Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Manual Proxy Server Self Populates (loopback trojan/virus?)


  • This topic is locked This topic is locked
30 replies to this topic

#1 Stu9191

Stu9191

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 15 February 2017 - 07:24 PM

Dear Bleeping Computer Techs,

 

Windows 10 System (always updated)

 

My browser of choice is Firefox and I use Chrome as a back up. Recently I opened microsoft edge and was confronted with the dreaded blue screen together with a QR code to reach microsoft support. I have never experienced this previously which was a cause of concern when I started searching and discovered it to be a (hijack) scam.

 

I also detected that my Manual Proxy Setting was populated as follows which also caused me concern:

 

SETTINGS/NETWORK AND INTERNET/PROXY/MANUAL PROXY SETUP

Use proxy server is on

Address http=127.0.0.1:49760;https=127.0.0.1:49760

 

Use the proxy server except for addresses that start with the following entries (;) to seperate entries.

<-loopback>

 

I'm unsure if this issue is also related but for many weeks now I have been receiving an awful lot of junk email offers (in my Thunderbird junk folder) which appeared to be from genuine companies of sites I had visited.

 

I have now tun several malware searches (adware cleaner, Malwarebytes, Hitman pro (paid licence), Windows Malicious Security Tool, Avast Virus (paid licence) and now Avira. Whilst some of these scans were able to detect issues, none of them have been successful in removing the manual proxy setting repopulating itself. Hitman Pro results say that IE is using a proxy server, although I repair, the manual proxy setting still repopulates.

 

In a final act of desperation, I Reset my Windows 10 OS removing all files, apps, programs but yet the manual proxy setting has again repopulated itself. I did this with the windows 10 reset function. I didn't do a clean install from external media.

 

Short of sticking my laptop under the nearest truck, or taking a sledgehammer to it, I'm at a total loss at what to do next and I kindly request any assistance that can be given.

 

Thank you in advance.



BC AdBot (Login to Remove)

 


#2 polskamachina

polskamachina

  • Malware Response Team
  • 4,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:33 PM

Posted 15 February 2017 - 08:31 PM

Hi Stu9191 :)

 

My name is polskamachina and I would like to welcome you to the Malware Removal Forum. I will be helping you with your malware issues.

What follows below are some ground rules for this forum.
 
I will reply as soon as possible (typically within 24-48 hours). In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, please let me know. I am in California at GMT-8 hours (Pacific Standard Time). If I do not respond to you within 48 hours, feel free to send me a private message.

Some points for you to keep in mind:

  • Do NOT run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine. Running any additional tools may detect false positives, interfere with our tools, cause unforeseen damage, or system instability.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • I cannot see your computer. Periodically update me on the condition of your computer, and provide as much detail as you can in every post.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end.
  • NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a flash drive, anywhere except on the computer.
  • NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. Please remember to copy the entire post so you do not miss any instructions.

In order to provide you any assistance I will need for you to do the following:
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both the 32-bit and 64-bit versions and try to run them. Only one of them will run on your system. That will be the correct version.

  • Right-click FRST then click Run as administrator
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will create two logs named, FRST.txt and Addition.txt in the same directory from which the tool was run.
  • Please copy and paste the two logs into your next reply to me.

In summary I will need you to copy and paste into your next reply to me::

  • FRST.txt
  • Addition.txt

polskamachina



#3 Stu9191

Stu9191
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 15 February 2017 - 09:02 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-02-2017 02
Ran by Stuart (administrator) on DESKTOP-3NPMI3O (16-02-2017 12:57:06)
Running from C:\Users\Stuart\Desktop
Loaded Profiles: Stuart &  (Available Profiles: defaultuser0 & Stuart)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(RealityMine Ltd) C:\Program Files\Community\UsageMonitor.WindowsService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(RealityMine Ltd) C:\Program Files\Community\UsageMonitor.UI.App.exe
(RealityMine Ltd) C:\Program Files\Community\UsageMonitor.HealthCheck.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Pushbullet Inc) C:\Users\Stuart\AppData\Local\Pushbullet\bin\pushbullet_client.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3251408 2015-09-23] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040296 2015-08-28] (Realtek Semiconductor)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26220296 2017-02-07] (Dropbox, Inc.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [61896 2016-12-29] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [917576 2016-12-06] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [70592 2017-02-08] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1327487900-917466881-2297462407-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02162017102625594\...\Run: [Community] => C:\Program Files\Community\UsageMonitor.UI.App.exe [339320 2016-12-12] (RealityMine Ltd)
HKU\S-1-5-21-1327487900-917466881-2297462407-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02162017102625594\...\Run: [CommunityHealthcheck] => C:\Program Files\Community\UsageMonitor.HealthCheck.exe [12152 2016-12-12] (RealityMine Ltd)
HKU\S-1-5-21-1327487900-917466881-2297462407-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02162017102625594\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9363672 2017-02-08] (Piriform Ltd)
HKU\S-1-5-21-1327487900-917466881-2297462407-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02162017102625594\...\Run: [Pushbullet] => C:\Program Files (x86)\Pushbullet\pushbullet.exe [345600 2015-07-01] (Pushbullet inc)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.1.1.1
Tcpip\..\Interfaces\{0435522e-af05-464e-b40a-955e32774dbd}: [DhcpNameServer] 10.1.1.1

Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

FireFox:
========
FF DefaultProfile: s5m79n06.default
FF ProfilePath: C:\Users\Stuart\AppData\Roaming\Mozilla\Firefox\Profiles\s5m79n06.default [2017-02-16]
FF NewTab: Mozilla\Firefox\Profiles\s5m79n06.default -> chrome://fvd.speeddial/content/fvd_about_blank.html
FF Homepage: Mozilla\Firefox\Profiles\s5m79n06.default -> chrome://fvd.speeddial/content/fvd_about_blank.html
FF Extension: (Avira Browser Safety) - C:\Users\Stuart\AppData\Roaming\Mozilla\Firefox\Profiles\s5m79n06.default\Extensions\abs@avira.com [2017-02-16]
FF Extension: (Bookmarks Sidebar Button) - C:\Users\Stuart\AppData\Roaming\Mozilla\Firefox\Profiles\s5m79n06.default\Extensions\bookmarks-sidebar@toolbar.org.xpi [2017-02-16]
FF Extension: (EverSync - Sync bookmarks, backup your favorites.) - C:\Users\Stuart\AppData\Roaming\Mozilla\Firefox\Profiles\s5m79n06.default\Extensions\fvdmedia@gmail.com [2017-02-16]
FF Extension: (Speed Dial [FVD] - New Tab Page, Sync...) - C:\Users\Stuart\AppData\Roaming\Mozilla\Firefox\Profiles\s5m79n06.default\Extensions\pavel.sherbakov@gmail.com [2017-02-16]
FF Extension: (Avira SafeSearch Plus) - C:\Users\Stuart\AppData\Roaming\Mozilla\Firefox\Profiles\s5m79n06.default\Extensions\safesearchplus2@avira.com [2017-02-16]
FF Extension: (Community) - C:\Users\Stuart\AppData\Roaming\Mozilla\Firefox\Profiles\s5m79n06.default\Extensions\{275E7360-DA9C-4965-AC66-32B386C0601D}.xpi [2016-12-12]
FF Extension: (Toolbar Button for Facebook™) - C:\Users\Stuart\AppData\Roaming\Mozilla\Firefox\Profiles\s5m79n06.default\Extensions\{72c9fdff-bccd-4fac-a08e-857103c6e721}.xpi [2017-02-16]
FF Extension: (Adblock Plus) - C:\Users\Stuart\AppData\Roaming\Mozilla\Firefox\Profiles\s5m79n06.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-02-16]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-16] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-16] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [onecbbbdnhnmolfhfkhloppkngfjbhnf] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1089592 2016-12-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [476736 2016-12-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [476736 2016-12-06] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1490296 2016-12-06] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [372272 2016-12-29] (Avira Operations GmbH & Co. KG)
R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [25232 2016-12-09] (Avira Operations GmbH & Co. KG)
R2 CommunitySvc; C:\Program Files\Community\UsageMonitor.WindowsService.exe [31608 2016-12-12] (RealityMine Ltd)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-02-16] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-02-16] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46400 2017-02-07] (Dropbox, Inc.)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [139984 2015-09-23] (ELAN Microelectronics Corp.)
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2017-02-16] (SurfRight B.V.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 SpeedupService; C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe [78704 2017-02-08] (Avira Operations GmbH & Co. KG)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [151352 2016-12-06] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [153904 2016-12-06] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [35488 2016-12-06] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [78208 2016-12-06] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [28272 2016-12-06] (Avira Operations GmbH & Co. KG)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77408 2017-02-16] ()
R3 ETDSMBus; C:\WINDOWS\system32\DRIVERS\ETDSMBus.sys [41024 2015-09-23] (ELAN Microelectronic Corp.)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176584 2017-02-16] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [102856 2017-02-16] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-02-16] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [250816 2017-02-16] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNb64; C:\WINDOWS\system32\DRIVERS\Netwbw02.sys [3528976 2016-06-14] (Intel Corporation)
R3 RadioHIDMini; C:\WINDOWS\System32\drivers\RadioHIDMini.sys [32168 2015-07-16] (Windows ® Win 7 DDK provider)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-16 20:38 - 2017-02-16 20:38 - 00000020 ___SH C:\Users\defaultuser0\ntuser.ini
2017-02-16 20:38 - 2017-02-16 20:38 - 00000000 _SHDL C:\Users\defaultuser0\My Documents
2017-02-16 20:38 - 2017-02-16 20:38 - 00000000 _SHDL C:\Users\defaultuser0\Documents\My Videos
2017-02-16 20:38 - 2017-02-16 20:38 - 00000000 _SHDL C:\Users\defaultuser0\Documents\My Pictures
2017-02-16 20:38 - 2017-02-16 20:38 - 00000000 _SHDL C:\Users\defaultuser0\Documents\My Music
2017-02-16 20:38 - 2017-02-16 20:38 - 00000000 ____D C:\Users\defaultuser0
2017-02-16 19:40 - 2017-02-16 19:40 - 00000000 _SHDL C:\Users\Public\Documents\My Videos
2017-02-16 19:40 - 2017-02-16 19:40 - 00000000 _SHDL C:\Users\Public\Documents\My Pictures
2017-02-16 19:40 - 2017-02-16 19:40 - 00000000 _SHDL C:\Users\Public\Documents\My Music
2017-02-16 19:40 - 2017-02-16 19:40 - 00000000 _SHDL C:\Users\Default\My Documents
2017-02-16 19:40 - 2017-02-16 19:40 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2017-02-16 19:40 - 2017-02-16 19:40 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2017-02-16 19:40 - 2017-02-16 19:40 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2017-02-16 19:40 - 2017-02-16 19:40 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2017-02-16 19:40 - 2017-02-16 19:40 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2017-02-16 19:40 - 2017-02-16 19:40 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2017-02-16 19:29 - 2017-02-16 02:24 - 00000000 ___DC C:\WINDOWS\Panther
2017-02-16 19:27 - 2017-02-16 19:27 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2017-02-16 19:27 - 2017-02-16 19:27 - 00000000 ____D C:\Windows.old
2017-02-16 12:57 - 2017-02-16 12:58 - 00017319 _____ C:\Users\Stuart\Desktop\FRST.txt
2017-02-16 12:56 - 2017-02-16 12:57 - 00000000 ____D C:\FRST
2017-02-16 12:51 - 2017-02-16 12:56 - 02422272 _____ (Farbar) C:\Users\Stuart\Desktop\FRST64.exe
2017-02-16 10:37 - 2017-02-16 10:37 - 00001216 _____ C:\Users\Public\Desktop\Avira System Speedup.lnk
2017-02-16 10:37 - 2017-02-16 10:37 - 00000000 ____D C:\WINDOWS\System32\Tasks\Avira
2017-02-16 10:37 - 2017-02-16 10:37 - 00000000 ____D C:\Users\Public\Speedup Sessions
2017-02-16 10:30 - 2017-02-16 10:30 - 00000000 ____D C:\Users\Stuart\AppData\Local\Avira
2017-02-16 10:29 - 2017-02-16 10:29 - 00002151 _____ C:\Users\Public\Desktop\Avira Software Updater.lnk
2017-02-16 10:12 - 2017-02-16 10:12 - 00000000 ____D C:\Users\Stuart\AppData\Roaming\Macromedia
2017-02-16 10:12 - 2017-02-16 10:12 - 00000000 ____D C:\Users\Stuart\AppData\Local\Macromedia
2017-02-16 05:11 - 2017-02-16 05:11 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-16 05:10 - 2017-02-16 05:10 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-16 05:10 - 2017-02-16 05:10 - 00000000 ____D C:\Users\Stuart\AppData\Roaming\Avira
2017-02-16 05:05 - 2016-12-21 19:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-02-16 05:05 - 2016-12-21 19:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-02-16 05:05 - 2016-12-21 18:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-02-16 05:05 - 2016-12-21 18:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-02-16 05:05 - 2016-12-21 18:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-02-16 05:05 - 2016-12-21 18:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-02-16 05:05 - 2016-12-21 18:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-02-16 05:05 - 2016-12-21 18:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-02-16 05:05 - 2016-12-21 18:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-02-16 05:05 - 2016-12-21 18:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-02-16 05:05 - 2016-12-21 18:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-02-16 05:05 - 2016-12-21 18:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-02-16 05:05 - 2016-12-21 18:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-02-16 05:05 - 2016-12-21 18:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-02-16 05:05 - 2016-12-21 18:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-02-16 05:05 - 2016-12-21 18:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-02-16 05:05 - 2016-12-21 18:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-02-16 05:05 - 2016-12-21 18:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-02-16 05:05 - 2016-12-21 17:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-02-16 05:05 - 2016-12-21 17:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-02-16 05:05 - 2016-12-21 17:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-02-16 05:05 - 2016-12-21 17:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-02-16 05:05 - 2016-12-21 17:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-02-16 05:05 - 2016-12-21 17:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-02-16 05:05 - 2016-12-21 17:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-02-16 05:05 - 2016-12-21 17:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-02-16 05:05 - 2016-12-21 17:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-02-16 05:05 - 2016-12-21 17:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-02-16 05:05 - 2016-12-21 17:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-02-16 05:05 - 2016-12-21 17:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-02-16 05:05 - 2016-12-21 17:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-02-16 05:05 - 2016-12-21 16:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-02-16 05:05 - 2016-12-21 16:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-02-16 05:05 - 2016-12-21 16:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-02-16 05:05 - 2016-12-21 15:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-02-16 05:05 - 2016-12-21 15:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-02-16 05:05 - 2016-12-21 15:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-02-16 05:05 - 2016-12-21 15:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-02-16 05:05 - 2016-12-21 15:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-02-16 05:05 - 2016-12-21 15:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-02-16 05:05 - 2016-12-21 15:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-02-16 05:05 - 2016-12-21 15:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-02-16 05:05 - 2016-12-21 15:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-02-16 05:05 - 2016-12-21 15:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-02-16 05:05 - 2016-12-21 15:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-02-16 05:05 - 2016-12-21 15:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-02-16 05:05 - 2016-12-21 15:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-02-16 05:05 - 2016-12-21 15:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-02-16 05:05 - 2016-12-21 15:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-02-16 05:05 - 2016-12-21 15:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-02-16 05:05 - 2016-12-14 16:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-02-16 05:05 - 2016-12-14 16:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-02-16 05:05 - 2016-12-14 16:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-02-16 05:05 - 2016-12-14 16:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-02-16 05:05 - 2016-12-14 16:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-02-16 05:05 - 2016-12-14 16:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-02-16 05:05 - 2016-12-14 16:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-02-16 05:05 - 2016-12-14 16:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-02-16 05:05 - 2016-12-14 15:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-02-16 05:05 - 2016-12-14 15:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-02-16 05:05 - 2016-12-14 15:44 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2017-02-16 05:05 - 2016-12-14 15:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-02-16 05:05 - 2016-12-14 15:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-02-16 05:05 - 2016-12-14 15:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-02-16 05:05 - 2016-12-14 15:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-02-16 05:05 - 2016-12-14 15:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-02-16 05:05 - 2016-12-14 15:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-02-16 05:05 - 2016-12-14 15:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-02-16 05:05 - 2016-12-14 15:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-02-16 05:05 - 2016-12-14 15:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-02-16 05:05 - 2016-12-14 15:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-02-16 05:05 - 2016-12-14 15:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-02-16 05:05 - 2016-12-14 15:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-02-16 05:05 - 2016-12-14 15:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-02-16 05:05 - 2016-12-14 15:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-02-16 05:05 - 2016-12-14 15:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-02-16 05:05 - 2016-12-14 15:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-02-16 05:05 - 2016-12-14 15:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-02-16 05:05 - 2016-12-14 15:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-02-16 05:05 - 2016-12-14 15:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-02-16 05:05 - 2016-12-14 15:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-02-16 05:05 - 2016-12-14 15:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-02-16 05:05 - 2016-12-09 21:42 - 01637728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-02-16 05:05 - 2016-12-09 21:42 - 00137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-02-16 05:05 - 2016-12-09 21:29 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-02-16 05:05 - 2016-12-09 21:28 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-02-16 05:05 - 2016-12-09 21:20 - 02677544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-02-16 05:05 - 2016-12-09 21:20 - 02189664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-02-16 05:05 - 2016-12-09 21:20 - 01738560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-02-16 05:05 - 2016-12-09 21:20 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-02-16 05:05 - 2016-12-09 21:20 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-02-16 05:05 - 2016-12-09 21:19 - 00168424 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2017-02-16 05:05 - 2016-12-09 21:18 - 02913144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-02-16 05:05 - 2016-12-09 21:18 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2017-02-16 05:05 - 2016-12-09 21:18 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-02-16 05:05 - 2016-12-09 21:18 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-02-16 05:05 - 2016-12-09 21:18 - 00947552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-02-16 05:05 - 2016-12-09 21:18 - 00811872 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-02-16 05:05 - 2016-12-09 21:11 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-02-16 05:05 - 2016-12-09 21:01 - 01503544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-02-16 05:05 - 2016-12-09 21:01 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-02-16 05:05 - 2016-12-09 21:00 - 00106896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2017-02-16 05:05 - 2016-12-09 20:59 - 02166752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-02-16 05:05 - 2016-12-09 20:59 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2017-02-16 05:05 - 2016-12-09 20:56 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-02-16 05:05 - 2016-12-09 20:52 - 01415752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-02-16 05:05 - 2016-12-09 20:42 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2017-02-16 05:05 - 2016-12-09 20:41 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2017-02-16 05:05 - 2016-12-09 20:41 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2017-02-16 05:05 - 2016-12-09 20:37 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2017-02-16 05:05 - 2016-12-09 20:36 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2017-02-16 05:05 - 2016-12-09 20:36 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-02-16 05:05 - 2016-12-09 20:34 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2017-02-16 05:05 - 2016-12-09 20:33 - 03777536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-02-16 05:05 - 2016-12-09 20:31 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2017-02-16 05:05 - 2016-12-09 20:31 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-02-16 05:05 - 2016-12-09 20:25 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2017-02-16 05:05 - 2016-12-09 20:21 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-02-16 05:05 - 2016-12-09 20:20 - 00730624 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-02-16 05:05 - 2016-12-09 20:18 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-02-16 05:05 - 2016-12-09 20:18 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-02-16 05:05 - 2016-12-09 20:18 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2017-02-16 05:05 - 2016-12-09 20:16 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2017-02-16 05:05 - 2016-12-09 20:15 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2017-02-16 05:05 - 2016-12-09 20:15 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2017-02-16 05:05 - 2016-12-09 20:15 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2017-02-16 05:05 - 2016-12-09 19:54 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-02-16 05:05 - 2016-11-11 21:15 - 00101216 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceReactivation.dll
2017-02-16 05:05 - 2016-11-11 21:14 - 00603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2017-02-16 05:05 - 2016-11-11 21:13 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-02-16 05:05 - 2016-11-11 21:13 - 01886344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-02-16 05:05 - 2016-11-11 21:13 - 00352096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2017-02-16 05:05 - 2016-11-11 21:12 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2017-02-16 05:05 - 2016-11-11 21:08 - 00142176 _____ (Microsoft Corporation) C:\WINDOWS\system32\migisol.dll
2017-02-16 05:05 - 2016-11-11 21:03 - 01069720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-02-16 05:05 - 2016-11-11 21:02 - 02828376 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2017-02-16 05:05 - 2016-11-11 21:01 - 00637400 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2017-02-16 05:05 - 2016-11-11 21:00 - 00223584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-02-16 05:05 - 2016-11-11 21:00 - 00219488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2017-02-16 05:05 - 2016-11-11 20:59 - 00433504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2017-02-16 05:05 - 2016-11-11 20:57 - 01473048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2017-02-16 05:05 - 2016-11-11 20:56 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-02-16 05:05 - 2016-11-11 20:56 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-02-16 05:05 - 2016-11-11 20:56 - 00187520 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudStorageWizard.exe
2017-02-16 05:05 - 2016-11-11 20:56 - 00126568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfaudiocnv.dll
2017-02-16 05:05 - 2016-11-11 20:55 - 00882680 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2017-02-16 05:05 - 2016-11-11 20:55 - 00743224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2017-02-16 05:05 - 2016-11-11 20:51 - 00454592 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2017-02-16 05:05 - 2016-11-11 20:27 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2017-02-16 05:05 - 2016-11-11 20:26 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2017-02-16 05:05 - 2016-11-11 20:26 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgentc.exe
2017-02-16 05:05 - 2016-11-11 20:25 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2017-02-16 05:05 - 2016-11-11 20:25 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2017-02-16 05:05 - 2016-11-11 20:24 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2017-02-16 05:05 - 2016-11-11 20:24 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2017-02-16 05:05 - 2016-11-11 20:24 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2017-02-16 05:05 - 2016-11-11 20:24 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-02-16 05:05 - 2016-11-11 20:23 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2017-02-16 05:05 - 2016-11-11 20:22 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2017-02-16 05:05 - 2016-11-11 20:21 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-02-16 05:05 - 2016-11-11 20:21 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2017-02-16 05:05 - 2016-11-11 20:20 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-02-16 05:05 - 2016-11-11 20:20 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupugc.exe
2017-02-16 05:05 - 2016-11-11 20:19 - 00620544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2017-02-16 05:05 - 2016-11-11 20:19 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2017-02-16 05:05 - 2016-11-11 20:19 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2017-02-16 05:05 - 2016-11-11 20:18 - 02084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2017-02-16 05:05 - 2016-11-11 20:18 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2017-02-16 05:05 - 2016-11-11 20:16 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2017-02-16 05:05 - 2016-11-11 20:16 - 01477632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2017-02-16 05:05 - 2016-11-11 20:16 - 00560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-02-16 05:05 - 2016-11-11 20:16 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2017-02-16 05:05 - 2016-11-11 20:15 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2017-02-16 05:05 - 2016-11-11 20:14 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2017-02-16 05:05 - 2016-11-11 20:14 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2017-02-16 05:05 - 2016-11-11 20:14 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppnp.dll
2017-02-16 05:05 - 2016-11-11 20:11 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2017-02-16 05:05 - 2016-11-11 20:11 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpoext.dll
2017-02-16 05:05 - 2016-11-11 20:09 - 00164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2017-02-16 05:05 - 2016-11-11 20:07 - 01691136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-02-16 05:05 - 2016-11-11 20:06 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2017-02-16 05:05 - 2016-11-11 20:06 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-02-16 05:05 - 2016-11-11 20:05 - 04136448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2017-02-16 05:05 - 2016-11-11 20:05 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-02-16 05:05 - 2016-11-11 20:04 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2017-02-16 05:05 - 2016-11-11 20:04 - 01709056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-02-16 05:05 - 2016-11-11 20:04 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2017-02-16 05:05 - 2016-11-11 20:04 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2017-02-16 05:05 - 2016-11-11 20:03 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-02-16 05:05 - 2016-11-11 20:03 - 02287616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-02-16 05:05 - 2016-11-11 20:03 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2017-02-16 05:05 - 2016-11-11 20:03 - 00632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-02-16 05:05 - 2016-11-11 20:03 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2017-02-16 05:05 - 2016-11-11 19:01 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2017-02-16 05:05 - 2016-11-11 19:00 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-02-16 05:05 - 2016-11-11 18:49 - 00869848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2017-02-16 05:05 - 2016-11-11 18:49 - 00248480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-02-16 05:05 - 2016-11-11 18:47 - 05722832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-02-16 05:05 - 2016-11-11 18:47 - 01430720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-02-16 05:05 - 2016-11-11 18:42 - 00152416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
2017-02-16 05:05 - 2016-11-11 18:41 - 04311736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-02-16 05:05 - 2016-11-11 18:38 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-02-16 05:05 - 2016-11-11 18:25 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2017-02-16 05:05 - 2016-11-11 18:25 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2017-02-16 05:05 - 2016-11-11 18:24 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2017-02-16 05:05 - 2016-11-11 18:21 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2017-02-16 05:05 - 2016-11-11 18:19 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-02-16 05:05 - 2016-11-11 18:19 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2017-02-16 05:05 - 2016-11-11 18:19 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2017-02-16 05:05 - 2016-11-11 18:18 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2017-02-16 05:05 - 2016-11-11 18:18 - 01336320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2017-02-16 05:05 - 2016-11-11 18:18 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2017-02-16 05:05 - 2016-11-11 18:17 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2017-02-16 05:05 - 2016-11-11 18:16 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2017-02-16 05:05 - 2016-11-11 18:15 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-02-16 05:05 - 2016-11-11 18:15 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2017-02-16 05:05 - 2016-11-11 18:14 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2017-02-16 05:05 - 2016-11-11 18:12 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcuiu.dll
2017-02-16 05:05 - 2016-11-11 18:10 - 06109184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-02-16 05:05 - 2016-11-11 18:09 - 05380608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-02-16 05:05 - 2016-11-11 18:06 - 02362880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-02-16 05:05 - 2016-11-11 18:06 - 02109952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2017-02-16 05:05 - 2016-11-11 18:06 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-02-16 05:05 - 2016-11-11 18:05 - 03370496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2017-02-16 05:05 - 2016-11-11 18:04 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2017-02-16 05:05 - 2016-11-11 18:04 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-02-16 05:05 - 2016-11-11 18:04 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2017-02-16 05:05 - 2016-11-11 18:03 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2017-02-16 05:05 - 2016-11-11 18:03 - 01576448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2017-02-16 05:05 - 2016-11-11 18:03 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-02-16 05:05 - 2016-11-11 18:03 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2017-02-16 05:05 - 2016-11-11 18:03 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2017-02-16 05:05 - 2016-11-11 18:03 - 00565248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-02-16 05:05 - 2016-11-11 18:02 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2017-02-16 05:04 - 2016-12-21 19:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-02-16 05:04 - 2016-12-21 18:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-02-16 05:04 - 2016-12-21 18:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-02-16 05:04 - 2016-12-21 18:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-02-16 05:04 - 2016-12-21 18:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-02-16 05:04 - 2016-12-21 18:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-02-16 05:04 - 2016-12-21 18:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-02-16 05:04 - 2016-12-21 18:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-02-16 05:04 - 2016-12-21 18:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-02-16 05:04 - 2016-12-21 18:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-02-16 05:04 - 2016-12-21 18:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-02-16 05:04 - 2016-12-21 18:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-02-16 05:04 - 2016-12-21 18:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-02-16 05:04 - 2016-12-21 18:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-02-16 05:04 - 2016-12-21 18:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-02-16 05:04 - 2016-12-21 18:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-02-16 05:04 - 2016-12-21 18:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-02-16 05:04 - 2016-12-21 18:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-02-16 05:04 - 2016-12-21 18:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-02-16 05:04 - 2016-12-21 18:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-02-16 05:04 - 2016-12-21 18:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-02-16 05:04 - 2016-12-21 17:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-02-16 05:04 - 2016-12-21 17:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-02-16 05:04 - 2016-12-21 17:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-02-16 05:04 - 2016-12-21 17:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-02-16 05:04 - 2016-12-21 17:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-02-16 05:04 - 2016-12-21 17:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-02-16 05:04 - 2016-12-21 17:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-02-16 05:04 - 2016-12-21 16:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-02-16 05:04 - 2016-12-21 16:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-02-16 05:04 - 2016-12-21 16:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-02-16 05:04 - 2016-12-21 16:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-02-16 05:04 - 2016-12-21 16:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-02-16 05:04 - 2016-12-21 16:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-02-16 05:04 - 2016-12-21 15:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-02-16 05:04 - 2016-12-21 15:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-02-16 05:04 - 2016-12-21 15:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-02-16 05:04 - 2016-12-21 15:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-02-16 05:04 - 2016-12-21 15:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-02-16 05:04 - 2016-12-21 15:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-02-16 05:04 - 2016-12-21 15:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-02-16 05:04 - 2016-12-21 15:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-02-16 05:04 - 2016-12-21 15:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-02-16 05:04 - 2016-12-21 15:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-02-16 05:04 - 2016-12-21 15:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-02-16 05:04 - 2016-12-21 15:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-02-16 05:04 - 2016-12-14 16:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-02-16 05:04 - 2016-12-14 16:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-02-16 05:04 - 2016-12-14 16:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-02-16 05:04 - 2016-12-14 16:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-02-16 05:04 - 2016-12-14 16:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-02-16 05:04 - 2016-12-14 16:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-02-16 05:04 - 2016-12-14 16:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-02-16 05:04 - 2016-12-14 16:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-02-16 05:04 - 2016-12-14 16:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-02-16 05:04 - 2016-12-14 16:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-02-16 05:04 - 2016-12-14 15:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-02-16 05:04 - 2016-12-14 15:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-02-16 05:04 - 2016-12-14 15:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-02-16 05:04 - 2016-12-14 15:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-02-16 05:04 - 2016-12-14 15:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-02-16 05:04 - 2016-12-14 15:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-02-16 05:04 - 2016-12-14 15:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-02-16 05:04 - 2016-12-14 15:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-02-16 05:04 - 2016-12-14 15:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-02-16 05:04 - 2016-12-14 15:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-02-16 05:04 - 2016-12-14 15:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-02-16 05:04 - 2016-12-14 15:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-02-16 05:04 - 2016-12-14 15:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-02-16 05:04 - 2016-12-14 15:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-02-16 05:04 - 2016-12-14 15:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-02-16 05:04 - 2016-12-14 15:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-02-16 05:04 - 2016-12-14 15:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-02-16 05:04 - 2016-12-14 15:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-02-16 05:04 - 2016-12-14 15:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-02-16 05:04 - 2016-12-14 15:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-02-16 05:04 - 2016-12-14 15:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-02-16 05:04 - 2016-12-14 15:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-02-16 05:04 - 2016-12-14 15:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-02-16 05:04 - 2016-12-09 21:34 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-02-16 05:04 - 2016-12-09 21:34 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-02-16 05:04 - 2016-12-09 21:33 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-02-16 05:04 - 2016-12-09 21:33 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-02-16 05:04 - 2016-12-09 21:30 - 00377184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-02-16 05:04 - 2016-12-09 21:27 - 00172528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2017-02-16 05:04 - 2016-12-09 21:19 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-02-16 05:04 - 2016-12-09 21:15 - 08168000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-02-16 05:04 - 2016-12-09 21:14 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-02-16 05:04 - 2016-12-09 21:10 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-02-16 05:04 - 2016-12-09 21:10 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-02-16 05:04 - 2016-12-09 21:01 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-02-16 05:04 - 2016-12-09 20:57 - 06668040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-02-16 05:04 - 2016-12-09 20:52 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-02-16 05:04 - 2016-12-09 20:51 - 00117240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2017-02-16 05:04 - 2016-12-09 20:45 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2017-02-16 05:04 - 2016-12-09 20:33 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2017-02-16 05:04 - 2016-12-09 20:32 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2017-02-16 05:04 - 2016-12-09 20:28 - 03306496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-02-16 05:04 - 2016-12-09 20:28 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-02-16 05:04 - 2016-12-09 20:27 - 13084160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-02-16 05:04 - 2016-12-09 20:27 - 05114368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2017-02-16 05:04 - 2016-12-09 20:27 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2017-02-16 05:04 - 2016-12-09 20:23 - 12177920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-02-16 05:04 - 2016-12-09 20:22 - 02820096 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-02-16 05:04 - 2016-12-09 20:21 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-02-16 05:04 - 2016-12-09 20:20 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2017-02-16 05:04 - 2016-12-09 20:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2017-02-16 05:04 - 2016-12-09 20:20 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2017-02-16 05:04 - 2016-12-09 20:19 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2017-02-16 05:04 - 2016-12-09 20:19 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2017-02-16 05:04 - 2016-12-09 20:19 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2017-02-16 05:04 - 2016-12-09 20:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2017-02-16 05:04 - 2016-12-09 20:17 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-02-16 05:04 - 2016-11-11 21:15 - 00198856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2017-02-16 05:04 - 2016-11-11 21:14 - 02186896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2017-02-16 05:04 - 2016-11-11 21:03 - 00266544 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-02-16 05:04 - 2016-11-11 21:02 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-02-16 05:04 - 2016-11-11 21:01 - 07219672 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-02-16 05:04 - 2016-11-11 21:01 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-02-16 05:04 - 2016-11-11 20:56 - 00424616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2017-02-16 05:04 - 2016-11-11 20:56 - 00163752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2017-02-16 05:04 - 2016-11-11 20:54 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-02-16 05:04 - 2016-11-11 20:31 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-02-16 05:04 - 2016-11-11 20:28 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll
2017-02-16 05:04 - 2016-11-11 20:27 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpremove.exe
2017-02-16 05:04 - 2016-11-11 20:26 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2017-02-16 05:04 - 2016-11-11 20:26 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReportingCSP.dll
2017-02-16 05:04 - 2016-11-11 20:26 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\modem.sys
2017-02-16 05:04 - 2016-11-11 20:25 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2017-02-16 05:04 - 2016-11-11 20:25 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2017-02-16 05:04 - 2016-11-11 20:25 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2017-02-16 05:04 - 2016-11-11 20:25 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2017-02-16 05:04 - 2016-11-11 20:25 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2017-02-16 05:04 - 2016-11-11 20:24 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2017-02-16 05:04 - 2016-11-11 20:24 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2017-02-16 05:04 - 2016-11-11 20:24 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2017-02-16 05:04 - 2016-11-11 20:24 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2017-02-16 05:04 - 2016-11-11 20:23 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2017-02-16 05:04 - 2016-11-11 20:23 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-02-16 05:04 - 2016-11-11 20:23 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\EAMProgressHandler.dll
2017-02-16 05:04 - 2016-11-11 20:22 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\EDPCleanup.exe
2017-02-16 05:04 - 2016-11-11 20:22 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2017-02-16 05:04 - 2016-11-11 20:21 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2017-02-16 05:04 - 2016-11-11 20:21 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2017-02-16 05:04 - 2016-11-11 20:20 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2017-02-16 05:04 - 2016-11-11 20:20 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-02-16 05:04 - 2016-11-11 20:20 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2017-02-16 05:04 - 2016-11-11 20:20 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2017-02-16 05:04 - 2016-11-11 20:20 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-02-16 05:04 - 2016-11-11 20:20 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-02-16 05:04 - 2016-11-11 20:20 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2017-02-16 05:04 - 2016-11-11 20:20 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2017-02-16 05:04 - 2016-11-11 20:20 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2017-02-16 05:04 - 2016-11-11 20:19 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2017-02-16 05:04 - 2016-11-11 20:19 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-02-16 05:04 - 2016-11-11 20:19 - 00388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2017-02-16 05:04 - 2016-11-11 20:19 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2017-02-16 05:04 - 2016-11-11 20:19 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2017-02-16 05:04 - 2016-11-11 20:19 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2017-02-16 05:04 - 2016-11-11 20:17 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2017-02-16 05:04 - 2016-11-11 20:17 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll
2017-02-16 05:04 - 2016-11-11 20:16 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2017-02-16 05:04 - 2016-11-11 20:16 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2017-02-16 05:04 - 2016-11-11 20:15 - 00282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-02-16 05:04 - 2016-11-11 20:15 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscinterop.dll
2017-02-16 05:04 - 2016-11-11 20:14 - 07654400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-02-16 05:04 - 2016-11-11 20:14 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-02-16 05:04 - 2016-11-11 20:13 - 07812096 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-02-16 05:04 - 2016-11-11 20:13 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2017-02-16 05:04 - 2016-11-11 20:13 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcuiu.dll
2017-02-16 05:04 - 2016-11-11 20:12 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
2017-02-16 05:04 - 2016-11-11 20:09 - 01366016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-02-16 05:04 - 2016-11-11 20:08 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2017-02-16 05:04 - 2016-11-11 20:07 - 03441152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-02-16 05:04 - 2016-11-11 20:07 - 02953216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2017-02-16 05:04 - 2016-11-11 20:07 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-02-16 05:04 - 2016-11-11 20:07 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2017-02-16 05:04 - 2016-11-11 20:07 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-02-16 05:04 - 2016-11-11 20:07 - 00347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-02-16 05:04 - 2016-11-11 20:06 - 00960000 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-02-16 05:04 - 2016-11-11 20:05 - 02852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-02-16 05:04 - 2016-11-11 20:05 - 01031680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2017-02-16 05:04 - 2016-11-11 20:04 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2017-02-16 05:04 - 2016-11-11 20:04 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2017-02-16 05:04 - 2016-11-11 20:04 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2017-02-16 05:04 - 2016-11-11 20:04 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2017-02-16 05:04 - 2016-11-11 20:03 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-02-16 05:04 - 2016-11-11 20:03 - 00905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2017-02-16 05:04 - 2016-11-11 20:02 - 03542016 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2017-02-16 05:04 - 2016-11-11 20:02 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-02-16 05:04 - 2016-11-11 20:02 - 00936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2017-02-16 05:04 - 2016-11-11 19:01 - 00167848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2017-02-16 05:04 - 2016-11-11 18:59 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-02-16 05:04 - 2016-11-11 18:54 - 00122208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\migisol.dll
2017-02-16 05:04 - 2016-11-11 18:48 - 02277248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2017-02-16 05:04 - 2016-11-11 18:47 - 00527880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2017-02-16 05:04 - 2016-11-11 18:42 - 01123912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2017-02-16 05:04 - 2016-11-11 18:42 - 00952416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-02-16 05:04 - 2016-11-11 18:42 - 00374448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2017-02-16 05:04 - 2016-11-11 18:42 - 00091936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfaudiocnv.dll
2017-02-16 05:04 - 2016-11-11 18:41 - 00157536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudStorageWizard.exe
2017-02-16 05:04 - 2016-11-11 18:27 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe
2017-02-16 05:04 - 2016-11-11 18:26 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgentc.exe
2017-02-16 05:04 - 2016-11-11 18:24 - 00519168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2017-02-16 05:04 - 2016-11-11 18:24 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2017-02-16 05:04 - 2016-11-11 18:24 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2017-02-16 05:04 - 2016-11-11 18:23 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2017-02-16 05:04 - 2016-11-11 18:23 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2017-02-16 05:04 - 2016-11-11 18:22 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-02-16 05:04 - 2016-11-11 18:22 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2017-02-16 05:04 - 2016-11-11 18:21 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2017-02-16 05:04 - 2016-11-11 18:20 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-02-16 05:04 - 2016-11-11 18:19 - 01755136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2017-02-16 05:04 - 2016-11-11 18:19 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2017-02-16 05:04 - 2016-11-11 18:19 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2017-02-16 05:04 - 2016-11-11 18:19 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupugc.exe
2017-02-16 05:04 - 2016-11-11 18:18 - 01196544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2017-02-16 05:04 - 2016-11-11 18:18 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-02-16 05:04 - 2016-11-11 18:18 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscinterop.dll
2017-02-16 05:04 - 2016-11-11 18:17 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-02-16 05:04 - 2016-11-11 18:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2017-02-16 05:04 - 2016-11-11 18:15 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-02-16 05:04 - 2016-11-11 18:10 - 00746496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2017-02-16 05:04 - 2016-11-11 18:09 - 00545280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2017-02-16 05:04 - 2016-11-11 18:08 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xolehlp.dll
2017-02-16 05:04 - 2016-11-11 18:06 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2017-02-16 05:04 - 2016-11-11 18:06 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxclu.dll
2017-02-16 05:04 - 2016-11-11 18:05 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-02-16 05:04 - 2016-11-11 18:04 - 01992704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-02-16 05:04 - 2016-11-11 18:04 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-02-16 05:04 - 2016-11-11 18:04 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2017-02-16 05:04 - 2016-11-11 18:03 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-02-16 05:01 - 2017-02-16 05:21 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-16 05:01 - 2017-02-16 05:01 - 00003806 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-02-16 04:59 - 2017-02-16 05:01 - 00000000 ____D C:\Users\Stuart\AppData\Local\Adobe
2017-02-16 04:51 - 2017-02-16 04:51 - 00000000 ____D C:\Users\Stuart\AppData\Roaming\OpenOffice
2017-02-16 04:50 - 2017-02-16 10:38 - 00000000 ___RD C:\Users\Stuart\Dropbox
2017-02-16 04:50 - 2017-02-16 04:50 - 00001299 _____ C:\Users\Stuart\Desktop\Dropbox.lnk
2017-02-16 04:44 - 2017-02-16 04:44 - 00000000 ____D C:\Users\Stuart\AppData\Local\ElevatedDiagnostics
2017-02-16 04:28 - 2016-12-21 18:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-02-16 04:28 - 2016-12-21 15:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-02-16 04:22 - 2017-02-16 10:36 - 00000000 ____D C:\Users\Stuart\AppData\Local\Pushbullet
2017-02-16 04:21 - 2017-02-16 04:21 - 00000000 ____D C:\Users\Stuart\AppData\Local\NVIDIA
2017-02-16 04:18 - 2017-02-16 04:18 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-16 04:10 - 2017-02-16 04:10 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2017-02-16 04:08 - 2016-12-06 16:01 - 00153904 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2017-02-16 04:08 - 2016-12-06 16:01 - 00151352 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2017-02-16 04:08 - 2016-12-06 16:01 - 00078208 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2017-02-16 04:08 - 2016-12-06 16:01 - 00035488 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2017-02-16 04:08 - 2016-12-06 16:01 - 00028272 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avusbflt.sys
2017-02-16 04:03 - 2017-02-16 10:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-02-16 04:03 - 2017-02-16 10:36 - 00000000 ____D C:\Program Files (x86)\Avira
2017-02-16 04:03 - 2017-02-16 10:29 - 00000000 ____D C:\ProgramData\Avira
2017-02-16 04:03 - 2017-02-16 04:03 - 00001277 _____ C:\Users\Public\Desktop\Avira Connect.lnk
2017-02-16 04:02 - 2017-02-16 04:02 - 04581024 _____ (Avira Operations GmbH & Co. KG) C:\Users\Stuart\Downloads\avira_en_av_58a4896cd1740__ws.exe
2017-02-16 03:56 - 2017-02-16 03:56 - 00002075 _____ C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2017-02-16 03:56 - 2017-02-16 03:56 - 00002065 _____ C:\Users\Public\Desktop\Samsung Kies.lnk
2017-02-16 03:56 - 2017-02-16 03:56 - 00000000 ____D C:\Users\Stuart\AppData\Roaming\Samsung
2017-02-16 03:54 - 2017-02-16 03:54 - 00002235 _____ C:\Users\Public\Desktop\Style Builder 2017.lnk
2017-02-16 03:54 - 2017-02-16 03:54 - 00002149 _____ C:\Users\Public\Desktop\LayOut 2017.lnk
2017-02-16 03:54 - 2017-02-16 03:54 - 00002060 _____ C:\Users\Public\Desktop\SketchUp 2017.lnk
2017-02-16 03:54 - 2017-02-16 03:54 - 00000000 ____D C:\ProgramData\Reprise
2017-02-16 03:54 - 2017-02-16 03:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 2017
2017-02-16 03:53 - 2017-02-16 03:53 - 00000000 ____D C:\ProgramData\SketchUp
2017-02-16 03:53 - 2017-02-16 03:53 - 00000000 ____D C:\Program Files\SketchUp
2017-02-16 03:50 - 2017-02-16 03:50 - 00001100 _____ C:\Users\Public\Desktop\Pushbullet.lnk
2017-02-16 03:50 - 2017-02-16 03:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pushbullet
2017-02-16 03:50 - 2017-02-16 03:50 - 00000000 ____D C:\Program Files (x86)\Pushbullet
2017-02-16 03:49 - 2017-02-16 03:50 - 01737872 _____ (Pushbullet Inc ) C:\Users\Stuart\Downloads\pushbullet_installer.exe
2017-02-16 03:47 - 2017-02-16 03:50 - 155261392 _____ (Trimble, Inc.) C:\Users\Stuart\Downloads\SketchUpMake-en-x64.exe
2017-02-16 03:46 - 2017-02-16 03:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2017-02-16 03:46 - 2016-05-18 14:49 - 04659712 _____ (Dmitry Streblechenko) C:\WINDOWS\SysWOW64\Redemption.dll
2017-02-16 03:46 - 2016-05-18 14:49 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\WINDOWS\SysWOW64\secman.dll
2017-02-16 03:45 - 2017-02-16 03:45 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2017-02-16 03:44 - 2017-02-16 03:44 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-02-16 03:43 - 2017-02-16 11:27 - 00102856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-02-16 03:43 - 2017-02-16 10:25 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-02-16 03:42 - 2017-02-16 11:27 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-16 03:42 - 2017-02-16 11:27 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-02-16 03:42 - 2017-02-16 11:26 - 00077408 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-02-16 03:42 - 2017-02-16 03:53 - 00000000 ____D C:\Program Files (x86)\Samsung
2017-02-16 03:42 - 2017-02-16 03:52 - 00000000 ____D C:\ProgramData\Samsung
2017-02-16 03:42 - 2017-02-16 03:42 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-16 03:42 - 2017-02-16 03:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-16 03:41 - 2017-02-16 03:45 - 04015056 _____ C:\Users\Stuart\Downloads\adwcleaner_6.043.exe
2017-02-16 03:41 - 2017-02-16 03:41 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-16 03:41 - 2017-02-16 03:41 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-16 03:37 - 2017-02-16 03:37 - 00000000 ____D C:\Users\Stuart\AppData\Local\Downloaded Installations
2017-02-16 03:36 - 2017-02-16 03:38 - 55566792 _____ (Malwarebytes ) C:\Users\Stuart\Downloads\mb3-setup-consumer-3.0.6.1469.exe
2017-02-16 03:35 - 2017-02-16 03:37 - 72022192 _____ (Samsung Electronics) C:\Users\Stuart\Downloads\KiesSetup.exe
2017-02-16 03:34 - 2017-02-16 03:34 - 00000000 ____D C:\Users\Stuart\AppData\LocalLow\Google
2017-02-16 03:33 - 2017-02-16 03:33 - 00002221 _____ C:\Users\Public\Desktop\Google Earth.lnk
2017-02-16 03:33 - 2017-02-16 03:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2017-02-16 03:32 - 2017-02-16 03:32 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-02-16 03:32 - 2017-02-16 03:32 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-02-16 03:31 - 2017-02-16 10:49 - 00000000 ____D C:\Users\Stuart\AppData\Local\Google
2017-02-16 03:31 - 2017-02-16 03:33 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-16 03:31 - 2017-02-16 03:31 - 01129376 _____ (Google Inc.) C:\Users\Stuart\Downloads\GoogleEarthSetup.exe
2017-02-16 03:18 - 2017-02-16 03:18 - 00000000 ____D C:\Users\Stuart\AppData\Local\IsolatedStorage
2017-02-16 03:15 - 2017-02-16 04:02 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-16 03:15 - 2017-02-16 03:15 - 00002872 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-02-16 03:15 - 2017-02-16 03:15 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-02-16 03:15 - 2017-02-16 03:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Community
2017-02-16 03:15 - 2017-02-16 03:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-02-16 03:15 - 2017-02-16 03:15 - 00000000 ____D C:\Program Files\Community
2017-02-16 03:15 - 2017-02-16 03:15 - 00000000 ____D C:\Program Files\CCleaner
2017-02-16 03:14 - 2017-02-16 03:15 - 09261616 _____ (Piriform Ltd) C:\Users\Stuart\Downloads\ccsetup527.exe
2017-02-16 03:13 - 2017-02-16 03:14 - 17869944 _____ (Roy Morgan Research Ltd) C:\Users\Stuart\Downloads\13-windowsDesktop-release-1.12.0.0-zc-1-RoyMorgan-Setup.exe
2017-02-16 03:12 - 2017-02-16 03:12 - 00001962 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2017-02-16 03:12 - 2017-02-16 03:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2017-02-16 03:12 - 2017-02-16 03:12 - 00000000 ____D C:\Program Files\HitmanPro
2017-02-16 03:11 - 2017-02-16 10:04 - 00000000 ____D C:\ProgramData\HitmanPro
2017-02-16 03:10 - 2017-02-16 03:10 - 00001079 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2017-02-16 03:10 - 2017-02-16 03:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2017-02-16 03:10 - 2017-02-16 03:10 - 00000000 ____D C:\Program Files\VS Revo Group
2017-02-16 03:09 - 2017-02-16 03:10 - 07097928 _____ (VS Revo Group ) C:\Users\Stuart\Downloads\revosetup.exe
2017-02-16 03:08 - 2017-02-16 03:11 - 11581544 _____ (SurfRight B.V.) C:\Users\Stuart\Downloads\HitmanPro_x64.exe
2017-02-16 03:08 - 2017-02-16 03:08 - 00001139 _____ C:\Users\Public\Desktop\VLC media player.lnk
2017-02-16 03:08 - 2017-02-16 03:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2017-02-16 03:07 - 2017-02-16 03:07 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2017-02-16 03:06 - 2017-02-16 03:07 - 30533688 _____ C:\Users\Stuart\Downloads\vlc-2.2.4-win32.exe
2017-02-16 02:56 - 2017-02-16 02:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-02-16 02:55 - 2017-02-16 02:55 - 00000000 ____D C:\Users\Stuart\AppData\Roaming\Dropbox
2017-02-16 02:54 - 2017-02-16 04:18 - 00000940 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2017-02-16 02:54 - 2017-02-16 02:54 - 00004000 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2017-02-16 02:54 - 2017-02-16 02:54 - 00003768 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2017-02-16 02:54 - 2017-02-16 02:54 - 00001128 _____ C:\Users\Public\Desktop\OpenOffice 4.1.3.lnk
2017-02-16 02:54 - 2017-02-16 02:54 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.3
2017-02-16 02:53 - 2017-02-16 04:50 - 00000000 ____D C:\Users\Stuart\AppData\Local\Dropbox
2017-02-16 02:53 - 2017-02-16 04:18 - 00000936 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2017-02-16 02:53 - 2017-02-16 02:56 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-02-16 02:53 - 2017-02-16 02:54 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2017-02-16 02:53 - 2017-02-16 02:53 - 00000000 ____D C:\ProgramData\Dropbox
2017-02-16 02:52 - 2017-02-16 02:53 - 00690080 _____ (Dropbox, Inc.) C:\Users\Stuart\Downloads\DropboxInstaller.exe
2017-02-16 02:52 - 2017-02-16 02:53 - 00000000 ____D C:\Users\Stuart\Desktop\OpenOffice 4.1.3 (en-US) Installation Files
2017-02-16 02:50 - 2017-02-16 02:52 - 140742472 _____ C:\Users\Stuart\Downloads\Apache_OpenOffice_4.1.3_Win_x86_install_en-US.exe
2017-02-16 02:47 - 2017-02-16 02:47 - 00000000 ____D C:\Users\Stuart\AppData\Local\Comms
2017-02-16 02:47 - 2017-02-16 02:47 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-16 02:46 - 2015-06-30 07:42 - 06783304 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-02-16 02:46 - 2015-06-30 07:42 - 03522192 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-02-16 02:46 - 2015-06-30 07:42 - 02558792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-02-16 02:46 - 2015-06-30 07:42 - 00932040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2017-02-16 02:46 - 2015-06-30 07:42 - 00385352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-02-16 02:46 - 2015-06-30 07:42 - 00062792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-02-16 02:46 - 2015-06-29 22:53 - 00072904 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2017-02-16 02:46 - 2015-06-29 22:53 - 00060560 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2017-02-16 02:46 - 2015-06-29 22:02 - 04437364 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-02-16 02:45 - 2017-02-16 02:47 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-16 02:45 - 2017-02-16 02:45 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-16 02:41 - 2017-02-16 12:41 - 00000000 ____D C:\Users\Stuart\AppData\LocalLow\Mozilla
2017-02-16 02:40 - 2017-02-16 02:49 - 00000000 ____D C:\Users\Stuart\AppData\Local\Mozilla
2017-02-16 02:39 - 2017-02-16 02:39 - 00001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-02-16 02:39 - 2017-02-16 02:39 - 00001216 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-02-16 02:39 - 2017-02-16 02:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-16 02:38 - 2017-02-16 02:38 - 00245424 _____ C:\Users\Stuart\Downloads\Firefox Setup Stub 51.0.1.exe
2017-02-16 02:36 - 2017-02-16 02:36 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2017-02-16 02:36 - 2017-02-16 02:36 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-02-16 02:36 - 2017-02-16 02:36 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2017-02-16 02:36 - 2017-02-16 02:36 - 00000000 ____D C:\Program Files\Realtek
2017-02-16 02:35 - 2017-02-16 02:34 - 20466392 _____ (Microsoft Corporation) C:\Users\Stuart\Downloads\OneDriveSetup.exe
2017-02-16 02:34 - 2017-02-16 02:42 - 00000000 ____D C:\Users\Stuart\AppData\Local\Thunderbird
2017-02-16 02:34 - 2017-02-16 02:40 - 00000000 ____D C:\Users\Stuart\AppData\Roaming\Mozilla
2017-02-16 02:34 - 2017-02-16 02:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-16 02:34 - 2017-02-16 02:34 - 00001278 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2017-02-16 02:34 - 2017-02-16 02:34 - 00001266 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2017-02-16 02:34 - 2017-02-16 02:34 - 00000000 ____D C:\Users\Stuart\AppData\Roaming\Thunderbird
2017-02-16 02:34 - 2017-02-16 02:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-02-16 02:33 - 2017-02-16 02:35 - 00003292 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-02-16 02:33 - 2017-02-16 02:34 - 35067248 _____ (Mozilla) C:\Users\Stuart\Downloads\Thunderbird Setup 45.7.1.exe
2017-02-16 02:33 - 2015-09-23 20:00 - 00041024 _____ (ELAN Microelectronic Corp.) C:\WINDOWS\system32\Drivers\ETDSMBus.sys
2017-02-16 02:32 - 2017-02-16 02:35 - 00002366 _____ C:\Users\Stuart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-16 02:32 - 2017-02-16 02:35 - 00000000 ___RD C:\Users\Stuart\OneDrive
2017-02-16 02:32 - 2017-02-16 02:35 - 00000000 ____D C:\Users\Stuart\AppData\Local\MicrosoftEdge
2017-02-16 02:32 - 2017-02-16 02:33 - 00000000 ____D C:\Program Files\Elantech
2017-02-16 02:32 - 2017-02-16 02:32 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_ETD_01009.Wdf
2017-02-16 02:32 - 2017-02-16 02:32 - 00000000 ____D C:\Users\Stuart\AppData\Roaming\Skype
2017-02-16 02:31 - 2017-02-16 02:31 - 00000000 ____D C:\Users\Stuart\AppData\Local\NetworkTiles
2017-02-16 02:30 - 2017-02-16 02:30 - 00001047 _____ C:\Users\Stuart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk
2017-02-16 02:29 - 2017-02-16 02:29 - 00000000 ____D C:\Users\Stuart\AppData\Local\Publishers
2017-02-16 02:28 - 2017-02-16 10:33 - 00000000 ____D C:\Users\Stuart
2017-02-16 02:28 - 2017-02-16 09:48 - 00000000 ____D C:\Users\Stuart\AppData\Local\Packages
2017-02-16 02:28 - 2017-02-16 04:25 - 00000000 ____D C:\Users\Stuart\AppData\Local\ConnectedDevicesPlatform
2017-02-16 02:28 - 2017-02-16 02:28 - 00000020 ___SH C:\Users\Stuart\ntuser.ini
2017-02-16 02:28 - 2017-02-16 02:28 - 00000000 _SHDL C:\Users\Stuart\My Documents
2017-02-16 02:28 - 2017-02-16 02:28 - 00000000 _SHDL C:\Users\Stuart\Documents\My Videos
2017-02-16 02:28 - 2017-02-16 02:28 - 00000000 _SHDL C:\Users\Stuart\Documents\My Pictures
2017-02-16 02:28 - 2017-02-16 02:28 - 00000000 _SHDL C:\Users\Stuart\Documents\My Music
2017-02-16 02:28 - 2017-02-16 02:28 - 00000000 ____D C:\Users\Stuart\AppData\Roaming\Adobe
2017-02-16 02:28 - 2017-02-16 02:28 - 00000000 ____D C:\Users\Stuart\AppData\Local\VirtualStore
2017-02-16 02:28 - 2017-02-16 02:28 - 00000000 ____D C:\Users\Stuart\AppData\Local\TileDataLayer
2017-02-16 02:26 - 2017-02-16 02:28 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\Packages
2017-02-16 02:26 - 2017-02-16 02:26 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\VirtualStore
2017-02-16 02:26 - 2017-02-16 02:26 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\TileDataLayer
2017-02-16 02:26 - 2017-02-16 02:26 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\ConnectedDevicesPlatform
2017-02-15 23:27 - 2017-02-16 19:27 - 00000000 ___HD C:\$WINDOWS.~BT
2017-02-15 20:28 - 2017-02-15 20:28 - 00000000 ___HD C:\$Windows.~WS
2017-02-15 20:25 - 2017-02-15 20:25 - 00000000 ___HD C:\$SysReset
2017-02-15 19:50 - 2017-02-15 23:21 - 00000000 ____D C:\ESD
2017-02-14 21:24 - 2017-02-14 21:24 - 00000000 ___HD C:\$AV_ASW
2017-02-14 21:18 - 2017-02-14 21:18 - 00000000 ____D C:\RegBackup
2017-02-14 13:44 - 2017-02-14 13:44 - 00000000 _____ C:\autoexec.bat
2017-02-13 22:08 - 2017-02-15 17:42 - 00000000 ____D C:\EEK
2017-02-07 15:38 - 2017-02-07 15:38 - 00046400 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-02-07 15:38 - 2017-02-07 15:38 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-02-07 15:38 - 2017-02-07 15:38 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-02-07 15:38 - 2017-02-07 15:38 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-16 19:42 - 2016-07-16 22:47 - 00000000 ____D C:\WINDOWS\rescache
2017-02-16 19:42 - 2016-07-16 22:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-02-16 19:33 - 2011-04-28 17:46 - 00000000 ____D C:\Intel
2017-02-16 19:29 - 2016-07-16 22:47 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-02-16 19:00 - 2015-11-18 09:08 - 00000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER
2017-02-16 12:22 - 2016-07-16 22:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-16 11:10 - 2016-07-16 22:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-16 10:30 - 2016-11-21 05:47 - 00900914 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-16 10:28 - 2016-11-21 05:51 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-02-16 10:24 - 2016-07-16 22:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-16 10:23 - 2016-11-21 05:37 - 00223536 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-02-16 10:23 - 2016-11-21 05:37 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-16 10:22 - 2016-07-16 17:04 - 00262144 _____ C:\WINDOWS\system32\config\BBI
2017-02-16 10:20 - 2016-07-16 22:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-02-16 10:20 - 2016-07-16 22:47 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2017-02-16 10:20 - 2016-07-16 22:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-02-16 10:20 - 2016-07-16 22:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-02-16 10:20 - 2016-07-16 22:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-02-16 10:20 - 2016-07-16 22:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-02-16 10:20 - 2016-07-16 22:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2017-02-16 10:20 - 2016-07-16 17:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-02-16 10:20 - 2016-07-16 17:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-02-16 10:20 - 2016-07-16 17:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-02-16 10:20 - 2016-07-16 17:04 - 00000000 ____D C:\WINDOWS\servicing
2017-02-16 10:14 - 2016-07-16 22:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-16 09:48 - 2016-07-16 22:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-16 09:37 - 2016-11-21 05:37 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-16 05:01 - 2016-07-16 22:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-16 05:00 - 2016-07-16 22:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-16 04:03 - 2016-07-16 22:42 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2017-02-16 03:57 - 2016-07-16 22:47 - 00000000 ____D C:\WINDOWS\appcompat
2017-02-16 02:53 - 2016-07-16 22:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-02-16 02:46 - 2016-07-16 22:47 - 00000000 ____D C:\WINDOWS\Help
2017-02-16 02:45 - 2016-11-21 05:12 - 00000000 ____D C:\WINDOWS\OCR
2017-02-16 02:28 - 2016-07-16 22:47 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-02-15 16:47 - 2012-07-13 17:24 - 00000000 ____D C:\avast! sandbox
2017-02-14 16:55 - 2015-06-29 17:48 - 00000000 ____D C:\AdwCleaner

==================== Files in the root of some directories =======

2017-02-16 02:36 - 2017-02-16 02:36 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-16 19:31

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2017 02
Ran by Stuart (16-02-2017 12:59:02)
Running from C:\Users\Stuart\Desktop
Windows 10 Home Version 1607 (X64) (2017-02-15 15:25:47)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1327487900-917466881-2297462407-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1327487900-917466881-2297462407-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-1327487900-917466881-2297462407-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-1327487900-917466881-2297462407-501 - Limited - Disabled)
Stuart (S-1-5-21-1327487900-917466881-2297462407-1001 - Administrator - Enabled) => C:\Users\Stuart

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.24.146 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{845380e2-f0b5-4584-bc40-cc54345b3c06}) (Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG) Hidden
Avira Software Updater (HKLM-x32\...\{115347FE-037B-4F4D-86F2-057FEF294C7A}) (Version: 1.2.4.459 - Avira Operations GmbH & Co. KG)
CCleaner (HKLM\...\CCleaner) (Version: 5.27 - Piriform)
Community (HKLM-x32\...\{beda8e98-5527-4114-acd7-778b6bd490c1}) (Version: 1.12.0.0 - Roy Morgan Research Ltd)
Community x64 1.12.0.0 (Version: 1.12.0.0 - Roy Morgan Research Ltd) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 19.4.13 - Dropbox, Inc.)
ETDWare X64 15.7.0.1_WHQL (HKLM\...\Elantech) (Version: 15.7.0.1 - ELAN Microelectronic Corp.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.15.281 - SurfRight B.V.)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-1327487900-917466881-2297462407-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1327487900-917466881-2297462407-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02162017102625594\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1 - Mozilla)
Mozilla Thunderbird 45.7.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 45.7.1 (x86 en-US)) (Version: 45.7.1 - Mozilla)
NVIDIA Graphics Driver 341.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.74 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
OpenOffice 4.1.3 (HKLM-x32\...\{EEA30AEB-8BA7-465B-85D4-098BB99733E7}) (Version: 4.13.9783 - Apache Software Foundation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7543 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.4.16113.3 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.4.16113.3 - Samsung Electronics Co., Ltd.) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.61.0 - Samsung Electronics Co., Ltd.)
SketchUp 2017 (HKLM\...\{BCA90A4C-9C6A-49D1-91F9-594A0BE02432}) (Version: 17.1.174 - Trimble, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {23E2AFA1-92CD-4C7F-959B-CBF9ED9DBD98} - System32\Tasks\Avira\System Speedup\Delayed Startup\Stuart\3 => C:\Program Files\Community\UsageMonitor.HealthCheck.exe [2016-12-12] (RealityMine Ltd) <==== ATTENTION
Task: {28F203B4-C5DD-49E8-ADED-6AE550CFBFE9} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\2 => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2015-06-29] (NVIDIA Corporation) <==== ATTENTION
Task: {351A1098-2977-4D4B-BEDB-E9650038BB84} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-02-16] (Dropbox, Inc.)
Task: {43F592AF-0C2D-47F8-92EF-B2DD4DA90019} - System32\Tasks\Avira\System Speedup\TestScheduler => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [2017-02-08] (Avira Operations GmbH & Co. KG)
Task: {608A0589-A4A8-4982-8E21-58D6D15FBFEC} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\1 => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [2016-11-16] (Samsung Electronics Co., Ltd.) <==== ATTENTION
Task: {668ECED6-E3EB-49F6-A4B0-121FAC883DEC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-02-08] (Piriform Ltd)
Task: {73B3BF4B-5900-4818-AD31-A667B1A1F453} - System32\Tasks\Avira\System Speedup\Delayed Startup\Stuart\2 => C:\Program Files\Community\UsageMonitor.UI.App.exe [2016-12-12] (RealityMine Ltd) <==== ATTENTION
Task: {801F2137-8F36-45CF-BDFB-805AA8176EBB} - System32\Tasks\Avira\System Speedup\Delayed Startup\Stuart\1 => C:\Users\Stuart\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2017-02-16] (Microsoft Corporation) <==== ATTENTION
Task: {85ADE403-4541-4D51-A4C6-02DD503F05CC} - System32\Tasks\Avira\System Speedup\Delayed Startup\Stuart\4 => C:\Program Files\CCleaner\CCleaner64.exe [2017-02-08] (Piriform Ltd) <==== ATTENTION
Task: {90802AAD-BA39-4976-BD28-97C3B51C9788} - System32\Tasks\Avira\System Speedup\Delayed Startup\Stuart\5 => C:\Program Files (x86)\Pushbullet\pushbullet.exe [2015-07-01] (Pushbullet inc) <==== ATTENTION
Task: {9A8B01C5-C00A-4A0F-B5B1-AB3D60B0788C} - System32\Tasks\Avira\System Speedup\SpeedupSysTray => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe [2017-02-08] (Avira Operations GmbH & Co. KG)
Task: {B3158646-0132-48F5-A8C8-5E0800BD98B1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-16] (Google Inc.)
Task: {CDA9AF4E-D604-4ABB-8D34-1FDBE355A57D} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-02-16] (Dropbox, Inc.)
Task: {ECF14DE8-BBA7-4071-9BA3-8F84DCDC7D1A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-16] (Google Inc.)
Task: {FF020759-176B-46CB-B016-763B1E27E325} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-16] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 22:42 - 2016-07-16 22:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-02-16 05:05 - 2016-12-09 21:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-02-16 02:46 - 2015-06-30 07:42 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-02-16 03:42 - 2017-02-16 11:26 - 02259232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-02-16 03:42 - 2017-02-16 11:26 - 02813904 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2017-02-16 05:05 - 2016-12-09 21:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-11-21 05:11 - 2016-11-21 05:11 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-02-16 05:05 - 2016-12-21 18:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-02-16 05:04 - 2016-12-21 17:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-02-16 05:04 - 2016-12-21 17:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-02-16 05:04 - 2016-12-21 17:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-02-16 05:04 - 2016-12-21 17:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-02-16 05:04 - 2016-12-21 17:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-02-16 05:04 - 2016-12-21 17:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-02-16 02:55 - 2017-02-07 15:48 - 00801600 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-02-16 02:55 - 2017-01-14 10:53 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-02-16 02:55 - 2017-01-14 10:53 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-02-16 02:55 - 2017-01-14 10:53 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-02-16 02:55 - 2017-02-07 15:50 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-02-16 02:55 - 2017-01-14 10:53 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-02-16 02:55 - 2017-02-07 15:50 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-02-16 02:55 - 2017-01-14 10:54 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-02-16 02:55 - 2017-02-07 15:50 - 01682768 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-02-16 02:55 - 2017-02-07 15:50 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-02-16 02:55 - 2017-01-14 10:53 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-02-16 02:55 - 2017-01-14 10:54 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-02-16 02:55 - 2017-01-14 10:53 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-02-16 02:55 - 2017-01-14 10:56 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-02-16 02:55 - 2017-02-07 15:50 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-02-16 02:55 - 2017-02-07 15:50 - 00052544 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-02-16 02:55 - 2017-02-07 15:50 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-02-16 02:55 - 2017-01-14 10:53 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-02-16 02:55 - 2017-01-14 10:56 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-02-16 02:55 - 2017-01-14 10:56 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-02-16 02:55 - 2017-01-14 10:57 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-02-16 02:55 - 2017-02-07 15:50 - 00381760 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-02-16 02:55 - 2017-01-14 10:56 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-02-16 02:55 - 2017-02-07 15:50 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-02-16 02:55 - 2017-01-14 10:56 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-02-16 02:55 - 2017-01-14 10:56 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-02-16 02:55 - 2017-01-14 10:57 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-02-16 02:55 - 2017-01-14 10:57 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-02-16 02:55 - 2017-01-14 10:57 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-02-16 02:55 - 2017-01-14 10:56 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-02-16 02:55 - 2017-01-14 10:57 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-02-16 02:55 - 2017-02-07 15:50 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2017-02-16 02:55 - 2017-02-07 15:50 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-02-16 02:55 - 2017-01-14 10:55 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2017-02-16 02:55 - 2017-02-07 15:50 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-02-16 02:55 - 2017-01-14 10:57 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-02-16 02:55 - 2017-02-07 15:50 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-02-16 02:55 - 2017-01-14 10:54 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-02-16 02:55 - 2017-02-07 15:50 - 01972536 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-02-16 02:55 - 2017-02-07 15:50 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-02-16 02:55 - 2017-02-07 15:50 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-02-16 02:55 - 2017-02-07 15:50 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-02-16 02:55 - 2017-02-07 15:50 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-02-16 02:55 - 2017-02-07 15:50 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-02-16 02:55 - 2017-02-07 15:50 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-02-16 02:55 - 2017-02-07 15:50 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-02-16 02:55 - 2017-02-07 15:50 - 00069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-02-16 02:55 - 2017-02-07 15:50 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-02-16 02:55 - 2017-02-07 15:50 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-02-16 02:55 - 2017-02-07 15:50 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-02-16 02:55 - 2017-01-14 10:57 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-02-16 02:55 - 2017-02-07 15:50 - 00103232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2017-02-16 02:55 - 2017-02-07 15:50 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-02-16 02:55 - 2017-02-07 15:50 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-02-16 02:55 - 2017-01-14 10:51 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-02-16 02:55 - 2017-02-07 15:50 - 00033112 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-02-16 02:55 - 2016-12-22 17:58 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-02-16 02:55 - 2017-02-07 15:50 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-02-16 02:55 - 2017-01-14 11:02 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-02-16 02:55 - 2017-01-14 11:02 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-02-16 02:55 - 2017-02-07 15:50 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-02-16 02:55 - 2017-02-07 15:50 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-02-16 02:55 - 2017-02-07 15:50 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2017-02-16 02:55 - 2017-01-14 10:57 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-02-16 02:55 - 2017-02-07 15:50 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2017-02-16 02:55 - 2017-02-07 15:50 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 22:47 - 2016-07-16 22:45 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02162017102624532\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02162017102624766\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1327487900-917466881-2297462407-1000-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-02162017105808509\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1327487900-917466881-2297462407-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02162017102625204\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1327487900-917466881-2297462407-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Stuart\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-1327487900-917466881-2297462407-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02162017102625594\Control Panel\Desktop\\Wallpaper -> C:\Users\Stuart\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 10.1.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{4FA3D92F-21B8-4F29-A11E-1FEC7861EF12}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FD757922-E71B-4AF3-B03A-88289190E890}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5F39EB92-1938-41A7-A04F-5DF26151DA2A}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Restore Points =========================

16-02-2017 05:07:47 Windows Update
16-02-2017 05:09:33 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/16/2017 12:07:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 51.0.1.6234 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1b08

Start Time: 01d287f073771e38

Termination Time: 36

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 0da90d24-f3e4-11e6-af8c-e811325b494a

Faulting package full name:

Faulting package-relative application ID:

Error: (02/16/2017 10:53:10 AM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {CDC82860-468D-4D4E-B7E7-C298FF23AB2C} was rejected

Error: (02/16/2017 10:53:10 AM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {CDC82860-468D-4D4E-B7E7-C298FF23AB2C} was rejected

Error: (02/16/2017 10:46:26 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (02/16/2017 10:45:17 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.


Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (02/16/2017 10:40:44 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (02/16/2017 10:34:51 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (02/16/2017 10:34:42 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (02/16/2017 10:23:31 AM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (02/16/2017 10:21:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_ProfSvc, version: 10.0.14393.0, time stamp: 0x57899b1c
Faulting module name: combase.dll, version: 10.0.14393.351, time stamp: 0x5801a419
Exception code: 0xc0000005
Fault offset: 0x00000000000aed8c
Faulting process id: 0x2ac
Faulting application start time: 0x01d287dc14d12b65
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: C:\WINDOWS\System32\combase.dll
Report Id: 81c94f25-5581-40ae-94c9-360813c2e998
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (02/16/2017 10:29:33 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Search service hung on starting.

Error: (02/16/2017 10:23:05 AM) (Source: ACPI) (EventID: 13) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (02/16/2017 10:21:34 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Update service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (02/16/2017 10:21:34 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Push Notifications System Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (02/16/2017 10:21:34 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Management Instrumentation service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (02/16/2017 10:21:34 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The User Manager service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/16/2017 10:21:34 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Themes service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (02/16/2017 10:21:34 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Shell Hardware Detection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (02/16/2017 10:21:34 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The System Event Notification Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (02/16/2017 10:21:34 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Task Scheduler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service in a separate process.


==================== Memory info ===========================

Processor: Intel® Core™ i5 CPU M 480 @ 2.67GHz
Percentage of memory in use: 62%
Total physical RAM: 3956.56 MB
Available physical RAM: 1491.61 MB
Total Virtual: 5364.56 MB
Available Virtual: 2047.27 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:231 GB) (Free:132.72 GB) NTFS
Drive d: () (Fixed) (Total:345.93 GB) (Free:288.14 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 199D978D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=231 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=345.9 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=19.1 GB) - (Type=12)

==================== End of Addition.txt ============================



#4 Stu9191

Stu9191
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 17 February 2017 - 10:26 PM

Having not received a reply as yet after posting the requested logs, I have noticed something odd.

 

I keep receiving a Malwarebytes Pop Up Notification "Real-Time Protection layers turned off" when I click on the "Turn On" button, nothing happens.

 

I also notice that my firefox browser is "hanging" when I lauch it even though it is a totally fresh install after resetting my PC.

 

I have also navigated via Regedit to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings and dicovered that

 

Proxy Enable REG_DWORD 0x000000001 (1)

ProxyOverride REG_SZ <-loopback>

Proxy Server REG_SZ http=127.0.0.1:49733;https=127.0.0.1:49733

 

However when I boot in Safe Mode these values do not appear.

 

There is obviously an .exe file (or similar) somewhere that is causing these values to change thus hijacking my settings but I can't find anything. I really don't know where to look or what else to do.

 

Please help



#5 polskamachina

polskamachina

  • Malware Response Team
  • 4,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:33 PM

Posted 17 February 2017 - 11:29 PM

Hi Stu9191 :)
 

Sorry for the delay This is the reply I was working on before you posted your latest information. Please follow the directions below. The results of this log will determine what happens next.

Please download MiniToolBox, save it to your desktop, then run it.
Place check marks in the following boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore Points

Click Go and then copy and paste the contents of MTB.txt into your next reply to me. A copy of MTB.txt will be saved in the same directory from which the tool was run.

Note: When selecting the Reset FF Proxy Settings option, Firefox should be closed.

 

In summary I will need from you:

  • MTB.txt from MiniToolBox

Let me know if you have any questions.

 

polskamachina



#6 Stu9191

Stu9191
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 17 February 2017 - 11:54 PM

Polska, Thank you very much for your assistance here is the copy of the MTB.txt for you

 

MiniToolBox by Farbar  Version: 17-06-2016
Ran by Stuart (administrator) on 18-02-2017 at 15:52:03
Running from "C:\Users\Stuart\Downloads"
Microsoft Windows 10 Home  (X64)
Model: RV411/RV511/E3511/S3511/RV711/E3411 Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: http=127.0.0.1:49733;https=127.0.0.1:49733

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
========================= IP Configuration: ================================

Intel® Dual Band Wireless-AC 7260 = Wi-Fi (Connected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : DESKTOP-3NPMI3O
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : E8-11-32-5B-49-4A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : AC-FD-CE-E5-B0-51
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel® Dual Band Wireless-AC 7260
   Physical Address. . . . . . . . . : AC-FD-CE-E5-B0-50
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::ad95:abb:53ce:afcb%2(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.1.1.7(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Saturday, 18 February 2017 2:11:09 PM
   Lease Expires . . . . . . . . . . : Sunday, 19 February 2017 3:48:02 PM
   Default Gateway . . . . . . . . . : 10.1.1.1
   DHCP Server . . . . . . . . . . . : 10.1.1.1
   DHCPv6 IAID . . . . . . . . . . . : 44891598
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-20-37-36-2A-E8-11-32-5B-49-4A
   DNS Servers . . . . . . . . . . . : 10.1.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{0435522E-AF05-464E-B40A-955E32774DBD}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:1760:e3e7:1401:d7c:3429:89bf(Preferred)
   Link-local IPv6 Address . . . . . : fe80::1401:d7c:3429:89bf%4(Preferred)
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 318767104
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-20-37-36-2A-E8-11-32-5B-49-4A
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  Budii.iiNet
Address:  10.1.1.1

Name:    google.com
Addresses:  2404:6800:4006:806::200e
      172.217.25.142


Pinging google.com [172.217.25.142] with 32 bytes of data:
Reply from 172.217.25.142: bytes=32 time=9ms TTL=55
Reply from 172.217.25.142: bytes=32 time=8ms TTL=55

Ping statistics for 172.217.25.142:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 8ms, Maximum = 9ms, Average = 8ms
Server:  Budii.iiNet
Address:  10.1.1.1

Name:    yahoo.com
Addresses:  2001:4998:58:c02::a9
      2001:4998:c:a06::2:4008
      2001:4998:44:204::a7
      98.139.183.24
      98.138.253.109
      206.190.36.45


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=225ms TTL=48
Reply from 98.139.183.24: bytes=32 time=225ms TTL=48

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 225ms, Maximum = 225ms, Average = 225ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  9...e8 11 32 5b 49 4a ......Realtek PCIe GBE Family Controller
 13...ac fd ce e5 b0 51 ......Microsoft Wi-Fi Direct Virtual Adapter
  2...ac fd ce e5 b0 50 ......Intel® Dual Band Wireless-AC 7260
  1...........................Software Loopback Interface 1
  3...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
  4...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         10.1.1.1         10.1.1.7     55
         10.1.1.0    255.255.255.0         On-link          10.1.1.7    311
         10.1.1.7  255.255.255.255         On-link          10.1.1.7    311
       10.1.1.255  255.255.255.255         On-link          10.1.1.7    311
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link          10.1.1.7    311
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link          10.1.1.7    311
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  4    331 ::/0                     On-link
  1    331 ::1/128                  On-link
  4    331 2001::/32                On-link
  4    331 2001:0:1760:e3e7:1401:d7c:3429:89bf/128
                                    On-link
  2    311 fe80::/64                On-link
  4    331 fe80::/64                On-link
  4    331 fe80::1401:d7c:3429:89bf/128
                                    On-link
  2    311 fe80::ad95:abb:53ce:afcb/128
                                    On-link
  1    331 ff00::/8                 On-link
  2    311 ff00::/8                 On-link
  4    331 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\SysWoW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWoW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWoW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWoW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWoW64\winrnr.dll [24064] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/18/2017 02:09:42 PM) (Source: DbxSvc) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (02/18/2017 01:52:32 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: DESKTOP-3NPMI3O)
Description: Activation of app Microsoft.Getstarted_4.5.6.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/18/2017 01:26:44 PM) (Source: DbxSvc) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (02/18/2017 01:25:14 PM) (Source: Application Error) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.14393.447, time stamp: 0x5819bf85
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.14393.594, time stamp: 0x5850ccd3
Exception code: 0xc0000005
Fault offset: 0x000000000008980f
Faulting process id: 0x998
Faulting application start time: 0xShellExperienceHost.exe0
Faulting application path: ShellExperienceHost.exe1
Faulting module path: ShellExperienceHost.exe2
Report Id: ShellExperienceHost.exe3
Faulting package full name: ShellExperienceHost.exe4
Faulting package-relative application ID: ShellExperienceHost.exe5

Error: (02/18/2017 01:24:49 PM) (Source: Perflib) (User: )
Description: rdyboost4

Error: (02/18/2017 01:24:43 PM) (Source: Perflib) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (02/18/2017 01:04:41 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: DESKTOP-3NPMI3O)
Description: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/16/2017 12:07:22 PM) (Source: Application Hang) (User: )
Description: The program firefox.exe version 51.0.1.6234 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1b08

Start Time: 01d287f073771e38

Termination Time: 36

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 0da90d24-f3e4-11e6-af8c-e811325b494a

Faulting package full name:

Faulting package-relative application ID:

Error: (02/16/2017 10:53:10 AM) (Source: COM) (User: )
Description: {CDC82860-468D-4D4E-B7E7-C298FF23AB2C}

Error: (02/16/2017 10:53:10 AM) (Source: COM) (User: )
Description: {CDC82860-468D-4D4E-B7E7-C298FF23AB2C}


System errors:
=============
Error: (02/18/2017 03:02:45 PM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4

Error: (02/18/2017 03:02:31 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (02/18/2017 02:07:27 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (02/18/2017 02:07:18 PM) (Source: Service Control Manager) (User: )
Description: The Avira Web Protection service depends on the Avira Real-Time Protection service which failed to start because of the following error:
%%1070 = After starting, the service hung in a start-pending state.


Error: (02/18/2017 02:07:18 PM) (Source: Service Control Manager) (User: )
Description: The Avira Mail Protection service depends on the Avira Real-Time Protection service which failed to start because of the following error:
%%1070 = After starting, the service hung in a start-pending state.


Error: (02/18/2017 02:07:06 PM) (Source: Service Control Manager) (User: )
Description: The Avira Real-Time Protection service hung on starting.

Error: (02/18/2017 02:07:06 PM) (Source: Service Control Manager) (User: )
Description: The Avira Real-Time Protection service hung on starting.

Error: (02/18/2017 02:04:29 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: 1084dpsUnavailable{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}

Error: (02/18/2017 02:04:28 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: 1084dpsUnavailable{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}

Error: (02/18/2017 02:04:28 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: 1084dpsUnavailable{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}


Microsoft Office Sessions:
=========================
Error: (02/18/2017 02:09:42 PM) (Source: DbxSvc)(User: )
Description: (-2147024894) The system cannot find the file specified.

Error: (02/18/2017 01:52:32 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: DESKTOP-3NPMI3O)
Description: Microsoft.Getstarted_4.5.6.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca-2144927149

Error: (02/18/2017 01:26:44 PM) (Source: DbxSvc)(User: )
Description: (-2147024894) The system cannot find the file specified.

Error: (02/18/2017 01:25:14 PM) (Source: Application Error)(User: )
Description: ShellExperienceHost.exe10.0.14393.4475819bf85Windows.UI.Xaml.dll10.0.14393.5945850ccd3c0000005000000000008980f99801d2898e085975d9C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exeC:\Windows\System32\Windows.UI.Xaml.dll8320792e-b89c-4134-8c91-b23f43b8d4a2Microsoft.Windows.ShellExperienceHost_10.0.14393.693_neutral_neutral_cw5n1h2txyewyApp

Error: (02/18/2017 01:24:49 PM) (Source: Perflib)(User: )
Description: rdyboost4

Error: (02/18/2017 01:24:43 PM) (Source: Perflib)(User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (02/18/2017 01:04:41 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: DESKTOP-3NPMI3O)
Description: Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen-2144927142

Error: (02/16/2017 12:07:22 PM) (Source: Application Hang)(User: )
Description: firefox.exe51.0.1.62341b0801d287f073771e3836C:\Program Files (x86)\Mozilla Firefox\firefox.exe0da90d24-f3e4-11e6-af8c-e811325b494a

Error: (02/16/2017 10:53:10 AM) (Source: COM)(User: )
Description: {CDC82860-468D-4D4E-B7E7-C298FF23AB2C}

Error: (02/16/2017 10:53:10 AM) (Source: COM)(User: )
Description: {CDC82860-468D-4D4E-B7E7-C298FF23AB2C}


=========================== Installed Programs ============================

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.24.146 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{7774002B-60B3-4146-BF82-5BF767D468B8}) (Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG) Hidden
Avira Connect (HKLM-x32\...\{845380e2-f0b5-4584-bc40-cc54345b3c06}) (Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG)
Avira Software Updater (HKLM-x32\...\{115347FE-037B-4F4D-86F2-057FEF294C7A}) (Version: 1.2.4.459 - Avira Operations GmbH & Co. KG)
CCleaner (HKLM\...\CCleaner) (Version: 5.27 - Piriform)
Community (HKLM-x32\...\{beda8e98-5527-4114-acd7-778b6bd490c1}) (Version: 1.12.0.0 - Roy Morgan Research Ltd)
Community x64 1.12.0.0 (HKLM\...\{F5B75635-3303-4EC4-B814-368114D3BD39}) (Version: 1.12.0.0 - Roy Morgan Research Ltd) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 19.4.13 - Dropbox, Inc.)
ELAN Touchpad driver X64 15.7.9.2_WHQL (HKLM\...\Elantech) (Version: 15.7.9.2 - ELAN Microelectronic Corp.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.32.7 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.15.281 - SurfRight B.V.)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1 - Mozilla)
Mozilla Thunderbird 45.7.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 45.7.1 (x86 en-US)) (Version: 45.7.1 - Mozilla)
NVIDIA Graphics Driver 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
OpenOffice 4.1.3 (HKLM-x32\...\{EEA30AEB-8BA7-465B-85D4-098BB99733E7}) (Version: 4.13.9783 - Apache Software Foundation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7543 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.4.16113.3 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.4.16113.3 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.61.0 - Samsung Electronics Co., Ltd.)
SketchUp 2017 (HKLM\...\{BCA90A4C-9C6A-49D1-91F9-594A0BE02432}) (Version: 17.1.174 - Trimble, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 51%
Total physical RAM: 3956.56 MB
Available physical RAM: 1929.64 MB
Total Virtual: 5364.56 MB
Available Virtual: 2976.32 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:231 GB) (Free:147.41 GB) NTFS
2 Drive d: () (Fixed) (Total:345.93 GB) (Free:288.14 GB) NTFS

========================= Users: ========================================

User accounts for \\DESKTOP-3NPMI3O

Administrator            DefaultAccount           defaultuser0             
Guest                    Stuart                   

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

15-02-2017 18:07:47 Windows Update
15-02-2017 18:09:33 Windows Update

**** End of log ****
 



#7 Stu9191

Stu9191
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 18 February 2017 - 12:15 AM

I just came across this in the Virus Section of the forum. The VinCE or CRITICAL_PROCESS_DIED Tech Support Scam is a Trojan from the Trojan.Tech-Support-Scam

 

This is exactly the behaviour of my edge browser. I have not followed the instructions for removal as yet so as not to interfere with the scanning process you are currently performing and talking me through so I will await further instruction prior to doing so. I'm not sure if this is related to the hijacking of my proxy settings.

 

Thank you



#8 Stu9191

Stu9191
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 18 February 2017 - 12:37 AM

I also just discovered this message from Malwarebytes:

 

"Malwarebytes is unable to load the Anti-Rootkit DDA Driver.

 

This error may be due to rootkit activity. We recommend rebooting so Malwarebytes can attempt to install the driver.

 

Do you want to reboot now?"

 

 

I have not selected Yes as yet and will await further instruction.



#9 polskamachina

polskamachina

  • Malware Response Team
  • 4,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:33 PM

Posted 18 February 2017 - 01:47 AM

Hi Stu9191 :)

 

Give me some time to review your comments and findings with our experienced staff and I'll get back to you.

 

polskamachina



#10 Stu9191

Stu9191
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 18 February 2017 - 05:51 PM

Just Found this in my local services:

 

CDPUserSvc_32ffa

 

C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup

 

It has no description and when I open it's properties it has password protection

 

It also has no dependencies

 

Could this be part of the Problem I am experiencing?



#11 Stu9191

Stu9191
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 18 February 2017 - 06:35 PM

I have also found a number of syswow64 files in my Autorun Startups



#12 polskamachina

polskamachina

  • Malware Response Team
  • 4,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:33 PM

Posted 18 February 2017 - 10:44 PM

Hi Stu9191,

 

I currently have quite a heavy workload. It may be another 48 hours before I can analyze all your input and come back with a solution. :busy:

 

Thanks for your patience.

 

polskamachina



#13 polskamachina

polskamachina

  • Malware Response Team
  • 4,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:33 PM

Posted 19 February 2017 - 02:57 PM

Hi Stu9191 :)

"Malwarebytes is unable to load the Anti-Rootkit DDA Driver.
 
This error may be due to rootkit activity. We recommend rebooting so Malwarebytes can attempt to install the driver.
 
Do you want to reboot now?"
 
 
I have not selected Yes as yet and will await further instruction.

Yes, go ahead and restart your machine if you haven't already done so.

 

Are you familiar with Avira Connect and are you currently implementing it into your system? That may explain the unusual proxy settings.

 

polskamachina



#14 Stu9191

Stu9191
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 21 February 2017 - 04:54 AM

Thanks for your reply.

 

No, I'm not familiar with Avira Connect and how it works. I don't believe though that this is the cause of the proxy settings as they occurred before I started using Avira.

 

I know there is a Virus/Worm/Trojan somewhere, I just don't know where and none of the scanning tools are picking it up. The fact that my junk email folder keeps filling up with emails from fake sites purporting to be from genuine sites that I use is another example of my suspicions. The originator of these would only know this if they were somehow watching my browsing habits.

 

I think I have no other option than to wipe my Hard Drive completely and try to reinstall my OS from scratch. When I did the Windows reset last week, even though I selected the option to delete all my files, there were files remaining that should have deleted but did not.

 

Something is interfering with my system.



#15 polskamachina

polskamachina

  • Malware Response Team
  • 4,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:33 PM

Posted 22 February 2017 - 10:57 PM

Hi Stu9191 :)
 
Regarding your e-mail problem:
 
It is not unusual to receive spam e-mails from many companies that you do business with and even ones you don't do business with. E-mail lists are traded and considered to be a commodity by many businesses. Another way that your e-mail address can be misused is if a friend has your e-mail address on their contact list and their computer security is breached, then their contact list could be copied and used to send you spam. Most companies allow you to unsubscribe to their e-mail lists. The unsubscribe link is usually in very small print at the end of the e-mails. In my experience, clicking on the unsubscribe links permanently removes me from that company's list.
 
Having said all this, I'd like to know:

  • Are you having any other issues that you're experiencing besides the e-mail spam?
  • There is one program that is installed on your computer that has come into question and that is called, Community Program. Is this a program you knowingly installed, or a program that came bundled with something else, or perhaps something of which you have no knowledge at all?

Next:

  • Open the Notepad program
  • Copy the text below in its entirety and paste it into an empty Notepad window.
CreateRestorePoint:
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
2017-02-15 16:47 - 2012-07-13 17:24 - 00000000 ____D C:\avast! sandbox
REG: reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" 
REG: reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" 
REG: reg query "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" 
REG: reg query "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" 
REG: reg query "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" 
REG: reg query "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections"
REG: reg query "HKCU\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" 
REG: reg query "HKCU\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" 
REG: reg query "HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters" /s
  • Save the file to your Desktop as fixlist.txt  Note: FRST64 and fixlist.txt must be in the same folder in order for the fix to work.
  • Run FRST64
  • Click on Fix
  • It should only take a few moments for the fix to complete
  • If you are asked to restart your computer, please do so
  • When the fix has completed, a new file will be created named Fixlog.txt, and it will be saved to your Desktop
  • Please copy and paste that log into your next reply to me

Next:
 
ESET Online Scanner:

Note: You will need to disable your currently installed Anti-Virus, how to do so can be read here.

  • Please go here, download the ESET Smart Installer, and save it to your desktop.
  • Double-click on the esetimage.png you just downloaded.
  • Place a checkmark next to "YES, I accept the Terms of Use" and click the shieldstart.png button.
  • Click "Yes" to the UAC (User Account Control) warning, then ESET will download its components, register itself, and start itself.
  • In the new window that opens, tick the radio button next to Enable detection of potentially unwanted applications.
  • Then click "Advanced settings", and make sure there is a checkmark next to only the following items
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
    • Uncheck everything else including remove found threats
  • Now click on: start.png
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. ...The scan may appear to be finished sometimes...if there is a progress bar visible, it is still scanning!
  • When the scan completes, click List Found Threats (only if anything is found).
  • Then click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click back.png, then click finish.png to exit ESET Online Scanner.

Don't forget to re-enable your antivirus when finished!
 
In summary I will need from you:

  • Descriptions of any problems you're experiencing with your computer other than the spam e-mails
  • Whether or not the Community Program was installed on your system with your consent
  • Fixlog.txt
  • Eset Scan log if any threats were found

Let me know if you have any questions.

 

polskamachina






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users