Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Keep seeing pop-up advertisements and cannot run anti-malware programs


  • This topic is locked This topic is locked
39 replies to this topic

#1 meer118

meer118

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:09 AM

Posted 22 April 2017 - 04:50 PM

I seem to have been infected by some sort of Trojan Virus on my computer.  I computer began by crashing a couple times, then adds began automatically popping up in my internet browsers.  A couple random programs seemed to be automatically installed.  I cannot run any anti-malware/virus programs, such as RKill and Malwarebytes.  There seems to be a program running on my desktop that creates a blue border on the right and bottom side of my screen.  There also looked to be a bunch of WIN Hosts running in my task manager, not sure if that has to do with this or not.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-04-2017 01
Ran by Michael (administrator) on KITTEN-PC (22-04-2017 14:24:08)
Running from E:\
Loaded Profiles: Michael (Available Profiles: Michael & MSSQL$SQLEXPRESS)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-04] (Realtek Semiconductor)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6340312 2014-06-10] (Realtek semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo)
HKLM\...\Run: [PhoneCompanion] => C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [836592 2015-07-21] (Lenovo)
HKLM\...\Run: [StageLightUpdate] => C:\Program Files\Stagelight\StagelightUpdate.exe
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [16093512 2015-07-21] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [8235848 2015-07-21] (Lenovo(beijing) Limited)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-06-03] (Synaptics Incorporated)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-03-27] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [716224 2016-03-23] (Autodesk, Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [1207808 2016-12-09] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [518456 2015-09-13] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [231736 2015-09-13] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498720 2016-04-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [WindowsDefender] => -
HKLM\...\RunOnce: [ucdrv_repair] => C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe [743824 2017-04-22] ()
HKU\S-1-5-21-1185186811-2557484583-1050751958-1006\...\Run: [Akamai NetSession Interface] => "C:\Users\Michael.KITTEN-PC\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-1185186811-2557484583-1050751958-1006\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe
HKU\S-1-5-21-1185186811-2557484583-1050751958-1006\...\Run: [Spotify Web Helper] => C:\Users\Michael.KITTEN-PC\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-03-12] (Spotify Ltd)
HKU\S-1-5-21-1185186811-2557484583-1050751958-1006\...\Run: [Spotify] => C:\Users\Michael.KITTEN-PC\AppData\Roaming\Spotify\Spotify.exe [7114352 2017-03-12] (Spotify Ltd)
HKU\S-1-5-21-1185186811-2557484583-1050751958-1006\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google)
HKU\S-1-5-21-1185186811-2557484583-1050751958-1006\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1185186811-2557484583-1050751958-1006\...\Run: [GoogleChromeAutoLaunch_74D14D56F572167D88F8EE36FAB05AF1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [941912 2017-03-28] (Google Inc.)
HKU\S-1-5-21-1185186811-2557484583-1050751958-1006\...\Run: [Windows Defender] => -
HKU\S-1-5-21-1185186811-2557484583-1050751958-1006\...\Run: [O9YU47TF9HEDUHE] => "C:\Program Files (x86)\SpeeDownloader\Z4OY4.exe" <===== ATTENTION
HKU\S-1-5-21-1185186811-2557484583-1050751958-1006\...\Run: [Spoutly.exe] => C:\Program Files (x86)\Spoutly\SpoutlyLauncher.exe <===== ATTENTION
HKU\S-1-5-21-1185186811-2557484583-1050751958-1006\...\Run: [YeaDesktop] => C:\Program Files (x86)\YeaDesktop\YeaDesktop.exe [2904064 2017-04-19] ()
HKU\S-1-5-21-1185186811-2557484583-1050751958-1006\...\Run: [emling] => rundll32.exe "C:\Users\Michael.KITTEN-PC\AppData\Local\emling.dll",emling <===== ATTENTION
HKU\S-1-5-21-1185186811-2557484583-1050751958-1006\...\Run: [5VW6P7GUFSC9MRX] => C:\Program Files\2XFXYKALN1\2XFXYKALN.exe [863232 2017-04-22] (V)
HKU\S-1-5-21-1185186811-2557484583-1050751958-1006\...\Policies\Explorer: [] 
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2014-02-07] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} =>  -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-04-22]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.523\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Network Server.lnk [2017-04-22]
ShortcutTarget: Network Server.lnk -> C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe (WIBU-SYSTEMS AG)
Startup: C:\Users\Michael.KITTEN-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WeatherBuddy.lnk [2017-04-22] <===== ATTENTION
ShortcutTarget: WeatherBuddy.lnk ->  (No File)
Startup: C:\Users\Michael.KITTEN-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WeatherBuddy.lnk [2017-04-22] <===== ATTENTION
ShortcutTarget: WeatherBuddy.lnk ->  (No File)
GroupPolicy: Restriction - Chrome <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => 127.0.0.1:8003
ProxyEnable: [S-1-5-19] => Proxy is enabled.
ProxyServer: [S-1-5-19] => 127.0.0.1:8003
ProxyEnable: [S-1-5-20] => Proxy is enabled.
ProxyServer: [S-1-5-20] => 127.0.0.1:8003
ProxyEnable: [S-1-5-21-1185186811-2557484583-1050751958-1006] => Proxy is enabled.
ProxyServer: [S-1-5-21-1185186811-2557484583-1050751958-1006] => 127.0.0.1:8003
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{848642a5-9b07-4855-8ffb-777e8860e487}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{94620aa5-8165-4fbe-a891-4ebb4e600a59}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{94620aa5-8165-4fbe-a891-4ebb4e600a59}: [DhcpNameServer] 128.223.32.36 128.223.60.23
Tcpip\..\Interfaces\{98bbbdc5-0601-4cdf-bd59-962e06863b12}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{98bbbdc5-0601-4cdf-bd59-962e06863b12}: [DhcpNameServer] 192.168.1.1
ManualProxies: 1127.0.0.1:8003
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-1185186811-2557484583-1050751958-1006\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-1185186811-2557484583-1050751958-1006\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
HKU\S-1-5-21-1185186811-2557484583-1050751958-1006\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {00D07FE6-BA47-4B4D-8E5B-E23F3A75D63A} URL = 
SearchScopes: HKU\S-1-5-21-1185186811-2557484583-1050751958-1006 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2017-03-14] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-03-14] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2017-04-05]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2015-09-13] (Citrix Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2016-04-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Michael.KITTEN-PC\AppData\Roaming\mozilla\plugins\npatgpc.dll [2017-01-19] (Cisco WebEx LLC)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxps://webmail.uoregon.edu/?_task=mail","hxxps://us-mg5.mail.yahoo.com/neo/launch?.rand=30nrl4inh6n11#1650","hxxps://mail.google.com/mail/u/1/#inbox","hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_rsprck_16_04&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDyByCtC0C0EyE0BtC0DtC0DyBtC0AtN0D0Tzu0StCyEzzzztN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyEtA0DzytA0BtAtDtGyDyCtByDtG0AtBzy0BtGyC0ByC0BtGyEzy0CzytDzyyByEzyzz0FtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAyB0DzzyByB0EtG0D0EtD0EtGyE0D0DzztGzztDyByDtGyDtB0DyC0Bzy0E0EyEtCtD0A2QtN0A0LzuyE%26cr%3D1421496570%26a%3Dwncy_rsprck_16_04%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome"
CHR Profile: C:\Users\Michael.KITTEN-PC\AppData\Local\Google\Chrome\User Data\Default [2017-04-22]
CHR Extension: (Google Slides) - C:\Users\Michael.KITTEN-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-01]
CHR Extension: (Google Docs) - C:\Users\Michael.KITTEN-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-01]
CHR Extension: (Google Drive) - C:\Users\Michael.KITTEN-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-20]
CHR Extension: (YouTube) - C:\Users\Michael.KITTEN-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Google Cast) - C:\Users\Michael.KITTEN-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-04-03]
CHR Extension: (Adblock Plus) - C:\Users\Michael.KITTEN-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-28]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\Michael.KITTEN-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2017-04-13]
CHR Extension: (Google Search) - C:\Users\Michael.KITTEN-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Mendeley Importer) - C:\Users\Michael.KITTEN-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dagcmkpagjlhakfdhnbomgmjdpkdklff [2017-03-28]
CHR Extension: (Adobe Acrobat) - C:\Users\Michael.KITTEN-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-04-07]
CHR Extension: (Google Sheets) - C:\Users\Michael.KITTEN-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-01]
CHR Extension: (Google Docs Offline) - C:\Users\Michael.KITTEN-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
CHR Extension: (Earth) - C:\Users\Michael.KITTEN-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jieopfhnlbjmbpckpdhfdedccdmngdac [2015-09-01]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Michael.KITTEN-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2017-04-17]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Michael.KITTEN-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-10-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Michael.KITTEN-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Gmail) - C:\Users\Michael.KITTEN-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-01]
CHR Extension: (Chrome Media Router) - C:\Users\Michael.KITTEN-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-07]
CHR HKU\S-1-5-21-1185186811-2557484583-1050751958-1006\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2016-04-23]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1231376 2016-03-23] (Autodesk Inc.)
S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S2 ArcGIS License Manager; C:\Program Files (x86)\ArcGIS\License10.3\bin\lmgrd.exe [1499512 2015-03-30] (Flexera Software LLC)
S2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-07] (Autodesk, Inc.)
S2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2251992 2015-03-27] (Broadcom Corporation.)
S2 CcmExec; C:\windows\CCM\CcmExec.exe [1773240 2015-04-14] (Microsoft Corporation)
S2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [592880 2014-07-09] ()
S4 CmRcService; C:\windows\CCM\RemCtrl\CmRcService.exe [671928 2015-04-14] (Microsoft Corporation)
S2 Dataup; C:\Program Files (x86)\ntuserlitelist\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-12] (NVIDIA Corporation)
S2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-01] (Intel Corporation)
S2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [561408 2014-09-22] (Lenovo)
S2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584664 2015-12-14] (LENOVO INCORPORATED.)
S2 LenovoSetSvr; C:\Program Files (x86)\Lenovo\Lenovo Settings\LenovoSetSvr.exe [389680 2015-07-21] (Lenovo(beijing) Limited)
S2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2015-07-21] (Lenovo(beijing) Limited)
S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)
S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [271328 2015-12-10] (Lenovo)
S2 LUService; C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe [38896 2014-02-17] (Lenovo(beijing) Limited)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.523\McCHSvc.exe [404376 2017-03-20] (McAfee, Inc.)
S2 McNeelUpdate; C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe [67944 2015-08-10] (Robert McNeel & Associates)
S2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [191064 2012-02-11] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [69632 2006-11-08] (Hewlett-Packard) [File not signed]
S2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-12] (NVIDIA Corporation)
S2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [167176 2014-02-25] (PointGrab LTD)
S2 PG_Service_Launcher; C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe [512776 2014-02-25] (PointGrab LTD)
S2 PhoneCompanionPusher; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [288240 2015-07-21] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [308720 2015-07-21] (Lenovo)
S2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [88064 2006-11-08] (Hewlett-Packard) [File not signed]
S2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
S3 smstsmgr; C:\windows\CCM\TSManager.exe [316600 2015-04-14] (Microsoft Corporation)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-11] (Microsoft Corporation)
S2 srcsrv; C:\WINDOWS\src_srv\winsrcsrv.exe [16384 2017-04-04] () [File not signed]
S2 VRLService; C:\ProgramData\ASGVIS\Dongle Utilities\startvrlservice.exe [183808 2014-08-26] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2017-03-27] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2017-03-27] (Microsoft Corporation)
S2 windowsmanagementservice; C:\Users\Michael.KITTEN-PC\AppData\Local\meslk\ct.exe [947200 2017-03-29] () [File not signed] <==== ATTENTION
S3 Workflow Manager Spatial Notification Service; C:\Program Files (x86)\ArcGIS\WMX\Desktop10.3\Bin\WMXSpatialNotificationService.exe [28096 2015-04-02] (Esri)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [173312 2015-03-27] (Broadcom Corporation.)
R3 BCM43XX; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [7592664 2014-12-04] (Broadcom Corporation)
R0 drmkpro64; C:\WINDOWS\System32\drivers\ndistpr64.sys [78112 2013-09-28] () [File not signed] <==== ATTENTION
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2017-04-22] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvltwu.inf_amd64_dc8ffafad3ea7ddd\nvlddmkm.sys [14190520 2017-01-17] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-12] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 prepdrvr; C:\WINDOWS\system32\DRIVERS\prepdrv.sys [26984 2015-04-14] (Microsoft Corporation)
S4 RsFx0200; C:\WINDOWS\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)
S3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [761600 2015-06-15] (Realsil Semiconductor Corporation)
S3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [9121496 2014-06-10] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-03] (Synaptics Incorporated)
S1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [25444 ] (UC Web Inc.) <==== ATTENTION
S3 vpnva; C:\WINDOWS\System32\drivers\vpnva64-6.sys [52592 2015-07-22] (Cisco Systems, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S2 WIBUKEY; C:\WINDOWS\System32\DRIVERS\WibuKey64.sys [97792 2011-09-22] (WIBU-SYSTEMS AG)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-22 14:23 - 2017-04-22 14:24 - 00000000 ____D C:\FRST
2017-04-22 14:21 - 2017-04-22 14:21 - 00000000 ____D C:\Users\Michael.KITTEN-PC\Documents\Studio 2
2017-04-22 14:21 - 2017-04-22 14:21 - 00000000 ____D C:\Users\Michael.KITTEN-PC\Documents\5 Star Work
2017-04-22 14:20 - 2017-04-22 14:21 - 00000000 ____D C:\Users\Michael.KITTEN-PC\Documents\Studio 3
2017-04-22 14:19 - 2017-04-22 14:20 - 00000000 ____D C:\Users\Michael.KITTEN-PC\Documents\Studio 4
2017-04-22 14:10 - 2017-04-22 14:10 - 00000628 _____ C:\Users\Michael.KITTEN-PC\Desktop\iExplore - Shortcut.lnk
2017-04-22 14:10 - 2017-04-22 14:10 - 00000627 _____ C:\Users\Michael.KITTEN-PC\Desktop\rkill - Shortcut (2).lnk
2017-04-22 14:10 - 2017-04-22 14:10 - 00000603 _____ C:\Users\Michael.KITTEN-PC\Desktop\rkill - Shortcut.lnk
2017-04-22 14:10 - 2017-04-22 14:10 - 00000002 _____ C:\Users\Michael.KITTEN-PC\Desktop\Rkill.txt
2017-04-22 14:00 - 2017-04-22 14:00 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-04-22 13:59 - 2017-04-22 13:59 - 00000000 ____D C:\WINDOWS\pss
2017-04-22 13:50 - 2017-04-22 13:50 - 06903192 _____ (AVAST Software) C:\Users\Michael.KITTEN-PC\Downloads\avast_free_antivirus_setup_online_f1d.exe
2017-04-22 13:50 - 2017-04-22 13:50 - 00000000 ____D C:\ProgramData\AVAST Software
2017-04-22 13:32 - 2017-04-22 13:32 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-04-22 13:25 - 2017-04-22 13:32 - 2738656220 _____ C:\avenger.txt
2017-04-22 13:25 - 2017-04-22 13:25 - 00000000 ____D C:\Avenger
2017-04-22 13:01 - 2017-04-22 13:01 - 00000000 ____D C:\Program Files\2XFXYKALN1
2017-04-22 12:57 - 2017-04-22 13:03 - 00000872 _____ C:\appverifier.txt
2017-04-22 12:55 - 2017-04-22 12:55 - 00000000 ____D C:\Users\Michael.KITTEN-PC\AppData\Roaming\FileOpenerWindows for KITTEN-PC
2017-04-22 12:51 - 2017-04-22 12:51 - 00454836 _____ C:\WINDOWS\Minidump\042217-8703-01.dmp
2017-04-22 12:50 - 2017-04-22 12:50 - 00003502 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdater
2017-04-22 12:50 - 2017-04-22 12:50 - 00003476 _____ C:\WINDOWS\System32\Tasks\UCBrowserSecureUpdater
2017-04-22 12:50 - 2017-04-22 12:50 - 00002652 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdaterCore
2017-04-22 12:50 - 2017-04-22 12:50 - 00000480 _____ C:\WINDOWS\Tasks\UCBrowserUpdater.job
2017-04-22 12:50 - 2017-04-22 12:50 - 00000316 _____ C:\WINDOWS\Tasks\UCBrowserUpdaterCore.job
2017-04-22 12:50 - 2017-04-22 12:50 - 00000000 ____D C:\Users\Michael.KITTEN-PC\AppData\Local\UCBrowser
2017-04-22 12:49 - 2017-04-22 13:26 - 00000000 ____D C:\Program Files (x86)\YeaDesktop
2017-04-22 12:49 - 2017-04-22 13:25 - 00000000 ____D C:\Program Files (x86)\ProxyGate
2017-04-22 12:49 - 2017-04-22 13:25 - 00000000 ____D C:\Program Files (x86)\lll
2017-04-22 12:49 - 2017-04-22 13:19 - 00000000 __SHD C:\Users\Michael.KITTEN-PC\AppData\Local\svchost
2017-04-22 12:49 - 2017-04-22 13:01 - 00624640 _____ C:\WINDOWS\system32\NetUtils2016.dll
2017-04-22 12:49 - 2017-04-22 12:51 - 00014336 _____ C:\Users\Michael.KITTEN-PC\AppData\Local\emling.dll
2017-04-22 12:49 - 2017-04-22 12:51 - 00002048 _____ C:\Users\Michael.KITTEN-PC\AppData\Local\uninstallro.exe
2017-04-22 12:49 - 2017-04-22 12:50 - 00000000 ____D C:\Program Files (x86)\UCBrowser
2017-04-22 12:49 - 2017-04-22 12:49 - 00000000 __SHD C:\Users\Michael.KITTEN-PC\AppData\Local\kemgadeojglibflomicgnfeopkdfflnw
2017-04-22 12:49 - 2017-04-22 12:49 - 00000000 ____D C:\WINDOWS\system32\sstmp
2017-04-22 12:49 - 2017-04-22 12:49 - 00000000 ____D C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel
2017-04-22 12:49 - 2017-04-22 12:49 - 00000000 ____D C:\Users\Michael.KITTEN-PC\AppData\Roaming\Softlink
2017-04-22 12:49 - 2017-04-22 12:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YeaDesktop
2017-04-22 12:48 - 2017-04-22 13:03 - 00000000 ____D C:\Program Files (x86)\SpeeDownloader
2017-04-22 12:48 - 2017-04-22 12:48 - 00000000 ____D C:\WINDOWS\src_srv
2017-04-22 12:44 - 2017-04-22 12:44 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-04-22 12:43 - 2017-04-22 13:38 - 00000000 ___HD C:\Users\Public\Documents\AdobeGC
2017-04-22 12:43 - 2017-04-22 13:19 - 00000000 ____D C:\Users\Michael.KITTEN-PC\AppData\Local\llssoft
2017-04-22 12:43 - 2017-04-22 12:43 - 00000000 ____D C:\Program Files (x86)\ntuserlitelist
2017-04-22 12:36 - 2017-04-22 12:36 - 00514220 _____ C:\WINDOWS\Minidump\042217-7203-01.dmp
2017-04-22 12:34 - 2017-04-22 13:03 - 00000000 ____D C:\Program Files (x86)\s5
2017-04-22 12:34 - 2017-04-22 12:34 - 00000000 ____D C:\Users\Michael.KITTEN-PC\AppData\Local\vfgcqhkiy
2017-04-22 12:34 - 2017-04-22 12:34 - 00000000 ____D C:\Users\Michael.KITTEN-PC\AppData\Local\meslk
2017-04-22 12:33 - 2017-04-22 12:51 - 00140288 _____ C:\Users\Michael.KITTEN-PC\AppData\Roaming\Installer.dat
2017-04-22 12:33 - 2017-04-22 12:36 - 00000402 _____ C:\WINDOWS\Tasks\Updater_Online_Application.job
2017-04-22 12:33 - 2017-04-22 12:36 - 00000370 _____ C:\WINDOWS\Tasks\Online Application V2G3.job
2017-04-22 12:33 - 2017-04-22 12:36 - 00000370 _____ C:\WINDOWS\Tasks\Online Application V2G2.job
2017-04-22 12:33 - 2017-04-22 12:36 - 00000370 _____ C:\WINDOWS\Tasks\Online Application V2G1.job
2017-04-22 12:33 - 2017-04-22 12:33 - 00003296 _____ C:\WINDOWS\System32\Tasks\Updater_Online_Application
2017-04-22 12:33 - 2017-04-22 12:33 - 00000062 _____ C:\WINDOWS\WeatherBuddy.INI
2017-04-22 12:33 - 2017-04-22 12:33 - 00000000 ____D C:\Users\Michael.KITTEN-PC\AppData\Roaming\Microleaves
2017-04-22 12:33 - 2017-04-22 12:33 - 00000000 ____D C:\Users\Michael.KITTEN-PC\AppData\Roaming\c
2017-04-22 12:33 - 2017-04-22 12:33 - 00000000 ____D C:\Users\Michael.KITTEN-PC\AppData\Local\AdvinstAnalytics
2017-04-22 12:33 - 2017-04-22 12:33 - 00000000 ____D C:\Program Files (x86)\Microleaves
2017-04-22 12:32 - 2017-04-22 13:02 - 00000000 ____D C:\Program Files (x86)\AnonymizerGadget
2017-04-21 12:36 - 2017-04-21 12:36 - 00000165 ____H C:\Users\Michael.KITTEN-PC\Downloads\~$AgriLife-Ext-RWH-Calculator.xlsx
2017-04-21 12:36 - 2017-04-21 12:36 - 00000165 ____H C:\Users\Michael.KITTEN-PC\Downloads\~$2009_Water Use Reduction Calculator_v07.xlsm
2017-04-20 23:59 - 2017-04-21 00:14 - 00050473 _____ C:\Users\Michael.KITTEN-PC\Downloads\AgriLife-Ext-RWH-Calculator.xlsx
2017-04-20 23:28 - 2017-04-21 00:14 - 00159534 _____ C:\Users\Michael.KITTEN-PC\Downloads\2009_Water Use Reduction Calculator_v07.xlsm
2017-04-19 22:41 - 2017-04-22 11:44 - 00037376 _____ C:\Users\Michael.KITTEN-PC\Downloads\Water_Usage_Calculator.xls
2017-04-15 22:15 - 2017-04-15 22:15 - 00153172 _____ C:\Users\Michael.KITTEN-PC\Desktop\W2 UO.pdf
2017-04-15 03:04 - 2017-04-15 03:04 - 00078502 _____ C:\Users\Michael.KITTEN-PC\Desktop\w2r.pdf
2017-04-13 22:41 - 2017-04-13 22:41 - 00000000 ____D C:\Users\Michael.KITTEN-PC\Downloads\Adobe Acrobat XI Pro 11.0.19 Multilingual Incl Crack + Portable
2017-04-13 21:32 - 2017-04-01 11:52 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-04-13 21:32 - 2017-04-01 11:52 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-04-13 11:24 - 2017-04-13 11:24 - 03173056 _____ C:\WINDOWS\e5e4fa41c607745d15270f03369b7244.exe
2017-04-12 09:47 - 2017-04-12 09:47 - 00123641 _____ C:\Users\Michael.KITTEN-PC\Desktop\CXa7GXFU0AAJjTI.jpg-large
2017-04-11 23:38 - 2017-03-27 23:04 - 02262776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-04-11 23:38 - 2017-03-27 22:37 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp
2017-04-11 23:38 - 2017-03-27 22:36 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ipsecsnp.dll
2017-04-11 23:38 - 2017-03-27 22:34 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-04-11 23:38 - 2017-03-27 22:33 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ipsmsnap.dll
2017-04-11 23:38 - 2017-03-27 22:32 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-04-11 23:38 - 2017-03-27 22:30 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebcamUi.dll
2017-04-11 23:38 - 2017-03-27 22:30 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NaturalLanguage6.dll
2017-04-11 23:38 - 2017-03-27 22:30 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-04-11 23:38 - 2017-03-27 22:18 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-04-11 23:38 - 2017-03-27 22:17 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-04-11 23:38 - 2017-03-27 22:14 - 07468544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-04-11 23:38 - 2017-03-27 22:13 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-04-11 23:38 - 2017-03-27 22:12 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2017-04-11 23:38 - 2017-03-27 22:12 - 02026496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-04-11 23:38 - 2017-03-27 22:12 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-04-11 23:38 - 2017-03-27 22:10 - 02483200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-04-11 23:38 - 2017-03-27 22:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RADCUI.dll
2017-04-11 23:37 - 2017-03-28 00:10 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-04-11 23:37 - 2017-03-28 00:10 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-04-11 23:37 - 2017-03-27 23:21 - 00167848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2017-04-11 23:37 - 2017-03-27 23:19 - 00601712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-04-11 23:37 - 2017-03-27 23:18 - 01705976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-04-11 23:37 - 2017-03-27 23:15 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-04-11 23:37 - 2017-03-27 23:07 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-04-11 23:37 - 2017-03-27 23:05 - 01504056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-04-11 23:37 - 2017-03-27 23:04 - 05721808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-04-11 23:37 - 2017-03-27 23:04 - 01431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-04-11 23:37 - 2017-03-27 23:04 - 00975744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-04-11 23:37 - 2017-03-27 23:04 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-04-11 23:37 - 2017-03-27 23:04 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2017-04-11 23:37 - 2017-03-27 23:04 - 00116568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-04-11 23:37 - 2017-03-27 23:02 - 01980768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2017-04-11 23:37 - 2017-03-27 23:02 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2017-04-11 23:37 - 2017-03-27 23:02 - 00576408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-04-11 23:37 - 2017-03-27 22:59 - 06667520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-04-11 23:37 - 2017-03-27 22:59 - 04023008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-04-11 23:37 - 2017-03-27 22:58 - 20967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-04-11 23:37 - 2017-03-27 22:58 - 01851688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-04-11 23:37 - 2017-03-27 22:58 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-04-11 23:37 - 2017-03-27 22:58 - 01344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2017-04-11 23:37 - 2017-03-27 22:58 - 01277856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-04-11 23:37 - 2017-03-27 22:58 - 01202936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-04-11 23:37 - 2017-03-27 22:58 - 00981888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-04-11 23:37 - 2017-03-27 22:58 - 00961192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-04-11 23:37 - 2017-03-27 22:53 - 01414728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-04-11 23:37 - 2017-03-27 22:53 - 00545944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-04-11 23:37 - 2017-03-27 22:52 - 00306800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2017-04-11 23:37 - 2017-03-27 22:48 - 05685760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-04-11 23:37 - 2017-03-27 22:42 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-04-11 23:37 - 2017-03-27 22:42 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2017-04-11 23:37 - 2017-03-27 22:41 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-04-11 23:37 - 2017-03-27 22:40 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2017-04-11 23:37 - 2017-03-27 22:40 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll
2017-04-11 23:37 - 2017-03-27 22:40 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-04-11 23:37 - 2017-03-27 22:39 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Radios.dll
2017-04-11 23:37 - 2017-03-27 22:39 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-04-11 23:37 - 2017-03-27 22:38 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-04-11 23:37 - 2017-03-27 22:38 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll
2017-04-11 23:37 - 2017-03-27 22:38 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-04-11 23:37 - 2017-03-27 22:38 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2017-04-11 23:37 - 2017-03-27 22:37 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apds.dll
2017-04-11 23:37 - 2017-03-27 22:37 - 00177664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2017-04-11 23:37 - 2017-03-27 22:37 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2017-04-11 23:37 - 2017-03-27 22:37 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll
2017-04-11 23:37 - 2017-03-27 22:37 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.SystemManagement.dll
2017-04-11 23:37 - 2017-03-27 22:36 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinRtTracing.dll
2017-04-11 23:37 - 2017-03-27 22:36 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SerialCommunication.dll
2017-04-11 23:37 - 2017-03-27 22:36 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2017-04-11 23:37 - 2017-03-27 22:36 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll
2017-04-11 23:37 - 2017-03-27 22:36 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.UserDeviceAssociation.dll
2017-04-11 23:37 - 2017-03-27 22:35 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-04-11 23:37 - 2017-03-27 22:35 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll
2017-04-11 23:37 - 2017-03-27 22:35 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.LowLevel.dll
2017-04-11 23:37 - 2017-03-27 22:35 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.XboxLive.Storage.dll
2017-04-11 23:37 - 2017-03-27 22:35 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-04-11 23:37 - 2017-03-27 22:35 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2017-04-11 23:37 - 2017-03-27 22:35 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-04-11 23:37 - 2017-03-27 22:35 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll
2017-04-11 23:37 - 2017-03-27 22:35 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2017-04-11 23:37 - 2017-03-27 22:35 - 00113152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Lights.dll
2017-04-11 23:37 - 2017-03-27 22:35 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll
2017-04-11 23:37 - 2017-03-27 22:34 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2017-04-11 23:37 - 2017-03-27 22:34 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBroker.dll
2017-04-11 23:37 - 2017-03-27 22:34 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll
2017-04-11 23:37 - 2017-03-27 22:33 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll
2017-04-11 23:37 - 2017-03-27 22:33 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Import.dll
2017-04-11 23:37 - 2017-03-27 22:33 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-04-11 23:37 - 2017-03-27 22:33 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll
2017-04-11 23:37 - 2017-03-27 22:33 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-04-11 23:37 - 2017-03-27 22:33 - 00265728 _____ C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll
2017-04-11 23:37 - 2017-03-27 22:32 - 01243136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.FaceAnalysis.dll
2017-04-11 23:37 - 2017-03-27 22:32 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.dll
2017-04-11 23:37 - 2017-03-27 22:32 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll
2017-04-11 23:37 - 2017-03-27 22:32 - 00386048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFiDirect.dll
2017-04-11 23:37 - 2017-03-27 22:32 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2017-04-11 23:37 - 2017-03-27 22:32 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2017-04-11 23:37 - 2017-03-27 22:32 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-04-11 23:37 - 2017-03-27 22:32 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2017-04-11 23:37 - 2017-03-27 22:32 - 00271360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2017-04-11 23:37 - 2017-03-27 22:32 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-04-11 23:37 - 2017-03-27 22:32 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WwaApi.dll
2017-04-11 23:37 - 2017-03-27 22:32 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vaultcli.dll
2017-04-11 23:37 - 2017-03-27 22:32 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2017-04-11 23:37 - 2017-03-27 22:32 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-04-11 23:37 - 2017-03-27 22:32 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2017-04-11 23:37 - 2017-03-27 22:32 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2017-04-11 23:37 - 2017-03-27 22:31 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-04-11 23:37 - 2017-03-27 22:31 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mbsmsapi.dll
2017-04-11 23:37 - 2017-03-27 22:31 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-04-11 23:37 - 2017-03-27 22:31 - 00390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2017-04-11 23:37 - 2017-03-27 22:31 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-04-11 23:37 - 2017-03-27 22:30 - 00819200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2017-04-11 23:37 - 2017-03-27 22:30 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sbe.dll
2017-04-11 23:37 - 2017-03-27 22:30 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll
2017-04-11 23:37 - 2017-03-27 22:30 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-04-11 23:37 - 2017-03-27 22:29 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Ocr.dll
2017-04-11 23:37 - 2017-03-27 22:29 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2017-04-11 23:37 - 2017-03-27 22:29 - 00314368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2017-04-11 23:37 - 2017-03-27 22:29 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-04-11 23:37 - 2017-03-27 22:29 - 00238080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-04-11 23:37 - 2017-03-27 22:28 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-04-11 23:37 - 2017-03-27 22:28 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-04-11 23:37 - 2017-03-27 22:28 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2017-04-11 23:37 - 2017-03-27 22:28 - 00500224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll
2017-04-11 23:37 - 2017-03-27 22:27 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CryptoWinRT.dll
2017-04-11 23:37 - 2017-03-27 22:26 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.3D.dll
2017-04-11 23:37 - 2017-03-27 22:26 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll
2017-04-11 23:37 - 2017-03-27 22:26 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-04-11 23:37 - 2017-03-27 22:25 - 18364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-04-11 23:37 - 2017-03-27 22:25 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2017-04-11 23:37 - 2017-03-27 22:25 - 01196544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2017-04-11 23:37 - 2017-03-27 22:25 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2017-04-11 23:37 - 2017-03-27 22:24 - 19416576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-04-11 23:37 - 2017-03-27 22:24 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-04-11 23:37 - 2017-03-27 22:24 - 04614656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-04-11 23:37 - 2017-03-27 22:24 - 00901120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2017-04-11 23:37 - 2017-03-27 22:24 - 00675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2017-04-11 23:37 - 2017-03-27 22:23 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-04-11 23:37 - 2017-03-27 22:23 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-04-11 23:37 - 2017-03-27 22:23 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-04-11 23:37 - 2017-03-27 22:23 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2017-04-11 23:37 - 2017-03-27 22:23 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2017-04-11 23:37 - 2017-03-27 22:22 - 00516096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2017-04-11 23:37 - 2017-03-27 22:22 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTMediaFrame.dll
2017-04-11 23:37 - 2017-03-27 22:22 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll
2017-04-11 23:37 - 2017-03-27 22:21 - 01077760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll
2017-04-11 23:37 - 2017-03-27 22:20 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-04-11 23:37 - 2017-03-27 22:20 - 00795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MiracastReceiver.dll
2017-04-11 23:37 - 2017-03-27 22:20 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-04-11 23:37 - 2017-03-27 22:19 - 00746496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2017-04-11 23:37 - 2017-03-27 22:19 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-04-11 23:37 - 2017-03-27 22:19 - 00343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-04-11 23:37 - 2017-03-27 22:19 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2017-04-11 23:37 - 2017-03-27 22:19 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dialclient.dll
2017-04-11 23:37 - 2017-03-27 22:18 - 12181504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-04-11 23:37 - 2017-03-27 22:17 - 06109696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-04-11 23:37 - 2017-03-27 22:17 - 00895488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2017-04-11 23:37 - 2017-03-27 22:17 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToReceiver.dll
2017-04-11 23:37 - 2017-03-27 22:16 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2017-04-11 23:37 - 2017-03-27 22:16 - 01221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2017-04-11 23:37 - 2017-03-27 22:16 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll
2017-04-11 23:37 - 2017-03-27 22:15 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2017-04-11 23:37 - 2017-03-27 22:14 - 03520512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2017-04-11 23:37 - 2017-03-27 22:14 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-04-11 23:37 - 2017-03-27 22:14 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-04-11 23:37 - 2017-03-27 22:14 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Geolocation.dll
2017-04-11 23:37 - 2017-03-27 22:14 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2017-04-11 23:37 - 2017-03-27 22:13 - 06045184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-04-11 23:37 - 2017-03-27 22:13 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-04-11 23:37 - 2017-03-27 22:13 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Perception.dll
2017-04-11 23:37 - 2017-03-27 22:13 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2017-04-11 23:37 - 2017-03-27 22:13 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2017-04-11 23:37 - 2017-03-27 22:12 - 01013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2017-04-11 23:37 - 2017-03-27 22:12 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2017-04-11 23:37 - 2017-03-27 22:12 - 00862208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-04-11 23:37 - 2017-03-27 22:12 - 00827904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-04-11 23:37 - 2017-03-27 22:12 - 00691200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-04-11 23:37 - 2017-03-27 22:12 - 00654336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2017-04-11 23:37 - 2017-03-27 22:12 - 00620544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-04-11 23:37 - 2017-03-27 22:12 - 00598528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2017-04-11 23:37 - 2017-03-27 22:12 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-04-11 23:37 - 2017-03-27 22:12 - 00542208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2017-04-11 23:37 - 2017-03-27 22:12 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
2017-04-11 23:37 - 2017-03-27 22:11 - 02994176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-04-11 23:37 - 2017-03-27 22:11 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-04-11 23:37 - 2017-03-27 22:11 - 01600000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-04-11 23:37 - 2017-03-27 22:11 - 01576448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2017-04-11 23:37 - 2017-03-27 22:11 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll
2017-04-11 23:37 - 2017-03-27 22:11 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2017-04-11 23:37 - 2017-03-27 22:09 - 03106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2017-04-11 23:37 - 2017-03-27 22:08 - 01564160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-04-11 23:37 - 2017-03-27 22:08 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2017-04-11 23:37 - 2017-03-27 21:48 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-04-11 23:37 - 2017-03-15 21:38 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CompPkgSup.dll
2017-04-11 23:31 - 2017-03-27 23:32 - 00198856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2017-04-11 23:31 - 2017-03-27 23:26 - 00218520 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2017-04-11 23:31 - 2017-03-27 23:12 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-04-11 23:31 - 2017-03-27 23:11 - 01860288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-04-11 23:31 - 2017-03-27 23:11 - 01738560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-04-11 23:31 - 2017-03-27 23:11 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-04-11 23:31 - 2017-03-27 23:10 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-04-11 23:31 - 2017-03-27 23:10 - 01157008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-04-11 23:31 - 2017-03-27 23:09 - 00097128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Credentials.UI.CredentialPicker.dll
2017-04-11 23:31 - 2017-03-27 23:05 - 22221368 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-04-11 23:31 - 2017-03-27 23:05 - 08168512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-04-11 23:31 - 2017-03-27 23:04 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-04-11 23:31 - 2017-03-27 22:59 - 02533728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-04-11 23:31 - 2017-03-27 22:38 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-04-11 23:31 - 2017-03-27 22:37 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManagerProxy.dll
2017-04-11 23:31 - 2017-03-27 22:37 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-04-11 23:31 - 2017-03-27 22:36 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-04-11 23:31 - 2017-03-27 22:36 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2017-04-11 23:31 - 2017-03-27 22:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpRelayTransport.dll
2017-04-11 23:31 - 2017-03-27 22:36 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-04-11 23:31 - 2017-03-27 22:35 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-04-11 23:31 - 2017-03-27 22:35 - 00156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.Client.dll
2017-04-11 23:31 - 2017-03-27 22:35 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.SystemManagement.dll
2017-04-11 23:31 - 2017-03-27 22:35 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-04-11 23:31 - 2017-03-27 22:34 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp
2017-04-11 23:31 - 2017-03-27 22:34 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.SyncEngine.dll
2017-04-11 23:31 - 2017-03-27 22:34 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_ClosedCaptioning.dll
2017-04-11 23:31 - 2017-03-27 22:34 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2017-04-11 23:31 - 2017-03-27 22:33 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.XboxLive.Storage.dll
2017-04-11 23:31 - 2017-03-27 22:33 - 00196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll
2017-04-11 23:31 - 2017-03-27 22:33 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinRtTracing.dll
2017-04-11 23:31 - 2017-03-27 22:33 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Core.dll
2017-04-11 23:31 - 2017-03-27 22:33 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2017-04-11 23:31 - 2017-03-27 22:33 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll
2017-04-11 23:31 - 2017-03-27 22:33 - 00082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.UserDeviceAssociation.dll
2017-04-11 23:31 - 2017-03-27 22:32 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-04-11 23:31 - 2017-03-27 22:31 - 00547840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Input.dll
2017-04-11 23:31 - 2017-03-27 22:31 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-04-11 23:31 - 2017-03-27 22:31 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-04-11 23:31 - 2017-03-27 22:31 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-04-11 23:31 - 2017-03-27 22:31 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-04-11 23:31 - 2017-03-27 22:30 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-04-11 23:31 - 2017-03-27 22:30 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-04-11 23:31 - 2017-03-27 22:29 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-04-11 23:31 - 2017-03-27 22:29 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-04-11 23:31 - 2017-03-27 22:29 - 00293888 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-04-11 23:31 - 2017-03-27 22:29 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2017-04-11 23:31 - 2017-03-27 22:29 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-04-11 23:31 - 2017-03-27 22:29 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2017-04-11 23:31 - 2017-03-27 22:29 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-04-11 23:31 - 2017-03-27 22:28 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll
2017-04-11 23:31 - 2017-03-27 22:28 - 00551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-04-11 23:31 - 2017-03-27 22:28 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-04-11 23:31 - 2017-03-27 22:27 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2017-04-11 23:31 - 2017-03-27 22:27 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2017-04-11 23:31 - 2017-03-27 22:27 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-04-11 23:31 - 2017-03-27 22:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WwaApi.dll
2017-04-11 23:31 - 2017-03-27 22:27 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-04-11 23:31 - 2017-03-27 22:26 - 01145344 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2017-04-11 23:31 - 2017-03-27 22:26 - 00642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll
2017-04-11 23:31 - 2017-03-27 22:26 - 00549376 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-04-11 23:31 - 2017-03-27 22:25 - 00966144 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbe.dll
2017-04-11 23:31 - 2017-03-27 22:25 - 00963584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebcamUi.dll
2017-04-11 23:31 - 2017-03-27 22:25 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-04-11 23:31 - 2017-03-27 22:23 - 09130496 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-04-11 23:31 - 2017-03-27 22:23 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-04-11 23:31 - 2017-03-27 22:23 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManMigrationPlugin.dll
2017-04-11 23:31 - 2017-03-27 22:22 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2017-04-11 23:31 - 2017-03-27 22:18 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-04-11 23:31 - 2017-03-27 22:17 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-04-11 23:31 - 2017-03-27 22:16 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-04-11 23:31 - 2017-03-27 22:15 - 02390016 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-04-11 23:31 - 2017-03-27 22:15 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2017-04-11 23:31 - 2017-03-27 22:14 - 08126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-04-11 23:31 - 2017-03-27 22:14 - 01643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2017-04-11 23:31 - 2017-03-27 22:14 - 01080320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Ocr.dll
2017-04-11 23:31 - 2017-03-27 22:14 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-04-11 23:31 - 2017-03-27 22:14 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2017-04-11 23:31 - 2017-03-27 22:13 - 04596224 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2017-04-11 23:31 - 2017-03-27 22:13 - 01359872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-04-11 23:31 - 2017-03-27 22:13 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-04-11 23:31 - 2017-03-27 22:11 - 02914816 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-04-11 23:31 - 2017-03-27 22:11 - 01981440 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-04-11 23:31 - 2017-03-27 22:11 - 00765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2017-04-11 23:31 - 2017-03-27 22:10 - 08076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-04-11 23:31 - 2017-03-27 22:10 - 02424320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Perception.dll
2017-04-11 23:31 - 2017-03-27 22:10 - 02316288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-04-11 23:31 - 2017-03-27 22:10 - 01424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2017-04-11 23:31 - 2017-03-27 22:10 - 01266176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2017-04-11 23:31 - 2017-03-27 22:10 - 00875520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-04-11 23:31 - 2017-03-27 22:10 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2017-04-11 23:31 - 2017-03-27 22:10 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-04-11 23:31 - 2017-03-27 22:09 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-04-11 23:31 - 2017-03-27 22:09 - 01369088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll
2017-04-11 23:31 - 2017-03-27 22:09 - 01328640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2017-04-11 23:31 - 2017-03-27 22:09 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-04-11 23:31 - 2017-03-27 22:08 - 03612672 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-04-11 23:31 - 2017-03-27 22:07 - 00908800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2017-04-11 23:31 - 2017-03-27 22:06 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-04-11 23:31 - 2017-03-27 22:06 - 00999424 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-04-11 23:30 - 2017-03-27 23:36 - 01617760 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-04-11 23:30 - 2017-03-27 23:36 - 00142176 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-04-11 23:30 - 2017-03-27 23:35 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-04-11 23:30 - 2017-03-27 23:29 - 02213248 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-04-11 23:30 - 2017-03-27 23:28 - 07786336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-04-11 23:30 - 2017-03-27 23:28 - 00773720 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-04-11 23:30 - 2017-03-27 23:26 - 00603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2017-04-11 23:30 - 2017-03-27 23:22 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-04-11 23:30 - 2017-03-27 23:20 - 01181024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-04-11 23:30 - 2017-03-27 23:11 - 02187616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-04-11 23:30 - 2017-03-27 23:11 - 00402784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-04-11 23:30 - 2017-03-27 23:10 - 07220184 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-04-11 23:30 - 2017-03-27 23:10 - 02758648 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-04-11 23:30 - 2017-03-27 23:09 - 02446704 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2017-04-11 23:30 - 2017-03-27 23:09 - 00682816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-04-11 23:30 - 2017-03-27 23:09 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-04-11 23:30 - 2017-03-27 23:08 - 01267504 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2017-04-11 23:30 - 2017-03-27 23:06 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-04-11 23:30 - 2017-03-27 23:05 - 04260576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-04-11 23:30 - 2017-03-27 23:05 - 01988048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-04-11 23:30 - 2017-03-27 23:05 - 01848584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2017-04-11 23:30 - 2017-03-27 23:05 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-04-11 23:30 - 2017-03-27 23:05 - 01302136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-04-11 23:30 - 2017-03-27 23:05 - 01072248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-04-11 23:30 - 2017-03-27 23:04 - 01276760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-04-11 23:30 - 2017-03-27 23:04 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-04-11 23:30 - 2017-03-27 23:04 - 00160088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2017-04-11 23:30 - 2017-03-27 23:00 - 01569184 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-04-11 23:30 - 2017-03-27 23:00 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-04-11 23:30 - 2017-03-27 22:58 - 00387872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-04-11 23:30 - 2017-03-27 22:44 - 07216640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-04-11 23:30 - 2017-03-27 22:41 - 00372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-04-11 23:30 - 2017-03-27 22:37 - 22568960 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-04-11 23:30 - 2017-03-27 22:37 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DdcWnsListener.dll
2017-04-11 23:30 - 2017-03-27 22:36 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-04-11 23:30 - 2017-03-27 22:36 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-04-11 23:30 - 2017-03-27 22:35 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2017-04-11 23:30 - 2017-03-27 22:35 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Printers.dll
2017-04-11 23:30 - 2017-03-27 22:34 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2017-04-11 23:30 - 2017-03-27 22:34 - 00113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll
2017-04-11 23:30 - 2017-03-27 22:33 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFi.dll
2017-04-11 23:30 - 2017-03-27 22:33 - 00182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceDirectoryClient.dll
2017-04-11 23:30 - 2017-03-27 22:32 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-04-11 23:30 - 2017-03-27 22:32 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Radios.dll
2017-04-11 23:30 - 2017-03-27 22:31 - 00418304 _____ C:\WINDOWS\system32\Windows.Perception.Stub.dll
2017-04-11 23:30 - 2017-03-27 22:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.Phone.dll
2017-04-11 23:30 - 2017-03-27 22:31 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2017-04-11 23:30 - 2017-03-27 22:31 - 00276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-04-11 23:30 - 2017-03-27 22:31 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-04-11 23:30 - 2017-03-27 22:31 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SerialCommunication.dll
2017-04-11 23:30 - 2017-03-27 22:31 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Lights.dll
2017-04-11 23:30 - 2017-03-27 22:30 - 00568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.LowLevel.dll
2017-04-11 23:30 - 2017-03-27 22:30 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll
2017-04-11 23:30 - 2017-03-27 22:30 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafpos.dll
2017-04-11 23:30 - 2017-03-27 22:29 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.dll
2017-04-11 23:30 - 2017-03-27 22:29 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Import.dll
2017-04-11 23:30 - 2017-03-27 22:29 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2017-04-11 23:30 - 2017-03-27 22:29 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-04-11 23:30 - 2017-03-27 22:29 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2017-04-11 23:30 - 2017-03-27 22:29 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-04-11 23:30 - 2017-03-27 22:29 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2017-04-11 23:30 - 2017-03-27 22:29 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-04-11 23:30 - 2017-03-27 22:28 - 00456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-04-11 23:30 - 2017-03-27 22:28 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-04-11 23:30 - 2017-03-27 22:28 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-04-11 23:30 - 2017-03-27 22:28 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Picker.dll
2017-04-11 23:30 - 2017-03-27 22:28 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-04-11 23:30 - 2017-03-27 22:28 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-04-11 23:30 - 2017-03-27 22:27 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.PointOfService.dll
2017-04-11 23:30 - 2017-03-27 22:27 - 00671744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mbsmsapi.dll
2017-04-11 23:30 - 2017-03-27 22:27 - 00645120 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2017-04-11 23:30 - 2017-03-27 22:27 - 00472064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2017-04-11 23:30 - 2017-03-27 22:27 - 00441856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2017-04-11 23:30 - 2017-03-27 22:26 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2017-04-11 23:30 - 2017-03-27 22:26 - 00284160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-04-11 23:30 - 2017-03-27 22:25 - 01010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-04-11 23:30 - 2017-03-27 22:25 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-04-11 23:30 - 2017-03-27 22:24 - 06288384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-04-11 23:30 - 2017-03-27 22:24 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2017-04-11 23:30 - 2017-03-27 22:21 - 23681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-04-11 23:30 - 2017-03-27 22:21 - 03778048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-04-11 23:30 - 2017-03-27 22:21 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2017-04-11 23:30 - 2017-03-27 22:21 - 01403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll
2017-04-11 23:30 - 2017-03-27 22:21 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTMediaFrame.dll
2017-04-11 23:30 - 2017-03-27 22:21 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CastLaunch.dll
2017-04-11 23:30 - 2017-03-27 22:20 - 01105408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll
2017-04-11 23:30 - 2017-03-27 22:20 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-04-11 23:30 - 2017-03-27 22:19 - 07655424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-04-11 23:30 - 2017-03-27 22:19 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-04-11 23:30 - 2017-03-27 22:19 - 00442368 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-04-11 23:30 - 2017-03-27 22:19 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2017-04-11 23:30 - 2017-03-27 22:18 - 01078784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2017-04-11 23:30 - 2017-03-27 22:18 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2017-04-11 23:30 - 2017-03-27 22:17 - 13087232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-04-11 23:30 - 2017-03-27 22:17 - 05114368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2017-04-11 23:30 - 2017-03-27 22:17 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2017-04-11 23:30 - 2017-03-27 22:16 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2017-04-11 23:30 - 2017-03-27 22:15 - 00945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-04-11 23:30 - 2017-03-27 22:15 - 00937984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-04-11 23:30 - 2017-03-27 22:15 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2017-04-11 23:30 - 2017-03-27 22:15 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Geolocation.dll
2017-04-11 23:30 - 2017-03-27 22:15 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2017-04-11 23:30 - 2017-03-27 22:15 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2017-04-11 23:30 - 2017-03-27 22:14 - 00975872 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-04-11 23:30 - 2017-03-27 22:14 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-04-11 23:30 - 2017-03-27 22:14 - 00913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2017-04-11 23:30 - 2017-03-27 22:14 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-04-11 23:30 - 2017-03-27 22:13 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-04-11 23:30 - 2017-03-27 22:13 - 02095616 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-04-11 23:30 - 2017-03-27 22:13 - 01040896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalLanguage6.dll
2017-04-11 23:30 - 2017-03-27 22:13 - 00759296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-04-11 23:30 - 2017-03-27 22:13 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-04-11 23:30 - 2017-03-27 22:13 - 00611328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.dll
2017-04-11 23:30 - 2017-03-27 22:13 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
2017-04-11 23:30 - 2017-03-27 22:12 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-04-11 23:30 - 2017-03-27 22:12 - 02208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll
2017-04-11 23:30 - 2017-03-27 22:12 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2017-04-11 23:30 - 2017-03-27 22:12 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2017-04-11 23:30 - 2017-03-27 22:11 - 01275392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2017-04-11 23:30 - 2017-03-27 22:10 - 01783296 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-04-11 23:30 - 2017-03-27 22:10 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-04-11 23:30 - 2017-03-27 22:10 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2017-04-11 23:30 - 2017-03-27 22:10 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-04-11 23:30 - 2017-03-27 22:09 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-04-11 23:30 - 2017-03-27 22:09 - 01131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-04-11 23:30 - 2017-03-27 22:08 - 02895872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-04-11 23:30 - 2017-03-27 22:08 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2017-04-11 23:30 - 2017-03-27 22:07 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2017-04-11 23:30 - 2017-03-27 22:07 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2017-04-11 23:30 - 2017-03-27 22:06 - 00924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2017-04-11 23:30 - 2017-03-27 22:05 - 01633792 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-04-11 23:29 - 2017-03-27 23:36 - 01294688 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-04-11 23:29 - 2017-03-27 23:36 - 00565088 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-04-11 23:29 - 2017-03-27 23:36 - 00343904 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-04-11 23:29 - 2017-03-27 23:20 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-04-11 23:29 - 2017-03-27 23:10 - 00178528 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll
2017-04-11 23:29 - 2017-03-27 23:10 - 00146776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-04-11 23:29 - 2017-03-27 23:08 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-04-11 23:29 - 2017-03-27 23:08 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-04-11 23:29 - 2017-03-27 23:04 - 00277344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-04-11 23:29 - 2017-03-27 22:58 - 00372440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2017-04-11 23:29 - 2017-03-27 22:37 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-04-11 23:29 - 2017-03-27 22:36 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicDisplay.sys
2017-04-11 23:29 - 2017-03-27 22:31 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2017-04-11 23:29 - 2017-03-27 22:30 - 00692224 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2017-04-11 23:29 - 2017-03-27 22:30 - 00651264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll
2017-04-11 23:29 - 2017-03-27 22:30 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2017-04-11 23:29 - 2017-03-27 22:29 - 00379904 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2017-04-11 23:29 - 2017-03-27 22:29 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-04-11 23:29 - 2017-03-27 22:28 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2017-04-11 23:29 - 2017-03-27 22:26 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2017-04-11 23:29 - 2017-03-27 22:25 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2017-04-11 23:29 - 2017-03-27 22:24 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-04-11 23:29 - 2017-03-27 22:19 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2017-04-11 23:29 - 2017-03-27 22:16 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2017-04-11 23:29 - 2017-03-27 22:14 - 01692160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-04-11 23:29 - 2017-03-27 22:09 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-04-11 23:29 - 2017-03-27 22:08 - 03542016 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2017-04-11 23:29 - 2017-03-18 09:50 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-04-11 23:29 - 2017-03-18 09:35 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-04-11 23:29 - 2017-03-15 21:47 - 00038768 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompPkgSup.dll
2017-04-10 22:54 - 2017-04-10 22:54 - 00833979 _____ C:\Users\Michael.KITTEN-PC\Desktop\Soccer) _ IM _ League Home.pdf
2017-04-10 19:48 - 2017-04-14 12:10 - 00000000 ____D C:\Users\Michael.KITTEN-PC\Desktop\02.2_GIS VIS TOOL_ SHARE STUDIO
2017-04-10 19:18 - 2017-01-17 11:40 - 01888649 _____ C:\Users\Michael.KITTEN-PC\Desktop\Portland.osm
2017-04-10 19:17 - 2017-04-14 13:47 - 00016758 _____ C:\Users\Michael.KITTEN-PC\Desktop\NEW SHARE_Data Collection Master - Sheet1.csv
2017-04-07 12:15 - 2017-04-13 22:40 - 00000000 ____D C:\Users\Michael.KITTEN-PC\AppData\LocalLow\uTorrent
2017-04-05 16:13 - 2017-04-22 13:20 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2017-04-05 16:13 - 2017-04-22 13:20 - 00002286 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2017-04-05 16:13 - 2017-04-22 13:20 - 00002222 _____ C:\Users\Public\Desktop\Adobe FormsCentral.lnk
2017-04-05 16:13 - 2017-04-22 13:20 - 00002125 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2017-04-05 16:13 - 2017-04-22 13:20 - 00002108 _____ C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk
2017-04-05 15:51 - 2017-04-05 16:10 - 00000000 ____D C:\Users\Michael.KITTEN-PC\Desktop\Adobe Acrobat XI
2017-04-05 10:38 - 2017-04-05 10:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2017-03-29 19:04 - 2017-03-29 19:04 - 00833024 ____N C:\WINDOWS\system32\tprdpw32.exe
2017-03-28 12:07 - 2017-03-28 12:07 - 00000000 ____D C:\WINDOWS\Panther
2017-03-27 16:36 - 2017-03-27 16:36 - 00780084 _____ C:\Users\Michael.KITTEN-PC\Downloads\4_523f17_Cheng_syllabus.pdf
2017-03-27 10:41 - 2017-04-22 13:20 - 00001128 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2015.lnk
2017-03-27 10:41 - 2017-03-27 10:41 - 00000000 ____D C:\Users\Michael.KITTEN-PC\Documents\Adobe
2017-03-27 10:26 - 2017-04-17 14:18 - 00000034 _____ C:\Users\Michael.KITTEN-PC\AppData\Roaming\AdobeWLCMCache.dat
2017-03-27 10:23 - 2017-04-22 13:20 - 00001583 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2015.lnk
2017-03-27 10:23 - 2017-03-27 10:23 - 00000000 ____D C:\ProgramData\ALM
2017-03-27 10:22 - 2017-04-22 13:20 - 00001536 _____ C:\Users\Public\Desktop\Adobe Application Manager.lnk
2017-03-27 10:15 - 2017-04-22 13:20 - 00001116 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CC 2015.lnk
2017-03-27 10:13 - 2017-04-22 13:20 - 00001362 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CC 2015 (32-bit).lnk
2017-03-27 10:10 - 2017-04-22 13:20 - 00001382 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Update Management Tool.lnk
2017-03-27 10:03 - 2017-03-27 10:39 - 00000000 ____D C:\Program Files\Adobe
2017-03-27 09:54 - 2017-04-22 13:20 - 00001542 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2017-03-27 08:24 - 2017-03-27 08:42 - 00000000 ____D C:\Users\Michael.KITTEN-PC\Downloads\Adobe InDesign CC 2015 (v11.0) x86-x64 RUS-ENG {by M0nkrus}-=TEAM OS=-
2017-03-27 08:23 - 2017-03-27 09:24 - 00000000 ____D C:\Users\Michael.KITTEN-PC\Downloads\Adobe Illustrator CC 2015 19.0.0 (64-Bit) + Crack
2017-03-27 08:22 - 2017-03-27 09:06 - 00000000 ____D C:\Users\Michael.KITTEN-PC\Downloads\Adobe Photoshop CC 2015 (20150529.r.88) (32+64Bit) + Crack
2017-03-24 11:46 - 2017-03-24 11:57 - 00000000 ____D C:\Users\Michael.KITTEN-PC\Desktop\Project 5
2017-03-23 15:03 - 2017-03-23 20:04 - 00308673 _____ C:\Users\Michael.KITTEN-PC\Desktop\Final Structure.3dm
2017-03-23 15:03 - 2017-03-23 20:04 - 00052708 _____ C:\Users\Michael.KITTEN-PC\Desktop\waffle.gh
2017-03-23 15:03 - 2017-03-23 15:08 - 00283610 _____ C:\Users\Michael.KITTEN-PC\Desktop\Final Structure.3dmbak
2017-03-23 12:52 - 2017-03-23 12:52 - 00937989 _____ C:\Users\Michael.KITTEN-PC\Downloads\Master-File_Timber.zip
2017-03-23 12:52 - 2017-03-23 12:52 - 00000000 ____D C:\Users\Michael.KITTEN-PC\Downloads\Master-File_Timber
2017-03-23 10:05 - 2017-03-23 10:05 - 03304110 _____ C:\Users\Michael.KITTEN-PC\Downloads\Fredrickson_MarinP5 2.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-22 14:04 - 2015-09-16 21:07 - 02490342 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-04-22 14:02 - 2015-09-08 22:25 - 00000000 ____D C:\Users\Michael.KITTEN-PC\AppData\Local\ElevatedDiagnostics
2017-04-22 14:00 - 2016-09-11 11:53 - 00000000 ____D C:\Users\Michael.KITTEN-PC
2017-04-22 13:59 - 2016-09-11 12:02 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-22 13:59 - 2016-07-15 23:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-04-22 13:59 - 2015-09-01 18:15 - 00000000 __RDO C:\Users\Michael.KITTEN-PC\OneDrive
2017-04-22 13:33 - 2016-09-16 20:58 - 00000000 ____D C:\Users\Michael.KITTEN-PC\AppData\Roaming\Spotify
2017-04-22 13:33 - 2016-09-16 20:58 - 00000000 ____D C:\Users\Michael.KITTEN-PC\AppData\Local\Spotify
2017-04-22 13:32 - 2016-09-11 11:52 - 00000000 ____D C:\ProgramData\NVIDIA
2017-04-22 13:32 - 2015-08-25 12:48 - 00000594 _____ C:\WINDOWS\SMSCFG.ini
2017-04-22 13:25 - 2017-02-23 15:32 - 00000000 ____D C:\Program Files\Common Files\McAfee
2017-04-22 13:25 - 2015-08-04 20:24 - 00000000 __SHD C:\Users\Michael\IntelGraphicsProfiles
2017-04-22 13:23 - 2015-07-21 05:33 - 00000000 ____D C:\ProgramData\McAfee
2017-04-22 13:22 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-04-22 13:21 - 2016-09-16 20:58 - 00001967 _____ C:\Users\Michael.KITTEN-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2017-04-22 13:21 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-04-22 13:21 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-04-22 13:21 - 2016-02-29 22:24 - 00001805 _____ C:\Users\Michael.KITTEN-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\documents-export-2016-02-29.lnk
2017-04-22 13:21 - 2015-09-16 21:22 - 00002452 _____ C:\Users\Michael.KITTEN-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-04-22 13:21 - 2015-09-01 18:19 - 00001259 _____ C:\Users\Michael.KITTEN-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wi-FiHotspotChgToast.lnk
2017-04-22 13:20 - 2017-03-09 12:33 - 00001115 _____ C:\Users\Michael.KITTEN-PC\Desktop\WinDirStat.lnk
2017-04-22 13:20 - 2017-02-23 15:23 - 00002058 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2017-04-22 13:20 - 2017-02-21 14:19 - 00002226 _____ C:\Users\Public\Desktop\Google Earth.lnk
2017-04-22 13:20 - 2017-02-18 16:26 - 00001584 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix Receiver.lnk
2017-04-22 13:20 - 2017-02-07 13:44 - 00001985 _____ C:\Users\Michael.KITTEN-PC\Desktop\Template Files - Shortcut.lnk
2017-04-22 13:20 - 2017-02-07 13:43 - 00000952 _____ C:\Users\Michael.KITTEN-PC\Desktop\Michael Meer - Shortcut.lnk
2017-04-22 13:20 - 2017-01-22 23:04 - 00001066 _____ C:\Users\Public\Desktop\Rhinoceros 5 (64-bit).lnk
2017-04-22 13:20 - 2017-01-17 10:06 - 00002240 _____ C:\Users\Public\Desktop\Style Builder 2016.lnk
2017-04-22 13:20 - 2017-01-17 10:06 - 00002154 _____ C:\Users\Public\Desktop\LayOut 2016.lnk
2017-04-22 13:20 - 2017-01-17 10:06 - 00002065 _____ C:\Users\Public\Desktop\SketchUp 2016.lnk
2017-04-22 13:20 - 2016-10-10 18:37 - 00001823 _____ C:\Users\Michael.KITTEN-PC\Desktop\Google Drive.lnk
2017-04-22 13:20 - 2016-10-10 18:35 - 00002118 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2017-04-22 13:20 - 2016-09-11 11:59 - 00001564 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-04-22 13:20 - 2016-07-16 04:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-04-22 13:20 - 2016-02-29 00:33 - 00002523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-04-22 13:20 - 2015-09-08 21:31 - 00001112 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk
2017-04-22 13:20 - 2015-09-08 21:30 - 00001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
2017-04-22 13:20 - 2015-08-25 12:50 - 00002255 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCIT Software Center.lnk
2017-04-22 13:20 - 2015-08-04 20:45 - 00002275 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-22 13:19 - 2016-04-03 15:49 - 00000000 ____D C:\Users\Michael.KITTEN-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2017-04-22 13:12 - 2015-10-29 11:11 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-04-22 12:56 - 2016-09-11 11:53 - 00000000 ____D C:\Users\MSSQL$SQLEXPRESS
2017-04-22 12:55 - 2017-02-11 21:16 - 00000000 ____D C:\Users\Michael.KITTEN-PC\AppData\Local\CrashDumps
2017-04-22 12:54 - 2016-09-11 12:02 - 00004160 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{130964B6-BF8A-4C79-ACF8-A7FE095CC217}
2017-04-22 12:51 - 2016-10-31 20:36 - 00000000 ____D C:\WINDOWS\Minidump
2017-04-22 12:51 - 2016-09-11 11:50 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-04-22 12:43 - 2016-10-10 18:37 - 00000000 ___RD C:\Users\Michael.KITTEN-PC\Google Drive
2017-04-22 12:36 - 2016-07-16 04:45 - 00000000 ____D C:\WINDOWS\INF
2017-04-22 11:32 - 2015-07-21 05:32 - 00000000 ____D C:\ProgramData\Lenovo App Services
2017-04-22 11:17 - 2015-09-08 21:24 - 00000000 ____D C:\Users\Michael.KITTEN-PC\AppData\Local\Adobe
2017-04-22 11:12 - 2017-02-23 15:32 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-04-22 01:22 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-04-22 01:22 - 2016-07-16 04:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-04-20 23:59 - 2015-09-01 18:14 - 00000000 ____D C:\Users\Michael.KITTEN-PC\AppData\Local\Packages
2017-04-18 19:06 - 2017-01-10 21:39 - 00003282 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-04-18 10:46 - 2016-06-10 13:26 - 00000000 ____D C:\Users\Michael.KITTEN-PC\AppData\Roaming\uTorrent
2017-04-14 14:39 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\rescache
2017-04-13 21:33 - 2015-09-09 22:42 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-04-13 21:32 - 2016-09-11 11:50 - 05158840 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-04-13 21:31 - 2016-07-16 04:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-04-13 21:31 - 2016-07-16 04:47 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-04-13 21:31 - 2016-07-16 04:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-04-13 21:31 - 2016-07-16 04:47 - 00000000 ___RD C:\Program Files\Windows Defender
2017-04-13 21:31 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2017-04-13 21:31 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\setup
2017-04-13 21:31 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-04-13 21:31 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-04-13 21:31 - 2016-07-16 04:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-04-13 21:31 - 2016-07-16 04:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-04-13 21:31 - 2016-07-16 04:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-04-13 21:31 - 2016-07-15 23:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-04-13 21:29 - 2016-06-04 16:26 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-04-13 21:29 - 2016-06-04 16:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-04-13 07:54 - 2015-08-25 08:00 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-04-13 07:51 - 2015-08-25 13:37 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-04-13 07:51 - 2015-08-25 08:00 - 148601744 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-04-13 07:50 - 2016-06-04 16:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-04-13 07:41 - 2013-08-22 06:25 - 00000167 _____ C:\WINDOWS\win.ini
2017-04-11 09:20 - 2016-09-11 12:02 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-11 09:20 - 2016-09-11 12:02 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-08 23:20 - 2015-08-25 16:01 - 00532136 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-04-06 18:26 - 2015-09-08 21:38 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-04-05 16:27 - 2015-09-01 20:17 - 00161032 _____ C:\Users\Michael.KITTEN-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2017-04-05 16:12 - 2015-09-08 21:29 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-04-05 16:12 - 2015-09-08 21:24 - 00000000 ____D C:\ProgramData\Adobe
2017-04-05 10:38 - 2017-02-23 15:53 - 00000000 ____D C:\Program Files\McAfee Security Scan
2017-04-03 14:59 - 2015-09-01 11:09 - 00000000 ____D C:\ProgramData\FLEXnet
2017-03-27 23:20 - 2016-09-11 11:53 - 02717184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-03-27 13:06 - 2016-10-10 18:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2017-03-27 10:41 - 2015-09-08 22:52 - 00000000 ____D C:\Program Files\Common Files\Adobe
2017-03-27 10:41 - 2015-09-01 18:14 - 00000000 ____D C:\Users\Michael.KITTEN-PC\AppData\Roaming\Adobe
2017-03-27 10:10 - 2015-07-21 05:32 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-27 10:00 - 2015-10-07 15:26 - 00000000 ___RD C:\Users\Michael.KITTEN-PC\Dropbox
2017-03-27 09:55 - 2015-09-01 10:56 - 00000000 ____D C:\Program Files\Autodesk
2017-03-24 10:57 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\NDF
 
==================== Files in the root of some directories =======
 
2016-04-24 16:08 - 2016-04-24 16:08 - 0000132 _____ () C:\Users\Michael.KITTEN-PC\AppData\Roaming\Adobe AIFF Format CS6 Prefs
2016-05-24 11:01 - 2016-05-24 16:32 - 0000132 _____ () C:\Users\Michael.KITTEN-PC\AppData\Roaming\Adobe OpenEXR Format CS6 Prefs
2015-10-14 11:11 - 2016-12-01 22:05 - 0000132 _____ () C:\Users\Michael.KITTEN-PC\AppData\Roaming\Adobe PNG Format CS6 Prefs
2017-03-27 10:26 - 2017-04-17 14:18 - 0000034 _____ () C:\Users\Michael.KITTEN-PC\AppData\Roaming\AdobeWLCMCache.dat
2017-04-22 12:33 - 2017-04-22 12:51 - 0140288 _____ () C:\Users\Michael.KITTEN-PC\AppData\Roaming\Installer.dat
2017-04-22 12:49 - 2017-04-22 12:51 - 0014336 _____ () C:\Users\Michael.KITTEN-PC\AppData\Local\emling.dll
2016-01-25 04:18 - 2016-01-25 04:18 - 0984687 _____ () C:\Users\Michael.KITTEN-PC\AppData\Local\RAR-File-Opener_758.rar
2017-04-22 12:49 - 2017-04-22 12:51 - 0002048 _____ () C:\Users\Michael.KITTEN-PC\AppData\Local\uninstallro.exe
2016-09-11 11:51 - 2016-09-11 11:51 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-09-01 15:23 - 2015-09-01 15:23 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
 
Some files in TEMP:
====================
2015-09-01 09:58 - 2013-11-25 08:43 - 0060296 _____ (Autodesk, Inc.) C:\Users\Michael\AppData\Local\Temp\AcDeltree.exe
2015-07-23 06:53 - 2015-07-23 06:53 - 0120336 _____ (McAfee, Inc.) C:\Users\Michael\AppData\Local\Temp\McCSPInstall.dll
2015-08-25 15:48 - 2015-07-23 06:53 - 0162120 _____ (McAfee Inc.) C:\Users\Michael\AppData\Local\Temp\mccspuninstall.exe
2017-03-23 12:57 - 2017-03-23 12:57 - 0006144 _____ () C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\0075c4c7-2dc1-43ba-bec7-35640ee2afd5.dll
2017-03-19 14:15 - 2017-03-19 14:15 - 0006144 _____ () C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\051a7284-e896-4a99-b7a5-54db759caafc.dll
2017-03-23 12:57 - 2017-03-23 12:57 - 0008192 _____ () C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\0a3289ec-5a7b-4c6c-a2c3-7e8f6a7c51f1.dll
2017-03-19 14:15 - 2017-03-19 14:15 - 0008192 _____ () C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\119c188b-5220-4db1-8f1d-5752517c6a6d.dll
2017-03-19 14:15 - 2017-03-19 14:15 - 0006144 _____ () C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\1321c5ea-3458-4efc-8b97-482f972dfb81.dll
2017-03-23 12:57 - 2017-03-23 12:57 - 0006144 _____ () C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\17d9ec05-a78b-4ecd-badf-405b8ccebae3.dll
2017-04-21 12:23 - 2017-04-21 12:23 - 0007680 _____ () C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\20a73262-cc00-43d6-9a20-bd42f1373a32.dll
2017-03-19 14:15 - 2017-03-19 14:15 - 0006656 _____ () C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\22d01aa3-320a-4e05-a810-0716bbff2164.dll
2017-04-10 19:49 - 2017-04-10 19:49 - 0007680 _____ () C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\24d7324a-2451-4b08-ae6d-e239c41f4916.dll
2017-03-23 12:57 - 2017-03-23 12:57 - 0009728 _____ () C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\26448892-2c1e-4f13-b4ab-321b2c4df1e5.dll
2017-03-19 14:15 - 2017-03-19 14:15 - 0006656 _____ () C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\2ab6664d-8415-4b1a-9cda-1e483dac2080.dll
2017-03-23 12:57 - 2017-03-23 12:57 - 0006144 _____ () C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\30a54f93-9321-4c09-bcbf-19725f2f382f.dll
2017-04-14 12:36 - 2017-04-14 12:36 - 0007680 _____ () C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\326c9b96-5d6e-48e1-81d3-6056d2d3dc84.dll
2017-03-23 12:57 - 2017-03-23 12:57 - 0005632 _____ () C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\3402c116-20ba-4010-940f-4b022a80e002.dll
2017-03-23 12:57 - 2017-03-23 12:57 - 0019456 _____ () C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\4559b9e4-db14-43bc-a425-00c984a47c09.dll
2017-03-23 12:56 - 2017-03-23 12:56 - 0019968 _____ () C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\49332298-651a-406d-a3fa-4618485e699b.dll
2017-03-23 12:57 - 2017-03-23 12:57 - 0006144 _____ () C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\4c15c752-e0fe-4fc1-835b-9184fd2f894d.dll
2017-03-23 12:56 - 2017-03-23 12:56 - 0005632 _____ () C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\4e647bcf-1b0f-4227-9935-2b29270cd845.dll
2017-03-23 12:57 - 2017-03-23 12:57 - 0006144 _____ () C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\61ce5454-3083-4768-8899-46f52562fbf1.dll
2017-03-23 12:56 - 2017-03-23 12:56 - 0012288 _____ () C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\70ea5ab9-4839-47b9-85a1-fe2bed89ad5d.dll
2017-03-23 12:56 - 2017-03-23 12:56 - 0016384 _____ () C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\71852f12-7750-410f-a228-0dd32fc7ea29.dll
2017-01-28 18:25 - 2017-01-28 18:25 - 0007168 _____ () C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\71e120cd-a9a0-42a9-bfa0-f88b72e647d9.dll
2017-03-23 12:56 - 2017-03-23 12:56 - 0029696 _____ () C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\72d12b3c-8eb2-454f-bd82-8a7d9d9b162b.dll
2017-03-19 14:15 - 2017-03-19 14:15 - 0007680 _____ () C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\73511e95-0e36-4cd3-9925-99e6bdf880d9.dll
2017-03-19 14:15 - 2017-03-19 14:15 - 0006144 _____ () C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\7bed200b-33e0-44b5-addd-63d83d12e371.dll
2017-03-23 12:56 - 2017-03-23 12:56 - 0017408 _____ () C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\806efdd0-9d96-4d8c-a47e-4569a75a799b.dll
2017-03-23 12:56 - 2017-03-23 12:56 - 0022528 _____ () C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\8c0325db-0ee3-40a7-8cb6-e0c9e83a90a0.dll
2017-03-23 12:57 - 2017-03-23 12:57 - 0008192 _____ () C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\92537fdf-70d5-4d9f-aff3-d72ebe76c581.dll
2017-03-19 14:15 - 2017-03-19 14:15 - 0006144 _____ () C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\9d0fe5a0-68f3-4fc2-af55-9b55d10a4bcb.dll
2016-11-15 00:36 - 2013-11-25 06:30 - 0015752 _____ (Autodesk, Inc.) C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\AcDeltree.exe
2017-03-19 14:15 - 2017-03-19 14:15 - 0006144 _____ () C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\ae83a15e-92ed-4768-afe8-52b673c128ba.dll
2017-03-19 14:15 - 2017-03-19 14:15 - 0006144 _____ () C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\ba0d021e-eca2-410b-b3f5-2568168663df.dll
2017-04-22 12:49 - 2017-04-22 12:49 - 51185040 _____ (UCWeb Inc.) C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\Browser_V6.0.1471.913_f_4730_(Build1702151518).exe
2017-03-23 12:56 - 2017-03-23 12:56 - 0019968 _____ () C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\c167afd4-3239-43f0-a431-521d47e8773d.dll
2017-04-22 12:32 - 2017-04-22 12:32 - 1242624 _____ () C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\CodecFixDivx.exe
2017-03-23 12:56 - 2017-03-23 12:56 - 0012800 _____ () C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\d7b70768-ffb1-47a9-9a3f-25580318fee5.dll
2017-04-22 12:48 - 2017-04-22 12:48 - 0763904 _____ () C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\DMDD__11426_il6.exe
2017-03-23 12:56 - 2017-03-23 12:56 - 0011776 _____ () C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\e3e749df-0b43-4e98-b4f6-35ba94930398.dll
2017-03-23 12:57 - 2017-03-23 12:57 - 0005632 _____ () C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\ef051cc0-de3e-4579-a455-6b209f81ffdc.dll
2017-03-23 12:57 - 2017-03-23 12:57 - 0019968 _____ () C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\f7373149-5cd3-4db2-b349-ad06958164de.dll
2017-04-22 12:50 - 2017-04-22 12:50 - 1958888 _____ (深圳市史宾赛科技有限公司) C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\FlowSpritSetup_slnt_5016.exe
2016-11-23 11:40 - 2016-11-23 11:40 - 1950000 _____ (Flexera Software LLC) C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
2017-04-22 12:32 - 2017-04-22 12:32 - 0028672 _____ (Western Visayas College of Science and TechnologyT) C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\fox.exe
2017-01-29 19:10 - 2017-01-29 19:10 - 0548352 _____ () C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\is-1VNG1.tmpsetup.exe
2017-04-22 12:32 - 2017-04-22 12:32 - 4321587 _____ () C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\start.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-04-14 13:52
 
==================== End of FRST.txt ============================

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:09 AM

Posted 22 April 2017 - 09:05 PM

Hi meer118 :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules;
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Please give me a few hours to review your logs and get back at you.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:09 AM

Posted 22 April 2017 - 11:00 PM

Follow the instructions in the guide below. Please download and use the MBAR linked in it as well.

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

It may take several attempts to get MBAR up and running. Once you do, make sure that you update the database before launching the scan. Once you're done scanning with MBAR, and it removed the threats, go into the MBAR folder, and copy/paste the content of the mbar-log-TODAY'S-DATE.txt log here.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#4 meer118

meer118
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:09 AM

Posted 23 April 2017 - 03:04 PM

Hello Yoan,

 

Thank you for getting back to me so quickly!  Before I reached out to Bleeping Computer, I put my computer into safe mode.  I thus cannot connect to the internet, and am not quite sure how to exit safe mode, but I also feel it may be best to keep it in safe mode?  

 

To access any internet, I am using my old laptop, for downloading and communicating with you.  If you feel I should exit safe mode, or go into safe mode with networking, let me know!  If so, I could use some direction as well.  

 

I will work on downloading MBAR and following the instructions now.  I assume it is fine to try and install it/run it in safe mode?

 

Thanks again for your help!

 

-Michael



#5 meer118

meer118
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:09 AM

Posted 23 April 2017 - 03:24 PM

Hi Yoan,

 

I tried downloading the MBAR application and then placed it on my desktop.  I extracted and then tried to run it, but it still came up with the same message that the program is already in use.



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:09 AM

Posted 23 April 2017 - 04:04 PM

If you try to launch the mbar.cmd file that is inside the MBAR folder, do you get the same error message? And to exit Safe Mode, simply follow the instructions below:

http://www.windowscentral.com/how-boot-safe-mode-windows-10

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 meer118

meer118
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:09 AM

Posted 23 April 2017 - 04:51 PM

Looks like the .cmd file worked.  I am now out of safe mode and running the scan!

 

Thanks.  I will update you once scan is complete.



#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:09 AM

Posted 23 April 2017 - 04:52 PM

Awesome :) Copy/paste the content of the log as instructed once you're done.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 meer118

meer118
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:09 AM

Posted 23 April 2017 - 05:05 PM

Yoan,

 

I have finished the scan and clean up.  The directions end saying that I should run a Malwarebytes scan.  Should I now do that?



#10 meer118

meer118
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:09 AM

Posted 23 April 2017 - 05:08 PM

Here is that info copy/pasted:

 

Malwarebytes Anti-Rootkit BETA 1.9.4.1001
www.malwarebytes.org
 
Database version:
  main:    v2017.04.23.05
  rootkit: v2017.04.02.01
 
Windows 10 x64 NTFS
Internet Explorer 11.1066.14393.0
Michael :: KITTEN-PC [administrator]
 
4/23/2017 2:49:49 PM
mbar-log-2017-04-23 (14-49-49).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 483940
Time elapsed: 10 minute(s), 1 second(s)
 
Memory Processes Detected: 2
c:\windows\system32\tprdpw32.exe (Rootkit.Agent.PUA) -> 6788 -> Delete on reboot. [ef925b99c9df91a5161e6d3b936eca36]
C:\Windows\src_srv\winsrcsrv.exe (Adware.DotDo.PrxySvrRST) -> 3028 -> Delete on reboot. [2061be3698102e08277694aceb15d32d]
 
Memory Modules Detected: 1
C:\Users\Michael.KITTEN-PC\AppData\Local\emling.dll (Trojan.ProxyAgent) -> Delete on reboot. [2d541adac8e072c4c194c971857c20e0]
 
Registry Keys Detected: 19
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Dataup (Adware.Yelloader) -> Delete on reboot. [225f03f181274de99b5b1df3c140ad53]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\windowsmanagementservice (Adware.Yelloader) -> Delete on reboot. [0c75856f297f989e568c288ee021a35d]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\srcsrv (Adware.DotDo.PrxySvrRST) -> Delete on reboot. [2061be3698102e08277694aceb15d32d]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\drmkpro64 (Rootkit.Agent.PUA) -> Delete on reboot. [275ad4206c3c49ed42e4a79ce12049b7]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Dataup (Trojan.Clicker) -> Delete on reboot. [2859bd371791bf77016fb85c887928d8]
HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [c5bc90645d4b4de969cc7839679ae020]
HKLM\SOFTWARE\CLASSES\TYPELIB\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [c5bc90645d4b4de969cc7839679ae020]
HKLM\SOFTWARE\CLASSES\INTERFACE\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [c5bc90645d4b4de969cc7839679ae020]
HKLM\SOFTWARE\CLASSES\INTERFACE\{E7BC34A2-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [c5bc90645d4b4de969cc7839679ae020]
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [c5bc90645d4b4de969cc7839679ae020]
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E7BC34A2-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [c5bc90645d4b4de969cc7839679ae020]
HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [c5bc90645d4b4de969cc7839679ae020]
HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E7BC34A2-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [c5bc90645d4b4de969cc7839679ae020]
HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [c5bc90645d4b4de969cc7839679ae020]
HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [c5bc90645d4b4de969cc7839679ae020]
HKLM\SOFTWARE\CLASSES\NTService.Control.1 (Trojan.Clicker) -> Delete on reboot. [c5bc90645d4b4de969cc7839679ae020]
HKLM\SOFTWARE\WOW6432NODE\CLASSES\NTService.Control.1 (Trojan.Clicker) -> Delete on reboot. [c5bc90645d4b4de969cc7839679ae020]
HKLM\SOFTWARE\CLASSES\WOW6432NODE\NTService.Control.1 (Trojan.Clicker) -> Delete on reboot. [c5bc90645d4b4de969cc7839679ae020]
HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [c5bc90645d4b4de969cc7839679ae020]
 
Registry Values Detected: 4
HKU\S-1-5-21-1185186811-2557484583-1050751958-1006\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|emling (Trojan.ProxyAgent) -> Data: rundll32.exe "C:\Users\Michael.KITTEN-PC\AppData\Local\emling.dll",emling -> Delete on reboot. [2d541adac8e072c4c194c971857c20e0]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DATAUP|ImagePath (Trojan.Clicker) -> Data: C:\PROGRA~2\NTUSER~1\dataup\dataup.exe -> Delete on reboot. [e998cd271791d066cb55c3527988ad53]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SRCSRV|ImagePath (Adware.DotDo.PrxySvrRST) -> Data: C:\WINDOWS\src_srv\winsrcsrv.exe -> Delete on reboot. [aad701f3aff9b4821b84a0f136ca9c64]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDOWSMANAGEMENTSERVICE|ImagePath (Trojan.Clicker) -> Data: "C:\Users\Michael.KITTEN-PC\AppData\Local\meslk\ct.exe" /svc -> Delete on reboot. [90f183717335d561e39cf3bdc140c33d]
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 10
C:\Windows\src_srv (Adware.DotDo.PrxySvrRST) -> Delete on reboot. [2061be3698102e08277694aceb15d32d]
C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\65ET38DO4N (Adware.Tuto4PC.Generic) -> Delete on reboot. [c5bcad47d6d237ff2d645c6f23ddb24e]
C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\769AZ4HASM (Adware.Tuto4PC.Generic) -> Delete on reboot. [7d04a54f258380b6dbb66b60be42a25e]
C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\7NVCONWANL (Adware.Tuto4PC.Generic) -> Delete on reboot. [6e138a6ab7f11c1aa9e806c512eea759]
C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\KNYUJP86JC (Adware.Tuto4PC.Generic) -> Delete on reboot. [cbb68c686b3d69cd3e534a81b54be917]
C:\Program Files (x86)\ntuserlitelist (Trojan.Clicker) -> Delete on reboot. [c5bc90645d4b4de969cc7839679ae020]
C:\Program Files (x86)\ntuserlitelist\dataup (Trojan.Clicker) -> Delete on reboot. [c5bc90645d4b4de969cc7839679ae020]
C:\Program Files (x86)\ntuserlitelist\svcvmx (Trojan.Clicker) -> Delete on reboot. [c5bc90645d4b4de969cc7839679ae020]
C:\Program Files (x86)\ntuserlitelist\svcvmx\locales (Trojan.Clicker) -> Delete on reboot. [c5bc90645d4b4de969cc7839679ae020]
C:\Program Files (x86)\ntuserlitelist\winscr (Trojan.Clicker) -> Delete on reboot. [c5bc90645d4b4de969cc7839679ae020]
 
Files Detected: 58
C:\WINDOWS\SYSTEM32\drivers\ndistpr64.sys (Rootkit.Agent.PUA) -> Delete on reboot. [06010fff408a9d867ca7b51afc3d0c5e]
C:\Program Files (x86)\ntuserlitelist\dataup\dataup.exe (Adware.Yelloader) -> Delete on reboot. [225f03f181274de99b5b1df3c140ad53]
c:\windows\system32\tprdpw32.exe (Rootkit.Agent.PUA) -> Delete on reboot. [ef925b99c9df91a5161e6d3b936eca36]
C:\Users\Michael.KITTEN-PC\AppData\Local\emling.dll (Trojan.ProxyAgent) -> Delete on reboot. [2d541adac8e072c4c194c971857c20e0]
C:\Users\Michael.KITTEN-PC\AppData\Local\meslk\ct.exe (Adware.Yelloader) -> Delete on reboot. [0c75856f297f989e568c288ee021a35d]
C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\awh4269.tmp (Trojan.FakeAlert) -> Delete on reboot. [324f47adc0e8fb3bec89870f0100d22e]
C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\00027682\hp.exe (Adware.Yeabests) -> Delete on reboot. [e1a039bb1f892412f5401789629f857b]
C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\1492889639\s5-20170325.exe (Trojan.Clicker) -> Delete on reboot. [354cde16aff9e1553453ddd930d16e92]
C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\1492889640\s5m_install_325.exe (Trojan.Clicker) -> Delete on reboot. [e49d1adabaeecd692b234d69bd44e917]
C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\dxPyBYHFp\linker.exe (Trojan.Agent) -> Delete on reboot. [a8d93eb67335ff37b8353d37d42d827e]
C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\QrORaqm3L\linker.exe (Trojan.Agent) -> Delete on reboot. [c8b9827227815cda9855561e8f727888]
C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\ldRaBLfj4\linker.exe (Trojan.Agent) -> Delete on reboot. [107143b1bdeb9a9cf2fb1f55d22f0cf4]
C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\27695\setup.exe (Adware.Eszjuxuan) -> Delete on reboot. [691849ab53552115600e96c42ad7d62a]
C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\m4BQXEDn8\linker.exe (Trojan.Agent) -> Delete on reboot. [cab7e70d7236cb6b68857cf8e31ec43c]
C:\Users\Michael.KITTEN-PC\AppData\Local\vfgcqhkiy\qdcomsvc.exe (Adware.Yelloader) -> Delete on reboot. [bec3df159c0c7abc875ce4d2c041f30d]
C:\Windows\System32\NetUtils2016.dll (Adware.NetUtils) -> Delete on reboot. [2e53777d48600b2bd3500c1cfc04e61a]
C:\Windows\src_srv\Trusted.Web.Proxy.dll (Adware.DotDo.PrxySvrRST) -> Delete on reboot. [2061be3698102e08277694aceb15d32d]
C:\Windows\src_srv\accept_cert.exe (Adware.DotDo.PrxySvrRST) -> Delete on reboot. [2061be3698102e08277694aceb15d32d]
C:\Windows\src_srv\Ionic.Zip.dll (Adware.DotDo.PrxySvrRST) -> Delete on reboot. [2061be3698102e08277694aceb15d32d]
C:\Windows\src_srv\rootCert.pfx (Adware.DotDo.PrxySvrRST) -> Delete on reboot. [2061be3698102e08277694aceb15d32d]
C:\Windows\src_srv\winsrcsrv.exe (Adware.DotDo.PrxySvrRST) -> Delete on reboot. [2061be3698102e08277694aceb15d32d]
C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\65ET38DO4N\GoodWay.exe.config.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [c5bcad47d6d237ff2d645c6f23ddb24e]
C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\65ET38DO4N\GoodWay.exe (Adware.Tuto4PC.Generic) -> Delete on reboot. [c5bcad47d6d237ff2d645c6f23ddb24e]
C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\769AZ4HASM\GoodWay.exe.config.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [7d04a54f258380b6dbb66b60be42a25e]
C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\769AZ4HASM\GoodWay.exe (Adware.Tuto4PC.Generic) -> Delete on reboot. [7d04a54f258380b6dbb66b60be42a25e]
C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\769AZ4HASM\HaveFun.exe (Adware.Tuto4PC.Generic) -> Delete on reboot. [7d04a54f258380b6dbb66b60be42a25e]
C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\769AZ4HASM\HaveFun.exe.config.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [7d04a54f258380b6dbb66b60be42a25e]
C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\7NVCONWANL\GoodWay.exe.config.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [6e138a6ab7f11c1aa9e806c512eea759]
C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\7NVCONWANL\GoodWay.exe (Adware.Tuto4PC.Generic) -> Delete on reboot. [6e138a6ab7f11c1aa9e806c512eea759]
C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\KNYUJP86JC\GoodWay.exe.config.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [cbb68c686b3d69cd3e534a81b54be917]
C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\KNYUJP86JC\GoodWay.exe (Adware.Tuto4PC.Generic) -> Delete on reboot. [cbb68c686b3d69cd3e534a81b54be917]
C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\KNYUJP86JC\HaveFun.exe (Adware.Tuto4PC.Generic) -> Delete on reboot. [cbb68c686b3d69cd3e534a81b54be917]
C:\Users\Michael.KITTEN-PC\AppData\Local\Temp\KNYUJP86JC\HaveFun.exe.config.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [cbb68c686b3d69cd3e534a81b54be917]
C:\Program Files (x86)\ntuserlitelist\dataup\dataup.ini (Trojan.Clicker) -> Delete on reboot. [c5bc90645d4b4de969cc7839679ae020]
C:\Program Files (x86)\ntuserlitelist\dataup\help_dll.dll (Trojan.Clicker) -> Delete on reboot. [c5bc90645d4b4de969cc7839679ae020]
C:\Program Files (x86)\ntuserlitelist\dataup\NTSVC.ocx (Trojan.Clicker) -> Delete on reboot. [c5bc90645d4b4de969cc7839679ae020]
C:\Program Files (x86)\ntuserlitelist\svcvmx\cef.pak (Trojan.Clicker) -> Delete on reboot. [c5bc90645d4b4de969cc7839679ae020]
C:\Program Files (x86)\ntuserlitelist\svcvmx\cef_100_percent.pak (Trojan.Clicker) -> Delete on reboot. [c5bc90645d4b4de969cc7839679ae020]
C:\Program Files (x86)\ntuserlitelist\svcvmx\cef_200_percent.pak (Trojan.Clicker) -> Delete on reboot. [c5bc90645d4b4de969cc7839679ae020]
C:\Program Files (x86)\ntuserlitelist\svcvmx\cef_extensions.pak (Trojan.Clicker) -> Delete on reboot. [c5bc90645d4b4de969cc7839679ae020]
C:\Program Files (x86)\ntuserlitelist\svcvmx\d3dcompiler_47.dll (Trojan.Clicker) -> Delete on reboot. [c5bc90645d4b4de969cc7839679ae020]
C:\Program Files (x86)\ntuserlitelist\svcvmx\dbghelp.dll (Trojan.Clicker) -> Delete on reboot. [c5bc90645d4b4de969cc7839679ae020]
C:\Program Files (x86)\ntuserlitelist\svcvmx\debug.log (Trojan.Clicker) -> Delete on reboot. [c5bc90645d4b4de969cc7839679ae020]
C:\Program Files (x86)\ntuserlitelist\svcvmx\icudtl.dat (Trojan.Clicker) -> Delete on reboot. [c5bc90645d4b4de969cc7839679ae020]
C:\Program Files (x86)\ntuserlitelist\svcvmx\libcef.dll (Trojan.Clicker) -> Delete on reboot. [c5bc90645d4b4de969cc7839679ae020]
C:\Program Files (x86)\ntuserlitelist\svcvmx\libEGL.dll (Trojan.Clicker) -> Delete on reboot. [c5bc90645d4b4de969cc7839679ae020]
C:\Program Files (x86)\ntuserlitelist\svcvmx\libGLESv2.dll (Trojan.Clicker) -> Delete on reboot. [c5bc90645d4b4de969cc7839679ae020]
C:\Program Files (x86)\ntuserlitelist\svcvmx\natives_blob.bin (Trojan.Clicker) -> Delete on reboot. [c5bc90645d4b4de969cc7839679ae020]
C:\Program Files (x86)\ntuserlitelist\svcvmx\pepflashplayer.dll (Trojan.Clicker) -> Delete on reboot. [c5bc90645d4b4de969cc7839679ae020]
C:\Program Files (x86)\ntuserlitelist\svcvmx\snapshot_blob.bin (Trojan.Clicker) -> Delete on reboot. [c5bc90645d4b4de969cc7839679ae020]
C:\Program Files (x86)\ntuserlitelist\svcvmx\svcvmx.exe (Trojan.Clicker) -> Delete on reboot. [c5bc90645d4b4de969cc7839679ae020]
C:\Program Files (x86)\ntuserlitelist\svcvmx\svcvmx.log (Trojan.Clicker) -> Delete on reboot. [c5bc90645d4b4de969cc7839679ae020]
C:\Program Files (x86)\ntuserlitelist\svcvmx\vmxclient.exe (Trojan.Clicker) -> Delete on reboot. [c5bc90645d4b4de969cc7839679ae020]
C:\Program Files (x86)\ntuserlitelist\svcvmx\widevinecdm.dll (Trojan.Clicker) -> Delete on reboot. [c5bc90645d4b4de969cc7839679ae020]
C:\Program Files (x86)\ntuserlitelist\svcvmx\widevinecdmadapter.dll (Trojan.Clicker) -> Delete on reboot. [c5bc90645d4b4de969cc7839679ae020]
C:\Program Files (x86)\ntuserlitelist\svcvmx\locales\en-US.pak (Trojan.Clicker) -> Delete on reboot. [c5bc90645d4b4de969cc7839679ae020]
C:\Program Files (x86)\ntuserlitelist\svcvmx\locales\zh-CN.pak (Trojan.Clicker) -> Delete on reboot. [c5bc90645d4b4de969cc7839679ae020]
C:\Program Files (x86)\ntuserlitelist\winscr\winscr.exe (Trojan.Clicker) -> Delete on reboot. [c5bc90645d4b4de969cc7839679ae020]
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)


#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:09 AM

Posted 23 April 2017 - 05:31 PM

Now we'll do exactly what MBAR instructed: download and run a scan with Malwarebytes.

j1Bynr2.pngMalwarebytes - Clean Mode
  • Download and install the free version of Malwarebytes
    Note: It's your choice if you want to enable the free trial of Malwarebytes Premium or not. Enabling it will give you real-time protection from the program, as well as access to all the Premium features.
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point;
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so;
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan;
  • Let the scan run, the time required to complete the scan depends of your system and computer specs;
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button;
    • If it asks you to restart your computer to complete the removal, do so;
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply;

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#12 meer118

meer118
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:09 AM

Posted 23 April 2017 - 05:55 PM

Okay great.  Although I am not in safemode anymore, for some reason I cannot connect to the internet.  When I run a network diagnostics, it says "the remote device or resource won't accept the connection."  Do you have any idea why this may be happening?

 

I have downloaded Malwarebytes on my old computer, installed it and ran it.  It never asked for an update, I assume because of my lack of internet connection.  



#13 meer118

meer118
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:09 AM

Posted 23 April 2017 - 06:17 PM

here is the report summary from my scan:

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 4/23/17
Scan Time: 3:55 PM
Logfile: Malwarebytes Scan Report.txt
Administrator: Yes
 
-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.75
Update Package Version: 1.0.1793
License: Trial
 
-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: KITTEN-PC\Michael
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 612185
Time Elapsed: 1 min, 55 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 11
PUP.Optional.UCBrowser, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ucdrv, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.ProxyGate.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Quarantined, [9159], [-1],0.0.0
PUP.Optional.Spoutly, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{730E03E4-350E-48E5-9D3E-4329903D454D}, Quarantined, [8132], [386530],1.0.1793
PUP.Optional.SpeeDownloader, HKU\S-1-5-21-1185186811-2557484583-1050751958-1006\SOFTWARE\SpeeDownloader, Quarantined, [8903], [387288],1.0.1793
PUP.Optional.YeaDesktop, HKU\S-1-5-21-1185186811-2557484583-1050751958-1006\SOFTWARE\YeaDesktop, Quarantined, [1477], [391400],1.0.1793
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0CD97789-FAB4-413D-9A49-227EA4CF3D11}, Quarantined, [536], [391427],1.0.1793
PUP.Optional.PCSpeedupPro, HKLM\SOFTWARE\pcsp-pr, Quarantined, [1039], [332925],1.0.1793
PUP.Optional.SpeeDownloader, HKLM\SOFTWARE\Speedownloader0099, Quarantined, [8903], [384272],1.0.1793
PUP.Optional.BetterAds, HKLM\SOFTWARE\WOW6432NODE\betterads, Quarantined, [477], [383836],1.0.1793
PUP.Optional.ChromeHelper, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\GoogleChromeUpService, Quarantined, [8780], [383226],1.0.1793
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Updater_Online_Application, Quarantined, [536], [391428],1.0.1793
 
Registry Value: 14
PUP.Optional.ProxyGate.PrxySvrRST, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Removal Failed, [9159], [-1],0.0.0
PUP.Optional.ProxyGate.PrxySvrRST, HKU\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [9159], [-1],0.0.0
PUP.Optional.ProxyGate.PrxySvrRST, HKU\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [9159], [-1],0.0.0
PUP.Optional.ProxyGate.PrxySvrRST, HKU\S-1-5-21-1185186811-2557484583-1050751958-1006\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [9159], [-1],0.0.0
PUP.Optional.ProxyGate.PrxySvrRST, HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [9159], [-1],0.0.0
PUP.Optional.ProxyGate.PrxySvrRST, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYSERVER, Removal Failed, [9159], [-1],0.0.0
PUP.Optional.ProxyGate.PrxySvrRST, HKU\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYSERVER, Quarantined, [9159], [-1],0.0.0
PUP.Optional.ProxyGate.PrxySvrRST, HKU\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYSERVER, Quarantined, [9159], [-1],0.0.0
PUP.Optional.ProxyGate.PrxySvrRST, HKU\S-1-5-21-1185186811-2557484583-1050751958-1006\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYSERVER, Quarantined, [9159], [-1],0.0.0
PUP.Optional.ProxyGate.PrxySvrRST, HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYSERVER, Quarantined, [9159], [-1],0.0.0
PUP.Optional.ProxyGate.PrxySvrRST, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Removal Failed, [9159], [-1],0.0.0
PUP.Optional.ProxyGate.PrxySvrRST, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYSERVER, Removal Failed, [9159], [-1],0.0.0
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0CD97789-FAB4-413D-9A49-227EA4CF3D11}|PATH, Quarantined, [536], [391427],1.0.1793
PUP.Optional.YeaDesktop, HKU\S-1-5-21-1185186811-2557484583-1050751958-1006\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|YEADESKTOP, Quarantined, [1477], [391397],1.0.1793
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 107
PUP.Optional.OnlineIO, C:\Users\Michael.KITTEN-PC\AppData\Roaming\Microleaves\Online Application 2.6.0\install\CFCBAA1, Quarantined, [536], [391385],1.0.1793
PUP.Optional.OnlineIO, C:\Users\Michael.KITTEN-PC\AppData\Roaming\Microleaves\Online Application 2.6.0\install, Quarantined, [536], [391385],1.0.1793
PUP.Optional.OnlineIO, C:\USERS\MICHAEL.KITTEN-PC\APPDATA\ROAMING\Microleaves\Online Application 2.6.0, Quarantined, [536], [391385],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\images\recommend_section, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\images\weather_icon, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\images\search_logo, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\images\wallpaper, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\_locales\en, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\images\icon, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\images\news, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\_locales, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\new_tab, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\images, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\data, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\font, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\zh-CN, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\pt-BR, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\en-IN, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\id-ID, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Configs\es-419, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\VisualElements, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Configs\en-in, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\Share\icons\new_tab_search, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Configs\pt-br, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Configs\zh-cn, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\PepperFlash, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Configs\id, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Configs\ru, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Languages, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\Share\icons\login_view, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\Share\icons\bookmarks, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\Share\icons\extension, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\Share\icons\marketing, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\Share\icons\searchbar, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Drivers, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Configs, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Locales, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Backup, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Update, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\Share\icons\desktop, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\Share\icons, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\Share, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Bin, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\USERS\MICHAEL.KITTEN-PC\APPDATA\ROAMING\UCChannel, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.SpeeDownloader, C:\PROGRAM FILES (X86)\SpeeDownloader, Quarantined, [8903], [384265],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\Extensions\en-IN, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\Extensions\id-ID, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\Extensions\pt-BR, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\Extensions\zh-CN, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\Configs\es-419, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\VisualElements, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\Configs\en-in, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\Configs\pt-br, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\Configs\zh-cn, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\icons\new_tab_search, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\PepperFlash, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\Configs\id, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\Configs\ru, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\Extensions, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\Installer, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\icons\login_view, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\Languages, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\icons\bookmarks, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\icons\extension, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\icons\marketing, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\icons\searchbar, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\Configs, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\Drivers, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\Locales, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\Backup, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\Update, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\icons\desktop, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\Dumps, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\ConfigTemp, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\icons, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Temp\source17576_20259, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Security, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Temp, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\PROGRAM FILES (X86)\UCBrowser, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.YeaDesktop, C:\Program Files (x86)\YeaDesktop\common, Quarantined, [1477], [391396],1.0.1793
PUP.Optional.YeaDesktop, C:\PROGRAM FILES (X86)\YeaDesktop, Quarantined, [1477], [391396],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Local\UCBrowser\User Data\ShaderCache\GPUCache, Quarantined, [8506], [380109],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Local\UCBrowser\User Data\ShaderCache, Quarantined, [8506], [380109],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Local\UCBrowser\User Data\Default, Quarantined, [8506], [380109],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Local\UCBrowser\User Data, Quarantined, [8506], [380109],1.0.1793
PUP.Optional.UCBrowser, C:\USERS\MICHAEL.KITTEN-PC\APPDATA\LOCAL\UCBrowser, Quarantined, [8506], [380109],1.0.1793
PUP.Optional.OnlineIO, C:\WINDOWS\INSTALLER\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Quarantined, [536], [391425],1.0.1793
PUP.Optional.YeaDesktop, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\YEADESKTOP, Quarantined, [1477], [391395],1.0.1793
PUP.Optional.ProxyGate.PrxySvrRST, C:\Program Files (x86)\ProxyGate\ocx, Quarantined, [9159], [390933],1.0.1793
PUP.Optional.ProxyGate.PrxySvrRST, C:\PROGRAM FILES (X86)\PROXYGATE, Quarantined, [9159], [390933],1.0.1793
PUP.Optional.S5Mark, C:\PROGRAM FILES (X86)\S5, Quarantined, [992], [383706],1.0.1793
PUP.Optional.AdvancedPCCare, C:\Users\Michael.KITTEN-PC\AppData\Roaming\FileOpenerWindows for KITTEN-PC\x64, Quarantined, [73], [379054],1.0.1793
PUP.Optional.AdvancedPCCare, C:\Users\Michael.KITTEN-PC\AppData\Roaming\FileOpenerWindows for KITTEN-PC\x86, Quarantined, [73], [379054],1.0.1793
PUP.Optional.AdvancedPCCare, C:\USERS\MICHAEL.KITTEN-PC\APPDATA\ROAMING\FILEOPENERWINDOWS FOR KITTEN-PC, Quarantined, [73], [379054],1.0.1793
PUP.Optional.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0, Quarantined, [536], [391426],1.0.1793
PUP.Optional.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application, Quarantined, [536], [391426],1.0.1793
PUP.Optional.OnlineIO, C:\PROGRAM FILES (X86)\MICROLEAVES, Quarantined, [536], [391426],1.0.1793
 
File: 394
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Bin\ChannelU.dll, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Configs\en-in\config.dat, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Configs\en-in\share.dat, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Configs\en-in\start.dat, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Configs\es-419\config.dat, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Configs\es-419\share.dat, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Configs\es-419\start.dat, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Configs\id\config.dat, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Configs\id\share.dat, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Configs\id\start.dat, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Configs\pt-br\config.dat, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Configs\pt-br\share.dat, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Configs\pt-br\start.dat, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Configs\ru\config.dat, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Configs\ru\share.dat, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Configs\ru\start.dat, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Configs\zh-cn\config.dat, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Configs\zh-cn\share.dat, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Configs\zh-cn\start.dat, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Configs\config.dat, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Configs\share.dat, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Configs\start.dat, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Backup\UCBrowser.exe, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Drivers\ucdrv-x64.sys, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Drivers\ucdrv-x86.sys, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Drivers\ucdrv-xp.sys, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Drivers\uclauncher-x64.exe, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Drivers\uclauncher-x86.exe, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Drivers\uclauncher-xp.exe, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\en-IN\external_extensions.json, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\id-ID\external_extensions.json, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\data\city.json, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\data\pc_newtab_recommendation.json, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\font\font_8jda4sp0bz8pk3xr.ttf, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\font\font_8jda4sp0bz8pk3xr.woff, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\images\icon\128.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\images\icon\16.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\images\icon\48.jpg, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\images\icon\48.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\images\news\refresh.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\images\recommend_section\custom.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\images\recommend_section\fame.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\images\recommend_section\game.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\images\recommend_section\lecture.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\images\recommend_section\life.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\images\recommend_section\news.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\images\recommend_section\other.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\images\recommend_section\rec.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\images\recommend_section\shop.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\images\recommend_section\social.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\images\recommend_section\subscribe.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\images\recommend_section\video.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\images\search_logo\baidu.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\images\search_logo\bing.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\images\search_logo\default.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\images\search_logo\google.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\images\search_logo\multiple.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\images\search_logo\taobao.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\images\search_logo\youku.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\images\wallpaper\default.jpg, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\images\wallpaper\moon.jpg, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\images\wallpaper\rain.jpg, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\images\wallpaper\snow.jpg, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\images\weather_icon\00.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\images\weather_icon\01.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\images\weather_icon\02.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\images\weather_icon\03.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\images\weather_icon\04.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\images\weather_icon\06.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\images\weather_icon\07.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\images\weather_icon\09.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\images\weather_icon\13.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\images\weather_icon\14.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\images\weather_icon\16.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\images\weather_icon\18.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\images\weather_icon\19.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\images\weather_icon\20.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\images\weather_icon\n_00.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\images\weather_icon\n_01.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\images\new-tab-icon.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\images\new_tab_icon.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\new_tab\background.js, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\new_tab\background_lib.js, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\new_tab\index.html, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\new_tab\index.js, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\new_tab\lazy_index.js, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\new_tab\lazy_lib.js, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\new_tab\news_pre_render.js, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\new_tab\react_lib.js, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\_locales\en\messages.json, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\preset\hfahjeoiihhilkhgpknbhgcgjiejgecf\default\manifest.json, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\pt-BR\external_extensions.json, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\zh-CN\external_extensions.json, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Extensions\external_extensions.json, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Languages\chs.locale, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Languages\settings.xml, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Locales\en-US.pak, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Locales\zh-CN.pak, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\PepperFlash\manifest.json, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\PepperFlash\pepflashplayer.dll, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Update\curl-ca-bundle.crt, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Update\InstalledConfig.xml, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\Update\UpdateOption.xml, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\VisualElements\Logo.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\VisualElements\SmallLogo.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\6.1.2107.204.manifest, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\7z.dll, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\browsing_data_remover.exe, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\chrome.dll, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\chrome_100_percent.pak, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\chrome_200_percent.pak, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\chrome_child.dll, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\chrome_elf.dll, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\chrome_watcher.dll, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\config_updater.dll, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\courgette.dll, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\d3dcompiler_47.dll, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\delegate_execute.exe, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\hrkill.exe, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\icudtl.dat, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\libEGL.dll, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\libexif.dll, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\libGLESv2.dll, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\libmp3lame.dll, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\natives_blob.bin, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\resources.pak, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\snapshot_blob.bin, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\stats_uploader.exe, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\theme_tool.exe, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\UCAgent.exe, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\UCProxySDK.dll, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\6.1.2107.204\updater.dll, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\Share\icons\bookmarks\amazon.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\Share\icons\bookmarks\baidu.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\Share\icons\bookmarks\pp_helper.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\Share\icons\bookmarks\taobao.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\Share\icons\bookmarks\uc123.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\Share\icons\desktop\facebook.ico, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\Share\icons\desktop\tmall_points.ico, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\Share\icons\extension\noads.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\Share\icons\extension\renren.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\Share\icons\extension\taohuoyuan.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\Share\icons\login_view\alipay.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\Share\icons\login_view\qq.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\Share\icons\login_view\taobao.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\Share\icons\login_view\weibo.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\Share\icons\marketing\1001.ico, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\Share\icons\new_tab_search\12dc664d-0442-4570-a7c8-f3aa22922cec.com.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\Share\icons\new_tab_search\baidu.com.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\Share\icons\new_tab_search\bing.com.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\Share\icons\new_tab_search\etao.com.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\Share\icons\new_tab_search\google.com.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\Share\icons\new_tab_search\sogou.com.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\Share\icons\new_tab_search\taobao.com.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\Share\icons\new_tab_search\tmall.com.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\Share\icons\new_tab_search\youku.com.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\Share\icons\searchbar\12dc664d-0442-4570-a7c8-f3aa22922cec.com.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\Share\icons\searchbar\baidu.com.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\Share\icons\searchbar\bing.com.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\Share\icons\searchbar\etao.com.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\Share\icons\searchbar\etaohaitao.com.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\Share\icons\searchbar\google.com.hk.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\Share\icons\searchbar\google.com.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\Share\icons\searchbar\sogou.com.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\Share\icons\searchbar\taobao.com.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\Share\icons\searchbar\tmall.com.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\Share\icons\searchbar\youku.com.png, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\Share\config.dat, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\Share\custom.dat, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\Share\share.dat, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\Share\start.dat, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\molt_tool.exe, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\UCBrowser.exe, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\UCService.exe, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\Uninstall.exe, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\update_task.exe, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\VERSION, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\Chrome-bin\wow_helper.exe, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\7z.dll, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\chrome.7z, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\chrome.packed.7z, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\setup.dll, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\setup.exe, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\setup_ex_.cab, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\stats_uploader.exe, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\UCBrowserSetup.exe, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\wow_installer.prefs, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\Package\wow_installer.switches.txt, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Roaming\UCChannel\aavc.ini, Quarantined, [8506], [380884],1.0.1793
PUP.Optional.SpeeDownloader, C:\Program Files (x86)\SpeeDownloader\uninstaller.exe, Quarantined, [8903], [384265],1.0.1793
PUP.Optional.SpeeDownloader, C:\Program Files (x86)\SpeeDownloader\uninstaller.exe.config, Quarantined, [8903], [384265],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\Configs\en-in\config.dat, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\Configs\en-in\share.dat, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\Configs\en-in\start.dat, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\Configs\es-419\config.dat, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\Configs\es-419\share.dat, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\Configs\es-419\start.dat, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\Configs\id\config.dat, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\Configs\id\share.dat, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\Configs\id\start.dat, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\Configs\pt-br\config.dat, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\Configs\pt-br\share.dat, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\Configs\pt-br\start.dat, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\Configs\ru\config.dat, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\Configs\ru\share.dat, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\Configs\ru\start.dat, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\Configs\zh-cn\config.dat, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\Configs\zh-cn\share.dat, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\Configs\zh-cn\start.dat, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\Configs\config.dat, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\Configs\share.dat, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\Configs\start.dat, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\Backup\UCBrowser.exe, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\Drivers\ucdrv-x64.sys, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\Drivers\ucdrv-x86.sys, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\Drivers\ucdrv-xp.sys, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\Drivers\uclauncher-x64.exe, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\Drivers\uclauncher-x86.exe, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\Drivers\uclauncher-xp.exe, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\Extensions\en-IN\external_extensions.json, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\Extensions\id-ID\external_extensions.json, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\Extensions\pt-BR\external_extensions.json, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\Extensions\zh-CN\external_extensions.json, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\Extensions\external_extensions.json, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\Installer\chrmstp.exe, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\Installer\setup.exe, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\Languages\chs.locale, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\Languages\settings.xml, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\Locales\en-US.pak, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\Locales\zh-CN.pak, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\PepperFlash\manifest.json, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\PepperFlash\pepflashplayer.dll, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\Update\curl-ca-bundle.crt, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\Update\InstalledConfig.xml, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\Update\UpdateOption.xml, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\VisualElements\Logo.png, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\VisualElements\SmallLogo.png, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\6.0.1471.913.manifest, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\7z.dll, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\browsing_data_remover.exe, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\chrome.dll, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\chrome_100_percent.pak, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\chrome_200_percent.pak, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\chrome_child.dll, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\chrome_elf.dll, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\chrome_watcher.dll, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\config_updater.dll, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\courgette.dll, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\d3dcompiler_47.dll, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\debug.log, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\delegate_execute.exe, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\hrkill.exe, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\icudtl.dat, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\libEGL.dll, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\libexif.dll, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\libGLESv2.dll, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\libmp3lame.dll, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\natives_blob.bin, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\resources.pak, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\snapshot_blob.bin, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\stats_uploader.exe, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\theme_tool.exe, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\UCAgent.exe, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\UCProxySDK.dll, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\updater.dll, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\icons\bookmarks\amazon.png, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\icons\bookmarks\baidu.png, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\icons\bookmarks\pp_helper.png, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\icons\bookmarks\taobao.png, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\icons\bookmarks\uc123.png, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\icons\desktop\facebook.ico, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\icons\desktop\tmall_points.ico, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\icons\extension\noads.png, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\icons\extension\renren.png, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\icons\extension\taohuoyuan.png, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\icons\login_view\alipay.png, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\icons\login_view\qq.png, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\icons\login_view\taobao.png, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\icons\login_view\weibo.png, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\icons\marketing\1001.ico, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\icons\new_tab_search\12dc664d-0442-4570-a7c8-f3aa22922cec.com.png, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\icons\new_tab_search\baidu.com.png, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\icons\new_tab_search\bing.com.png, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\icons\new_tab_search\etao.com.png, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\icons\new_tab_search\google.com.png, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\icons\new_tab_search\sogou.com.png, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\icons\new_tab_search\taobao.com.png, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\icons\new_tab_search\tmall.com.png, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\icons\new_tab_search\youku.com.png, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\icons\searchbar\12dc664d-0442-4570-a7c8-f3aa22922cec.com.png, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\icons\searchbar\baidu.com.png, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\icons\searchbar\bing.com.png, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\icons\searchbar\etao.com.png, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\icons\searchbar\etaohaitao.com.png, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\icons\searchbar\google.com.hk.png, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\icons\searchbar\google.com.png, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\icons\searchbar\sogou.com.png, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\icons\searchbar\taobao.com.png, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\icons\searchbar\tmall.com.png, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\icons\searchbar\youku.com.png, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\config.dat, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\custom.dat, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\install_stats.log, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\share.dat, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\start.dat, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\target_locale, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Share\task.ini, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\debug.log, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\master_preferences, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\molt_tool.exe, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\SetupMetrics.pma, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\UCService.exe, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\Uninstall.exe, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\update_task.exe, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\VERSION, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Application\wow_helper.exe, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Security\ucdrv-x64.sys, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Security\uclauncher-x64.exe, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Security\uclauncher-x86.exe, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.UCBrowser, C:\Program Files (x86)\UCBrowser\Temp\source17576_20259\B3A5.tmp, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.YeaDesktop, C:\Program Files (x86)\YeaDesktop\common\apphoverbk.png, Quarantined, [1477], [391396],1.0.1793
PUP.Optional.YeaDesktop, C:\Program Files (x86)\YeaDesktop\common\BkgSelectedHover.png, Quarantined, [1477], [391396],1.0.1793
PUP.Optional.YeaDesktop, C:\Program Files (x86)\YeaDesktop\common\BkgSelectedNormal.png, Quarantined, [1477], [391396],1.0.1793
PUP.Optional.YeaDesktop, C:\Program Files (x86)\YeaDesktop\common\BkgSelectedPressed.png, Quarantined, [1477], [391396],1.0.1793
PUP.Optional.YeaDesktop, C:\Program Files (x86)\YeaDesktop\config.xml, Quarantined, [1477], [391396],1.0.1793
PUP.Optional.YeaDesktop, C:\Program Files (x86)\YeaDesktop\unins000.dat, Quarantined, [1477], [391396],1.0.1793
PUP.Optional.YeaDesktop, C:\Program Files (x86)\YeaDesktop\unins000.exe, Quarantined, [1477], [391396],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Local\UCBrowser\User Data\Default\Account Data, Quarantined, [8506], [380109],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Local\UCBrowser\User Data\Default\Account Data-journal, Quarantined, [8506], [380109],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Local\UCBrowser\User Data\Default\Preferences, Quarantined, [8506], [380109],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Local\UCBrowser\User Data\ShaderCache\GPUCache\data_0, Quarantined, [8506], [380109],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Local\UCBrowser\User Data\ShaderCache\GPUCache\data_1, Quarantined, [8506], [380109],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Local\UCBrowser\User Data\ShaderCache\GPUCache\data_2, Quarantined, [8506], [380109],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Local\UCBrowser\User Data\ShaderCache\GPUCache\data_3, Quarantined, [8506], [380109],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Local\UCBrowser\User Data\ShaderCache\GPUCache\index, Quarantined, [8506], [380109],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Local\UCBrowser\User Data\chrome_debug.log, Quarantined, [8506], [380109],1.0.1793
PUP.Optional.UCBrowser, C:\Users\Michael.KITTEN-PC\AppData\Local\UCBrowser\User Data\Local State, Quarantined, [8506], [380109],1.0.1793
PUP.Optional.UCBrowser, C:\PROGRAM FILES (X86)\UCBROWSER\SECURITY:UCDRV-X64.SYS, Quarantined, [8506], [380108],1.0.1793
PUP.Optional.OnlineIO, C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}\online.exe, Quarantined, [536], [391425],1.0.1793
PUP.Optional.OnlineIO, C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}\SystemFoldermsiexec.exe, Quarantined, [536], [391425],1.0.1793
PUP.Optional.YeaDesktop, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YeaDesktop\Uninstall YeaDesktop.lnk, Quarantined, [1477], [391395],1.0.1793
PUP.Optional.YeaDesktop, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YeaDesktop\YeaDesktop.lnk, Quarantined, [1477], [391395],1.0.1793
PUP.Optional.IStartSurf, C:\USERS\MICHAEL.KITTEN-PC\APPDATA\LOCAL\TEMP\CODECFIXDIVX.EXE, Quarantined, [87], [381337],1.0.1793
PUP.Optional.ProxyGate.PrxySvrRST, C:\PROGRAM FILES (X86)\PROXYGATE\DNS.DAT, Quarantined, [9159], [390933],1.0.1793
PUP.Optional.ProxyGate.PrxySvrRST, C:\Program Files (x86)\ProxyGate\ocx\mscomctl.ocx, Quarantined, [9159], [390933],1.0.1793
PUP.Optional.ProxyGate.PrxySvrRST, C:\Program Files (x86)\ProxyGate\conf.dat, Quarantined, [9159], [390933],1.0.1793
PUP.Optional.ProxyGate.PrxySvrRST, C:\Program Files (x86)\ProxyGate\Config.ini, Quarantined, [9159], [390933],1.0.1793
PUP.Optional.ProxyGate.PrxySvrRST, C:\Program Files (x86)\ProxyGate\dbghelp.dll, Quarantined, [9159], [390933],1.0.1793
PUP.Optional.ProxyGate.PrxySvrRST, C:\Program Files (x86)\ProxyGate\list.dat, Quarantined, [9159], [390933],1.0.1793
PUP.Optional.ProxyGate.PrxySvrRST, C:\Program Files (x86)\ProxyGate\msvbvm60.dll, Quarantined, [9159], [390933],1.0.1793
PUP.Optional.ProxyGate.PrxySvrRST, C:\Program Files (x86)\ProxyGate\newsocket.data, Quarantined, [9159], [390933],1.0.1793
PUP.Optional.ProxyGate.PrxySvrRST, C:\Program Files (x86)\ProxyGate\Skin.dll, Quarantined, [9159], [390933],1.0.1793
PUP.Optional.ProxyGate.PrxySvrRST, C:\Program Files (x86)\ProxyGate\TrafficMonitor.ini, Quarantined, [9159], [390933],1.0.1793
PUP.Optional.S5Mark, C:\PROGRAM FILES (X86)\S5\U.EXE, Quarantined, [992], [383706],1.0.1793
PUP.Optional.WeatherBuddy, C:\USERS\MICHAEL.KITTEN-PC\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\WEATHERBUDDY.LNK, Quarantined, [1486], [383220],1.0.1793
PUP.Optional.SpeedingUpMyPC, C:\USERS\MICHAEL.KITTEN-PC\APPDATA\LOCAL\TEMP\AWH4395.TMP, Quarantined, [875], [389100],1.0.1793
PUP.Optional.AdvancedPCCare, C:\USERS\MICHAEL.KITTEN-PC\APPDATA\ROAMING\FILEOPENERWINDOWS FOR KITTEN-PC\WFO.EXE.CONFIG, Quarantined, [73], [379054],1.0.1793
PUP.Optional.AdvancedPCCare, C:\Users\Michael.KITTEN-PC\AppData\Roaming\FileOpenerWindows for KITTEN-PC\x64\SQLite.Interop.dll, Quarantined, [73], [379054],1.0.1793
PUP.Optional.AdvancedPCCare, C:\Users\Michael.KITTEN-PC\AppData\Roaming\FileOpenerWindows for KITTEN-PC\x86\SQLite.Interop.dll, Quarantined, [73], [379054],1.0.1793
PUP.Optional.AdvancedPCCare, C:\Users\Michael.KITTEN-PC\AppData\Roaming\FileOpenerWindows for KITTEN-PC\langswfo.db, Quarantined, [73], [379054],1.0.1793
PUP.Optional.AdvancedPCCare, C:\Users\Michael.KITTEN-PC\AppData\Roaming\FileOpenerWindows for KITTEN-PC\System.Data.SQLite.DLL, Quarantined, [73], [379054],1.0.1793
PUP.Optional.AdvancedPCCare, C:\Users\Michael.KITTEN-PC\AppData\Roaming\FileOpenerWindows for KITTEN-PC\wfo.exe, Quarantined, [73], [379054],1.0.1793
PUP.Optional.YeaDesktop, C:\USERS\MICHAEL.KITTEN-PC\APPDATA\LOCAL\TEMP\YEAPUSERINFO.INI, Quarantined, [1477], [391398],1.0.1793
Trojan.Clicker, C:\USERS\MICHAEL.KITTEN-PC\APPDATA\LOCAL\TEMP\1492889639\S5-20170325.ZIP, Quarantined, [26], [387411],1.0.1793
PUP.Optional.FlowSpirit, C:\USERS\MICHAEL.KITTEN-PC\APPDATA\LOCAL\TEMP\FLOWSPRITSETUP_SLNT_5016.EXE, Quarantined, [6543], [387057],1.0.1793
Trojan.Clicker, C:\USERS\MICHAEL.KITTEN-PC\APPDATA\LOCAL\TEMP\1492889640\S5M_INSTALL_325.ZIP, Quarantined, [26], [387412],1.0.1793
PUP.Optional.OnlineIO, C:\WINDOWS\INSTALLER\SOURCEHASH{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Quarantined, [536], [391431],1.0.1793
PUP.Optional.WeatherBuddy, C:\WINDOWS\WEATHERBUDDY.INI, Quarantined, [1486], [388256],1.0.1793
PUP.Optional.YeaDesktop, C:\WINDOWS\TEMP\YEAPUSERINFO.INI, Quarantined, [1477], [391398],1.0.1793
PUP.Optional.ProxyGate, C:\USERS\MICHAEL.KITTEN-PC\APPDATA\LOCAL\UNINSTALLRO.EXE, Quarantined, [955], [375420],1.0.1793
PUP.Optional.OnlineIO, C:\WINDOWS\TASKS\ONLINE APPLICATION V2G2.JOB, Quarantined, [536], [382506],1.0.1793
PUP.Optional.UCBrowser, C:\WINDOWS\TASKS\UCBROWSERUPDATER.JOB, Quarantined, [8506], [380114],1.0.1793
PUP.Optional.FullTab, C:\USERS\MICHAEL.KITTEN-PC\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_search.fulltabsearch.com_0.localstorage, Quarantined, [2140], [376101],1.0.1793
PUP.Optional.FullTab, C:\USERS\MICHAEL.KITTEN-PC\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_search.fulltabsearch.com_0.localstorage-journal, Quarantined, [2140], [376101],1.0.1793
PUP.Optional.UCBrowser, C:\WINDOWS\TASKS\UCBrowserUpdaterCore.job, Quarantined, [8506], [380114],1.0.1793
PUP.Optional.UCBrowser, C:\WINDOWS\SYSTEM32\DRIVERS:UCDRV-X64.SYS, Quarantined, [8506], [380118],1.0.1793
PUP.Optional.OnlineIO, C:\WINDOWS\TASKS\ONLINE APPLICATION V2G3.JOB, Quarantined, [536], [382506],1.0.1793
PUP.Optional.UCBrowser, C:\WINDOWS\SYSTEM32\TASKS\UCBrowserSecureUpdater, Quarantined, [8506], [380115],1.0.1793
PUP.Optional.UCBrowser, C:\WINDOWS\SYSTEM32\TASKS\UCBrowserUpdater, Quarantined, [8506], [380115],1.0.1793
PUP.Optional.UCBrowser, C:\WINDOWS\SYSTEM32\TASKS\UCBrowserUpdaterCore, Quarantined, [8506], [380115],1.0.1793
PUP.Optional.UCBrowser, C:\WINDOWS\SYSTEM32\DRIVERS:X86, Quarantined, [8506], [380120],1.0.1793
PUP.Optional.OnlineIO, C:\WINDOWS\TASKS\UPDATER_ONLINE_APPLICATION.JOB, Quarantined, [536], [391430],1.0.1793
PUP.Optional.WinYahoo, C:\USERS\MICHAEL.KITTEN-PC\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\SECURE PREFERENCES, Replaced, [88], [302984],1.0.1793
PUP.Optional.OnlineIO, C:\WINDOWS\TASKS\ONLINE APPLICATION V2G1.JOB, Quarantined, [536], [382506],1.0.1793
PUP.Optional.UCBrowser, C:\WINDOWS\SYSTEM32\DRIVERS:X64, Quarantined, [8506], [380119],1.0.1793
PUP.Optional.OnlineIO, C:\WINDOWS\SYSTEM32\TASKS\UPDATER_ONLINE_APPLICATION, Quarantined, [536], [391429],1.0.1793
PUP.Optional.OnlineIO, C:\PROGRAM FILES (X86)\MICROLEAVES\ONLINE APPLICATION\Online Application Updater.exe, Quarantined, [536], [391426],1.0.1793
PUP.Optional.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe, Quarantined, [536], [391426],1.0.1793
PUP.Optional.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online.io EULA.url, Quarantined, [536], [391426],1.0.1793
PUP.Optional.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online.io Privacy.url, Quarantined, [536], [391426],1.0.1793
PUP.Optional.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Uninstall Online Application.lnk, Quarantined, [536], [391426],1.0.1793
PUP.Optional.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.ini, Quarantined, [536], [391426],1.0.1793
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)


#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:09 AM

Posted 23 April 2017 - 06:19 PM

Good :) Are you still enable to connect to the Internet after removing the threats Malwarebytes detected?

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 meer118

meer118
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:09 AM

Posted 23 April 2017 - 11:50 PM

So sorry it took a minute to get back to you!  I have run the Malwarbytes scan twice and after the second time I was able to connect to the internet.  I ran the scan one more time and it says no threats.  Things seem to be mostly clear.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users