npF7yTcY3bpZVht72AR4@jetpack.xpi [2016-12-21]
FF Extension: (Just Disable Stuff) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\jid1-8J7ayxTha4KqKQ@jetpack.xpi [2016-12-21]
FF Extension: (GitHub Repo Widget) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\jid1-Ahuh7zraL1y8YQ@jetpack.xpi [2016-12-21]
FF Extension: (HTML5 Player for YouTube™) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\jid1-e3wSQaH5t1HqKp@jetpack.xpi [2016-12-21]
FF Extension: (PDF Mage) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\jid1-GeRCnsiDhZiTvA@jetpack.xpi [2017-03-07]
FF Extension: (YouTube™ Flash® Player) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\jid1-HAV2inXAnQPIeA@jetpack.xpi [2017-01-10]
FF Extension: (Text to PDF file) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\jid1-JobPqtvtwG9w0A@jetpack.xpi [2016-12-21]
FF Extension: (copy-code) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\jid1-OQHFznWHvjDIIg@jetpack.xpi [2016-12-21]
FF Extension: (Flash Control) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\jid1-sNL73VCI4UB0Fw@jetpack.xpi [2016-12-21]
FF Extension: (Reddit Enhancement Suite) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2017-05-09]
FF Extension: (DuckDuckGo Plus) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2017-05-01]
FF Extension: (JavaScript Deobfuscator) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\jsdeobfuscator@adblockplus.org.xpi [2016-12-21]
FF Extension: (JSONView) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\jsonview@brh.numbera.com.xpi [2017-01-30]
FF Extension: (M3Uripiton) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\m3uripiton@logyattra.hu.xpi [2016-12-21]
FF Extension: (Magnetz) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\magnetz@apps.aalaap.com.xpi [2016-12-21]
FF Extension: (PHP Developer Toolbar) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\php_dev_bar@php_dev_bar.org.xpi [2016-12-21]
FF Extension: (Qwant for Firefox) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\qwantcomforfirefox@jetpack.xpi [2017-02-16]
FF Extension: (S3.Google Translator) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\s3google@translator.xpi [2017-04-05]
FF Extension: (Save as PDF) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\save-as-pdf-ff@pdfcrowd.com.xpi [2017-02-21]
FF Extension: (SimilarPages) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\similarpages@similarpages.com.xpi [2016-12-21]
FF Extension: (Smplayer context menu) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\smplayerplaylist@luperrouch.fr.xpi [2016-12-21]
FF Extension: (TableTools2) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\tabletools2@mingyi.org [2016-12-21]
FF Extension: (Tiny JavaScript Debugger) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\tinyjsdebugger@enigmail.net.xpi [2016-12-21]
FF Extension: (Google Translator for Firefox) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\translator@zoli.bod.xpi [2017-02-02]
FF Extension: (Vlc context menu) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\vlcplaylist@helgatauscher.de.xpi [2016-12-21]
FF Extension: (VLC Youtube Shortcut) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\vlc_shortcut@kosan.kosan.xpi [2016-12-21]
FF Extension: (HTML5 WebDb-to-XMLA Bridge) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\xmlastorage@openlinksw.com [2016-12-21]
FF Extension: (TV-Fox) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4} [2016-12-21]
FF Extension: (PDF Download) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi [2016-12-21]
FF Extension: (JavaScript on-off applet) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\{54e46280-0211-11e3-b778-0800200c9a66}.xpi [2017-03-27]
FF Extension: (ChatZilla) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2016-12-21]
FF Extension: (FoxySpider) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\{75df891f-e299-4725-b14f-7d52f086dea2}.xpi [2016-12-21]
FF Extension: (GitHub Extension Installer) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\{86054B0A-BD85-42F9-8E58-8794EC6F6EA1}.xpi [2016-12-21]
FF Extension: (Context Search) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\{902D2C4A-457A-4EF9-AD43-7014562929FF}.xpi [2016-12-21]
FF Extension: (Web Developer) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2017-04-06]
FF Extension: (Force PDF Download) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\{d7f46ca0-899d-11da-a72b-0800200c9a65}.xpi [2017-02-21]
FF Extension: (Bitdefender QuickScan) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2016-12-21]
FF Extension: (Greasemonkey) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2017-05-02]
FF Extension: (QuickJava) - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2016-12-21]
FF SearchPlugin: C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\gjsu6r0d.default\searchplugins\bing-.xml [2017-04-11]
FF HKU\S-1-5-21-2285785116-1953552596-3447252386-1002\...\Firefox\Extensions: [antgroup@antdownloadmanager.com] - C:\Program Files (x86)\Ant Download Manager\antFF\antFF.xpi
FF Extension: (AntFF) - C:\Program Files (x86)\Ant Download Manager\antFF\antFF.xpi [2016-12-19]
FF HKU\S-1-5-21-2285785116-1953552596-3447252386-1002\...\Firefox\Extensions: [antff.popup.helper@antdownloadmanager.com] - C:\Program Files (x86)\Ant Download Manager\antFF\antff.popup.helper.xpi
FF Extension: (antFF Popup Helper for Mozilla) - C:\Program Files (x86)\Ant Download Manager\antFF\antff.popup.helper.xpi [2017-01-30]
FF HKU\S-1-5-21-2285785116-1953552596-3447252386-1002\...\SeaMonkey\Extensions: [antgroup@antdownloadmanager.com] - C:\Program Files (x86)\Ant Download Manager\antFF\antFF.xpi
FF HKU\S-1-5-21-2285785116-1953552596-3447252386-1002\...\SeaMonkey\Extensions: [antff.popup.helper@antdownloadmanager.com] - C:\Program Files (x86)\Ant Download Manager\antFF\antff.popup.helper.xpi
FF HKU\S-1-5-21-2285785116-1953552596-3447252386-1002\...\Waterfox\Extensions: [antgroup@antdownloadmanager.com] - C:\Program Files (x86)\Ant Download Manager\antFF\antFF.xpi
FF HKU\S-1-5-21-2285785116-1953552596-3447252386-1002\...\Waterfox\Extensions: [antff.popup.helper@antdownloadmanager.com] - C:\Program Files (x86)\Ant Download Manager\antFF\antff.popup.helper.xpi
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\Microsoft Office\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-21] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\Microsoft Office\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)

Chrome:
=======
CHR Profile: C:\Users\tony\AppData\Local\Google\Chrome\User Data\Default [2017-05-12]
CHR Extension: (Google Docs) - C:\Users\tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-05-10]
CHR Extension: (Google Drive) - C:\Users\tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-10]
CHR Extension: (YouTube) - C:\Users\tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-10]
CHR Extension: (Google Docs Offline) - C:\Users\tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-10]
CHR Extension: (Gmail) - C:\Users\tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-10]
CHR Extension: (Chrome Media Router) - C:\Users\tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-10]
CHR HKU\S-1-5-21-2285785116-1953552596-3447252386-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dalgiebmfcjackkbjfbfmlnflbdfbekj] - C:\Program Files (x86)\Ant Download Manager\antCH\antCH.crx [2017-03-16]
CHR HKLM-x32\...\Chrome\Extension: [dhancbnhabhandieicagelcddkdfgoif] - <no Path/update_url>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 BitDefenderCOM; C:\Program Files\BDServices\BitDefenderCom.exe [1028096 2017-03-17] (Digital Care Solutions) [File not signed]
S3 DsRoleSvc; C:\WINDOWS\system32\dsrolesrv.dll [280064 2017-02-05] (Microsoft Corporation)
S2 Everything; C:\Program Files\Everything\Everything.exe [1441792 2014-08-06] () [File not signed]
S3 scan; C:\Program Files\BDServices\scan.dll [627688 2017-03-16] (Bitdefender)
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\Sh4Service.exe [868024 2017-04-08] (Enigma Software Group USA, LLC.)
S2 vmms; C:\WINDOWS\system32\vmms.exe [13814272 2017-02-05] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2017-04-06] (Enigma Software Group USA, LLC.)
S3 gfiutil; C:\WINDOWS\System32\drivers\gfiutil.sys [32400 2016-03-04] (ThreatTrack Security)
R2 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [155912 2016-03-31] (BitDefender LLC)
S3 lunparser; C:\WINDOWS\System32\drivers\lunparser.sys [19456 2017-02-05] (Microsoft Corporation)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [192216 2017-03-01] (Malwarebytes)
R1 MpKsla9e26e6d; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6D626E83-34B1-49F7-9FB9-99DCA99AD468}\MpKsla9e26e6d.sys [44928 2017-05-11] (Microsoft Corporation)
S3 passthruparser; C:\WINDOWS\System32\drivers\passthruparser.sys [22016 2017-02-05] (Microsoft Corporation)
S3 pvhdparser; C:\WINDOWS\System32\drivers\pvhdparser.sys [27136 2016-02-06] (Microsoft Corporation)
R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [21360 2016-03-22] (IObit)
S3 Trufos; C:\WINDOWS\System32\DRIVERS\TRUFOS.sys [485512 2017-03-16] (BitDefender S.R.L.)
S3 vhdparser; C:\WINDOWS\System32\drivers\vhdparser.sys [18944 2017-02-05] (Microsoft Corporation)
R3 VMSMP; C:\WINDOWS\system32\DRIVERS\vmswitch.sys [689152 2016-03-04] (Microsoft Corporation)
S3 VMSP; C:\WINDOWS\system32\DRIVERS\vmswitch.sys [689152 2016-03-04] (Microsoft Corporation)
S3 VMSVSF; C:\WINDOWS\system32\DRIVERS\vmswitch.sys [689152 2016-03-04] (Microsoft Corporation)
S3 VMSVSP; C:\WINDOWS\system32\DRIVERS\vmswitch.sys [689152 2016-03-04] (Microsoft Corporation)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [71680 2016-08-13] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-03-19] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-03-19] (Zemana Ltd.)
S1 bjcqapnm; \??\C:\WINDOWS\system32\drivers\bjcqapnm.sys [X]
S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]
S3 MFE_RR; \??\C:\Users\tony\AppData\Local\Temp\mfe_rr.sys [X] <==== ATTENTION
S2 npf; \??\C:\WINDOWS\system32\drivers\npf.sys [X]
U0 Partizan; system32\drivers\Partizan.sys [X]
S3 RegFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-12 18:34 - 2017-05-12 18:34 - 00003252 _____ C:\WINDOWS\System32\Tasks\RegHunterStartup
2017-05-11 21:38 - 2017-05-11 21:39 - 51599826 _____ C:\Users\tony\Downloads\DJ_J-Boogie-Is_This_What_You_Want_2.zip
2017-05-11 21:23 - 2017-05-11 21:23 - 00162369 _____ C:\Users\tony\Downloads\OREILLY_LIVELESSONS_LARGE_SCALE_NETWORK_DESIGN_TUTORIAL-OXBRiDGE.torrent
2017-05-11 21:23 - 2017-05-11 21:23 - 00071099 _____ C:\Users\tony\Downloads\WINTELLECT_MASTERING_ANGULAR_TUTORIAL-OXBRiDGE.torrent
2017-05-11 21:22 - 2017-05-11 21:22 - 00001603 _____ C:\Users\tony\Downloads\Pluralsight.Web.App.Hacking.Caching.Problems-XQZT.torrent
2017-05-11 21:20 - 2017-05-11 21:20 - 00042973 _____ C:\Users\tony\Downloads\My.Wife.Loves.Big.Cocks.DiSC2.XXX.DVDRip.x264-TrapDoor.torrent
2017-05-11 21:20 - 2017-05-11 21:20 - 00036139 _____ C:\Users\tony\Downloads\My.Wife.Loves.Big.Cocks.DiSC1.XXX.DVDRip.x264-TrapDoor.torrent
2017-05-11 20:59 - 2017-05-11 20:59 - 00175233 _____ C:\Users\tony\Desktop\rfc5000.pdf
2017-05-11 20:58 - 2017-05-11 20:58 - 00175233 _____ C:\Users\tony\Downloads\rfc5000.pdf
2017-05-11 20:38 - 2017-05-11 20:40 - 174943211 _____ C:\Users\tony\Downloads\NoDJ-Certified_Clubtapes_Vol_34.zip
2017-05-11 20:32 - 2017-05-11 20:32 - 00795648 _____ C:\Users\tony\Downloads\BigListofWebsites.com 20170511 Search Dht Engine.xls
2017-05-11 20:19 - 2017-05-11 20:19 - 138524203 _____ C:\Users\tony\Downloads\idgaf_Radio_mixtape-(DatPiff.com).zip
2017-05-11 19:55 - 2017-05-11 19:55 - 00043274 _____ C:\Users\tony\Downloads\9513139C0BDE3218A8EE8EE92ED941C483D084E7.torrent
2017-05-11 19:52 - 2017-05-11 19:52 - 00469643 _____ C:\Users\tony\Downloads\66502504B7F910852E5EC0ED9D5D0EC4CA82FD1B.torrent
2017-05-11 19:25 - 2017-05-11 19:25 - 00057344 _____ C:\Users\tony\Downloads\BigListofWebsites.com 20170511 Search Decryption.xls
2017-05-11 19:24 - 2017-05-11 19:24 - 00477696 _____ C:\Users\tony\Downloads\BigListofWebsites.com 20170511 Search AES Encryption.xls
2017-05-11 19:11 - 2017-05-11 19:11 - 00737792 _____ C:\Users\tony\Downloads\BigListofWebsites.com 20170511 Search Freeware.xls
2017-05-11 19:11 - 2017-05-11 19:11 - 00294912 _____ C:\Users\tony\Downloads\BigListofWebsites.com 20170511 Search Mixtapes.xls
2017-05-11 19:09 - 2017-05-11 19:09 - 00822272 _____ C:\Users\tony\Downloads\BigListofWebsites.com 20170511 Search Dj Mixes.xls
2017-05-11 18:59 - 2017-05-11 18:59 - 00524248 _____ (F-Secure Corporation) C:\Users\tony\Downloads\F-SecureOnlineScanner(2).exe
2017-05-11 18:38 - 2017-05-11 18:38 - 00524248 _____ (F-Secure Corporation) C:\Users\tony\Downloads\F-SecureOnlineScanner(1).exe
2017-05-11 18:33 - 2017-05-11 18:33 - 00524248 _____ (F-Secure Corporation) C:\Users\tony\Downloads\F-SecureOnlineScanner.exe
2017-05-11 18:33 - 2017-05-11 18:33 - 00524248 _____ (F-Secure Corporation) C:\Users\tony\Downloads\F-SecureOnlineScanner (1).exe
2017-05-11 18:16 - 2017-05-12 19:25 - 00223595 _____ C:\WINDOWS\ZAM.krnl.trace
2017-05-11 18:16 - 2017-05-12 19:25 - 00200680 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-05-11 00:15 - 2017-05-11 00:15 - 00141614 _____ C:\Users\tony\Downloads\[PornHubPremium.com] Exposed Whores 200+ Clips Collection.torrent
2017-05-11 00:11 - 2017-05-11 00:11 - 00092745 _____ C:\Users\tony\Downloads\CH.torrent
2017-05-11 00:10 - 2017-05-11 00:10 - 00075938 _____ C:\Users\tony\Downloads\GobleepAGirl.com.1080p.XXX.Pack.torrent
2017-05-11 00:07 - 2017-05-11 00:07 - 00154898 _____ C:\Users\tony\Downloads\Brazzers.April.2017.720p.WEB-DL.AAC2.0.H.264-ForeverAloneDude [IPT].torrent
2017-05-11 00:03 - 2017-05-11 00:03 - 00033614 _____ C:\Users\tony\Downloads\RealityLovers.com Complete SiteRip of All Hardcore Voyeur Prespective Videos (GearVR) [IPT].torrent
2017-05-10 23:55 - 2017-05-10 23:55 - 00033766 _____ C:\Users\tony\Downloads\The.Fate.of.the.Furious.2017.TC.1080p.x264-ArBiTer.mkv [IPT].torrent
2017-05-10 23:51 - 2017-05-10 23:51 - 00025060 _____ C:\Users\tony\Downloads\INFINITESKILLS.ETHICAL.HACKING.TUTORIAL-OXBRiDGE.torrent
2017-05-10 23:48 - 2017-05-10 23:48 - 00052318 _____ C:\Users\tony\Downloads\0-Day.Week.Of.2017.05.03.torrent
2017-05-10 23:15 - 2017-05-10 23:15 - 00136511 _____ C:\Users\tony\Downloads\THE BPM 2017.torrent
2017-05-10 23:10 - 2017-05-10 23:10 - 00018156 _____ C:\Users\tony\Downloads\A State of Trance (WMC 2017, UltraFest, Miami) - 26-mar-2017.torrent
2017-05-10 23:09 - 2017-05-10 23:09 - 00020553 _____ C:\Users\tony\Downloads\Aly & Fila - live at Panama (Amsterdam) - April 2017.torrent
2017-05-10 23:09 - 2017-05-10 23:09 - 00017114 _____ C:\Users\tony\Downloads\Armin_Van_Buuren_-_Live_at_Sublime_Sydney-01-23-READ_NFO-DAT-2004-XDS.torrent
2017-05-10 23:09 - 2017-05-10 23:09 - 00014140 _____ C:\Users\tony\Downloads\Christopher Lawrence - Live at TranceState, El Paso - april 2017.mp3.torrent
2017-05-10 23:06 - 2017-05-10 23:06 - 00010092 _____ C:\Users\tony\Downloads\Mayday_2017_-_Markus_Schulz_Live-SAT-05-01-2017-XDS.torrent
2017-05-10 23:06 - 2017-05-10 23:06 - 00009361 _____ C:\Users\tony\Downloads\Mayday_2017_-_ATB_Live-SAT-05-01-2017-XDS.torrent
2017-05-10 23:06 - 2017-05-10 23:06 - 00009247 _____ C:\Users\tony\Downloads\Aly_and_Fila_-_Future_Sound_Of_Egypt_494-SAT-04-30-2017-TALiON.torrent
2017-05-10 23:05 - 2017-05-10 23:05 - 00017254 _____ C:\Users\tony\Downloads\Judge_Jules_-_Global_Warmup_686__Incl_Highly_Sedated_Guestmix-SAT-05-03-2017-TALiON.torrent
2017-05-10 23:05 - 2017-05-10 23:05 - 00016688 _____ C:\Users\tony\Downloads\Paul_Oakenfold_-_Planet_Perfecto_339-SAT-05-02-2017-TALiON.torrent
2017-05-10 23:04 - 2017-05-10 23:04 - 00018008 _____ C:\Users\tony\Downloads\Armin_van_Buuren_-_A_State_of_Trance_812-SAT-05-04-2017-TALiON.torrent
2017-05-10 23:04 - 2017-05-10 23:04 - 00008997 _____ C:\Users\tony\Downloads\Ferry_Corsten_-_Corstens_Countdown_514-SAT-05-04-2017-TALiON.torrent
2017-05-10 23:04 - 2017-05-10 23:04 - 00007046 _____ C:\Users\tony\Downloads\Talla_2XLC_-_Live_at_Technoclub-SAT-05-04-2017-XDS.torrent
2017-05-10 23:03 - 2017-05-10 23:03 - 00009247 _____ C:\Users\tony\Downloads\Will_Atkinson_-_BBC_Radio1_Residency-SAT-05-05-2017-TALiON.torrent
2017-05-10 22:59 - 2017-05-10 22:59 - 00016539 _____ C:\Users\tony\Downloads\Tiesto_-_Club_Life_527__Incl_Brooks_and_Charming_Horses_Guestmix-CABLE-05-06-2017-TALiON.torrent
2017-05-10 22:59 - 2017-05-10 22:59 - 00008417 _____ C:\Users\tony\Downloads\ATB_-_1LIVE_DJ_Session-SAT-05-07-2017-TALiON.torrent
2017-05-10 22:58 - 2017-05-10 22:58 - 00018113 _____ C:\Users\tony\Downloads\Roger_Shah_-_Magic_Island_468-SAT-05-06-2017-TALiON.torrent
2017-05-10 22:58 - 2017-05-10 22:58 - 00009702 _____ C:\Users\tony\Downloads\M.I.K.E._Push_-_Club_Elite_Sessions_512-SAT-05-07-2017-TALiON.torrent
2017-05-10 22:58 - 2017-05-10 22:58 - 00009287 _____ C:\Users\tony\Downloads\Aly_and_Fila_-_Future_Sound_Of_Egypt_495-SAT-05-07-2017-TALiON.torrent
2017-05-10 22:57 - 2017-05-10 22:57 - 00016828 _____ C:\Users\tony\Downloads\Paul_Oakenfold_-_Planet_Perfecto_340-SAT-05-09-2017-TALiON.torrent
2017-05-10 22:56 - 2017-05-10 22:56 - 01117760 _____ C:\Users\tony\Downloads\NUBILES.CASTING.PACK.1.15.XXX.torrent
2017-05-10 22:37 - 2017-05-10 22:37 - 00024446 _____ C:\Users\tony\Downloads\westcoastcountdown25.torrent
2017-05-10 22:36 - 2017-05-10 22:36 - 00036294 _____ C:\Users\tony\Downloads\trapsntrunks120.torrent
2017-05-10 22:36 - 2017-05-10 22:36 - 00028377 _____ C:\Users\tony\Downloads\jeremihcincode.torrent
2017-05-10 22:36 - 2017-05-10 22:36 - 00010858 _____ C:\Users\tony\Downloads\meekendmusic.torrent
2017-05-10 22:35 - 2017-05-10 22:35 - 00042703 _____ C:\Users\tony\Downloads\downsouthbangers36.torrent
2017-05-10 22:35 - 2017-05-10 22:35 - 00025654 _____ C:\Users\tony\Downloads\hotboyyallgotme.torrent
2017-05-10 22:34 - 2017-05-10 22:34 - 00032751 _____ C:\Users\tony\Downloads\goodmuziikk12.torrent
2017-05-10 22:33 - 2017-05-10 22:33 - 00043316 _____ C:\Users\tony\Downloads\backonmybleep18.torrent
2017-05-10 22:21 - 2017-04-01 11:12 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-05-10 22:21 - 2017-04-01 11:12 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-10 22:21 - 2016-02-11 01:18 - 00403390 __RSH C:\bootmgr
2017-05-10 22:21 - 2013-06-18 22:18 - 00000001 ___SH C:\BOOTNXT
2017-05-10 21:53 - 2017-05-10 21:53 - 03607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2017-05-10 21:53 - 2017-05-10 21:53 - 03320832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2017-05-10 21:53 - 2017-05-10 21:53 - 01970968 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2017-05-10 21:53 - 2017-05-10 21:53 - 01613528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2017-05-10 21:53 - 2017-05-10 21:53 - 00379232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-05-10 21:41 - 2017-05-10 21:41 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2017-05-10 21:41 - 2017-05-10 21:41 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2017-05-10 21:27 - 2017-05-11 01:05 - 00000000 ____D C:\Users\tony\AppData\Roaming\Kodi
2017-05-10 21:27 - 2017-05-10 21:27 - 00000000 ____D C:\ProgramData\Package Cache
2017-05-10 21:26 - 2017-05-12 19:19 - 00000000 ____D C:\Program Files (x86)\Kodi
2017-05-10 21:26 - 2017-05-10 21:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodi
2017-05-10 21:11 - 2017-05-10 21:11 - 03547136 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-05-10 21:11 - 2017-05-10 21:11 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-05-10 21:11 - 2017-05-10 21:11 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-05-10 20:03 - 2017-05-10 20:03 - 00025160 _____ C:\Users\tony\Downloads\Paving costs A2 V3 (1).xlsx
2017-05-10 20:01 - 2017-05-10 20:01 - 00017085 _____ C:\Users\tony\Downloads\Calculating labour costs (3) (4).xlsx
2017-05-10 20:00 - 2017-05-10 20:00 - 00016935 _____ C:\Users\tony\Downloads\Calculating labour costs (3) (3).xlsx
2017-05-10 20:00 - 2017-05-10 20:00 - 00016935 _____ C:\Users\tony\Downloads\Calculating labour costs (3) (2).xlsx
2017-05-10 19:59 - 2017-05-10 19:59 - 00017085 _____ C:\Users\tony\Downloads\Calculating labour costs (3) (1).xlsx
2017-05-10 19:12 - 2017-05-10 19:12 - 00000824 _____ C:\Users\Public\Desktop\IPVanish.lnk
2017-05-09 20:06 - 2017-05-09 20:06 - 00822272 _____ C:\Users\tony\Downloads\BigListofWebsites.com.xls
2017-05-09 09:36 - 2017-05-09 09:38 - 1664845297 _____ C:\Users\tony\Desktop\The.F.of.the.F.2017.TC.x264.AC3-ETRG.mp4
2017-05-09 07:55 - 2017-05-09 07:55 - 00001343 _____ C:\Users\Public\Desktop\Ashampoo Burning Studio 18.lnk
2017-05-09 07:55 - 2017-05-09 07:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2017-05-09 05:44 - 2017-05-09 05:44 - 00001373 _____ C:\Users\tony\Desktop\MediaHuman YouTube Downloader.lnk
2017-05-09 05:44 - 2017-05-09 05:44 - 00000000 ____D C:\Users\tony\AppData\Local\YouTubeDownloader
2017-05-09 05:44 - 2017-05-09 05:44 - 00000000 ____D C:\Users\tony\AppData\Local\MediaHuman
2017-05-09 05:44 - 2017-05-09 05:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaHuman
2017-05-09 05:44 - 2017-05-09 05:44 - 00000000 ____D C:\Program Files (x86)\MediaHuman
2017-05-09 05:12 - 2017-05-10 22:28 - 00000000 ____D C:\Program Files (x86)\mIRC
2017-05-09 05:12 - 2017-05-09 05:12 - 00000967 _____ C:\Users\Public\Desktop\mIRC.lnk
2017-05-09 05:12 - 2017-05-09 05:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC
2017-05-09 05:11 - 2017-05-09 07:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-05-09 05:07 - 2017-05-12 19:20 - 00000000 ____D C:\Users\tony\AppData\Roaming\Everything
2017-05-07 14:41 - 2017-05-07 14:41 - 00013813 _____ C:\Users\tony\Downloads\Deck quotation sheet.xlsx
2017-05-07 14:40 - 2017-05-07 14:40 - 00016935 _____ C:\Users\tony\Downloads\Calculating labour costs (3).xlsx
2017-05-07 14:38 - 2017-05-07 14:38 - 00025079 _____ C:\Users\tony\Downloads\Paving costs A2 V3.xlsx
2017-05-04 23:11 - 2017-05-04 23:11 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2017-05-04 23:02 - 2017-05-04 23:02 - 00001175 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WindowsUpdateFixer.lnk
2017-05-04 23:02 - 2017-05-04 23:02 - 00000000 ____D C:\Program Files (x86)\WindowsUpdateFixer
2017-05-04 22:07 - 2017-05-04 22:07 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-05-04 20:38 - 2017-02-24 00:50 - 00093360 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-05-04 20:38 - 2017-02-23 00:35 - 01609216 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-05-04 20:38 - 2017-02-23 00:35 - 01286144 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-05-04 20:38 - 2017-02-23 00:35 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-05-04 20:38 - 2017-02-23 00:35 - 00556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-05-04 20:38 - 2017-02-23 00:35 - 00335360 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-05-04 20:38 - 2017-02-23 00:35 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\centel.dll
2017-05-04 20:38 - 2017-02-23 00:35 - 00233984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-05-04 20:38 - 2017-02-23 00:35 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-05-04 20:38 - 2016-03-12 10:49 - 02466136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-05-04 20:38 - 2016-02-01 03:17 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsAnytimeUpgradeui.exe
2017-05-03 18:36 - 2017-05-03 18:37 - 00225788 _____ C:\TDSSKiller.3.1.0.15_03.05.2017_18.36.59_log.txt
2017-05-03 17:39 - 2017-05-03 17:39 - 00000876 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-05-03 17:39 - 2017-05-03 17:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-05-03 17:39 - 2017-05-03 17:39 - 00000000 ____D C:\Program Files\RogueKiller
2017-05-02 17:59 - 2017-05-02 17:59 - 00000000 ____D C:\Users\tony\AppData\Roaming\IPVanish VPN
2017-05-02 17:59 - 2017-05-02 17:59 - 00000000 ____D C:\Users\tony\AppData\Local\IsolatedStorage
2017-05-02 17:59 - 2017-05-02 17:59 - 00000000 ____D C:\Users\tony\AppData\Local\IPVanish
2017-05-02 17:55 - 2017-05-10 19:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IPVanish
2017-05-02 17:55 - 2017-05-10 19:12 - 00000000 ____D C:\Program Files\IPVanish
2017-05-02 05:35 - 2017-05-07 20:11 - 00001154 _____ C:\Users\tony\Desktop\RegHunter.lnk
2017-05-02 05:35 - 2017-05-02 05:35 - 00000000 ____D C:\Users\tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RegHunter
2017-04-26 21:12 - 2017-04-26 21:12 - 00051054 _____ C:\Users\tony\Downloads\Materials Costing A1.xlsx
2017-04-25 21:49 - 2017-05-01 20:05 - 00054308 _____ C:\Users\tony\Desktop\diggas excel work tafe.xlsx
2017-04-25 21:46 - 2017-04-25 21:46 - 00054311 _____ C:\Users\tony\Downloads\levis Materials Costing A1 (1).xlsx
2017-04-25 21:45 - 2017-04-25 21:45 - 00054506 _____ C:\Users\tony\Downloads\levis Materials Costing A1.xlsx
2017-04-25 10:35 - 2017-04-25 10:36 - 00000000 ____D C:\Program Files\CCleaner
2017-04-25 10:35 - 2017-04-25 10:35 - 00002786 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-04-25 10:35 - 2017-04-25 10:35 - 00000836 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-04-25 10:35 - 2017-04-25 10:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-04-23 22:22 - 2017-04-25 08:23 - 00000250 _____ C:\WINDOWS\SysWOW64\PARTIZAN.TXT
2017-04-23 21:39 - 2017-04-23 21:40 - 00156356 _____ C:\TDSSKiller.2.8.15.0_23.04.2017_21.39.38_log.txt
2017-04-23 21:36 - 2017-04-23 21:38 - 00156650 _____ C:\TDSSKiller.2.8.15.0_23.04.2017_21.36.59_log.txt
2017-04-23 21:34 - 2017-04-23 21:35 - 00156650 _____ C:\TDSSKiller.2.8.15.0_23.04.2017_21.34.53_log.txt
2017-04-23 21:32 - 2017-04-23 21:33 - 00157458 _____ C:\TDSSKiller.2.8.15.0_23.04.2017_21.32.34_log.txt
2017-04-23 21:01 - 2017-04-23 21:01 - 00000000 ____D C:\Users\Public\Documents\DriverGenius
2017-04-15 17:08 - 2017-04-15 17:10 - 00000000 ____D C:\Users\tony\Desktop\ASH PHOTO'S WEDDING
2017-04-12 18:16 - 2017-04-12 18:16 - 00016070 _____ C:\Users\tony\Downloads\nfo_2012_EBOOK.nfo
2017-04-12 18:16 - 2017-04-12 18:16 - 00009624 _____ C:\Users\tony\Downloads\nfo_2010_SCRIPTS.nfo
2017-04-12 16:42 - 2017-04-12 16:42 - 00000000 ____D C:\WINDOWS\System32\Tasks\Event Viewer Tasks
2017-04-12 16:32 - 2017-04-12 16:49 - 00000048 _____ C:\WINDOWS\SysWOW64\RB.rdat
2017-04-12 16:32 - 2017-04-12 16:49 - 00000048 _____ C:\WINDOWS\SysWOW64\License_Time.rdat
2017-04-12 16:32 - 2017-04-12 16:49 - 00000000 _____ C:\WINDOWS\SysWOW64\License.rdat
2017-04-12 16:19 - 2017-04-12 16:19 - 00000000 ___HD C:\Program Files (x86)\Temp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-12 19:25 - 2016-12-07 11:08 - 00000000 ____D C:\FRST
2017-05-12 19:24 - 2016-12-21 12:11 - 00000000 ____D C:\Users\tony\AppData\LocalLow\Mozilla
2017-05-12 19:22 - 2016-12-21 13:23 - 00000000 ____D C:\Users\tony\AppData\Roaming\uTorrent
2017-05-12 18:50 - 2016-12-21 11:47 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2285785116-1953552596-3447252386-1002
2017-05-12 18:45 - 2016-12-21 13:16 - 00002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-12 18:45 - 2016-12-21 13:16 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-05-12 18:42 - 2017-04-11 02:35 - 00000000 ____D C:\Users\tony\AppData\LocalLow\uTorrent
2017-05-12 18:34 - 2016-12-21 11:45 - 00000000 ___RD C:\Users\tony\OneDrive
2017-05-12 01:16 - 2016-12-21 12:04 - 00003918 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{820FB677-52CC-4C9C-8967-AF92866809F0}
2017-05-11 23:12 - 2013-08-23 01:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-05-11 20:54 - 2016-12-21 13:35 - 00000000 ____D C:\Users\tony\AppData\Roaming\vlc
2017-05-11 20:10 - 2014-11-21 17:38 - 00843006 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-05-11 20:10 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\Inf
2017-05-11 20:07 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-05-11 19:10 - 2016-12-21 11:42 - 00000000 ____D C:\Users\tony\AppData\Local\Packages
2017-05-11 19:00 - 2017-02-21 15:18 - 00000000 ____D C:\Users\tony\AppData\Local\FSDART
2017-05-11 18:16 - 2013-08-23 00:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-05-11 01:05 - 2017-01-19 20:03 - 00000000 ____D C:\Users\tony\AppData\Local\CrashDumps
2017-05-10 22:33 - 2017-02-13 23:50 - 00000000 ____D C:\Users\tony\AppData\Roaming\mIRC
2017-05-10 22:19 - 2016-04-17 06:21 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-05-10 22:19 - 2013-08-23 01:36 - 00000000 ___RD C:\WINDOWS\ToastData
2017-05-10 22:19 - 2013-08-23 01:36 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-05-10 22:19 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\WinStore
2017-05-10 22:19 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2017-05-10 22:19 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\system32\setup
2017-05-10 22:19 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-05-10 22:19 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2017-05-10 21:53 - 2016-04-17 04:53 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-05-10 21:53 - 2016-04-17 04:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-05-10 21:44 - 2016-04-17 05:23 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-05-10 21:43 - 2016-04-17 05:23 - 148601744 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-05-10 21:30 - 2016-04-17 04:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-05-10 21:15 - 2017-02-22 03:08 - 00000167 _____ C:\WINDOWS\win.ini
2017-05-10 21:07 - 2014-11-21 17:18 - 00000000 ____D C:\WINDOWS\ShellNew
2017-05-10 19:08 - 2016-12-21 11:40 - 00000000 ____D C:\Users\tony
2017-05-09 07:55 - 2016-12-21 15:15 - 00000000 ____D C:\Users\tony\AppData\Roaming\Ashampoo
2017-05-09 07:55 - 2016-12-21 15:15 - 00000000 ____D C:\Users\tony\AppData\Local\ashampoo
2017-05-09 07:55 - 2016-12-21 15:14 - 00000000 ____D C:\ProgramData\Ashampoo
2017-05-09 07:54 - 2016-12-21 15:14 - 00000000 ____D C:\Program Files (x86)\Ashampoo
2017-05-09 07:48 - 2013-08-22 23:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2017-05-09 07:46 - 2017-02-15 18:46 - 00000232 _____ C:\WINDOWS\SysWOW64\_WKERNEL.SYL
2017-05-09 07:41 - 2016-12-21 12:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-07 20:11 - 2017-04-06 20:27 - 00001161 _____ C:\Users\tony\Desktop\SpyHunter.lnk
2017-05-07 17:41 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\rescache
2017-05-04 22:51 - 2016-12-07 11:22 - 00000000 ____D C:\AdwCleaner
2017-05-04 22:07 - 2017-03-08 11:44 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2017-05-04 21:33 - 2017-03-17 20:27 - 00000000 ____D C:\Users\tony\AppData\Local\NPE
2017-05-04 21:28 - 2017-03-17 22:16 - 00000000 ____D C:\Program Files (x86)\Allavsoft
2017-05-04 20:38 - 2016-10-12 09:42 - 00000000 ____D C:\NPE
2017-05-03 21:44 - 2017-02-15 19:16 - 00000000 ____D C:\Users\tony\AppData\Roaming\Allavsoft
2017-05-03 19:15 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-05-03 18:06 - 2016-12-21 13:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shark007 Codecs
2017-05-02 05:35 - 2017-04-06 20:27 - 00000000 ____D C:\Users\tony\AppData\Roaming\Enigma Software Group
2017-05-02 05:35 - 2017-04-06 20:27 - 00000000 ____D C:\Program Files\Enigma Software Group
2017-04-30 21:00 - 2016-12-21 13:15 - 00003330 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-30 21:00 - 2016-12-21 13:15 - 00003202 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-23 22:48 - 2016-12-21 13:15 - 00000000 ____D C:\Users\tony\AppData\Local\Google
2017-04-23 22:20 - 2017-02-21 15:26 - 00000000 ____D C:\Users\tony\Documents\RegRun2
2017-04-23 22:12 - 2017-02-21 15:26 - 00000002 _SHOT C:\WINDOWS\winstart.bat
2017-04-23 22:12 - 2017-02-21 15:26 - 00000002 _SHOT C:\WINDOWS\SysWOW64\CONFIG.NT
2017-04-23 22:12 - 2017-02-21 15:26 - 00000002 _SHOT C:\WINDOWS\SysWOW64\AUTOEXEC.NT
2017-04-23 22:12 - 2017-02-21 15:26 - 00000000 ____D C:\ProgramData\RegRun
2017-04-12 17:15 - 2017-01-17 09:05 - 00000000 ____D C:\ProgramData\IObit
2017-04-12 17:14 - 2017-01-17 09:05 - 00000000 ____D C:\Users\tony\AppData\Roaming\IObit
2017-04-12 16:30 - 2017-04-11 10:59 - 00000000 ____D C:\Program Files\BDServices
2017-04-12 16:30 - 2017-03-01 15:42 - 00000000 ____D C:\Users\tony\Desktop\mbar
2017-04-12 16:30 - 2017-02-21 10:03 - 00000000 ____D C:\Users\tony\Desktop\COMODO
2017-04-12 16:30 - 2016-12-21 13:32 - 00000000 ____D C:\Users\tony\AppData\Roaming\Winamp
2017-04-12 16:30 - 2013-08-23 01:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-04-12 16:29 - 2013-08-23 01:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-04-12 16:29 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\registration

==================== Files in the root of some directories =======

2017-04-11 10:59 - 2017-04-12 15:45 - 0000115 _____ () C:\Users\tony\AppData\Roaming\LogFile.txt
2017-01-16 14:44 - 2017-01-16 14:44 - 0113895 _____ () C:\Users\tony\AppData\Local\ars.cache
2017-01-16 14:44 - 2017-01-16 14:44 - 0266736 _____ () C:\Users\tony\AppData\Local\census.cache
2017-01-16 14:27 - 2017-01-16 14:27 - 0000036 _____ () C:\Users\tony\AppData\Local\housecall.guid.cache
2017-02-05 15:24 - 2017-02-21 09:50 - 0007692 _____ () C:\Users\tony\AppData\Local\resmon.resmoncfg
2016-12-22 05:27 - 2016-12-22 05:27 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
2017-05-10 19:11 - 2017-05-10 19:11 - 6985672 _____ (IPVANISH ) C:\Users\tony\AppData\Local\Temp\IPVanish-Setup-3.0.8.0.exe
2017-05-10 21:14 - 2017-05-11 18:17 - 0000000 _____ () C:\Users\tony\AppData\Local\Temp\parctmp.dll
2017-05-10 21:14 - 2017-05-12 19:25 - 0000000 _____ () C:\Users\tony\AppData\Local\Temp\parctmp.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-05-04 20:49

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-05-2017
Ran by tony (12-05-2017 19:26:09)
Running from G:\2016-LATEST-TORRENT-DOWNLOADS\MALWARE\MIXED-APPS-
Windows 8.1 Pro (Update) (X64) (2016-12-21 01:42:05)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2285785116-1953552596-3447252386-500 - Administrator - Disabled)
Guest (S-1-5-21-2285785116-1953552596-3447252386-501 - Limited - Disabled)
tony (S-1-5-21-2285785116-1953552596-3447252386-1002 - Administrator - Enabled) => C:\Users\tony

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2285785116-1953552596-3447252386-1002\...\uTorrent) (Version: 3.5.0.43580 - BitTorrent Inc.)
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Ashampoo Burning Studio 18 (HKLM-x32\...\{91B33C97-AF35-C3DC-976E-8A253D817482}_is1) (Version: 18.0.4 - Ashampoo GmbH & Co. KG)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.29 - Piriform)
EPSON XP-100 Series Printer Uninstall (HKLM\...\EPSON XP-100 Series) (Version: - SEIKO EPSON Corporation)
Everything 1.3.4.686 (x64) (HKLM\...\Everything) (Version: - )
EZ CD Audio Converter (HKLM-x32\...\EZ CD Audio Converter) (Version: 3.0.3 - Poikosoft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Herramientas de corrección de Microsoft Office 2016: español (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
IPVanish (HKLM\...\A57226AD-BDAF-4860-BD4E-EDA6BC546189_is1) (Version: 3.0.8.0 - IPVANISH)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Kodi (HKU\S-1-5-21-2285785116-1953552596-3447252386-1002\...\Kodi) (Version: - XBMC-Foundation)
MediaHuman YouTube Downloader version 3.9.8.8 (HKLM-x32\...\MediaHuman YouTube Downloader_is1) (Version: 3.9.8.8 - )
MediaInfo 0.7.91 (HKLM\...\MediaInfo) (Version: 0.7.91 - MediaArea.net)
Medieval CUE Splitter (HKLM-x32\...\{B96D2269-568B-4CBF-9332-12FAE8B158F7}) (Version: 1.2.0 - Medieval Software)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.48 - mIRC Co. Ltd.)
Mozilla Firefox 53.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 53.0.2 (x86 en-US)) (Version: 53.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.2.6333 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.7 - Notepad++ Team)
Outils de vérification linguistique 2016 de Microsoft Office - Français (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
PowerArchiver 2016 (HKLM-x32\...\PowerArchiver 2016 16.10.24) (Version: 16.10.24 - ConeXware, Inc.)
PowerArchiver 2016 (x32 Version: 16.10.24 - ConeXware, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7982 - Realtek Semiconductor Corp.)
RegHunter (HKLM-x32\...\RegHunter) (Version: 2.2.6.2054 - Enigma Software Group, LLC)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.26.12.4815 - Enigma Software Group, LLC)
Update for Skype for Business 2016 (KB3178717) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{45503767-F19E-4421-B930-8B0004ACA804}) (Version: - Microsoft)
Update for Skype for Business 2016 (KB3178717) 64-Bit Edition (HKLM\...\{90160000-012B-0409-1000-0000000FF1CE}_Office16.PROPLUS_{45503767-F19E-4421-B930-8B0004ACA804}) (Version: - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {003216CB-5E83-4520-B5FA-4B79A42F6819} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-04-11] (Piriform Ltd)
Task: {02AD591D-A68F-48CE-AC37-082211A7009D} - \Optimize Start Menu Cache Files-S-1-5-21-2285785116-1953552596-3447252386-1001 -> No File <==== ATTENTION
Task: {041F1AB5-95ED-487C-B4C9-C10B99DB82E4} - \SmartDefrag_Startup -> No File <==== ATTENTION
Task: {200B1ED1-D7E6-43E5-993C-0CBB536CBA41} - \Driver Booster SkipUAC (tony) -> No File <==== ATTENTION
Task: {45022052-6C15-49E0-8DBB-1BD245BD854A} - \Tweaking.com - Windows Repair Tray Icon -> No File <==== ATTENTION
Task: {45301DBF-66D9-4BA3-BD8C-A389DC6FD795} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2017-04-08] (Enigma Software Group USA, LLC.)
Task: {4C2F1A92-4658-47FA-8481-992441AD624D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-21] (Google Inc.)
Task: {78DBF4DD-35BE-44B0-9BF6-54622A37C675} - \SmartDefrag_Update -> No File <==== ATTENTION
Task: {7DAA2AE6-8493-4530-AAC3-917AE0A3972D} - \Driver Booster Scheduler -> No File <==== ATTENTION
Task: {910F8F66-844C-4D01-B83D-7B69C754F846} - \SmartDefrag_AutoAnalyze -> No File <==== ATTENTION
Task: {A0A4C762-4EB3-4CD9-9CC7-0DCAA18F67AF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-21] (Google Inc.)
Task: {B3BCA3F2-F7E2-4572-916F-FC9CC230DECE} - \WPD\SqmUpload_S-1-5-21-2285785116-1953552596-3447252386-1001 -> No File <==== ATTENTION
Task: {BFFD687C-91DE-4999-8407-71F88DAD3A29} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {E091FBA3-46E4-4E73-AFF6-0C76C6B91D27} - System32\Tasks\Trojan Remover => C:\Program Files\Loaris Trojan Remover\ltr.exe
Task: {F4A5B5A4-B621-4445-A630-7D1214B7D5B4} - System32\Tasks\RegHunterStartup => C:\Program Files\Enigma Software Group\RegHunter\RegHunter.exe [2017-05-02] (Enigma Software Group USA, LLC.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-12-06 18:42 - 2012-09-18 14:27 - 00192512 _____ () C:\WINDOWS\System32\zlhp1020.dll
2017-04-22 18:00 - 2012-09-18 14:27 - 00065024 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\pphp1020.dll
2017-01-13 12:56 - 2017-01-13 12:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 12:56 - 2017-01-13 12:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-12-22 05:28 - 2016-09-13 06:00 - 00133568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-02-22 23:56 - 2017-02-22 23:56 - 08911560 _____ () C:\Program Files\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2015-04-16 06:13 - 2015-04-16 06:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2017-04-07 17:41 - 2017-04-07 17:41 - 00054488 _____ () C:\Program Files\CCleaner\branding.dll
2017-02-20 23:24 - 2014-08-06 11:04 - 01441792 _____ () C:\Program Files\Everything\Everything.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\00634021.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\01057925.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\02309174.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\44848192.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\56056411.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\68150913.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\79484836.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\82378492.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\84232467.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\00634021.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\01057925.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\02309174.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\44848192.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\56056411.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\68150913.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\79484836.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\82378492.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\84232467.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\str => ""="service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-02-22 03:10 - 2017-04-12 17:15 - 00000832 ____N C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2285785116-1953552596-3447252386-1002\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 61.9.134.49 - 61.9.133.193
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "Everything"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "DLLSuite2016"
HKLM\...\StartupApproved\Run32: => "MalTray"
HKLM\...\StartupApproved\Run32: => "IObit Malware Fighter"
HKLM\...\StartupApproved\Run32: => "Syncios device service"
HKU\S-1-5-21-2285785116-1953552596-3447252386-1002\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-2285785116-1953552596-3447252386-1002\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [VIRT-REMOTEDESKTOP-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe
FirewallRules: [VIRT-MIGL-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe
FirewallRules: [TCP Query User{2E05CF03-7391-4DE0-8D8B-0078431C74AB}C:\users\tony\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\tony\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{99BA75A5-CADD-4485-8638-9E8D64C8E18E}C:\users\tony\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\tony\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{B20E4B36-825F-4829-B4E1-6DBF40DF1330}] => (Block) C:\users\tony\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{A3DD1307-9118-4D1F-A5C4-11AE879B856E}] => (Block) C:\users\tony\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{39E478C0-E78F-4EAF-93D5-2424E4418847}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{40248142-F95A-4FCB-9DD0-50D65F1CB2F0}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{0535FD58-1683-4DCF-BB82-746450C89D62}] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{1C8CCA71-4CC4-48EC-A124-FC44EA5CD24E}] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{6592ABB6-13DD-43CE-AA19-31FD382F1579}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{C0FD21A9-0D0D-410A-A31F-E750866A797E}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [TCP Query User{BEE02115-8441-4CAB-A602-39395F727336}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [UDP Query User{7956FF70-F21D-4E77-9BAE-5F1580C0992A}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [{C93E8FD0-8BD6-4F4A-A8D0-BB656B85EBAC}] => (Block) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [{0C4051E2-CCD8-45FE-BDBD-EAD9216D8D7A}] => (Block) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [TCP Query User{8F5152C6-DE91-44F1-B34C-4A18493AA46A}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{9AF22920-4482-432A-A945-A52690F903BE}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [{AB618C40-426A-4AC1-95FE-C12AE0DEECF5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F735BD36-2770-44B7-8870-715826DB710D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{570605DF-1588-4C3C-8A96-2103E76A2691}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{EC58B7B1-B9E2-4F81-B3C3-C937642637CE}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{65576487-B329-4755-B292-D7EA69CD9B1C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/12/2017 01:31:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15359

Error: (05/12/2017 01:31:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15359

Error: (05/12/2017 01:31:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/11/2017 09:28:51 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (05/11/2017 09:28:30 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (05/11/2017 09:28:02 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (05/11/2017 08:10:07 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (05/11/2017 08:08:48 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (05/11/2017 08:08:30 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (05/11/2017 08:08:04 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable


System errors:
=============
Error: (05/11/2017 06:21:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The EsgScanner service failed to start due to the following error:
The system cannot find the file specified.

Error: (05/11/2017 06:18:32 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Hyper-V Virtual Machine Management service terminated with the following error:
Not enough storage is available to complete this operation.

Error: (05/11/2017 06:16:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%2147952449 = The requested address is not valid in its context.

Error: (05/11/2017 06:16:31 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%2147952449 = The requested address is not valid in its context.

Error: (05/11/2017 06:16:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Media Player Network Sharing Service service depends on the Windows Search service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (05/11/2017 06:16:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NetGroup Packet Filter Driver service failed to start due to the following error:
The system cannot find the file specified.

Error: (05/11/2017 06:16:13 PM) (Source: Microsoft-Windows-Hyper-V-Hypervisor) (EventID: 48) (User: NT AUTHORITY)
Description: Hypervisor launch failed; Processor does not provide the features necessary to run the hypervisor (leaf 0x80000001, register 0x3: features needed 0x28100800, features supported 0x28000800).

Error: (05/11/2017 06:15:19 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/11/2017 06:09:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The EsgScanner service failed to start due to the following error:
The system cannot find the file specified.

Error: (05/11/2017 01:06:46 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.


CodeIntegrity:
===================================
Date: 2017-05-11 19:34:31.242
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-05-11 19:34:30.804
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-05-11 19:34:09.070
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-05-11 19:34:08.633
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-05-11 19:29:37.054
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-05-11 19:29:36.616
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-05-11 19:21:42.213
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-05-11 19:21:41.778
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-05-11 18:44:09.330
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-05-10 19:23:59.196
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i7 CPU 950 @ 3.07GHz
Percentage of memory in use: 9%
Total physical RAM: 24567.11 MB
Available physical RAM: 22132.74 MB
Total Virtual: 26103.11 MB
Available Virtual: 23245.95 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:223.57 GB) (Free:125.21 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (TONYS_DATA) (Fixed) (Total:1863.01 GB) (Free:21.62 GB) NTFS
Drive e: (NEW 8TB) (Fixed) (Total:7451.91 GB) (Free:290.03 GB) NTFS
Drive f: (TONYS_DATA_2) (Fixed) (Total:3725.9 GB) (Free:3.8 GB) NTFS
Drive g: (NEW 4TB STORAGE) (Fixed) (Total:3725.9 GB) (Free:324.47 GB) NTFS
Drive h: (TONYS_DATA_XVID) (Fixed) (Total:1863.01 GB) (Free:13.09 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

==================== End of Addition.txt ============================

#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:04 PM

Posted 12 May 2017 - 08:49 AM

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(Digital Care Solutions) C:\Program Files\BDServices\BitDefenderCOM.exe
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
GroupPolicy: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2285785116-1953552596-3447252386-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
URLSearchHook: [S-1-5-21-2285785116-1953552596-3447252386-1002] ATTENTION => Default URLSearchHook is missing
CHR Extension: (Chrome Web Store Payments) - C:\Users\tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-10]
CHR Extension: (Chrome Media Router) - C:\Users\tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-10]
CHR HKLM-x32\...\Chrome\Extension: [dhancbnhabhandieicagelcddkdfgoif] - <no Path/update_url>
R2 BitDefenderCOM; C:\Program Files\BDServices\BitDefenderCom.exe [1028096 2017-03-17] (Digital Care Solutions) [File not signed]
S3 Trufos; C:\WINDOWS\System32\DRIVERS\TRUFOS.sys [485512 2017-03-16] (BitDefender S.R.L.)
S1 bjcqapnm; \??\C:\WINDOWS\system32\drivers\bjcqapnm.sys [X]
S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]
S3 MFE_RR; \??\C:\Users\tony\AppData\Local\Temp\mfe_rr.sys [X] <==== ATTENTION
S2 npf; \??\C:\WINDOWS\system32\drivers\npf.sys [X]
U0 Partizan; system32\drivers\Partizan.sys [X]
S3 RegFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [X]
Task: {02AD591D-A68F-48CE-AC37-082211A7009D} - \Optimize Start Menu Cache Files-S-1-5-21-2285785116-1953552596-3447252386-1001 -> No File <==== ATTENTION
Task: {041F1AB5-95ED-487C-B4C9-C10B99DB82E4} - \SmartDefrag_Startup -> No File <==== ATTENTION
Task: {200B1ED1-D7E6-43E5-993C-0CBB536CBA41} - \Driver Booster SkipUAC (tony) -> No File <==== ATTENTION
Task: {45022052-6C15-49E0-8DBB-1BD245BD854A} - \Tweaking.com - Windows Repair Tray Icon -> No File <==== ATTENTION
Task: {78DBF4DD-35BE-44B0-9BF6-54622A37C675} - \SmartDefrag_Update -> No File <==== ATTENTION
Task: {7DAA2AE6-8493-4530-AAC3-917AE0A3972D} - \Driver Booster Scheduler -> No File <==== ATTENTION
Task: {910F8F66-844C-4D01-B83D-7B69C754F846} - \SmartDefrag_AutoAnalyze -> No File <==== ATTENTION
Task: {B3BCA3F2-F7E2-4572-916F-FC9CC230DECE} - \WPD\SqmUpload_S-1-5-21-2285785116-1953552596-3447252386-1001 -> No File <==== ATTENTION
C:\Program Files\BDServices
C:\WINDOWS\System32\DRIVERS\TRUFOS.sys

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download Malwarebytes Anti-Malware from here
  • Right-click on the MBAM icon and select Run as administrator to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.
  • Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
  • Note: The scan may take some time to finish, so please be patient.
  • If potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old versions of Java via the Control Panel > Programs > Programs and Features.
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)

Please let me know what problem persists with this computer.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users