Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

The Requested Resource is in use


  • This topic is locked This topic is locked
6 replies to this topic

#1 Reg65

Reg65

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 28 March 2017 - 03:09 PM

Hi, Having the same issue as a lot of folks, but everything I try from the forums isn't working?? when trying to download anything I get the famous "the requested resource is in use" for instance anything I put on my desktop and try to open it says" problem with shortcut. The protocol "https" does not have a registered program" so I cant send anything to my desktop or download anything. have been running farbar, but can't figure it out and rkill but it's not killing it. Any ideas???

Edit: Moved topic from Am I Infected to the more appropriate forum, at the request of Malware Removal Team Member. ~ Animal

Edited by Animal, 28 March 2017 - 04:40 PM.
Moved from MRL to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,309 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:10:58 PM

Posted 28 March 2017 - 04:16 PM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that Additional.txt is checked.
  • Press Scan button.
  • It will make 2 logs (FRST.txt and Addition.txt) in the same directory the tool is run. Please copy and paste them to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#3 Reg65

Reg65
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 28 March 2017 - 06:52 PM

OK here it is I think?

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Reg (administrator) on REG-PC (28-03-2017 16:46:02)
Running from E:\
Loaded Profiles: Reg (Available Profiles: Reg & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Farbar) E:\FRST64 reg.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [Monitor] => C:\Windows\PixArt\PAC207\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM-x32\...\Run: [EKStatusMonitor] => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-12-11] (Eastman Kodak Company)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RzWizard] => C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe [254976 2015-07-23] (Razer Inc.)
HKLM-x32\...\Run: [cpx] => "C:\Users\Reg\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <===== ATTENTION
HKLM-x32\...\Run: [svcvmx] => "C:\Users\Reg\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe" -starup
HKLM-x32\...\Run: [PC Matic] => C:\Program Files (x86)\PCPitstop\Super Shield\PCMaticRT.exe [2149632 2017-03-13] (PC Pitstop)
HKLM-x32\...\Run: [SMessaging] => C:\Users\Reg\AppData\Local\Strongvault Online Backup\SMessaging.exe
HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe
HKU\S-1-5-21-637743163-359830610-1581639983-1002\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [1041736 2012-10-16] ()
HKU\S-1-5-21-637743163-359830610-1581639983-1002\...\Run: [NavigatorGravity] => C:\Windows\system32\rundll32.exe "C:\Users\Reg\AppData\Local\NavigatorGravity\NavigatorGravity.dll",DllRegisterServer <===== ATTENTION
HKU\S-1-5-21-637743163-359830610-1581639983-1002\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe <===== ATTENTION
HKU\S-1-5-21-637743163-359830610-1581639983-1002\...\Run: [PCKeeperLive] => "C:\Program Files\Essentware\PCKeeper\PCKeeper.exe" /autorun
HKU\S-1-5-21-637743163-359830610-1581639983-1002\...\Run: [World of Tanks] => C:\Games\World_of_Tanks\WargamingGameUpdater.exe [3135752 2017-02-28] (Wargaming.net)
HKU\S-1-5-21-637743163-359830610-1581639983-1002\...\Run: [World of Tanks (1)] => C:\Program Files (x86)\World_of_Tanks\WargamingGameUpdater.exe [3135752 2017-02-28] (Wargaming.net)
HKU\S-1-5-21-637743163-359830610-1581639983-1002\...\Run: [World of Tanks (2)] => "C:\MyGames\World_of_Tanks\WargamingGameUpdater.exe"
HKU\S-1-5-21-637743163-359830610-1581639983-1002\...\Run: [Cb47T-hRdX.exe] => C:\Program Files\Reference Assemblies\D5O8DQ3G9KIVV77TSKCPJMU1O1QK4\Cb47T-hRdX.exe -r1_5 -r2_1
HKU\S-1-5-21-637743163-359830610-1581639983-1002\...\Run: [atstys] => rundll32.exe "C:\Users\Reg\AppData\Local\atstys.dll",atstys <===== ATTENTION
HKU\S-1-5-21-637743163-359830610-1581639983-1002\...\MountPoints2: {3cfe20de-f770-11e6-bec7-902b3491a72c} - E:\VerizonWirelessUpgradeAssistantSetup.exe
HKU\S-1-5-21-637743163-359830610-1581639983-1002\...\MountPoints2: {7d2077cb-a4b2-11e3-a268-902b3491a72c} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-637743163-359830610-1581639983-1002\...\MountPoints2: {81f80563-663f-11e5-9421-902b3491a72c} - E:\VerizonWirelessUpgradeAssistantSetup.exe -a
HKU\S-1-5-21-637743163-359830610-1581639983-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\WLXPGSS.SCR [306032 2010-04-17] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [KodakHomeCenter] => C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe [2234064 2014-05-06] (Eastman Kodak Company)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk [2014-11-18]
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk [2014-11-18]
ShortcutTarget: WDSmartWare.lnk -> C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
GroupPolicy\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:13081
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8361CBF8-BB68-4414-BE29-DAEAE910F5B3}: [DhcpNameServer] 192.168.10.1
Tcpip\..\Interfaces\{9A4DCE0F-7B29-40E2-B3BA-4D4EB1BBE047}: [DhcpNameServer] 192.168.10.1
Tcpip\..\Interfaces\{D1AF4BDA-21C3-48F3-8C78-A787A524533C}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mdaffmarmar_16_03&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuzytDtB0BtAyEzytC0AyBtB0Czy0EtByBtN0D0Tzu0StCyEyBzztN1L2XzutAtFtCyBtFyEtFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyB0BtCyC0AyDtDtGyE0AzyyDtG0BtCzztDtGtA0F0DtAtGtAtB0FzytDzytAyE0AyE0D0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtAyE0FyCtCzytCtG0E0B0F0AtGyE0C0B0CtG0BtC0BzytGyEyCtBtB0DtD0A0F0C0BtDtA2QtN0A0LzuyE%26cr%3D779565428%26a%3Dwbf_mdaffmarmar_16_03%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mdaffmarmar_16_03&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuzytDtB0BtAyEzytC0AyBtB0Czy0EtByBtN0D0Tzu0StCyEyBzztN1L2XzutAtFtCyBtFyEtFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyB0BtCyC0AyDtDtGyE0AzyyDtG0BtCzztDtGtA0F0DtAtGtAtB0FzytDzytAyE0AyE0D0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtAyE0FyCtCzytCtG0E0B0F0AtGyE0C0B0CtG0BtC0BzytGyEyCtBtB0DtD0A0F0C0BtDtA2QtN0A0LzuyE%26cr%3D779565428%26a%3Dwbf_mdaffmarmar_16_03%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-637743163-359830610-1581639983-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/
URLSearchHook: HKU\S-1-5-21-637743163-359830610-1581639983-1002 -> Default = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {21A51130-7285-49FE-B3F6-2385CC71CDEA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mdaffmarmar_16_03&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuzytDtB0BtAyEzytC0AyBtB0Czy0EtByBtN0D0Tzu0StCyEyBzztN1L2XzutAtFtCyBtFyEtFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyB0BtCyC0AyDtDtGyE0AzyyDtG0BtCzztDtGtA0F0DtAtGtAtB0FzytDzytAyE0AyE0D0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtAyE0FyCtCzytCtG0E0B0F0AtGyE0C0B0CtG0BtC0BzytGyEyCtBtB0DtD0A0F0C0BtDtA2QtN0A0LzuyE%26cr%3D779565428%26a%3Dwbf_mdaffmarmar_16_03%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKLM -> {6586d803-df30-46d3-a89a-4136c8571d45} URL =
SearchScopes: HKLM -> {E4030273-2DF0-40FF-ACA7-A6BC0B33BD1E} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mdaffmarmar_16_03&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuzytDtB0BtAyEzytC0AyBtB0Czy0EtByBtN0D0Tzu0StCyEyBzztN1L2XzutAtFtCyBtFyEtFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyB0BtCyC0AyDtDtGyE0AzyyDtG0BtCzztDtGtA0F0DtAtGtAtB0FzytDzytAyE0AyE0D0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtAyE0FyCtCzytCtG0E0B0F0AtGyE0C0B0CtG0BtC0BzytGyEyCtBtB0DtD0A0F0C0BtDtA2QtN0A0LzuyE%26cr%3D779565428%26a%3Dwbf_mdaffmarmar_16_03%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {21A51130-7285-49FE-B3F6-2385CC71CDEA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> {F42D4712-298F-4502-8668-7B9940C3FB00} URL = hxxp://www.basicseek.com/?prt=BASICSEEK111&keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-637743163-359830610-1581639983-1002 -> DefaultScope {E4030273-2DF0-40FF-ACA7-A6BC0B33BD1E} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mdaffmarmar_16_03&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuzytDtB0BtAyEzytC0AyBtB0Czy0EtByBtN0D0Tzu0StCyEyBzztN1L2XzutAtFtCyBtFyEtFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyB0BtCyC0AyDtDtGyE0AzyyDtG0BtCzztDtGtA0F0DtAtGtAtB0FzytDzytAyE0AyE0D0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtAyE0FyCtCzytCtG0E0B0F0AtGyE0C0B0CtG0BtC0BzytGyEyCtBtB0DtD0A0F0C0BtDtA2QtN0A0LzuyE%26cr%3D779565428%26a%3Dwbf_mdaffmarmar_16_03%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKU\S-1-5-21-637743163-359830610-1581639983-1002 -> 744F6AE4A90541FBA148CCFAB970DDCD URL = hxxp://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}
SearchScopes: HKU\S-1-5-21-637743163-359830610-1581639983-1002 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKU\S-1-5-21-637743163-359830610-1581639983-1002 -> {6586d803-df30-46d3-a89a-4136c8571d45} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-637743163-359830610-1581639983-1002 -> {E4030273-2DF0-40FF-ACA7-A6BC0B33BD1E} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mdaffmarmar_16_03&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuzytDtB0BtAyEzytC0AyBtB0Czy0EtByBtN0D0Tzu0StCyEyBzztN1L2XzutAtFtCyBtFyEtFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StCyB0BtCyC0AyDtDtGyE0AzyyDtG0BtCzztDtGtA0F0DtAtGtAtB0FzytDzytAyE0AyE0D0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtAyE0FyCtCzytCtG0E0B0F0AtGyE0C0B0CtG0BtC0BzytGyEyCtBtB0DtD0A0F0C0BtDtA2QtN0A0LzuyE%26cr%3D779565428%26a%3Dwbf_mdaffmarmar_16_03%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
BHO: tperfectcoupon -> {c4a43d36-52b2-48ca-b615-96fb4717e806} -> C:\ProgramData\tperfectcoupon\NQOv4lfjMdtN6h.x64.dll => No File
BHO: Youtube AdBlock -> {E3605470-291B-44EB-8648-745EE356599A} -> C:\Program Files (x86)\Youtube AdBlockIE\nZPYhQ3t.dll [2017-03-26] ()
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll => No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files (x86)\VIPRE\VSG.dll => No File
BHO-x32: Youtube AdBlock -> {E3605470-291B-44EB-8648-745EE356599A} -> C:\Program Files (x86)\Youtube AdBlockIE\VuxHme.dll [2017-03-26] ()
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll No File
Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} -  No File
Toolbar: HKU\S-1-5-21-637743163-359830610-1581639983-1002 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-637743163-359830610-1581639983-1002 -> No Name - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} -  No File
DPF: HKLM-x32 {6E4D2FAB-48D3-4337-8077-1C8A3BEA7903} hxxp://chat32.live800.com/live800/chatClient/CatchScreen.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSG.dll No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: xozkc9x0.default
FF ProfilePath: C:\Users\Reg\AppData\Roaming\Mozilla\Firefox\Profiles\xozkc9x0.default [2017-03-28]
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\xozkc9x0.default ->
FF Homepage: Mozilla\Firefox\Profiles\xozkc9x0.default -> user_pref("browser.startup.homepage", "about:home"about:home);
FF Keyword.URL: Mozilla\Firefox\Profiles\xozkc9x0.default -> hxxp://www-searching.com/search.aspx?site=shdefault1&prd=smw&pid=s&shr=d&q={searchTerms}&s=Unknown
FF Extension: (Site Deployment Checker) - C:\Users\Reg\AppData\Roaming\Mozilla\Firefox\Profiles\xozkc9x0.default\features\{831d58c0-9f1c-4c8f-a5d4-2fe78c49af8a}\deployment-checker@mozilla.org.xpi [2017-03-26]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Program Files (x86)\Arc\plugins\NPSWF32.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2012-10-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2012-10-02] (NVIDIA Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Reg\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-05-27] (Raidcall)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://www.bing.com/search?q={searchTerms}&PC=U316&FORM=CHROMN
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultNewTabURL: Default -> hxxps://www.bing.com/chrome/newtab
CHR DefaultSuggestURL: Default -> hxxps://www.bing.com/osjson.aspx?query={searchTerms}&language={language}&PC=U316
CHR Profile: C:\Users\Reg\AppData\Local\Google\Chrome\User Data\Default [2017-03-27]
CHR Extension: (Google Docs Offline) - C:\Users\Reg\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-26]
CHR Extension: (Adblocker for Youtube™) - C:\Users\Reg\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmdddjjglognmjabocecnpejkjfpiii [2017-03-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Reg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-26]
CHR Extension: (PC Matic) - C:\Users\Reg\AppData\Local\Google\Chrome\User Data\Default\Extensions\okmhneofinpilciglijihehjpaegledb [2017-03-26]
CHR Extension: (Gmail) - C:\Users\Reg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-26]
CHR Extension: (Chrome Media Router) - C:\Users\Reg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-26]
CHR HKU\S-1-5-21-637743163-359830610-1581639983-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlcgehabolcakkjhgmgpkagpolbjlhfa] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [okmhneofinpilciglijihehjpaegledb] - <no Path/update_url>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-04] (Advanced Micro Devices, Inc.) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S2 Dataup; C:\Program Files (x86)\ntuserlitelist\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
S3 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
S3 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [231752 2012-09-24] (NETGEAR)
S2 PCPitstop Realtime; C:\Program Files (x86)\PCPitstop\Super Shield\PCPitstopRTService.exe [747776 2017-03-13] (PC Pitstop)
S3 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S3 RzWizardService; C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe [368128 2015-07-23] (Razer Inc.) [File not signed]
S2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [129536 2009-11-13] (WDC) [File not signed]
S2 WDSmartWareBackgroundService; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 windowsmanagementservice; C:\Users\Reg\AppData\Local\microlabs\ct.exe [852480 2017-03-26] () [File not signed] <==== ATTENTION
S3 hwifisvc; c:\program files (x86)\hotspot\hwifisvc.dll [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()
R0 drmkpro64; C:\Windows\System32\drivers\ndistpr64.sys [76576 2017-03-26] () [File not signed] <==== ATTENTION
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [40584 2015-08-27] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
S2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2013-04-26] (CACE Technologies, Inc.)
S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [572416 2006-12-05] (PixArt Imaging Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-03-28] ()
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S1 HWifiNetPro; \??\C:\Program Files (x86)\Hotspot\HWifiNetPro64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-28 14:09 - 2017-03-28 14:09 - 00011634 _____ C:\Program Files (x86)\Fixlog.txt
2017-03-28 13:37 - 2017-03-28 13:37 - 00021120 _____ C:\Program Files (x86)\reg fixlist.txt
2017-03-28 13:35 - 2017-03-28 13:35 - 00021120 _____ C:\Program Files (x86)\fixlist.txt
2017-03-28 12:50 - 2017-03-28 12:50 - 00001501 _____ C:\Users\Reg\Desktop\mb3-setup-consumer-3.0.6.1469-1075 - Shortcut.lnk
2017-03-28 12:38 - 2017-03-28 12:38 - 00002199 _____ C:\Users\Reg\Desktop\The Requested Resource is in Use - Page 2 - Virus, Trojan, Spyware, and Malware Removal Logs.url
2017-03-28 12:33 - 2017-03-26 00:24 - 00000908 _____ C:\Users\Reg\Desktop\run.vbs
2017-03-27 20:22 - 2017-03-28 08:17 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-03-27 20:21 - 2017-03-27 20:51 - 00000000 ____D C:\ProgramData\RogueKiller
2017-03-27 20:21 - 2017-03-27 20:21 - 00000818 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-03-27 20:21 - 2017-03-27 20:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-03-27 20:21 - 2017-03-27 20:21 - 00000000 ____D C:\Program Files\RogueKiller
2017-03-27 20:16 - 2017-03-27 20:16 - 00271936 _____ C:\Windows\Minidump\032717-20545-01.dmp
2017-03-27 20:11 - 2017-03-27 20:11 - 00001285 _____ C:\Users\Reg\Desktop\AdwCleaner - Shortcut.lnk
2017-03-27 20:07 - 2017-03-27 20:07 - 00271936 _____ C:\Windows\Minidump\032717-27892-01.dmp
2017-03-27 20:03 - 2017-03-27 20:03 - 02030536 _____ (Bleeping Computer, LLC) C:\Program Files (x86)\rkill.exe
2017-03-27 20:02 - 2017-03-27 20:11 - 00000000 ____D C:\AdwCleaner
2017-03-27 20:01 - 2017-03-27 20:02 - 04031440 _____ C:\Program Files (x86)\reg brown.exe
2017-03-27 19:42 - 2017-03-27 19:42 - 00064227 _____ C:\Program Files (x86)\Shortcut.txt
2017-03-27 19:42 - 2017-03-27 19:42 - 00052436 _____ C:\Program Files (x86)\Addition.txt
2017-03-27 19:41 - 2017-03-27 19:41 - 02424832 _____ (Farbar) C:\Program Files (x86)\FRST64 reg.exe
2017-03-27 19:05 - 2017-03-28 16:34 - 00000000 ____D C:\FRST
2017-03-27 18:27 - 2017-03-27 18:27 - 00000274 _____ C:\Users\Reg\Desktop\Bing.url
2017-03-27 15:28 - 2017-03-27 19:22 - 57131432 _____ (Malwarebytes ) C:\Program Files (x86)\mb3-setup-consumer-3.0.6.1469-1075.exe
2017-03-27 12:19 - 2017-03-28 16:24 - 00000000 ____D C:\Windows\pss
2017-03-27 12:01 - 2017-03-27 12:01 - 00001196 _____ C:\Users\Reg\Desktop\YouTube (2).url
2017-03-27 11:30 - 2017-03-27 11:30 - 00002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-03-27 03:53 - 2017-03-27 03:53 - 00657408 ____H (te ) C:\Windows\system32\BIT8AFF.tmp
2017-03-27 03:53 - 2017-03-27 03:53 - 00657408 ____H (te ) C:\Windows\system32\BIT52B2.tmp
2017-03-27 02:34 - 2017-03-27 02:34 - 00276456 _____ C:\Windows\Minidump\032717-17596-01.dmp
2017-03-27 02:16 - 2017-03-27 02:16 - 00276456 _____ C:\Windows\Minidump\032717-17628-01.dmp
2017-03-27 02:06 - 2017-03-27 02:06 - 00276456 _____ C:\Windows\Minidump\032717-20280-01.dmp
2017-03-27 01:55 - 2017-03-27 01:55 - 00276456 _____ C:\Windows\Minidump\032717-18704-01.dmp
2017-03-27 01:41 - 2017-03-27 01:41 - 00276456 _____ C:\Windows\Minidump\032717-21684-01.dmp
2017-03-27 01:17 - 2017-03-27 01:17 - 00276456 _____ C:\Windows\Minidump\032717-21325-01.dmp
2017-03-27 01:06 - 2017-03-27 01:06 - 00276456 _____ C:\Windows\Minidump\032717-21980-01.dmp
2017-03-27 00:54 - 2017-03-27 00:54 - 00276456 _____ C:\Windows\Minidump\032717-23134-01.dmp
2017-03-27 00:19 - 2017-03-27 00:19 - 00276456 _____ C:\Windows\Minidump\032717-20935-01.dmp
2017-03-27 00:06 - 2017-03-27 00:06 - 00276456 _____ C:\Windows\Minidump\032717-21637-01.dmp
2017-03-26 23:54 - 2017-03-26 23:54 - 00276456 _____ C:\Windows\Minidump\032617-27814-01.dmp
2017-03-26 23:49 - 2017-03-27 17:38 - 00625272 _____ C:\Windows\system32\NetUtils2016.dll
2017-03-26 23:49 - 2017-03-26 23:49 - 00000000 ____D C:\Windows\SysWOW64\sstmp
2017-03-26 23:49 - 2017-03-26 23:49 - 00000000 ____D C:\Windows\system32\sstmp
2017-03-26 20:05 - 2017-03-26 20:05 - 00276456 _____ C:\Windows\Minidump\032617-22588-01.dmp
2017-03-26 19:46 - 2017-03-26 19:46 - 00000000 ____D C:\ProgramData\345b0587-6123-1
2017-03-26 19:46 - 2017-03-26 19:46 - 00000000 ____D C:\ProgramData\345b0587-19e7-0
2017-03-26 19:42 - 2017-03-26 19:55 - 00002048 _____ C:\Users\Reg\AppData\Local\uninstallro.exe
2017-03-26 19:42 - 2017-03-26 19:42 - 00000000 ____D C:\Users\Reg\AppData\Local\CrashRpt
2017-03-26 19:40 - 2017-03-26 19:40 - 00276456 _____ C:\Windows\Minidump\032617-18127-01.dmp
2017-03-26 19:37 - 2017-03-27 00:46 - 00327680 _____ C:\ProgramData\smp2.exe.pcpquar
2017-03-26 19:36 - 2017-03-27 20:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Socia2Se Browser Enhancer
2017-03-26 19:35 - 2017-03-28 13:52 - 00000000 ____D C:\Users\Reg\AppData\LocalLow\Youtube AdBlock
2017-03-26 19:35 - 2017-03-27 17:34 - 00000000 ____D C:\Program Files (x86)\Youtube AdBlockIE
2017-03-26 19:35 - 2017-03-26 19:40 - 00000300 _____ C:\Windows\Tasks\Update Service for Youtube AdBlock2.job
2017-03-26 19:35 - 2017-03-26 19:35 - 00002876 _____ C:\Windows\System32\Tasks\Update Service for Youtube AdBlock2
2017-03-26 19:35 - 2017-03-26 19:35 - 00000000 ____D C:\Users\Reg\AppData\Local\microlabs
2017-03-26 19:35 - 2017-03-14 20:25 - 00000196 _____ C:\Users\Reg\Desktop\Download video and audio online.url
2017-03-26 19:34 - 2017-03-28 16:36 - 00000300 _____ C:\Windows\Tasks\Update Service for Youtube AdBlock.job
2017-03-26 19:34 - 2017-03-27 17:34 - 00000000 ____D C:\Program Files (x86)\Youtube AdBlockU
2017-03-26 19:34 - 2017-03-27 17:33 - 00000000 ____D C:\Users\Reg\AppData\Local\ntuserlitelist
2017-03-26 19:34 - 2017-03-26 19:34 - 00833024 ____N C:\Windows\system32\tprdpw32.exe
2017-03-26 19:34 - 2017-03-26 19:34 - 00076576 ____N C:\Windows\system32\Drivers\ndistpr64.sys
2017-03-26 19:34 - 2017-03-26 19:34 - 00002574 _____ C:\Windows\System32\Tasks\Update Service for Youtube AdBlock
2017-03-26 19:34 - 2017-03-26 19:34 - 00000870 _____ C:\Users\Reg\Desktop\s5.lnk
2017-03-26 19:34 - 2017-03-26 19:34 - 00000000 ____D C:\ProgramData\1490582087
2017-03-26 18:28 - 2017-03-27 17:34 - 00000000 ____D C:\Users\PCPitstopSVC
2017-03-26 18:28 - 2017-03-26 18:28 - 00000020 ___SH C:\Users\PCPitstopSVC\ntuser.ini
2017-03-26 18:28 - 2017-03-26 18:28 - 00000000 _SHDL C:\Users\PCPitstopSVC\My Documents
2017-03-26 18:28 - 2017-03-26 18:28 - 00000000 _SHDL C:\Users\PCPitstopSVC\Documents\My Videos
2017-03-26 18:28 - 2017-03-26 18:28 - 00000000 _SHDL C:\Users\PCPitstopSVC\Documents\My Pictures
2017-03-26 18:28 - 2017-03-26 18:28 - 00000000 _SHDL C:\Users\PCPitstopSVC\Documents\My Music
2017-03-26 18:28 - 2017-03-26 17:30 - 00000000 ____D C:\Users\PCPitstopSVC\AppData\Local\AdvinstAnalytics
2017-03-26 18:28 - 2014-09-01 07:07 - 00000000 ____D C:\Users\PCPitstopSVC\AppData\Local\Eastman_Kodak_Company
2017-03-26 18:28 - 2014-09-01 06:46 - 00800824 _____ (Microsoft Corporation) C:\Users\PCPitstopSVC\AppData\Roaming\DPInst.exe
2017-03-26 18:28 - 2014-09-01 06:46 - 00106496 _____ (Microsoft Corporation) C:\Users\PCPitstopSVC\AppData\Roaming\gacutil.exe
2017-03-26 18:28 - 2014-09-01 06:46 - 00036352 _____ (Microsoft Corporation) C:\Users\PCPitstopSVC\AppData\Roaming\PnPutil.exe
2017-03-26 18:28 - 2014-09-01 06:46 - 00000181 _____ C:\Users\PCPitstopSVC\AppData\Roaming\gacutil.exe.config
2017-03-26 18:28 - 2014-09-01 06:46 - 00000000 ____D C:\Users\PCPitstopSVC\AppData\Roaming\Temp
2017-03-26 18:28 - 2014-09-01 06:46 - 00000000 ____D C:\Users\PCPitstopSVC\AppData\Roaming\KODAK AiO Home Center1245897392
2017-03-26 18:28 - 2013-01-10 10:37 - 00000000 ____D C:\Users\PCPitstopSVC\AppData\Roaming\TuneUp Software
2017-03-26 18:28 - 2010-11-21 00:16 - 00000000 ____D C:\Users\PCPitstopSVC\AppData\Roaming\Media Center Programs
2017-03-26 17:59 - 2017-03-27 17:33 - 00000000 ____D C:\Users\Reg\AppData\LocalLow\Adblock Plus for IE
2017-03-26 17:12 - 2017-03-26 17:14 - 06091376 _____ (PC Pitstop LLC ) C:\Users\Reg\Downloads\pcmatic-setup-0002.exe
2017-03-26 16:10 - 2017-03-27 11:28 - 00000000 ____D C:\Users\Reg\AppData\Local\Deployment
2017-03-26 16:10 - 2017-03-26 17:59 - 00000000 ____D C:\Users\Reg\AppData\Local\Apps\2.0
2017-03-26 16:05 - 2017-03-27 11:34 - 00000000 ____D C:\Users\Reg\AppData\LocalLow\Mozilla
2017-03-26 16:05 - 2017-03-26 18:24 - 00000000 ____D C:\Users\Reg\AppData\Local\Mozilla
2017-03-26 13:19 - 2017-03-26 13:49 - 00000000 ____D C:\Users\Reg\AppData\Local\llssoft
2017-03-26 13:16 - 2017-03-27 17:34 - 00000000 ____D C:\Program Files (x86)\ntuserlitelist
2017-03-26 13:10 - 2017-03-26 17:30 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
2017-03-26 13:10 - 2017-03-26 17:30 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
2017-03-26 13:10 - 2017-03-26 16:05 - 00000000 ____D C:\Users\Reg\AppData\Roaming\Mozilla
2017-03-26 13:10 - 2017-03-26 13:10 - 00041472 _____ C:\Users\Reg\AppData\Local\Tamptone.dat
2017-03-26 13:10 - 2017-03-26 13:10 - 00000000 ____D C:\Users\Reg\AppData\Roaming\c
2017-03-26 13:10 - 2017-03-26 13:10 - 00000000 ____D C:\ProgramData\1490559051
2017-03-26 13:09 - 2017-03-26 13:09 - 07298560 _____ C:\Users\Reg\AppData\Roaming\agent.dat
2017-03-26 13:09 - 2017-03-26 13:09 - 01895384 _____ C:\Users\Reg\AppData\Roaming\Zim-Tough.bin
2017-03-26 13:09 - 2017-03-26 13:09 - 01893376 _____ C:\Users\Reg\AppData\Roaming\Danfresh.tst
2017-03-26 13:09 - 2017-03-26 13:09 - 00136827 _____ () C:\Users\Reg\AppData\Roaming\Unatintouch.bin.pcpquar
2017-03-26 13:09 - 2017-03-26 13:09 - 00126464 _____ C:\Users\Reg\AppData\Roaming\noah.dat
2017-03-26 13:09 - 2017-03-26 13:09 - 00070752 _____ C:\Users\Reg\AppData\Roaming\Config.xml
2017-03-26 13:09 - 2017-03-26 13:09 - 00018432 _____ C:\Users\Reg\AppData\Roaming\Main.dat
2017-03-26 13:09 - 2017-03-26 13:09 - 00005568 _____ C:\Users\Reg\AppData\Roaming\md.xml
2017-03-26 13:09 - 2017-03-26 13:09 - 00000000 ____D C:\ProgramData\Plusdaxs
2017-03-26 13:08 - 2017-03-26 13:08 - 00278508 _____ C:\Users\Reg\AppData\Roaming\UnoTontech.bin
2017-03-26 13:07 - 2017-03-26 13:08 - 00019056 _____ C:\Users\Reg\AppData\Roaming\InstallationConfiguration.xml
2017-03-26 13:07 - 2017-03-26 13:07 - 00140288 _____ C:\Users\Reg\AppData\Roaming\Installer.dat
2017-03-26 12:44 - 2017-03-26 12:44 - 00000000 ____D C:\Program Files (x86)\LG Electronics
2017-03-23 18:22 - 2017-03-27 17:34 - 00000000 ____D C:\Program Files (x86)\World_of_Tanks
2017-03-23 18:22 - 2017-03-23 18:22 - 00001064 ____H C:\Users\Public\Desktop\World of Tanks.lnk
2017-03-21 11:42 - 2017-03-21 11:42 - 03207871 _____ C:\Windows\74f1f789e1e1b4ae99eadf2ccc6a083d.exe
2017-03-14 16:50 - 2017-03-04 10:24 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-03-14 16:50 - 2017-03-04 09:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-03-14 16:50 - 2017-03-04 01:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-03-14 16:50 - 2017-03-04 01:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-03-14 16:50 - 2017-03-04 01:02 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-03-14 16:50 - 2017-03-04 01:01 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-03-14 16:50 - 2017-03-04 01:01 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-03-14 16:50 - 2017-03-04 01:01 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-03-14 16:50 - 2017-03-04 01:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-03-14 16:50 - 2017-03-04 00:59 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-03-14 16:50 - 2017-03-04 00:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-03-14 16:50 - 2017-03-04 00:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-03-14 16:50 - 2017-03-04 00:48 - 25746944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-03-14 16:50 - 2017-03-04 00:46 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-03-14 16:50 - 2017-03-04 00:45 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-03-14 16:50 - 2017-03-04 00:45 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-03-14 16:50 - 2017-03-04 00:45 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-03-14 16:50 - 2017-03-04 00:44 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-03-14 16:50 - 2017-03-04 00:36 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-03-14 16:50 - 2017-03-04 00:32 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-03-14 16:50 - 2017-03-04 00:31 - 06045696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-03-14 16:50 - 2017-03-04 00:23 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-03-14 16:50 - 2017-03-04 00:21 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-03-14 16:50 - 2017-03-04 00:16 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-03-14 16:50 - 2017-03-04 00:16 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-03-14 16:50 - 2017-03-04 00:13 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-03-14 16:50 - 2017-03-04 00:11 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-03-14 16:50 - 2017-03-03 23:57 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-03-14 16:50 - 2017-03-03 23:55 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-03-14 16:50 - 2017-03-03 23:54 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-03-14 16:50 - 2017-03-03 23:52 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-03-14 16:50 - 2017-03-03 23:52 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-03-14 16:50 - 2017-03-03 23:26 - 15259648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-03-14 16:50 - 2017-03-03 23:25 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-03-14 16:50 - 2017-03-03 23:12 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-03-14 16:50 - 2017-03-03 23:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-03-14 16:50 - 2017-03-03 21:18 - 20281856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-03-14 16:50 - 2017-03-02 11:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-03-14 16:50 - 2017-03-02 11:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-03-14 16:50 - 2017-03-02 11:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-03-14 16:50 - 2017-03-02 11:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-03-14 16:50 - 2017-03-02 11:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-03-14 16:50 - 2017-03-02 11:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-03-14 16:50 - 2017-03-02 10:55 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-03-14 16:50 - 2017-03-02 10:54 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-03-14 16:50 - 2017-03-02 10:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-03-14 16:50 - 2017-03-02 10:51 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-03-14 16:50 - 2017-03-02 10:50 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-03-14 16:50 - 2017-03-02 10:49 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-03-14 16:50 - 2017-03-02 10:49 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-03-14 16:50 - 2017-03-02 10:41 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-03-14 16:50 - 2017-03-02 10:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-03-14 16:50 - 2017-03-02 10:35 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-03-14 16:50 - 2017-03-02 10:32 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-03-14 16:50 - 2017-03-02 10:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-03-14 16:50 - 2017-03-02 10:29 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-03-14 16:50 - 2017-03-02 10:28 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-03-14 16:50 - 2017-03-02 10:22 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-03-14 16:50 - 2017-03-02 10:21 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-03-14 16:50 - 2017-03-02 10:19 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-03-14 16:50 - 2017-03-02 10:17 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-03-14 16:50 - 2017-03-02 10:17 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-03-14 16:50 - 2017-03-02 10:11 - 13654528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-03-14 16:50 - 2017-03-02 09:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-03-14 16:50 - 2017-03-02 09:50 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-03-14 16:50 - 2017-03-02 09:50 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-03-14 16:50 - 2017-02-11 08:58 - 00462848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-03-14 16:50 - 2017-02-11 08:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-03-14 16:50 - 2017-02-11 08:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-03-14 16:50 - 2017-02-10 09:32 - 00803328 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-03-14 16:50 - 2017-02-10 09:32 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-03-14 16:50 - 2017-02-10 09:17 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-03-14 16:50 - 2017-02-10 09:17 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-03-14 16:50 - 2017-02-10 07:33 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-03-14 16:50 - 2017-02-09 09:36 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-03-14 16:50 - 2017-02-09 09:35 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-03-14 16:50 - 2017-02-09 09:35 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-03-14 16:50 - 2017-02-09 09:35 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-03-14 16:50 - 2017-02-09 09:35 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-03-14 16:50 - 2017-02-09 09:33 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-03-14 16:50 - 2017-02-09 09:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-03-14 16:50 - 2017-02-09 09:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-03-14 16:50 - 2017-02-09 09:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-03-14 16:50 - 2017-02-09 09:32 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-03-14 16:50 - 2017-02-09 09:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-03-14 16:50 - 2017-02-09 09:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-03-14 16:50 - 2017-02-09 09:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-03-14 16:50 - 2017-02-09 09:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-03-14 16:50 - 2017-02-09 09:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-03-14 16:50 - 2017-02-09 09:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-03-14 16:50 - 2017-02-09 09:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-03-14 16:50 - 2017-02-09 09:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-03-14 16:50 - 2017-02-09 09:32 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2017-03-14 16:50 - 2017-02-09 09:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-03-14 16:50 - 2017-02-09 09:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-03-14 16:50 - 2017-02-09 09:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-03-14 16:50 - 2017-02-09 09:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-03-14 16:50 - 2017-02-09 09:31 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-03-14 16:50 - 2017-02-09 09:31 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-03-14 16:50 - 2017-02-09 09:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-03-14 16:50 - 2017-02-09 09:31 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-03-14 16:50 - 2017-02-09 09:31 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-03-14 16:50 - 2017-02-09 09:31 - 00625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2017-03-14 16:50 - 2017-02-09 09:31 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-03-14 16:50 - 2017-02-09 09:31 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-03-14 16:50 - 2017-02-09 09:31 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-03-14 16:50 - 2017-02-09 09:31 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-03-14 16:50 - 2017-02-09 09:31 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2017-03-14 16:50 - 2017-02-09 09:31 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-03-14 16:50 - 2017-02-09 09:31 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-03-14 16:50 - 2017-02-09 09:31 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-03-14 16:50 - 2017-02-09 09:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-03-14 16:50 - 2017-02-09 09:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-03-14 16:50 - 2017-02-09 09:31 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-03-14 16:50 - 2017-02-09 09:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-03-14 16:50 - 2017-02-09 09:31 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-03-14 16:50 - 2017-02-09 09:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-03-14 16:50 - 2017-02-09 09:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-03-14 16:50 - 2017-02-09 09:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-03-14 16:50 - 2017-02-09 09:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-14 16:50 - 2017-02-09 09:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-14 16:50 - 2017-02-09 09:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-14 16:50 - 2017-02-09 09:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-03-14 16:50 - 2017-02-09 09:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-14 16:50 - 2017-02-09 09:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-03-14 16:50 - 2017-02-09 09:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-14 16:50 - 2017-02-09 09:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-14 16:50 - 2017-02-09 09:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-14 16:50 - 2017-02-09 09:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-03-14 16:50 - 2017-02-09 09:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-03-14 16:50 - 2017-02-09 09:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-14 16:50 - 2017-02-09 09:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-03-14 16:50 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-03-14 16:50 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-03-14 16:50 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-03-14 16:50 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-03-14 16:50 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-03-14 16:50 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-14 16:50 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-03-14 16:50 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-03-14 16:50 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-14 16:50 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-03-14 16:50 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-03-14 16:50 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-03-14 16:50 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-03-14 16:50 - 2017-02-09 09:19 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-03-14 16:50 - 2017-02-09 09:19 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-03-14 16:50 - 2017-02-09 09:16 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-03-14 16:50 - 2017-02-09 09:14 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-03-14 16:50 - 2017-02-09 09:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-03-14 16:50 - 2017-02-09 09:14 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-03-14 16:50 - 2017-02-09 09:14 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-03-14 16:50 - 2017-02-09 09:14 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-03-14 16:50 - 2017-02-09 09:14 - 00481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2017-03-14 16:50 - 2017-02-09 09:14 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-03-14 16:50 - 2017-02-09 09:14 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-03-14 16:50 - 2017-02-09 09:14 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-03-14 16:50 - 2017-02-09 09:14 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-03-14 16:50 - 2017-02-09 09:14 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-03-14 16:50 - 2017-02-09 09:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2017-03-14 16:50 - 2017-02-09 09:14 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-03-14 16:50 - 2017-02-09 09:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-03-14 16:50 - 2017-02-09 09:14 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-03-14 16:50 - 2017-02-09 09:14 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-03-14 16:50 - 2017-02-09 09:14 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-03-14 16:50 - 2017-02-09 09:14 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-03-14 16:50 - 2017-02-09 09:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-03-14 16:50 - 2017-02-09 09:14 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-03-14 16:50 - 2017-02-09 09:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-03-14 16:50 - 2017-02-09 09:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-03-14 16:50 - 2017-02-09 09:14 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-03-14 16:50 - 2017-02-09 09:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-03-14 16:50 - 2017-02-09 09:14 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-03-14 16:50 - 2017-02-09 09:14 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-03-14 16:50 - 2017-02-09 09:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-14 16:50 - 2017-02-09 09:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-14 16:50 - 2017-02-09 09:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-03-14 16:50 - 2017-02-09 09:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-03-14 16:50 - 2017-02-09 09:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-14 16:50 - 2017-02-09 09:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-03-14 16:50 - 2017-02-09 09:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-14 16:50 - 2017-02-09 09:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-14 16:50 - 2017-02-09 09:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-03-14 16:50 - 2017-02-09 09:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-14 16:50 - 2017-02-09 09:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-14 16:50 - 2017-02-09 09:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-03-14 16:50 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-03-14 16:50 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-14 16:50 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-03-14 16:50 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-03-14 16:50 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-03-14 16:50 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-03-14 16:50 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-14 16:50 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-03-14 16:50 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-03-14 16:50 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-03-14 16:50 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-03-14 16:50 - 2017-02-09 09:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-03-14 16:50 - 2017-02-09 09:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-03-14 16:50 - 2017-02-09 09:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-03-14 16:50 - 2017-02-09 09:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-03-14 16:50 - 2017-02-09 09:00 - 03220480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-03-14 16:50 - 2017-02-09 08:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-03-14 16:50 - 2017-02-09 08:58 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-03-14 16:50 - 2017-02-09 08:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-03-14 16:50 - 2017-02-09 08:55 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-03-14 16:50 - 2017-02-09 08:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-03-14 16:50 - 2017-02-09 08:54 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-03-14 16:50 - 2017-02-09 08:54 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-03-14 16:50 - 2017-02-09 08:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-03-14 16:50 - 2017-02-09 08:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll
2017-03-14 16:50 - 2017-02-09 08:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-03-14 16:50 - 2017-02-09 08:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-03-14 16:50 - 2017-02-09 08:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-03-14 16:50 - 2017-02-09 08:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-03-14 16:50 - 2017-02-09 08:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-03-14 16:50 - 2017-02-09 08:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-03-14 16:50 - 2017-02-09 08:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-14 16:50 - 2017-02-09 08:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-03-14 16:50 - 2017-02-09 08:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-03-14 16:50 - 2017-02-09 07:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-03-14 16:50 - 2017-02-09 07:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-03-14 16:50 - 2017-02-06 09:14 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-03-14 16:50 - 2017-01-13 11:00 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-03-14 16:50 - 2017-01-13 11:00 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2017-03-14 16:50 - 2017-01-13 10:45 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-03-14 16:50 - 2017-01-13 10:45 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2017-03-14 16:50 - 2017-01-11 11:01 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-03-14 16:50 - 2017-01-11 11:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2017-03-14 16:50 - 2017-01-11 10:43 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-03-14 16:50 - 2017-01-11 10:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2017-03-14 16:50 - 2017-01-06 11:00 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-03-14 16:50 - 2017-01-06 10:44 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-03-14 16:47 - 2017-02-22 16:42 - 00084712 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-03-14 16:47 - 2017-02-22 16:37 - 01285632 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-03-14 16:47 - 2017-02-18 07:05 - 01609216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-03-14 16:47 - 2017-02-18 07:05 - 00646656 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-03-14 16:47 - 2016-12-31 08:36 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-03-14 16:47 - 2016-12-31 08:36 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-03-14 16:47 - 2016-12-31 08:36 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-03-14 16:47 - 2016-12-31 08:36 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-03-14 16:47 - 2016-12-31 08:36 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-02-28 14:40 - 2017-02-23 10:17 - 00000000 ____D C:\scripts

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-28 16:44 - 2009-07-13 22:13 - 00797928 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-28 16:44 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2017-03-28 16:38 - 2014-11-11 11:26 - 00000000 ____D C:\ProgramData\PCPitstopDat
2017-03-28 16:36 - 2013-04-24 19:13 - 00000000 ____D C:\ProgramData\Kodak
2017-03-28 16:36 - 2013-01-30 08:38 - 00000354 _____ C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job
2017-03-28 16:36 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-28 14:09 - 2009-07-13 20:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-03-28 12:51 - 2009-07-13 21:45 - 00028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-28 12:51 - 2009-07-13 21:45 - 00028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-28 11:13 - 2012-11-27 12:40 - 00000000 ____D C:\Users\Reg\AppData\Local\ElevatedDiagnostics
2017-03-28 10:09 - 2014-11-11 09:30 - 00000000 ____D C:\ProgramData\PCPitstop
2017-03-28 06:34 - 2014-11-22 20:03 - 00000000 ____D C:\Users\Reg\AppData\Local\CrashDumps
2017-03-27 20:47 - 2015-10-27 23:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks euro
2017-03-27 20:47 - 2015-08-28 21:44 - 00000000 ____D C:\Users\Reg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Warplanes
2017-03-27 20:47 - 2015-08-27 22:07 - 00000000 ____D C:\Users\Reg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Warships
2017-03-27 20:47 - 2014-09-15 18:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2017-03-27 20:47 - 2014-05-22 12:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks - Common Test
2017-03-27 20:47 - 2013-12-08 01:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warplanes
2017-03-27 20:47 - 2013-11-17 01:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2017-03-27 20:47 - 2012-12-01 14:49 - 00000000 ____D C:\Users\Reg\AppData\Roaming\Yahoo!
2017-03-27 20:47 - 2012-12-01 14:49 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2017-03-27 20:47 - 2012-11-28 16:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks
2017-03-27 20:16 - 2015-11-01 11:40 - 413500997 _____ C:\Windows\MEMORY.DMP
2017-03-27 20:16 - 2015-11-01 11:40 - 00000000 ____D C:\Windows\Minidump
2017-03-27 18:36 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2017-03-27 17:58 - 2014-11-11 09:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Pitstop
2017-03-27 17:34 - 2017-02-20 22:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software Upgrade Assistant
2017-03-27 17:34 - 2015-08-17 07:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2017-03-27 17:34 - 2015-07-26 09:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remote Camera Control
2017-03-27 17:34 - 2015-06-25 10:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CIF USB Camera
2017-03-27 17:34 - 2015-05-21 00:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
2017-03-27 17:34 - 2015-04-02 09:26 - 00000000 ____D C:\Program Files (x86)\Overwolf
2017-03-27 17:34 - 2015-02-10 14:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)
2017-03-27 17:34 - 2014-11-18 13:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WD SmartWare
2017-03-27 17:34 - 2014-11-12 12:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-03-27 17:34 - 2014-08-31 13:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Motorola Device Manager
2017-03-27 17:34 - 2014-05-02 09:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay
2017-03-27 17:34 - 2014-02-22 10:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZoomPlates
2017-03-27 17:34 - 2014-01-14 23:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RaidCall
2017-03-27 17:34 - 2013-12-23 20:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
2017-03-27 17:34 - 2013-12-18 22:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Piranha Games
2017-03-27 17:34 - 2013-10-17 20:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-03-27 17:34 - 2013-04-24 19:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintProjects
2017-03-27 17:34 - 2013-04-24 19:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak
2017-03-27 17:34 - 2012-12-16 22:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
2017-03-27 17:34 - 2012-12-01 11:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-03-27 17:34 - 2012-09-26 10:17 - 00000000 ____D C:\Program Files\ATI
2017-03-27 17:34 - 2011-03-01 16:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2017-03-27 17:34 - 2009-07-13 22:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-03-27 17:34 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-03-27 17:33 - 2016-01-21 19:45 - 00000000 ____D C:\Users\Reg\AppData\Roaming\Microsoft\Windows\Start Menu\OMC ModPack Client
2017-03-27 17:33 - 2014-11-18 13:25 - 00000000 ____D C:\Users\Reg\AppData\Local\Western_Digital
2017-03-27 17:33 - 2013-04-26 18:25 - 00000000 ____D C:\Users\Reg\AppData\Local\NETGEARGenie
2017-03-27 17:33 - 2012-11-26 15:08 - 00000000 ____D C:\Users\Reg
2017-03-27 17:33 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2017-03-27 17:33 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration
2017-03-27 17:05 - 2012-11-26 21:07 - 00000000 ____D C:\Windows\SysWOW64\directx
2017-03-27 14:57 - 2014-11-11 09:30 - 00000000 ____D C:\Program Files (x86)\PCPitstop
2017-03-27 00:54 - 2009-07-13 22:08 - 00032624 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-03-26 19:53 - 2013-08-13 17:34 - 00000258 __RSH C:\Users\Reg\ntuser.pol
2017-03-26 19:34 - 2015-12-05 12:52 - 00000258 __RSH C:\ProgramData\ntuser.pol
2017-03-26 17:34 - 2012-11-26 22:23 - 00000000 ____D C:\Users\UpdatusUser
2017-03-26 17:26 - 2015-11-14 10:43 - 00000000 ____D C:\MyGames
2017-03-26 17:26 - 2015-11-12 17:31 - 00000000 ____D C:\configs
2017-03-26 16:43 - 2017-01-24 16:42 - 00001752 _____ C:\Users\Reg\Desktop\Mail - Reg Brown - Outlook.url
2017-03-26 16:12 - 2013-11-17 01:08 - 00000000 ____D C:\Users\Reg\AppData\Local\Google
2017-03-26 14:06 - 2015-02-10 16:44 - 00000000 ____D C:\ProgramData\VirtualizedApplications
2017-03-15 06:09 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2017-03-15 05:02 - 2009-07-13 21:45 - 00289560 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-15 04:59 - 2014-12-10 09:15 - 00000000 ____D C:\Windows\system32\appraiser
2017-03-15 04:59 - 2014-05-06 21:37 - 00000000 ___SD C:\Windows\system32\CompatTel
2017-03-15 04:59 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\DVD Maker
2017-03-14 20:14 - 2013-08-11 09:07 - 00000000 ____D C:\Windows\system32\MRT
2017-03-14 20:12 - 2012-12-01 11:41 - 138634176 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-03-14 20:08 - 2014-11-12 12:35 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-03-14 20:08 - 2014-11-12 12:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-03-14 05:42 - 2016-03-19 11:48 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-03-14 05:41 - 2016-03-19 11:48 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-03-14 05:41 - 2016-03-19 11:48 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-14 05:41 - 2012-11-26 22:10 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-03-14 05:41 - 2012-11-26 22:10 - 00000000 ____D C:\Windows\system32\Macromed

==================== Files in the root of some directories =======

2017-03-27 19:42 - 2017-03-27 19:42 - 0052436 _____ () C:\Program Files (x86)\Addition.txt
2017-03-28 13:35 - 2017-03-28 13:35 - 0021120 _____ () C:\Program Files (x86)\fixlist.txt
2017-03-28 14:09 - 2017-03-28 14:09 - 0011634 _____ () C:\Program Files (x86)\Fixlog.txt
2017-03-27 19:41 - 2017-03-27 19:41 - 2424832 _____ (Farbar) C:\Program Files (x86)\FRST64 reg.exe
2017-03-27 15:28 - 2017-03-27 19:22 - 57131432 _____ (Malwarebytes                                                ) C:\Program Files (x86)\mb3-setup-consumer-3.0.6.1469-1075.exe
2017-03-27 20:01 - 2017-03-27 20:02 - 4031440 _____ () C:\Program Files (x86)\reg brown.exe
2017-03-28 13:37 - 2017-03-28 13:37 - 0021120 _____ () C:\Program Files (x86)\reg fixlist.txt
2017-03-27 20:03 - 2017-03-27 20:03 - 2030536 _____ (Bleeping Computer, LLC) C:\Program Files (x86)\rkill.exe
2017-03-27 19:42 - 2017-03-27 19:42 - 0064227 _____ () C:\Program Files (x86)\Shortcut.txt
2017-03-26 13:09 - 2017-03-26 13:09 - 7298560 _____ () C:\Users\Reg\AppData\Roaming\agent.dat
2017-03-26 13:09 - 2017-03-26 13:09 - 0070752 _____ () C:\Users\Reg\AppData\Roaming\Config.xml
2017-03-26 13:09 - 2017-03-26 13:09 - 1893376 _____ () C:\Users\Reg\AppData\Roaming\Danfresh.tst
2017-03-26 13:07 - 2017-03-26 13:08 - 0019056 _____ () C:\Users\Reg\AppData\Roaming\InstallationConfiguration.xml
2017-03-26 13:07 - 2017-03-26 13:07 - 0140288 _____ () C:\Users\Reg\AppData\Roaming\Installer.dat
2017-03-26 13:09 - 2017-03-26 13:09 - 0018432 _____ () C:\Users\Reg\AppData\Roaming\Main.dat
2017-03-26 13:09 - 2017-03-26 13:09 - 0005568 _____ () C:\Users\Reg\AppData\Roaming\md.xml
2017-03-26 13:09 - 2017-03-26 13:09 - 0126464 _____ () C:\Users\Reg\AppData\Roaming\noah.dat
2017-03-26 13:09 - 2017-03-26 13:09 - 0136827 _____ () C:\Users\Reg\AppData\Roaming\Unatintouch.bin.pcpquar
2017-03-26 13:10 - 2017-03-26 13:10 - 0001150 _____ () C:\Users\Reg\AppData\Roaming\uninstall_temp.ico
2017-03-26 13:08 - 2017-03-26 13:08 - 0278508 _____ () C:\Users\Reg\AppData\Roaming\UnoTontech.bin
2017-03-26 13:09 - 2017-03-26 13:09 - 1895384 _____ () C:\Users\Reg\AppData\Roaming\Zim-Tough.bin
2012-12-01 15:46 - 2012-09-11 07:22 - 0196608 _____ () C:\Users\Reg\AppData\Local\common_functions.dll
2014-02-27 13:43 - 2014-02-27 13:43 - 0000091 _____ () C:\Users\Reg\AppData\Local\fusioncache.dat
2012-09-11 07:22 - 2012-09-11 07:22 - 0114688 _____ () C:\Users\Reg\AppData\Local\ie_runner_app.exe
2012-12-01 15:46 - 2012-06-26 03:59 - 0940544 _____ (Apache Software Foundation) C:\Users\Reg\AppData\Local\log4cxx.dll
2013-08-22 09:46 - 2015-11-14 05:24 - 0007602 _____ () C:\Users\Reg\AppData\Local\Resmon.ResmonCfg
2017-03-26 13:10 - 2017-03-26 13:10 - 0041472 _____ () C:\Users\Reg\AppData\Local\Tamptone.dat
2017-03-26 19:42 - 2017-03-26 19:55 - 0002048 _____ () C:\Users\Reg\AppData\Local\uninstallro.exe
2012-11-28 14:00 - 2012-11-28 14:02 - 0000302 _____ () C:\ProgramData\hpzinstall.log
2017-03-26 19:37 - 2017-03-27 00:46 - 0327680 _____ () C:\ProgramData\smp2.exe.pcpquar

Some files in TEMP:
====================
2017-03-27 20:22 - 2017-02-09 09:33 - 1732864 _____ (Microsoft Corporation) C:\Users\Reg\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

 

 

 

Windows 7 Home Premium Service Pack 1 (X64) (2012-11-26 22:08:08)
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-637743163-359830610-1581639983-500 - Administrator - Disabled)
ASPNET (S-1-5-21-637743163-359830610-1581639983-1014 - Limited - Enabled)
Guest (S-1-5-21-637743163-359830610-1581639983-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-637743163-359830610-1581639983-1003 - Limited - Enabled)
Reg (S-1-5-21-637743163-359830610-1581639983-1002 - Administrator - Enabled) => C:\Users\Reg
UpdatusUser (S-1-5-21-637743163-359830610-1581639983-1005 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: PC Matic Super Shield (Enabled - Up to date) {4FA50ECA-6D1E-553A-06EB-C13191BCA12A}
AS: PC Matic Super Shield (Enabled - Up to date) {F4C4EF2E-4B24-5AB4-3C5B-FA43EA3BEB97}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Advanced ScreenSnapshotTool 1.1.0.11130 (HKLM\...\{61FFE1F9-137D-4c31-A181-3415FCAA5946}) (Version: 1.1.0.11130 - ShenZhen Enode Techology co,.Ltd) <==== ATTENTION
aioscnnr (x32 Version: 7.6.13.10 - Your Company Name) Hidden
AMD Catalyst Install Manager (HKLM\...\{7E5DC2C5-115A-322B-976C-219237FAED66}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Application Profiles (HKLM-x32\...\{EBBE64F6-7E23-5857-891F-045560AECC7F}) (Version: 2.0.4674.34053 - Advanced Micro Devices, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
C4USelfUpdater (x32 Version: 1.00.0000 - Your Company Name) Hidden
center (x32 Version: 7.8.0.0 - Eastman Kodak Company) Hidden
CIF USB Camera (HKLM-x32\...\{066A1255-1299-4EBA-B9B3-FA7FB14F92E4}) (Version: 1.0.0.1 - )
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.12263.1 - Cisco Consumer Products LLC)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
essentials (x32 Version: 7.8.0.0 - Eastman Kodak Company) Hidden
grillaprice (HKLM-x32\...\grillaprice) (Version:  - )
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden <==== ATTENTION
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Kodak AIO Printer (Version: 7.8.1.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.8.5.2 - Eastman Kodak Company)
MechWarrior Online (HKLM-x32\...\{73bcb521-8936-42d7-ad00-ec2bb399e26c}) (Version: 1.4.3.0 - Piranha Games Inc.)
MechWarrior Online (x32 Version: 1.4.3.0 - Piranha Games Inc.) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50905.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.2.27.1  - NETGEAR Inc.)
NVIDIA 3D Vision Controller Driver 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 306.97 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 306.97 - NVIDIA Corporation)
NVIDIA Graphics Driver 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 306.97 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0604 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company) Hidden
ON_OFF Charge B11.1102.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
PC Matic Super Shield 2.0.0.11 (HKLM-x32\...\PC Pitstop SuperShield_is1) (Version: 2.0.0.11 - PC Pitstop LLC)
PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden
PrintProjects (HKLM-x32\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.)
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.6-1.0.12943.90 - raidcall.com)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.)
Remote Camera Control (HKLM-x32\...\{BF244639-E834-4333-A35A-8A781A452EBE}) (Version: 3.5.03310 - Sony Corporation)
RogueKiller version 12.10.2.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.10.2.0 - Adlice Software)
Software Upgrade Assistant (HKLM\...\{B33BA940-B460-4F02-BFF3-1DDCE7083726}_is1) (Version: 2.2.5 - Motorola Mobility LLC)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Strongvault Online Backup (x32 Version: 5.0.2.34 - Strongvault Online Backup) Hidden <==== ATTENTION
TankLeader (HKU\S-1-5-21-637743163-359830610-1581639983-1002\...\{a6add818-79ab-474d-9c15-f07883853713}) (Version: 2.0.404.228 - Bossland GmbH)
TankLeader (x32 Version: 2.0.404.228 - Bossland GmbH) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
tlerauic (HKLM-x32\...\{fd7bad22-3721-476e-e815-8e1e74df2bcd}) (Version: 1.0.0 - tivecar)
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WD SmartWare (HKLM\...\{604CB4FC-3D32-405F-A109-165F170529B6}) (Version: 1.2.0.8 - Western Digital)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
World of Tanks - Common Test (HKU\S-1-5-21-637743163-359830610-1581639983-1002\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812ct}_is1) (Version:  - Wargaming.net)
World of Tanks (HKU\S-1-5-21-637743163-359830610-1581639983-1002\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1) (Version:  - Wargaming.net)
World of Tanks (HKU\S-1-5-21-637743163-359830610-1581639983-1002\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812na}_is1) (Version:  - Wargaming.net)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
World of Warplanes (HKU\S-1-5-21-637743163-359830610-1581639983-1002\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C813na}_is1) (Version:  - Wargaming.net)
World of Warships (HKU\S-1-5-21-637743163-359830610-1581639983-1002\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814na}_is1) (Version:  - Wargaming.net)
WOTZJ.com: ЛУЧШИЕ МОДЫ ОТ ZORROJAN для WOT ver 9.17.1 #082_4 version 3.2.3 (HKLM-x32\...\WOTZJ.com: ЛУЧШИЕ МОДЫ ОТ ZORROJAN для WOT ver 9.17.1 #082_4_is1) (Version: 3.2.3 - Моды от ZorroJan)
XVM version 6.5.6 (HKLM-x32\...\{2865cd27-6b8b-4413-8272-cd968f316050}_is1) (Version: 6.5.6 - XVM team)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
Youtube AdBlock (HKLM-x32\...\Youtube AdBlock) (Version: 2.0.0.168 - Company Inc.) <==== ATTENTION
ZoomPlates 1.1 (HKLM-x32\...\ZoomPlates_is1) (Version:  - DeadZoom)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {046F254C-3F82-4BA7-BC2D-E78D99077306} - System32\Tasks\ProfessionalCleaningSoftware_Popup => C:\Program Files (x86)\Professional Cleaning Software\Splash.exe  <==== ATTENTION
Task: {05F1D1E0-5764-417D-B49C-F8A2105B1C5F} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {079AFE48-03D4-4BFC-B5E0-2A25FF9E37F2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {080560E5-D253-4C9D-90C5-8AFCD517C1F4} - System32\Tasks\{591B46FD-5CD4-4092-9ABC-D37B8367385E} => C:\Users\Reg\Downloads\dxwebsetup (1).exe
Task: {0889A0E3-2C81-4075-90C2-81126DB150EB} - System32\Tasks\{18C26876-C111-475E-A738-B2B0730CCC2D} => pcalua.exe -a "C:\Users\Reg\Desktop\vanilla download\dxwebsetup (1).exe" -d "C:\Users\Reg\Desktop\vanilla download"
Task: {0DA2CAB0-B874-4C97-8A2A-79A8F18B62B4} - System32\Tasks\{B076DCC1-B4C4-4F87-9DAC-D8F234029678} => E:\Unlock.exe
Task: {1F76F660-5EF9-4868-A27C-DEC05221988F} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {263C4DAD-58F5-480A-93FE-C4FA0D692B1D} - System32\Tasks\{AA8C24B7-A395-4A2D-9EB8-416F27DBDBCE} => pcalua.exe -a "C:\Users\Reg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F5N90G1M\dxwebsetup (1).exe" -d C:\Users\Reg\Desktop
Task: {265306A5-1235-4DB6-976E-0FEEFFB28C9E} - System32\Tasks\AI_Updater => C:\Program Files (x86)\Portable Booster\\updater.exe
Task: {28FF1408-3889-459F-A038-6FD38EE47261} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
Task: {2D92AF9A-FB63-44FA-B6A0-EF9EBFEFD970} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {2EADC11A-FACA-4200-A980-19F610559DC0} - System32\Tasks\{1FADF2E5-B62D-465F-9E1C-8C47EB7D0109} => C:\Program Files (x86)\World of Warcraft\World of Warcraft Launcher.exe [2015-01-03] (Blizzard Entertainment)
Task: {42E85E0A-FBD7-434F-AC96-96EB031D11A3} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {54041A0D-9E92-4B22-95A3-E3756748345A} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {651AC019-797B-42EE-A1A3-356385C2D803} - System32\Tasks\{40E223F0-29CF-45FB-82BD-447134BDEDE7} => pcalua.exe -a "E:\WD SmartWare\NetFx64.exe" -d "E:\WD SmartWare"
Task: {6ED68DAC-B9BC-41FE-859A-84016C10DE5C} - System32\Tasks\{4EE928B4-7116-46A4-B75A-F9C04251D167} => pcalua.exe -a "E:\WD SmartWare\dotnetfx.exe" -d "E:\WD SmartWare"
Task: {7F9B5F3B-7A17-409B-905A-C75A3F83AED7} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {8B55584F-2FEC-46FC-A7F5-F9BD741D96BC} - System32\Tasks\ProfessionalCleaningSoftware_Start => C:\Program Files (x86)\Professional Cleaning Software\ProfessionalCleaningSoftware.exe  <==== ATTENTION
Task: {90DD5648-8E0D-428C-9935-CAFBE4E06DD6} - System32\Tasks\Update Service for Youtube AdBlock => Rundll32.exe "C:\Program Files (x86)\Youtube AdBlockU\Nl6Rm0c.dll",#1
Task: {99B3293F-41FC-4292-8756-2857EDB4AE2F} - System32\Tasks\Update Service for Youtube AdBlock2 => Rundll32.exe "C:\Program Files (x86)\Youtube AdBlockU\Nl6Rm0c.dll",#1
Task: {B03F65DE-F3E5-4EA8-84A2-0D3EB3B8467A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-14] (Adobe Systems Incorporated)
Task: {B3DFE66D-3BF9-4940-AC0D-38D9B31680DD} - System32\Tasks\{026D9EFD-ABC0-4369-BFA0-B11FCC1BD4C9} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
Task: {B5E1E2DC-2557-4222-9924-2932416421FD} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {B8E005BC-BE2A-4F55-A7B2-4C7E3DC027DA} - System32\Tasks\{548B8A11-C560-4390-8237-FF1105BAD54D} => C:\Program Files (x86)\World of Warcraft\World of Warcraft Launcher.exe [2015-01-03] (Blizzard Entertainment)
Task: {C275D7D5-0450-45E9-930C-96EBF67359D4} - System32\Tasks\{6C36801E-0C3A-4665-8705-1037DF09C108} => C:\Games\World_of_Tanks_CT\WOTLauncher.exe [2015-10-20] (Wargaming.net)
Task: {D196A4B9-3555-4C6F-AFA0-8054C957C353} - System32\Tasks\{A4EBA3CD-F4DF-4BD5-8948-67273EA2E020} => E:\Unlock.exe
Task: {D37BCA4E-7F6D-4384-8638-ED491F21236E} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {DAB71B6F-6E9A-406A-BF7E-F47AD7D99773} - System32\Tasks\boosterpop => C:\Program Files (x86)\Portable Booster\\WarningPopUp.exe
Task: {E13378B8-B70F-4720-B174-4C013D43950A} - System32\Tasks\BuzzSocialPoints_DNS_Checker => C:\Windows\BuzzSocialPointsChecker\BSP_li.exe  <==== ATTENTION
Task: {FAC201E3-61A4-43D9-83E7-31994FE3CC5B} - System32\Tasks\IEError => C:\Program Files (x86)\Portable Booster\IEError.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
Task: C:\Windows\Tasks\Update Service for Youtube AdBlock.job => C:\Program Files (x86)\Youtube AdBlockU\Nl6Rm0c.dll
Task: C:\Windows\Tasks\Update Service for Youtube AdBlock2.job => C:\Program Files (x86)\Youtube AdBlockU\Nl6Rm0c.dll

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
e"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2017-03-27 12:38 - 00000909 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 leading2download.com
127.0.0.1 dwl0.wizzlabs.com
127.0.0.1 dwl1.wizzlabs.com
127.0.0.1 wemsofts.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-637743163-359830610-1581639983-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Reg\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: WarThunderLauncher => C:\Games\WarThunder\launcher.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C94B7BBA-7528-4065-A327-32837718CFBA}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{FEBDE4F8-1509-448A-AD50-B7E09C433AF3}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{D780D2D3-2C6E-4A4B-808C-291839ED713A}] => (Allow) svchost.exe
FirewallRules: [{C35302F7-0F1C-4ED8-AB13-F999E2E89E74}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{50FF0B84-8AE0-47D0-A3D8-252FDBAEB04F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{7BDF4575-C45B-4B54-826E-8498ABE88A66}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{6B9A359B-7622-4E96-A10B-62F4D55631DD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe
FirewallRules: [{ECC82DD8-5100-49B1-A9AC-451B4ADBEE72}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe
FirewallRules: [{C147C971-7FC0-4C14-9382-728C8FCAE217}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{5A605D13-C0C6-4A63-9971-C22DE1660442}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{0854A905-3729-46F4-972B-AC1947A5D30E}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{2A01AC65-03A5-4687-A99A-15042A41AE51}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{F9B842B0-A3A6-41C3-9C8E-82B812D0EC3D}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{CBF8F2BC-38AE-4480-8D46-7021DDBBC72E}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{7327D89F-283B-4990-80CD-8948098A2329}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{F2AE0E82-3094-4AA0-AEE1-68032982FFA0}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{9F4803EB-DD8B-42AE-A0BE-EB7A073996BB}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{2FAD79A7-8C25-4462-93D9-E80BE683475E}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{B859B05D-3711-4FD6-B1DB-B79100C8F8F8}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{521D561F-2D06-4E90-885D-194D3AC00CC7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{68E5985E-1F87-4C64-8AE8-F394BD968684}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{F4E1A96B-F52E-4ABD-8F3F-21A025BED3A1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{E5EF9E19-FABE-438C-9B61-8A46E3785CFA}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{EAE7B889-CF73-45BA-8ED8-E413ADD2BF9D}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{6FB1812B-1398-470A-B75B-D58B8C256397}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{3D6BC792-7B94-4E99-8E70-FFFA5F329A91}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{01727094-4075-4ABB-99C6-0CAB7C02EF9C}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{6B028DA7-9951-4ADF-8A7C-DCB85E724659}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{FBB943BB-4316-4586-BD42-D6ACF52D47FE}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{DCCAFA87-5C29-4E56-90B4-3FBE656238DA}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{1D36D83F-3F6F-44D0-9BBD-B8BBE8DD9CC8}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{227F20AB-FFE6-410F-B5B3-90817E2BF4FA}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{7E77C911-3286-419F-A0B6-6CD62CF30326}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
FirewallRules: [{73074965-5981-4404-A0D4-F9B76C9AACED}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
FirewallRules: [{BCC0B3EA-56F6-49FA-8A7D-7A07F51D249C}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{501538DE-2DA2-471E-BB2F-0C5589C7D76E}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{BBC9AFA4-CD49-4BE6-B5DA-6CE3121ACCE2}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
FirewallRules: [{6AF9796F-4250-4574-9B3F-382D051EF5E4}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
FirewallRules: [{D3BEC021-059A-4441-A323-4E4EE52B5B5B}] => (Allow) LPort=5353
FirewallRules: [{C2743356-0DD0-4A9B-ACB9-21E88A453F0E}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{729D7DFF-80DE-4D9E-A1BD-259217E577B5}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [TCP Query User{E3D98848-EA79-4183-B16E-9934282E7502}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{1E1690AA-7C42-4CE7-8546-45B02A15B8B4}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [{98C73ABC-D943-453E-B8B3-111E1086C0EF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{78B936F3-79E5-41E0-9FC4-2DA55D1FEF0F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{3659836E-F9C7-402F-AD70-1A861FD233DE}] => (Allow) C:\Users\Reg\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E8AE656E-8334-4A60-942F-09D22EEEFAA8}] => (Allow) C:\Users\Reg\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{264F4A95-2871-4A0A-BD0B-C94EC1991D04}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{2396179A-EC37-49F1-915F-BD2316237235}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [TCP Query User{7EFEB5BC-C5C8-47C2-968D-D3BE1CB16430}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{AA78F7DF-A7CB-424E-8719-A0D348B6E807}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [TCP Query User{F2FF8C94-805D-4ED8-9CC9-59588C78A1B5}C:\games\world_of_warplanes\wowplauncher.exe] => (Allow) C:\games\world_of_warplanes\wowplauncher.exe
FirewallRules: [UDP Query User{8E460ACF-EBC6-47BD-95DE-09A18627EBA9}C:\games\world_of_warplanes\wowplauncher.exe] => (Allow) C:\games\world_of_warplanes\wowplauncher.exe
FirewallRules: [{C17D0051-52EF-45BA-BFEF-78CBC66DB452}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{BD8286DA-F122-4D63-BAA8-2340BBAC9894}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [TCP Query User{65B6E5B4-1A47-461F-A5B4-A27C9ADA2D12}C:\program files\world_of_tanks_ct test\wotlauncher.exe] => (Allow) C:\program files\world_of_tanks_ct test\wotlauncher.exe
FirewallRules: [UDP Query User{B5A691E7-AC9E-4854-8BF6-FFCF3FDFB5D6}C:\program files\world_of_tanks_ct test\wotlauncher.exe] => (Allow) C:\program files\world_of_tanks_ct test\wotlauncher.exe
FirewallRules: [TCP Query User{7E6BB4D6-E2EA-41FE-9C92-045643F5A9C1}C:\program files\world_of_tanks_ct test\worldoftanks.exe] => (Allow) C:\program files\world_of_tanks_ct test\worldoftanks.exe
FirewallRules: [UDP Query User{E7B6263B-2009-4006-9ED9-E60C2AF45FDA}C:\program files\world_of_tanks_ct test\worldoftanks.exe] => (Allow) C:\program files\world_of_tanks_ct test\worldoftanks.exe
FirewallRules: [{E394B2E5-D425-4A2D-BC3A-3D20ED5153E5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{7BA2A7B4-5D3B-41DE-A8CA-A5109DB19CFA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{FAE779C2-39E3-4732-9528-88E331C7A2B9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{3CB78A15-290D-4EC3-B80E-E57092A6FA4C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{FB73D53C-60EC-43EF-977D-21A1981B11F9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{9C191A7E-6995-4E86-8BBD-177148DC378A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{3F0780D3-BEA4-4D0B-9F84-3E60AD63B8A0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{76BD8460-9321-4BB9-834C-E3D032EC0D73}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{6F5041EA-6D1E-4C1D-B990-DC601DD5BCE8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{90423C5A-6109-4139-A03D-3A2C9BBB73C3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{BE190CB8-009C-4F6A-9ED0-551317F4FF88}] => (Allow) LPort=9322
FirewallRules: [{87DC8294-96B1-40F2-AD9E-61D843097651}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe
FirewallRules: [{9146C7B6-EB95-4428-B8C1-52C7CB61EA0D}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe
FirewallRules: [{7ED7E7DF-849B-4DCA-B300-715AEBF99D95}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe
FirewallRules: [{F04DA35B-2874-4EA3-8726-8A80F28AECE0}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe
FirewallRules: [{A7AB5633-1A92-421A-923B-F6B034D47405}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe
FirewallRules: [{5BF1DBA2-C14C-4BF5-8591-1D79B6551DB7}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe
FirewallRules: [{36E18CAE-9E50-4111-A790-DDEA169FBB77}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Firmware\KodakAiOUpdater.exe
FirewallRules: [{B2E285AF-B986-4823-B161-8108B559F205}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Firmware\KodakAiOUpdater.exe
FirewallRules: [{51673AB6-5573-45F5-93F4-42C7E4E4C2DE}] => (Allow) C:\ProgramData\Kodak\Installer\Setup.exe
FirewallRules: [{FA44F88B-8633-4A9F-9E56-E16DD427AE0D}] => (Allow) C:\ProgramData\Kodak\Installer\Setup.exe
FirewallRules: [{5F578526-1DD2-4715-B1C0-83BF386D5DEF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{1B63D79F-AD98-4BB3-875E-164EECD66F20}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{CDB8FD13-450C-4A0E-9673-A57431ABC932}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{44B87169-D13E-4756-B25C-02CE1E0E5631}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [TCP Query User{E180BD8A-3ABF-418E-BF2E-85C804BB5D78}C:\program files\common files\world_of_tanks\wotlauncher.exe] => (Allow) C:\program files\common files\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{C8C3B3F6-0BC3-41C9-8E61-E4500E64AB99}C:\program files\common files\world_of_tanks\wotlauncher.exe] => (Allow) C:\program files\common files\world_of_tanks\wotlauncher.exe
FirewallRules: [TCP Query User{21057400-586F-4C16-8D51-B00F94A15843}C:\games\world_of_tanks_ct\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks_ct\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{44C84092-8F00-4BB1-9904-8A3DA870D01F}C:\games\world_of_tanks_ct\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks_ct\world_of_tanks\wotlauncher.exe
FirewallRules: [TCP Query User{D2F6B0F0-EED0-42E6-8AAB-100E4B222854}C:\program files\common files\world_of_tanks\worldoftanks.exe] => (Allow) C:\program files\common files\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{E9B6E39E-1C7E-46FC-8D54-013CAD5B1B43}C:\program files\common files\world_of_tanks\worldoftanks.exe] => (Allow) C:\program files\common files\world_of_tanks\worldoftanks.exe
FirewallRules: [{52890617-F025-43E9-ADCC-3018F153C855}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{BED3B2F0-F83F-4F75-8B5F-B0B9C18D793D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{91EAD5D0-CDC5-4B81-88B4-39CC0D4C6AAF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{7ADB4F3A-82F2-461D-A63C-CAF9068C842E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{5ECBB767-F0DE-41F5-8C79-CC20AC264109}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{BDB7CFF2-ECDA-49F3-9E94-60293ECBEF2A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{E2943C98-5744-48EF-B55C-C7F556DB99B2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{8523DC22-B825-4F0A-AC4B-86BF53496E04}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [TCP Query User{C9828C2B-8D44-4895-9B0B-7F339616223A}C:\program files (x86)\star trek online_en\star trek online\live\gameclient.exe] => (Allow) C:\program files (x86)\star trek online_en\star trek online\live\gameclient.exe
FirewallRules: [UDP Query User{2439BB5C-D20F-4678-B73A-0F1EE67F08C7}C:\program files (x86)\star trek online_en\star trek online\live\gameclient.exe] => (Allow) C:\program files (x86)\star trek online_en\star trek online\live\gameclient.exe
FirewallRules: [{F9383E98-9461-462E-9BD4-4582A82F3C8B}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{90E36800-04B9-4C2A-9C62-480F1F2069EF}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{235797DC-074F-4F07-B0C5-DCA8F78223F1}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{FDB3DB78-1042-4A28-8F5A-B60F6FA30289}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{F70E1C80-0934-40EE-8D39-935ADE9D9FE2}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{DAC92083-C195-4722-996C-EC0D3CFE67A6}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [TCP Query User{DA3772FA-C058-4119-9786-0EFA11485AA6}C:\games\world_of_warships\wowslauncher.exe] => (Allow) C:\games\world_of_warships\wowslauncher.exe
FirewallRules: [UDP Query User{7FC78CEC-426C-4DDF-A7C2-F0BCB3935B3B}C:\games\world_of_warships\wowslauncher.exe] => (Allow) C:\games\world_of_warships\wowslauncher.exe
FirewallRules: [{FDFEC4B2-A6F0-4070-ABF6-816DA27FF8E5}] => (Allow) C:\Users\Reg\AppData\Local\MyComGames\MyComGames.exe
FirewallRules: [{8E5BDE58-5725-4B1F-B638-BEFABC90C70E}] => (Allow) C:\Users\Reg\AppData\Local\MyComGames\MyComGames.exe
FirewallRules: [{06C9C17E-8C11-49EE-92BE-945ABAD26CF8}] => (Allow) C:\Games\World_of_Tanks_CT\WoTLauncher.exe
FirewallRules: [{2789A608-20D2-4F33-A2A1-BA84DCB58238}] => (Allow) C:\Games\World_of_Tanks_CT\WoTLauncher.exe
FirewallRules: [{EB8205BD-962D-4BD0-919A-FD58EC53A994}] => (Allow) C:\Games\World_of_Tanks_CT\worldoftanks.exe
FirewallRules: [{B469E521-2B51-44FA-A4CB-B8CBCABDFF93}] => (Allow) C:\Games\World_of_Tanks_CT\worldoftanks.exe
FirewallRules: [TCP Query User{A622338B-4E2A-49B0-80CE-4A62375C7ECA}C:\mygames\armored warfare mycom beta\bin64\armoredwarfare.exe] => (Allow) C:\mygames\armored warfare mycom beta\bin64\armoredwarfare.exe
FirewallRules: [UDP Query User{FE1E4794-CB52-4764-AB6F-0DFE0FCBA40F}C:\mygames\armored warfare mycom beta\bin64\armoredwarfare.exe] => (Allow) C:\mygames\armored warfare mycom beta\bin64\armoredwarfare.exe
FirewallRules: [{0B556BD8-3E3A-45EA-A5A6-7D92D45C05B3}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{91400411-6A7C-4D60-B5E8-9F5DBD379E2A}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{D19A1884-C8D7-4D66-B57D-28B3AF129338}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{DD73B870-7194-4B25-BCE0-4B879F79BC78}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{DB4D4322-37A1-4AF8-9427-74898B492319}] => (Allow) C:\Program Files (x86)\OMC ModPack Client\OMC ModPack Client.exe
FirewallRules: [{2D78A9A7-F656-4466-8CA3-DC7C2664C58F}] => (Allow) C:\MyGames\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{99343C56-24AF-4191-8BBA-D6F5C2C5BCC6}] => (Allow) C:\MyGames\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{33A2048D-0A6A-4304-8343-9B7A5D1FF02F}] => (Allow) C:\MyGames\World_of_Tanks\worldoftanks.exe
FirewallRules: [{DE5C964D-228F-4E59-8E9F-7D386D981D66}] => (Allow) C:\MyGames\World_of_Tanks\worldoftanks.exe
FirewallRules: [{F8AF6422-DF8E-48AA-8072-50622A0173EB}] => (Allow) C:\Program Files (x86)\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{4D87EFD7-D8FD-43E7-A715-3D02B06AF9A1}] => (Allow) C:\Program Files (x86)\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{81A41B2E-5D16-4F93-A35D-E860552810B3}] => (Allow) C:\Program Files (x86)\World_of_Tanks\worldoftanks.exe
FirewallRules: [{2E8D344C-17CC-4816-8A3F-B63A01BDF391}] => (Allow) C:\Program Files (x86)\World_of_Tanks\worldoftanks.exe
FirewallRules: [{B8F6A5AA-75D8-4888-96BD-920B4199BC87}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7632A7E7-6903-4057-ADCA-28CFD0C0F33A}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{46478825-EBC4-4162-AE0F-8A3223B43230}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{998C3F1B-286F-4855-B851-D08F1671C5D3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

24-03-2017 05:27:23 Windows Update
26-03-2017 12:44:33 Install LG UNITED Drivers
26-03-2017 17:21:54 Restore Operation
26-03-2017 17:42:58 Windows Update
27-03-2017 09:22:21 PC Pitstop Restore Point
27-03-2017 13:21:59 Restore Operation
27-03-2017 14:07:41 PC Pitstop Restore Point
27-03-2017 17:25:16 Restore Operation

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (03/28/2017 04:41:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/28/2017 04:36:58 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/28/2017 04:29:07 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: The Software Protection service failed to start. 0x80070002
6.1.7601.17514

Error: (03/28/2017 04:28:17 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: The Software Protection service failed to start. 0x80070002
6.1.7601.17514

Error: (03/28/2017 04:27:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/28/2017 04:25:33 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/28/2017 02:06:55 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: A connection with the server could not be established

Error: (03/28/2017 01:59:50 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: The Software Protection service failed to start. 0x80070002
6.1.7601.17514

Error: (03/28/2017 01:58:58 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: The Software Protection service failed to start. 0x80070002
6.1.7601.17514

Error: (03/28/2017 01:57:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

System errors:
=============
Error: (03/28/2017 04:40:04 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (03/28/2017 04:40:04 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (03/28/2017 04:39:58 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (03/28/2017 04:39:52 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (03/28/2017 04:39:50 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AppleCharger
discache
HWifiNetPro
spldr
Wanarpv6

Error: (03/28/2017 04:39:47 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (03/28/2017 04:37:30 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
HWifiNetPro
spldr

Error: (03/28/2017 04:36:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.2.0 service failed to start due to the following error:
The system cannot find the path specified.

Error: (03/28/2017 04:36:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Link-Layer Topology Discovery Responder service failed to start due to the following error:
The driver was not loaded because the system is booting into safe mode.

Error: (03/28/2017 04:36:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Link-Layer Topology Discovery Mapper I/O Driver service failed to start due to the following error:
The driver was not loaded because the system is booting into safe mode.

==================== Memory info ===========================

Processor: AMD FX™-4100 Quad-Core Processor
Percentage of memory in use: 12%
Total physical RAM: 8173.55 MB
Available physical RAM: 7120.7 MB
Total Virtual: 16345.29 MB
Available Virtual: 15342.05 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:656.48 GB) NTFS
Drive e: (TOSHIBA) (Removable) (Total:14.44 GB) (Free:13.72 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7D3698CA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 14.5 GB) (Disk ID: 34AE1FC6)
Partition 1: (Not Active) - (Size=14.5 GB) - (Type=0B)

==================== End of Addition.txt ============================



#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,309 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:10:58 PM

Posted 29 March 2017 - 03:12 AM

Hi,

 

 

  • Download Malwarebytes Anti-Rootkit Beta and extract it to a folder of your choice.
  • Follow these steps to perform a scan.
  • A reboot might be required to clean the Threats found.
  • After that go back in the mbar folder and look for a text file called mbar-log-TODAY'S-DATE.txt.
  • Copy/paste the content of that log in your next reply.

 

 

Regards,

Georgi


Edited by B-boy/StyLe/, 29 March 2017 - 03:14 AM.

cXfZ4wS.png


#5 Reg65

Reg65
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 29 March 2017 - 08:06 AM

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2017.03.29.05
  rootkit: v2017.03.11.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18617
Reg :: REG-PC [administrator]

3/29/2017 5:19:18 AM
mbar-log-2017-03-29 (05-19-18).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 400829
Time elapsed: 35 minute(s), 52 second(s)

Memory Processes Detected: 3
c:\windows\system32\tprdpw32.exe (Rootkit.Agent.PUA) -> 2304 -> Delete on reboot. [3594923dd9cf1026114c58f59e64ba46]
C:\Program Files (x86)\ntuserlitelist\svcvmx\svcvmx.exe (Adware.Yelloader) -> 2060 -> Delete on reboot. [9435f9d6b4f4a690d00aaad1e71a8c74]
C:\Program Files (x86)\ntuserlitelist\winscr\winscr.exe (Adware.Yelloader) -> 1812 -> Delete on reboot. [a425b01fabfd0432e7995d1ab34eaa56]

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 12
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Dataup (Adware.Yelloader) -> Delete on reboot. [d7f2903fdecad75fccad7cfb9170da26]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\windowsmanagementservice (Trojan.Clicker) -> Delete on reboot. [5f6a06c9d5d3bf7771541f2be02220e0]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{90DD5648-8E0D-428C-9935-CAFBE4E06DD6} (Adware.NeoBar) -> Delete on reboot. [5673894666423ff7fcb5d11b27d90000]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{99B3293F-41FC-4292-8756-2857EDB4AE2F} (Adware.NeoBar) -> Delete on reboot. [9633ce010e9ad75fe0d1e50732ce5ea2]
HKLM\SOFTWARE\WOW6432NODE\Jawego (Adware.Jawego) -> Delete on reboot. [6960a12e6d3b2412f16b3011cf33ef11]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{fd7bad22-3721-476e-e815-8e1e74df2bcd} (Adware.Hicosmea) -> Delete on reboot. [d6f3b11ed8d08ea86538742ca0606b95]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\drmkpro64 (Rootkit.Agent.PUA) -> Delete on reboot. [ac1d1cb37c2c95a161c5ac13ca379967]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Dataup (Trojan.Clicker) -> Delete on reboot. [4287ede25652e74fe5d96d0f33ce3cc4]
HKU\S-1-5-21-637743163-359830610-1581639983-1002\SOFTWARE\NowUSeeItPlayer (Adware.NowUSeeIt) -> Delete on reboot. [11b823ac1890ae882a22508323e0966a]
HKU\S-1-5-21-637743163-359830610-1581639983-1002\SOFTWARE\tivecar (Adware.Hicosmea) -> Delete on reboot. [2a9f6a65792f6dc963b74b56e41cc53b]
HKU\S-1-5-21-637743163-359830610-1581639983-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\nowuseeitplayer.com (Adware.NowUSeeIt) -> Delete on reboot. [f8d1b41b0b9d13232d9dbe17d82b53ad]
HKU\S-1-5-21-637743163-359830610-1581639983-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\ui.nowuseeitplayer.com (Adware.NowUSeeIt) -> Delete on reboot. [7e4b1fb06e3ac86eb614567fdd266a96]

Registry Values Detected: 4
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{90DD5648-8E0D-428C-9935-CAFBE4E06DD6}|Path (Adware.NeoBar) -> Data: \Update Service for Youtube AdBlock -> Delete on reboot. [5673894666423ff7fcb5d11b27d90000]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{99B3293F-41FC-4292-8756-2857EDB4AE2F}|Path (Adware.NeoBar) -> Data: \Update Service for Youtube AdBlock2 -> Delete on reboot. [9633ce010e9ad75fe0d1e50732ce5ea2]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|svcvmx (Trojan.Clicker) -> Data: "C:\Users\Reg\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe" -starup -> Delete on reboot. [b613656abcec9a9c60c47061dd2304fc]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DATAUP|ImagePath (Trojan.Clicker) -> Data: C:\PROGRA~2\NTUSER~1\dataup\dataup.exe -> Delete on reboot. [b217b9160b9d90a61ca05429748d4eb2]

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 3
C:\Users\Reg\AppData\Local\microlabs (Trojan.Clicker) -> Delete on reboot. [5f6a06c9d5d3bf7771541f2be02220e0]
C:\Users\Reg\AppData\Local\ntuserlitelist (Trojan.Clicker) -> Delete on reboot. [5376b817753369cd231db095847e06fa]
C:\Users\Reg\AppData\Local\ntuserlitelist\qdcomsvc (Trojan.Clicker) -> Delete on reboot. [5376b817753369cd231db095847e06fa]

Files Detected: 11
C:\WINDOWS\SYSTEM32\drivers\ndistpr64.sys (Rootkit.Agent.PUA) -> Delete on reboot. [b82af19ea4f351ab70ceeeec014dcc62]
C:\Program Files (x86)\ntuserlitelist\dataup\dataup.exe (Adware.Yelloader) -> Delete on reboot. [d7f2903fdecad75fccad7cfb9170da26]
c:\windows\system32\tprdpw32.exe (Rootkit.Agent.PUA) -> Delete on reboot. [3594923dd9cf1026114c58f59e64ba46]
C:\Program Files (x86)\ntuserlitelist\svcvmx\svcvmx.exe (Adware.Yelloader) -> Delete on reboot. [9435f9d6b4f4a690d00aaad1e71a8c74]
C:\Program Files (x86)\ntuserlitelist\winscr\winscr.exe (Adware.Yelloader) -> Delete on reboot. [a425b01fabfd0432e7995d1ab34eaa56]
C:\Program Files (x86)\ntuserlitelist\svcvmx\vmxclient.exe (Adware.Yelloader) -> Delete on reboot. [3e8be9e6792f3df9166b73043ac723dd]
C:\Users\Reg\AppData\Local\ntuserlitelist\qdcomsvc\eykbqrvr.exe (Rootkit.Agent.PUA) -> Delete on reboot. [4188557ae4c4c86ec829b19ac1413dc3]
C:\ProgramData\RogueKiller\Quarantine\FA710DA44CFE16B3.vir (Trojan.Agent.Generic) -> Delete on reboot. [a227b11e5c4cfe38efc1fde3817fdf21]
C:\ProgramData\RogueKiller\Quarantine\A634FB86B17744AE.vir (Adware.Amonetize) -> Delete on reboot. [a4250cc3723632042ccaafcd6f92ad53]
C:\ProgramData\RogueKiller\Quarantine\124039B7324C09A7.vir (Trojan.ProxyAgent) -> Delete on reboot. [a1286a655b4d91a5b36123dbe1203bc5]
C:\Users\Reg\AppData\Local\microlabs\ct.exe (Trojan.Clicker) -> Delete on reboot. [5f6a06c9d5d3bf7771541f2be02220e0]

Physical Sectors Detected: 0
(No malicious items detected)

(end)



#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,309 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:10:58 PM

Posted 29 March 2017 - 09:10 AM

Hi,

 

Please rerun FRST and run a new scan with it. Attach both logs - FRST.txt and Addition.txt in your next reply for my review.

 

Thanks!

 

 

Regards,

Georgi


cXfZ4wS.png


#7 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,309 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:10:58 PM

Posted 01 April 2017 - 04:50 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users