Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus infected my computer, cant open system restore/anti-virus


  • This topic is locked This topic is locked
18 replies to this topic

#1 Zeathe

Zeathe

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 28 April 2017 - 11:31 AM

Hello, my computer just got infected recently and I cant open my anti-virus or system restore. I've tried in safe mode but to no avail. My Chrome also redirects me to some random pages. All help would be much appreciated!

 

Log- Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-04-2017

Ran by Zach (28-04-2017 11:01:53)
Running from E:\Downloads
Windows 10 Home Version 1607 (X64) (2017-01-09 12:00:37)
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2757729625-709039285-700629499-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2757729625-709039285-700629499-503 - Limited - Disabled)
Guest (S-1-5-21-2757729625-709039285-700629499-501 - Limited - Disabled)
Zach (S-1-5-21-2757729625-709039285-700629499-1003 - Administrator - Enabled) => C:\Users\Zach
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Alt1 Toolkit (HKU\S-1-5-21-2757729625-709039285-700629499-1003\...\Alt1Toolkit) (Version: 1.4.2 - RuneApps)
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.28.1 - Asmedia Technology)
AudioFXSetup (Version: 1.2.1201 - Nahimic) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bitcoin Core (64-bit) (HKU\S-1-5-21-2757729625-709039285-700629499-1003\...\Bitcoin Core (64-bit)) (Version: 0.14.0 - Bitcoin Core project)
CCleaner (HKLM\...\CCleaner) (Version: 5.29 - Piriform)
CheckDevicesConfigurator (Version: 1.2.1201 - Nahimic) Hidden
Corsair Link 4 (HKLM-x32\...\{17d466ef-c3fb-4bcc-8763-08f07ba700a2}) (Version: 4.2.2.27 - Corsair Components, Inc.)
Corsair Link 4 (x32 Version: 4.2.2.27 - Corsair Components, Inc.) Hidden
Corsair Link™ USB Dongle (Driver Removal) (HKLM-x32\...\SIUSBXP&1B1C&1C00) (Version:  - Corsair Memory, Inc.)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Epic Games Launcher Prerequisites (x64) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Gyazo 3.3.1 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Help Desk (HKLM-x32\...\InstallShield_{7E8181AF-9679-49B3-B133-C265709B6927}) (Version: 1.0.1508.1802 - Micro-Star International Co., Ltd.)
Help Desk (x32 Version: 1.0.1508.1802 - Micro-Star International Co., Ltd.) Hidden
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Intel® Chipset Device Software (x32 Version: 10.1.1.9 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1173 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.63.1519.7 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden <==== ATTENTION
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java 8 Update 92 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418092F0}) (Version: 8.0.920.14 - Oracle Corporation)
Java SE Development Kit 8 Update 121 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180121}) (Version: 8.0.1210.13 - Oracle Corporation)
Java SE Development Kit 8 Update 92 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180920}) (Version: 8.0.920.14 - Oracle Corporation)
Killer Bandwidth Control Filter Driver (Version: 1.1.56.1120 - Rivet Networks) Hidden
Killer E240x Drivers (Version: 1.1.56.1120 - Rivet Networks) Hidden
Killer Network Manager (Version: 1.1.56.1120 - Rivet Networks) Hidden
Killer Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.56.1120 - Rivet Networks)
Launcher Prerequisites (x64) (x32 Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LauncherSetup (Version: 1.2.1201 - Nahimic) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
League of Legends (x32 Version: 4.1.2 - Riot Games) Hidden
Logitech Gaming Software 8.84 (HKLM\...\Logitech Gaming Software) (Version: 8.84.15 - Logitech Inc.)
Microsoft OneDrive (HKU\S-1-5-21-2757729625-709039285-700629499-1003\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Nahimic for MSI (HKLM-x32\...\{0c311339-9de4-4dd7-b21d-3dcfa3a2946f}) (Version: 1.2.12 - Nahimic)
NahimicSettingsConfigurator (Version: 1.2.1201 - Nahimic) Hidden
NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.53 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.3.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.3.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.53 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 18.0.1 - OBS Project)
Online Application (x32 Version: 2.6.0 - Microleaves) Hidden <==== ATTENTION
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
ProductDaemonSetup (Version: 1.2.1201 - Nahimic) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7687 - Realtek Semiconductor Corp.)
RuneMate (HKLM-x32\...\5153-2584-1271-2038) (Version: 2.23.3.0 - Team RuneMate)
RuneScape Launcher 1.2.7 (HKLM-x32\...\{FA52A2D0-298E-4D40-8BB7-39928627EA6A}) (Version: 1.2.7 - Jagex Ltd)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.3.5 - NVIDIA Corporation) Hidden
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2757729625-709039285-700629499-1003\...\Spotify) (Version: 1.0.42.151.g19de0aa6 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Streamtip Alerter (HKLM-x32\...\{946E75BA-B3DA-470C-80EC-66AE17107334}_is1) (Version: 0.2.4 - NightDev, LLC)
UIInstallUpgrade (Version: 1.2.1201 - Nahimic) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Warframe (HKLM\...\Steam App 230410) (Version:  - Digital Extremes)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows Driver Package - Corsair Components, Inc. (SIUSBXP) USB  (10/30/2015 3.6) (HKLM\...\689CB8E4310D795D383E65C05A8F13A05D92E771) (Version: 10/30/2015 3.6 - Corsair Components, Inc.)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {07ABA8E6-C32F-414C-851F-AA754EE1D232} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {16061F12-E0E5-4EAC-9A6A-694D07A333CD} - \Updater_Online_Application -> No File <==== ATTENTION
Task: {21DB0BAB-F6A0-4A1F-B48C-CFF03362AB50} - \Online Application V2G1 -> No File <==== ATTENTION
Task: {408AED7B-B81E-4012-B748-ECA4D601EBC4} - System32\Tasks\NahimicMSIsvc64Run => C:\Program Files\Nahimic\NahimicMSI\UserInterface\x64\NahimicMSIsvc64.exe [2015-12-04] ()
Task: {52A7CD9F-1135-4034-9771-B8754B36F891} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-03-28] ()
Task: {54BB9BAE-A54C-4E82-8908-CAB5DF2DB238} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-03-28] ()
Task: {56E73983-A813-4FFD-A3E7-BE01E89C1F71} - \Online Application V2G2 -> No File <==== ATTENTION
Task: {5C8605C9-220E-404D-A9E3-3AE05598FBCD} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {68174AB8-F3CC-4EE7-A446-D7B484CB8D35} - System32\Tasks\NahimicMSIsvc32Run => C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIsvc32.exe [2015-12-04] ()
Task: {94559025-BE11-4C71-8436-A6E0D405DCEB} - \Online Application V2G3 -> No File <==== ATTENTION
Task: {B4FD7854-9453-423E-88F0-13A98A04F30F} - System32\Tasks\NahimicMSIUILauncherRun => C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIUILauncher.exe [2015-12-04] ()
Task: {C3DE10B9-CF84-402C-8155-D11EBFB29788} - System32\Tasks\HDWallPaper => C:\Program Files (x86)\HDWallPaper\HDWallPaper.exe  <==== ATTENTION
Task: {ED0C982C-4E7C-4E14-8849-3707F3F92B62} - System32\Tasks\MSI_Help_Desk_Agent => C:\Program Files (x86)\MSI\Help Desk\MSI Update Agent.exe [2015-08-18] (Micro-Star International Co., Ltd.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneApps\Alt1 - AfkWarden.lnk -> C:\Users\Zach\AppData\Local\Alt1Toolkit\app-1.4.2\Runeapps.Alt1.exe (RuneApps) -> protocolurl=alt1://openapp/hxxp://runeapps.org/apps/alt1/afkscape/appconfig.json
ShortcutWithArgument: C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneApps\Alt1 - Clue solver.lnk -> C:\Users\Zach\AppData\Local\Alt1Toolkit\app-1.4.2\Runeapps.Alt1.exe (RuneApps) -> protocolurl=alt1://openapp/hxxp://runeapps.org/apps/clue/appconfig.json
ShortcutWithArgument: C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneApps\Alt1 - ColorGrabber.lnk -> C:\Users\Zach\AppData\Local\Alt1Toolkit\app-1.4.2\Runeapps.Alt1.exe (RuneApps) -> protocolurl=alt1://openapp/hxxp://runeapps.org/apps/alt1/colorgrabber/appconfig.json
ShortcutWithArgument: C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneApps\Alt1 - D&D Notifications.lnk -> C:\Users\Zach\AppData\Local\Alt1Toolkit\app-1.4.2\Runeapps.Alt1.exe (RuneApps) -> protocolurl=alt1://openapp/hxxp://runeapps.org/apps/notifications/appconfig.json
ShortcutWithArgument: C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneApps\Alt1 - DgKey.lnk -> C:\Users\Zach\AppData\Local\Alt1Toolkit\app-1.4.2\Runeapps.Alt1.exe (RuneApps) -> protocolurl=alt1://openapp/hxxp://runeapps.org/apps/alt1/dgkey/appconfig.json
ShortcutWithArgument: C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneApps\Alt1 - Droplogger.lnk -> C:\Users\Zach\AppData\Local\Alt1Toolkit\app-1.4.2\Runeapps.Alt1.exe (RuneApps) -> protocolurl=alt1://openapp/hxxp://runeapps.org/apps/droplogger/appconfig.json
ShortcutWithArgument: C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneApps\Alt1 - Farming Timer.lnk -> C:\Users\Zach\AppData\Local\Alt1Toolkit\app-1.4.2\Runeapps.Alt1.exe (RuneApps) -> protocolurl=alt1://openapp/hxxp://runeapps.org/apps/farmtimer/appconfig.json
ShortcutWithArgument: C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneApps\Alt1 - Fish Flingers.lnk -> C:\Users\Zach\AppData\Local\Alt1Toolkit\app-1.4.2\Runeapps.Alt1.exe (RuneApps) -> protocolurl=alt1://openapp/hxxp://runeapps.org/apps/alt1/fishflingers/appconfig.json
ShortcutWithArgument: C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneApps\Alt1 - Meg answers.lnk -> C:\Users\Zach\AppData\Local\Alt1Toolkit\app-1.4.2\Runeapps.Alt1.exe (RuneApps) -> protocolurl=alt1://openapp/hxxp://runeapps.org/apps/alt1/meg/appconfig.json
ShortcutWithArgument: C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneApps\Alt1 - Notepad.lnk -> C:\Users\Zach\AppData\Local\Alt1Toolkit\app-1.4.2\Runeapps.Alt1.exe (RuneApps) -> protocolurl=alt1://openapp/hxxp://runeapps.org/apps/alt1/notepad/appconfig.json
ShortcutWithArgument: C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneApps\Alt1 - RS Wiki.lnk -> C:\Users\Zach\AppData\Local\Alt1Toolkit\app-1.4.2\Runeapps.Alt1.exe (RuneApps) -> protocolurl=alt1://openapp/hxxp://runeapps.org/apps/alt1/object/appconfig.json
ShortcutWithArgument: C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneApps\Alt1 - Stats.lnk -> C:\Users\Zach\AppData\Local\Alt1Toolkit\app-1.4.2\Runeapps.Alt1.exe (RuneApps) -> protocolurl=alt1://openapp/hxxp://runeapps.org/apps/alt1/stats/appconfig.json
ShortcutWithArgument: C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneApps\Alt1 - Stopwatch.lnk -> C:\Users\Zach\AppData\Local\Alt1Toolkit\app-1.4.2\Runeapps.Alt1.exe (RuneApps) -> protocolurl=alt1://openapp/hxxp://runeapps.org/apps/alt1/timer/appconfig.json
ShortcutWithArgument: C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneApps\Alt1 - Twitch.lnk -> C:\Users\Zach\AppData\Local\Alt1Toolkit\app-1.4.2\Runeapps.Alt1.exe (RuneApps) -> protocolurl=alt1://openapp/hxxp://runeapps.org/apps/alt1/twitch/appconfig.json
ShortcutWithArgument: C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneApps\Alt1 - World map.lnk -> C:\Users\Zach\AppData\Local\Alt1Toolkit\app-1.4.2\Runeapps.Alt1.exe (RuneApps) -> protocolurl=alt1://openapp/hxxp://runeapps.org/apps/map/appconfig.json
ShortcutWithArgument: C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneApps\Alt1 - XpMeter.lnk -> C:\Users\Zach\AppData\Local\Alt1Toolkit\app-1.4.2\Runeapps.Alt1.exe (RuneApps) -> protocolurl=alt1://openapp/hxxp://runeapps.org/apps/alt1/xpmeter/appconfig.json
ShortcutWithArgument: C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneApps\Alt1 - Youtube.lnk -> C:\Users\Zach\AppData\Local\Alt1Toolkit\app-1.4.2\Runeapps.Alt1.exe (RuneApps) -> protocolurl=alt1://openapp/hxxp://runeapps.org/apps/alt1/youtube/appconfig.json
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-04-12 12:22 - 2017-03-28 01:22 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-04-12 12:22 - 2017-03-28 01:22 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2017-01-09 08:53 - 2017-01-09 08:53 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-14 17:11 - 2017-03-04 01:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-14 17:11 - 2017-03-04 01:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-14 17:11 - 2017-03-04 01:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-14 17:11 - 2017-03-04 01:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-04-12 12:22 - 2017-03-28 00:07 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-04-12 12:22 - 2017-03-28 00:08 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-04-12 12:22 - 2017-03-28 00:11 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
iver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 02:24 - 2017-04-28 09:25 - 00000918 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 clients2.google.com 
127.0.0.1 v1.ff.avast.com 
127.0.0.1 vlcproxy.ff.avast.com 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2757729625-709039285-700629499-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Zach\Downloads\thumb-1920-522622.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\StartupFolder: => "Killer Network Manager.lnk"
HKLM\...\StartupApproved\Run: => "NahimicMSIUILauncher"
HKLM\...\StartupApproved\Run: => "Launch LCore"
HKLM\...\StartupApproved\Run: => "MouseDriver"
HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "PlaysTV"
HKLM\...\StartupApproved\Run32: => "WindowsDefender"
HKLM\...\StartupApproved\Run32: => "chromebrowser"
HKU\S-1-5-21-2757729625-709039285-700629499-1003\...\StartupApproved\StartupFolder: => "WeatherBuddy.lnk"
HKU\S-1-5-21-2757729625-709039285-700629499-1003\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2757729625-709039285-700629499-1003\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2757729625-709039285-700629499-1003\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2757729625-709039285-700629499-1003\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-2757729625-709039285-700629499-1003\...\StartupApproved\Run: => "Gyazo"
HKU\S-1-5-21-2757729625-709039285-700629499-1003\...\StartupApproved\Run: => "Innkeeper"
HKU\S-1-5-21-2757729625-709039285-700629499-1003\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2757729625-709039285-700629499-1003\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-2757729625-709039285-700629499-1003\...\StartupApproved\Run: => "Windows Defender"
HKU\S-1-5-21-2757729625-709039285-700629499-1003\...\StartupApproved\Run: => "Interstatnogui"
HKU\S-1-5-21-2757729625-709039285-700629499-1003\...\StartupApproved\Run: => "GSCXUC5CXKP5ZB2"
HKU\S-1-5-21-2757729625-709039285-700629499-1003\...\StartupApproved\Run: => "Spoutly.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{CBE0BB5C-7AAD-4CD7-ABD0-B78AA3DF8FCB}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{DB545A3A-04B7-4587-AC2B-D2AE1566B537}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [UDP Query User{01BB1E29-BFF7-4089-AC75-A190EF6EFE71}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{C9BEAC0A-13B6-4A72-ACD3-4C0054C5C81E}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{266C1668-3F71-4D00-A0CB-8C05EE017C20}C:\users\zach\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\zach\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{433507C7-765E-4AC6-9623-7D3F26815704}C:\users\zach\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\zach\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{55635495-E490-4B76-9507-09DF6CC36685}C:\program files\java\jre1.8.0_92\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_92\bin\javaw.exe
FirewallRules: [TCP Query User{B189A9E1-C9D3-442E-BC49-FBB761268CBB}C:\program files\java\jre1.8.0_92\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_92\bin\javaw.exe
FirewallRules: [UDP Query User{B14C7558-F67E-4D40-A5D8-6A5E205409DB}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{9687D136-8D53-4758-8E0D-03A854F5DF66}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{3ECE5CEE-425E-4FF6-ADAB-7ABA3BE5A03E}] => (Allow) E:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{A7C00DBD-1010-4FCD-AE28-2170FFE8AE76}] => (Allow) E:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{0A865270-06BC-4916-889F-C70E484642E9}] => (Allow) E:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{99C1A7E0-AB97-4B69-BA8F-0B580D066117}] => (Allow) E:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [UDP Query User{B3D16357-214F-4135-97DE-0C7F4890FC1F}E:\diablo iii\diablo iii.exe] => (Allow) E:\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{8EF47B7F-DDAE-44F7-AA26-0F8B81B6BA2A}E:\diablo iii\diablo iii.exe] => (Allow) E:\diablo iii\diablo iii.exe
FirewallRules: [{C0AA98F9-2938-46A4-91AF-5593F1D1C008}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{AF94995A-D4E7-44C4-839B-0F701A91F99D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7E68D978-83CB-43FC-9E6B-15F8B5E590B8}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{BB6BAE0F-816E-4105-9E1B-449696EDB71D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A9EDA3D1-9FF5-4238-AC6C-A6E6D9EAFA5F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{CC041B75-A184-4444-B595-AADCD5A3A12E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{FD3B20B1-40F4-4C6C-8590-5059DF3FD076}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{C552D9C0-A926-430D-AEE1-82FFD8F9E13A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{40F6B3DB-ECAE-40FB-8BC7-1E0D085C5208}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{EB0FFE03-8CB1-463B-A769-3D159D706311}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [TCP Query User{F4A586DC-0F3C-4BBE-A356-2063E4EF9515}C:\users\zach\jagexcache\jagexlauncher\bin\jagexlauncher.exe] => (Allow) C:\users\zach\jagexcache\jagexlauncher\bin\jagexlauncher.exe
FirewallRules: [UDP Query User{F98EE1E9-B60B-4D35-B9AF-AE5C23BA1C99}C:\users\zach\jagexcache\jagexlauncher\bin\jagexlauncher.exe] => (Allow) C:\users\zach\jagexcache\jagexlauncher\bin\jagexlauncher.exe
FirewallRules: [{44B758D1-47F6-4E88-A50A-4BBEE631A3C1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{CCE1DF08-9CF4-4D80-9253-9430FC2E4091}E:\bitcoin\bitcoin-qt.exe] => (Allow) E:\bitcoin\bitcoin-qt.exe
FirewallRules: [UDP Query User{63C28152-2A20-4B64-81E5-56D77636824C}E:\bitcoin\bitcoin-qt.exe] => (Allow) E:\bitcoin\bitcoin-qt.exe
FirewallRules: [TCP Query User{2971BF2F-F7B7-4A36-AF84-AF83CEC4507D}E:\overwatch\overwatch.exe] => (Allow) E:\overwatch\overwatch.exe
FirewallRules: [UDP Query User{DCAD4054-7CEE-44C2-8025-27E770A6FDDF}E:\overwatch\overwatch.exe] => (Allow) E:\overwatch\overwatch.exe
FirewallRules: [{7C2ECF77-EF93-4A40-AC27-C9D860DD8E95}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{8E51A3DD-150A-40CB-8CC9-D8B0D9735880}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{DAAEC0AA-FAC5-4F64-A2F5-4637D1AFBFDA}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{6D54F574-4901-43F0-9591-61F046F46CB5}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{F27887C6-CC10-40B1-895C-B5682AEBD548}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{7592DD2F-3709-456F-A76E-E2D0D73AAB0D}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{0D5F0EA8-81AF-4E00-B261-9DA3EC72A0D3}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{17A72F41-FFD3-4188-AA59-3B696B96CDBB}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{C5ADDF28-F03E-40B1-BFC7-9B2C5B9143EC}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{93C2A2A5-458A-45CB-BA1D-BD7A4391E198}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{065571D0-214D-4577-81B3-0CA242E39D23}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{BD1E151B-A785-413D-A6EF-A4232EF89DC5}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{CED841D8-0F0D-4258-AA98-42B567FF7C43}] => (Allow) E:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{8361A861-EFF4-435A-AD45-4488C7EFD9CD}] => (Allow) E:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{534D7ADA-5F4C-4854-8F7C-DDFD6D1F0A58}] => (Allow) C:\Users\Zach\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{39E5F678-0335-4E3F-8CEC-0261A82AEE7E}] => (Allow) C:\Users\Zach\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4FAED25F-BB86-485F-A8C3-F4B29072F78C}] => (Allow) C:\Users\Zach\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C2567ECD-474A-4516-8E22-CAB61D667865}] => (Allow) C:\Users\Zach\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AD81EF32-99D0-4942-AC52-1F213AAC43E3}] => (Allow) C:\Users\Zach\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5AF445ED-F1C3-4830-B2D2-11C1CC9C47C1}] => (Allow) C:\Users\Zach\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{5A97C0C6-126E-4045-9DD8-201B74FBA138}E:\heroes of the storm\versions\base52860\heroesofthestorm_x64.exe] => (Allow) E:\heroes of the storm\versions\base52860\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{4EE67775-7F93-4891-B6A3-2986F930D311}E:\heroes of the storm\versions\base52860\heroesofthestorm_x64.exe] => (Allow) E:\heroes of the storm\versions\base52860\heroesofthestorm_x64.exe
 
==================== Restore Points =========================
 
21-04-2017 09:19:34 Scheduled Checkpoint
25-04-2017 01:23:58 Installed League of Legends
27-04-2017 03:09:43 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
28-04-2017 09:23:16 Installed WeatherBuddy
 
==================== Faulty Device Manager Devices =============
 
Name: Intel® Serial IO UART Host Controller - A127
Description: Intel® Serial IO UART Host Controller - A127
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: iaLPSS2_UART2
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
 
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/28/2017 10:59:18 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ZACH)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/28/2017 10:56:07 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "select * from __InstanceModificationEvent where targetinstance isa '__ArbitratorConfiguration'" could not be reactivated in namespace "//./root" because of error 0x80041033. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (04/28/2017 10:56:07 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider $Core attempted to register query "select * from __TimerEvent" whose target class "__TimerEvent" in //./root/subscription namespace does not exist. The query will be ignored.
 
Error: (04/28/2017 10:56:07 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider $Core attempted to register query "select * from __TimerEvent" whose target class "__TimerEvent" in //./root/CIMV2 namespace does not exist. The query will be ignored.
 
Error: (04/28/2017 10:56:07 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider $Core attempted to register query "select * from __SystemEvent" whose target class "__SystemEvent" in //./root/subscription namespace does not exist. The query will be ignored.
 
Error: (04/28/2017 10:56:07 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider $Core attempted to register query "select * from __TimerEvent" whose target class "__TimerEvent" in //./root namespace does not exist. The query will be ignored.
 
Error: (04/28/2017 10:56:07 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider $Core attempted to register query "select * from __SystemEvent" whose target class "__SystemEvent" in //./root/CIMV2 namespace does not exist. The query will be ignored.
 
Error: (04/28/2017 10:56:07 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider $Core attempted to register query "select * from __NamespaceOperationEvent" whose target class "__NamespaceOperationEvent" in //./root/subscription namespace does not exist. The query will be ignored.
 
Error: (04/28/2017 10:56:07 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider $Core attempted to register query "select * from __SystemEvent" whose target class "__SystemEvent" in //./root namespace does not exist. The query will be ignored.
 
Error: (04/28/2017 10:56:07 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider $Core attempted to register query "select * from __NamespaceOperationEvent" whose target class "__NamespaceOperationEvent" in //./root/CIMV2 namespace does not exist. The query will be ignored.
 
 
System errors:
=============
Error: (04/28/2017 11:01:55 AM) (Source: DCOM) (EventID: 10005) (User: ZACH)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (04/28/2017 11:01:01 AM) (Source: DCOM) (EventID: 10005) (User: ZACH)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (04/28/2017 11:01:01 AM) (Source: DCOM) (EventID: 10005) (User: ZACH)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (04/28/2017 11:01:01 AM) (Source: DCOM) (EventID: 10005) (User: ZACH)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (04/28/2017 10:59:46 AM) (Source: DCOM) (EventID: 10005) (User: ZACH)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (04/28/2017 10:59:37 AM) (Source: DCOM) (EventID: 10005) (User: ZACH)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (04/28/2017 10:59:36 AM) (Source: DCOM) (EventID: 10005) (User: ZACH)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (04/28/2017 10:59:28 AM) (Source: DCOM) (EventID: 10005) (User: ZACH)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (04/28/2017 10:59:21 AM) (Source: DCOM) (EventID: 10005) (User: ZACH)
Description: DCOM got error "1084" attempting to start the service dps with arguments "Unavailable" in order to run the server:
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
 
Error: (04/28/2017 10:59:21 AM) (Source: DCOM) (EventID: 10005) (User: ZACH)
Description: DCOM got error "1084" attempting to start the service dps with arguments "Unavailable" in order to run the server:
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-6700K CPU @ 4.00GHz
Percentage of memory in use: 8%
Total physical RAM: 16346.67 MB
Available physical RAM: 14891.91 MB
Total Virtual: 18778.67 MB
Available Virtual: 17446.65 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:232.33 GB) (Free:66.7 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:931.39 GB) (Free:733.32 GB) NTFS
Drive f: (BCT) (Removable) (Total:115.66 GB) (Free:115.59 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 2 (Size: 115.7 GB) (Disk ID: 00000000)
 
Partition: GPT.
 

==================== End of Addition.txt ============================ 

Attached Files



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,185 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:45 PM

Posted 28 April 2017 - 12:04 PM

Welcome :)

 

Please post the FRST.txt log.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 Zeathe

Zeathe
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 28 April 2017 - 12:08 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-04-2017
Ran by Zach (administrator) on ZACH (28-04-2017 11:01:37)
Running from E:\Downloads
Loaded Profiles: Zach (Available Profiles: Zach)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msdt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8783616 2015-12-10] (Realtek Semiconductor)
HKLM\...\Run: [NahimicMSIUILauncher] => C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIUILauncher.exe [740320 2015-12-04] ()
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [MouseDriver] => TiltWheelMouse.exe
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15853176 2016-08-03] (Logitech Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-03-28] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM-x32\...\Run: [WindowsDefender] => -
HKU\S-1-5-21-2757729625-709039285-700629499-1003\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-04-20] (Valve Corporation)
HKU\S-1-5-21-2757729625-709039285-700629499-1003\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [5077792 2017-03-28] (Nota Inc.)
HKU\S-1-5-21-2757729625-709039285-700629499-1003\...\Run: [Spotify Web Helper] => C:\Users\Zach\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1431664 2017-04-26] (Spotify Ltd)
HKU\S-1-5-21-2757729625-709039285-700629499-1003\...\Run: [Spotify] => C:\Users\Zach\AppData\Roaming\Spotify\Spotify.exe [6987376 2017-04-26] (Spotify Ltd)
HKU\S-1-5-21-2757729625-709039285-700629499-1003\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27545048 2017-03-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2757729625-709039285-700629499-1003\...\Run: [Windows Defender] => -
HKU\S-1-5-21-2757729625-709039285-700629499-1003\...\Run: [Interstatnogui] => C:\Users\Zach\AppData\Roaming\Interstatnogui\interstatnogui.exe [2987352 2017-04-28] (IT Genius) <===== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2016-04-19]
ShortcutTarget: Killer Network Manager.lnk -> C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Rivet Networks)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => 127.0.0.1:8003
ProxyEnable: [S-1-5-19] => Proxy is enabled.
ProxyServer: [S-1-5-19] => 127.0.0.1:8003
ProxyEnable: [S-1-5-20] => Proxy is enabled.
ProxyServer: [S-1-5-20] => 127.0.0.1:8003
ProxyServer: [S-1-5-21-2757729625-709039285-700629499-1003] => 127.0.0.1:8003
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{f6f3c355-1799-471d-8df1-1f5d967ae6ba}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-02-02] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-02] (Oracle Corporation)
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-02] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-02] (Oracle Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.google.com/
CHR Profile: C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default [2017-04-28]
CHR Extension: (Google Slides) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-25]
CHR Extension: (BetterTTV) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2017-04-22]
CHR Extension: (Google Docs) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-25]
CHR Extension: (Google Drive) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-25]
CHR Extension: (YouTube) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-25]
CHR Extension: (Adblock Plus) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-21]
CHR Extension: (Google Search) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-04-25]
CHR Extension: (Google Sheets) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-25]
CHR Extension: (Google Docs Offline) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-25]
CHR Extension: (AdBlock) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-04-13]
CHR Extension: (Privacy Palette) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjkcflkplhgpebknipkekjggglimnone [2016-04-25]
CHR Extension: (Simply Block Ads!) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhfjefnfnmmnkcckbjjcganphignempo [2016-04-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Gmail) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-25]
CHR Extension: (Chrome Media Router) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-04]
CHR Profile: C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-04-28]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1863688 2016-05-01] ()
S3 CLink4Service; C:\Program Files (x86)\CorsairLink4\CorsairLink4.Service.exe [82096 2016-03-17] (Corsair Components, Inc.)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-05-02] (NVIDIA Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
S3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-10-16] (Intel Corporation)
S2 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [452096 2015-09-16] (Rivet Networks) [File not signed]
S2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-08-03] (Logitech Inc.)
S2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-02] (NVIDIA Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-02] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-02] (NVIDIA Corporation)
S2 realtek_amd64; C:\Users\Zach\AppData\Local\Temp\WS\realtek_amd64.exe [8704 2017-04-26] () [File not signed] <==== ATTENTION
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2017-03-28] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2017-03-28] (Microsoft Corporation)
S2 windowsmanagementservice; C:\Users\Zach\AppData\Local\eopzmc\ct.exe [947200 2017-03-29] () [File not signed] <==== ATTENTION
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BfLwf; C:\WINDOWS\system32\DRIVERS\bwcW10x64.sys [142904 2015-09-16] (Rivet Networks, LLC.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R0 drmkpro64; C:\WINDOWS\System32\drivers\ndistpr64.sys [78112 2013-09-28] () [File not signed] <==== ATTENTION
S3 e1dexpress; C:\WINDOWS\system32\DRIVERS\e1d65x64.sys [531424 2015-08-13] (Intel Corporation)
S3 iaLPSS2_UART2; C:\WINDOWS\System32\drivers\iaLPSS2_UART2.sys [281896 2015-07-20] (Intel Corporation)
R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [162456 2016-02-12] (Qualcomm Atheros, Inc.)
S3 ladfGSS; C:\WINDOWS\system32\drivers\ladfGSS.sys [45208 2016-04-15] (Logitech Inc.)
S2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [85160 2016-04-18] (Logitech Inc.)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251832 2017-04-23] (Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [92096 2017-04-09] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R1 NetUtils2016; C:\WINDOWS\system32\drivers\NetUtils2016.sys [907160 2017-04-28] () <==== ATTENTION
S3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_b67dc924fff8de6d\nvlddmkm.sys [14199224 2017-01-04] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-02] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
S3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-28 11:01 - 2017-04-28 11:01 - 00000000 ____D C:\FRST
2017-04-28 10:59 - 2017-04-28 10:59 - 00000000 ____D C:\Users\Zach\AppData\Local\ElevatedDiagnostics
2017-04-28 10:54 - 2017-04-28 10:54 - 00000000 ____D C:\WINDOWS\pss
2017-04-28 10:54 - 2017-04-28 10:54 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-04-28 10:39 - 2017-04-28 10:39 - 00000000 ____D C:\WINDOWS\Panther
2017-04-28 10:32 - 2017-04-28 10:32 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-04-28 10:32 - 2017-04-28 10:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-04-28 10:32 - 2017-04-28 10:32 - 00000000 ____D C:\Program Files\CCleaner
2017-04-28 10:14 - 2017-04-28 10:10 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Zach\Desktop\spybot-2.4.exe
2017-04-28 10:14 - 2017-04-28 10:09 - 09573472 _____ (Piriform Ltd) C:\Users\Zach\Desktop\cc_setup529.exe
2017-04-28 09:25 - 2017-04-28 09:25 - 00000000 ____D C:\Users\Zach\AppData\Roaming\c
2017-04-28 09:25 - 2017-04-28 09:25 - 00000000 ____D C:\Users\Zach\AppData\Local\eopzmc
2017-04-28 09:25 - 2017-04-28 09:25 - 00000000 ____D C:\Users\Zach\AppData\Local\ejrjzrxh
2017-04-28 09:24 - 2017-04-28 10:54 - 00624640 _____ C:\WINDOWS\system32\NetUtils2016.dll
2017-04-28 09:24 - 2017-04-28 09:24 - 00907160 _____ C:\WINDOWS\system32\Drivers\NetUtils2016.sys
2017-04-28 09:24 - 2017-04-28 09:24 - 00003256 _____ C:\WINDOWS\System32\Tasks\HDWallPaper
2017-04-28 09:24 - 2017-04-28 09:24 - 00000000 ____D C:\WINDOWS\system32\sstmp
2017-04-28 09:24 - 2017-04-28 09:24 - 00000000 ____D C:\Users\Zach\AppData\Roaming\Interstatnogui
2017-04-28 09:24 - 2017-04-28 09:24 - 00000000 ____D C:\Users\Zach\AppData\Local\CrashRpt
2017-04-28 09:24 - 2017-04-28 09:24 - 00000000 ____D C:\Users\Zach\AppData\Local\AppTrailers
2017-04-28 09:22 - 2017-04-28 09:22 - 00000000 ____D C:\Users\Zach\AppData\Roaming\Microleaves
2017-04-28 09:22 - 2017-04-28 09:22 - 00000000 ____D C:\Users\Zach\AppData\Roaming\AGData
2017-04-28 09:22 - 2017-04-28 09:22 - 00000000 ____D C:\Users\Zach\AppData\Local\AdvinstAnalytics
2017-04-28 09:22 - 2017-04-28 09:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget
2017-04-28 08:30 - 2017-04-28 08:30 - 00000000 ____D C:\Users\Zach\Creative Cloud Files
2017-04-28 08:28 - 2017-04-28 08:28 - 00000000 ____D C:\Users\Zach\AppData\Local\Tempzxpsignaf17be341287575a
2017-04-28 08:28 - 2017-04-28 08:28 - 00000000 ____D C:\Users\Zach\AppData\Local\Tempzxpsign0b2e242e5f07f26b
2017-04-28 08:27 - 2017-04-28 08:27 - 00000000 ____D C:\Users\Zach\AppData\Local\Tempzxpsigne55cb9584d820330
2017-04-28 08:26 - 2017-04-28 08:26 - 00000000 ____D C:\Users\Zach\AppData\Local\Tempzxpsign77defc96c785a5c1
2017-04-28 08:25 - 2017-04-28 09:24 - 00000000 ____D C:\Users\Zach\AppData\Roaming\Adobe
2017-04-28 08:25 - 2017-04-28 08:25 - 00000000 ____D C:\Users\Zach\Documents\Adobe
2017-04-28 08:25 - 2017-04-28 08:25 - 00000000 ____D C:\Users\Zach\AppData\Local\Tempzxpsignf5a00191f0e12cb0
2017-04-28 08:25 - 2017-04-28 08:25 - 00000000 ____D C:\Users\Zach\AppData\Local\Adobe
2017-04-28 08:25 - 2017-04-28 08:25 - 00000000 ____D C:\ProgramData\Adobe
2017-04-28 08:24 - 2017-04-28 08:25 - 00000000 ____D C:\Users\Zach\Desktop\asdasd
2017-04-28 07:49 - 2017-04-28 07:51 - 00000000 ____D C:\Users\Zach\AppData\Local\streamtip-alerter
2017-04-28 07:49 - 2017-04-28 07:49 - 00001184 _____ C:\Users\Public\Desktop\Streamtip Alerter.lnk
2017-04-28 07:49 - 2017-04-28 07:49 - 00000000 ____D C:\Users\Zach\Documents\Streamtip
2017-04-28 07:49 - 2017-04-28 07:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Streamtip Alerter
2017-04-28 07:49 - 2017-04-28 07:49 - 00000000 ____D C:\Program Files (x86)\Streamtip Alerter
2017-04-28 06:04 - 2017-04-28 06:04 - 00000905 _____ C:\Users\Zach\Desktop\Videos - Shortcut.lnk
2017-04-28 05:55 - 2017-04-28 09:25 - 00000000 ____D C:\Users\Zach\AppData\Roaming\obs-studio
2017-04-28 05:55 - 2017-04-28 05:55 - 00001275 _____ C:\Users\Public\Desktop\OBS Studio.lnk
2017-04-28 05:55 - 2017-04-28 05:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2017-04-28 05:54 - 2017-04-28 05:54 - 00000000 ____D C:\Program Files (x86)\obs-studio
2017-04-28 05:51 - 2017-04-28 05:51 - 00000000 ____D C:\Users\Zach\AppData\Roaming\Mirillis
2017-04-28 05:51 - 2017-04-28 05:51 - 00000000 ____D C:\ProgramData\Mirillis
2017-04-28 05:50 - 2017-04-28 05:53 - 00000000 ____D C:\Users\Zach\AppData\Local\Mirillis
2017-04-28 05:49 - 2017-04-28 09:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mirillis
2017-04-28 05:49 - 2017-04-28 05:49 - 00000000 ____D C:\Program Files (x86)\Mirillis
2017-04-27 03:09 - 2017-04-27 03:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-04-25 01:29 - 2017-04-25 01:29 - 00000000 ____D C:\Users\Zach\Documents\League of Legends
2017-04-25 01:24 - 2017-04-25 01:29 - 00000470 _____ C:\Users\Public\Desktop\League of Legends.lnk
2017-04-25 01:24 - 2017-04-25 01:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2017-04-25 01:23 - 2017-04-25 01:25 - 00000000 ____D C:\Users\Zach\AppData\Roaming\Riot Games
2017-04-24 04:49 - 2017-04-24 04:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2017-04-24 04:41 - 2017-04-24 04:52 - 00000000 ____D C:\Users\Zach\Documents\Heroes of the Storm
2017-04-24 04:31 - 2017-04-28 09:30 - 00000000 ____D C:\Users\Zach\AppData\LocalLow\uTorrent
2017-04-24 04:30 - 2017-04-28 09:30 - 00000000 ____D C:\Users\Zach\AppData\Roaming\uTorrent
2017-04-24 04:30 - 2017-04-24 04:30 - 00002679 _____ C:\Users\Zach\Desktop\µTorrent.lnk
2017-04-24 04:30 - 2017-04-24 04:30 - 00002679 _____ C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2017-04-19 18:25 - 2017-04-28 06:03 - 00001268 _____ C:\Users\Zach\Desktop\nativelog.txt
2017-04-19 11:23 - 2017-04-19 11:23 - 00000000 ____D C:\Users\Zach\Documents\My games
2017-04-18 23:15 - 2017-04-18 23:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch
2017-04-18 11:12 - 2017-04-19 01:11 - 00000000 ____D C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitcoin Core
2017-04-18 11:10 - 2017-04-18 11:10 - 00000934 _____ C:\Users\Zach\Desktop\Downloads - Shortcut.lnk
2017-04-18 01:55 - 2017-04-18 01:55 - 00000012 _____ C:\Users\Zach\Documents\BTC-e pass.txt
2017-04-18 00:29 - 2017-04-18 01:27 - 00000000 ____D C:\Users\Zach\Documents\kimpelzach@gmail.com extreme earnings
2017-04-17 21:43 - 2017-04-25 04:22 - 00000000 ____D C:\Users\Zach\AppData\Roaming\Bitcoin
2017-04-17 21:43 - 2017-04-18 00:19 - 00000000 ____D C:\Users\Zach\AppData\Roaming\Armory
2017-04-17 20:02 - 2017-04-17 20:02 - 00000147 _____ C:\Users\Zach\Documents\How to get your guide for henry fords products.txt
2017-04-17 19:58 - 2017-04-15 17:25 - 00000000 ____D C:\Users\Zach\Documents\Vault Breaker - Ultra Package
2017-04-14 08:36 - 2017-04-14 08:36 - 00001252 _____ C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update and Privacy Settings.lnk
2017-04-14 08:36 - 2017-04-14 08:36 - 00000000 ____D C:\Users\Zach\AppData\Local\UNP
2017-04-13 11:51 - 2017-04-13 11:52 - 00000000 ____D C:\Program Files\UNP
2017-04-13 11:51 - 2017-04-13 11:51 - 00000000 ____D C:\WINDOWS\system32\UNP
2017-04-12 12:23 - 2017-03-28 02:10 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-04-12 12:23 - 2017-03-28 02:10 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-04-12 12:23 - 2017-03-28 01:21 - 00167848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2017-04-12 12:23 - 2017-03-28 01:19 - 00601712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-04-12 12:23 - 2017-03-28 01:15 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-04-12 12:23 - 2017-03-28 01:07 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-04-12 12:23 - 2017-03-28 01:05 - 01504056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-04-12 12:23 - 2017-03-28 01:04 - 05721808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-04-12 12:23 - 2017-03-28 01:04 - 02262776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-04-12 12:23 - 2017-03-28 01:04 - 01431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-04-12 12:23 - 2017-03-28 01:04 - 00975744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-04-12 12:23 - 2017-03-28 01:04 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-04-12 12:23 - 2017-03-28 01:04 - 00277344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-04-12 12:23 - 2017-03-28 01:04 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2017-04-12 12:23 - 2017-03-28 01:04 - 00116568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-04-12 12:23 - 2017-03-28 01:02 - 01980768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2017-04-12 12:23 - 2017-03-28 01:02 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2017-04-12 12:23 - 2017-03-28 01:02 - 00576408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-04-12 12:23 - 2017-03-28 00:59 - 06667520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-04-12 12:23 - 2017-03-28 00:59 - 04023008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-04-12 12:23 - 2017-03-28 00:58 - 20967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-04-12 12:23 - 2017-03-28 00:58 - 01851688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-04-12 12:23 - 2017-03-28 00:58 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-04-12 12:23 - 2017-03-28 00:58 - 01344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2017-04-12 12:23 - 2017-03-28 00:58 - 01277856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-04-12 12:23 - 2017-03-28 00:58 - 01202936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-04-12 12:23 - 2017-03-28 00:58 - 00981888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-04-12 12:23 - 2017-03-28 00:58 - 00961192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-04-12 12:23 - 2017-03-28 00:53 - 01414728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-04-12 12:23 - 2017-03-28 00:53 - 00545944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-04-12 12:23 - 2017-03-28 00:52 - 00306800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2017-04-12 12:23 - 2017-03-28 00:48 - 05685760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-04-12 12:23 - 2017-03-28 00:42 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-04-12 12:23 - 2017-03-28 00:39 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Radios.dll
2017-04-12 12:23 - 2017-03-28 00:38 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll
2017-04-12 12:23 - 2017-03-28 00:37 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2017-04-12 12:23 - 2017-03-28 00:37 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.SystemManagement.dll
2017-04-12 12:23 - 2017-03-28 00:37 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-04-12 12:23 - 2017-03-28 00:36 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinRtTracing.dll
2017-04-12 12:23 - 2017-03-28 00:36 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SerialCommunication.dll
2017-04-12 12:23 - 2017-03-28 00:36 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.UserDeviceAssociation.dll
2017-04-12 12:23 - 2017-03-28 00:35 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-04-12 12:23 - 2017-03-28 00:35 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll
2017-04-12 12:23 - 2017-03-28 00:35 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.LowLevel.dll
2017-04-12 12:23 - 2017-03-28 00:35 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.XboxLive.Storage.dll
2017-04-12 12:23 - 2017-03-28 00:35 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-04-12 12:23 - 2017-03-28 00:35 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll
2017-04-12 12:23 - 2017-03-28 00:34 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2017-04-12 12:23 - 2017-03-28 00:34 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-04-12 12:23 - 2017-03-28 00:33 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll
2017-04-12 12:23 - 2017-03-28 00:33 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Import.dll
2017-04-12 12:23 - 2017-03-28 00:33 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-04-12 12:23 - 2017-03-28 00:33 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll
2017-04-12 12:23 - 2017-03-28 00:33 - 00265728 _____ C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll
2017-04-12 12:23 - 2017-03-28 00:32 - 01243136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.FaceAnalysis.dll
2017-04-12 12:23 - 2017-03-28 00:32 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.dll
2017-04-12 12:23 - 2017-03-28 00:32 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll
2017-04-12 12:23 - 2017-03-28 00:32 - 00386048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFiDirect.dll
2017-04-12 12:23 - 2017-03-28 00:32 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2017-04-12 12:23 - 2017-03-28 00:32 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2017-04-12 12:23 - 2017-03-28 00:32 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-04-12 12:23 - 2017-03-28 00:32 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2017-04-12 12:23 - 2017-03-28 00:32 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2017-04-12 12:23 - 2017-03-28 00:32 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2017-04-12 12:23 - 2017-03-28 00:32 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2017-04-12 12:23 - 2017-03-28 00:31 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mbsmsapi.dll
2017-04-12 12:23 - 2017-03-28 00:31 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-04-12 12:23 - 2017-03-28 00:31 - 00390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2017-04-12 12:23 - 2017-03-28 00:30 - 00819200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2017-04-12 12:23 - 2017-03-28 00:30 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll
2017-04-12 12:23 - 2017-03-28 00:30 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-04-12 12:23 - 2017-03-28 00:29 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Ocr.dll
2017-04-12 12:23 - 2017-03-28 00:29 - 00314368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2017-04-12 12:23 - 2017-03-28 00:29 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-04-12 12:23 - 2017-03-28 00:29 - 00238080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-04-12 12:23 - 2017-03-28 00:28 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-04-12 12:23 - 2017-03-28 00:28 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2017-04-12 12:23 - 2017-03-28 00:28 - 00500224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll
2017-04-12 12:23 - 2017-03-28 00:27 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CryptoWinRT.dll
2017-04-12 12:23 - 2017-03-28 00:26 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.3D.dll
2017-04-12 12:23 - 2017-03-28 00:26 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll
2017-04-12 12:23 - 2017-03-28 00:25 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2017-04-12 12:23 - 2017-03-28 00:25 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2017-04-12 12:23 - 2017-03-28 00:24 - 04614656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-04-12 12:23 - 2017-03-28 00:24 - 00901120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2017-04-12 12:23 - 2017-03-28 00:24 - 00675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2017-04-12 12:23 - 2017-03-28 00:23 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-04-12 12:23 - 2017-03-28 00:23 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2017-04-12 12:23 - 2017-03-28 00:22 - 00516096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2017-04-12 12:23 - 2017-03-28 00:22 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTMediaFrame.dll
2017-04-12 12:23 - 2017-03-28 00:21 - 01077760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll
2017-04-12 12:23 - 2017-03-28 00:20 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-04-12 12:23 - 2017-03-28 00:20 - 00795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MiracastReceiver.dll
2017-04-12 12:23 - 2017-03-28 00:20 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-04-12 12:23 - 2017-03-28 00:19 - 00746496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2017-04-12 12:23 - 2017-03-28 00:19 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-04-12 12:23 - 2017-03-28 00:19 - 00343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-04-12 12:23 - 2017-03-28 00:19 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2017-04-12 12:23 - 2017-03-28 00:19 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dialclient.dll
2017-04-12 12:23 - 2017-03-28 00:17 - 06109696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-04-12 12:23 - 2017-03-28 00:17 - 00895488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2017-04-12 12:23 - 2017-03-28 00:17 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToReceiver.dll
2017-04-12 12:23 - 2017-03-28 00:16 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2017-04-12 12:23 - 2017-03-28 00:16 - 01221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2017-04-12 12:23 - 2017-03-28 00:16 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll
2017-04-12 12:23 - 2017-03-28 00:15 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2017-04-12 12:23 - 2017-03-28 00:14 - 07468544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-04-12 12:23 - 2017-03-28 00:14 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-04-12 12:23 - 2017-03-28 00:14 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-04-12 12:23 - 2017-03-28 00:13 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-04-12 12:23 - 2017-03-28 00:13 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Perception.dll
2017-04-12 12:23 - 2017-03-28 00:13 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2017-04-12 12:23 - 2017-03-28 00:13 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2017-04-12 12:23 - 2017-03-28 00:13 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-04-12 12:23 - 2017-03-28 00:12 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2017-04-12 12:23 - 2017-03-28 00:12 - 01013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2017-04-12 12:23 - 2017-03-28 00:12 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2017-04-12 12:23 - 2017-03-28 00:12 - 00862208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-04-12 12:23 - 2017-03-28 00:12 - 00827904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-04-12 12:23 - 2017-03-28 00:12 - 00691200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-04-12 12:23 - 2017-03-28 00:12 - 00654336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2017-04-12 12:23 - 2017-03-28 00:12 - 00620544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-04-12 12:23 - 2017-03-28 00:12 - 00598528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2017-04-12 12:23 - 2017-03-28 00:12 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-04-12 12:23 - 2017-03-28 00:12 - 00542208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2017-04-12 12:23 - 2017-03-28 00:12 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
2017-04-12 12:23 - 2017-03-28 00:11 - 02994176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-04-12 12:23 - 2017-03-28 00:11 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-04-12 12:23 - 2017-03-28 00:11 - 01600000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-04-12 12:23 - 2017-03-28 00:11 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll
2017-04-12 12:23 - 2017-03-28 00:11 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2017-04-12 12:23 - 2017-03-28 00:10 - 02483200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-04-12 12:23 - 2017-03-28 00:09 - 03106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2017-04-12 12:23 - 2017-03-28 00:08 - 01564160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-04-12 12:23 - 2017-03-28 00:08 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2017-04-12 12:23 - 2017-03-28 00:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RADCUI.dll
2017-04-12 12:23 - 2017-03-15 23:38 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CompPkgSup.dll
2017-04-12 12:22 - 2017-03-28 01:36 - 01617760 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-04-12 12:22 - 2017-03-28 01:36 - 01294688 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-04-12 12:22 - 2017-03-28 01:36 - 00565088 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-04-12 12:22 - 2017-03-28 01:36 - 00343904 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-04-12 12:22 - 2017-03-28 01:36 - 00142176 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-04-12 12:22 - 2017-03-28 01:35 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-04-12 12:22 - 2017-03-28 01:32 - 00198856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2017-04-12 12:22 - 2017-03-28 01:29 - 02213248 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-04-12 12:22 - 2017-03-28 01:28 - 07786336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-04-12 12:22 - 2017-03-28 01:28 - 00773720 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-04-12 12:22 - 2017-03-28 01:26 - 00603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2017-04-12 12:22 - 2017-03-28 01:26 - 00218520 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2017-04-12 12:22 - 2017-03-28 01:22 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-04-12 12:22 - 2017-03-28 01:20 - 01181024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-04-12 12:22 - 2017-03-28 01:20 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-04-12 12:22 - 2017-03-28 01:18 - 01705976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-04-12 12:22 - 2017-03-28 01:12 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-04-12 12:22 - 2017-03-28 01:11 - 02187616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-04-12 12:22 - 2017-03-28 01:11 - 01860288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-04-12 12:22 - 2017-03-28 01:11 - 01738560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-04-12 12:22 - 2017-03-28 01:11 - 00402784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-04-12 12:22 - 2017-03-28 01:11 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-04-12 12:22 - 2017-03-28 01:10 - 07220184 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-04-12 12:22 - 2017-03-28 01:10 - 02758648 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-04-12 12:22 - 2017-03-28 01:10 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-04-12 12:22 - 2017-03-28 01:10 - 01157008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-04-12 12:22 - 2017-03-28 01:10 - 00178528 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll
2017-04-12 12:22 - 2017-03-28 01:10 - 00146776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-04-12 12:22 - 2017-03-28 01:09 - 02446704 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2017-04-12 12:22 - 2017-03-28 01:09 - 00682816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-04-12 12:22 - 2017-03-28 01:09 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-04-12 12:22 - 2017-03-28 01:09 - 00097128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Credentials.UI.CredentialPicker.dll
2017-04-12 12:22 - 2017-03-28 01:08 - 01267504 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2017-04-12 12:22 - 2017-03-28 01:08 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-04-12 12:22 - 2017-03-28 01:08 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-04-12 12:22 - 2017-03-28 01:06 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-04-12 12:22 - 2017-03-28 01:05 - 22221368 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-04-12 12:22 - 2017-03-28 01:05 - 08168512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-04-12 12:22 - 2017-03-28 01:05 - 04260576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-04-12 12:22 - 2017-03-28 01:05 - 01988048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-04-12 12:22 - 2017-03-28 01:05 - 01848584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2017-04-12 12:22 - 2017-03-28 01:05 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-04-12 12:22 - 2017-03-28 01:05 - 01302136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-04-12 12:22 - 2017-03-28 01:05 - 01072248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-04-12 12:22 - 2017-03-28 01:04 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-04-12 12:22 - 2017-03-28 01:04 - 01276760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-04-12 12:22 - 2017-03-28 01:04 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-04-12 12:22 - 2017-03-28 01:04 - 00160088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2017-04-12 12:22 - 2017-03-28 01:00 - 01569184 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-04-12 12:22 - 2017-03-28 01:00 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-04-12 12:22 - 2017-03-28 00:59 - 02533728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-04-12 12:22 - 2017-03-28 00:58 - 00387872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-04-12 12:22 - 2017-03-28 00:58 - 00372440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2017-04-12 12:22 - 2017-03-28 00:44 - 07216640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-04-12 12:22 - 2017-03-28 00:42 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2017-04-12 12:22 - 2017-03-28 00:41 - 00372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-04-12 12:22 - 2017-03-28 00:41 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-04-12 12:22 - 2017-03-28 00:40 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2017-04-12 12:22 - 2017-03-28 00:40 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll
2017-04-12 12:22 - 2017-03-28 00:40 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-04-12 12:22 - 2017-03-28 00:39 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-04-12 12:22 - 2017-03-28 00:38 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-04-12 12:22 - 2017-03-28 00:38 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-04-12 12:22 - 2017-03-28 00:38 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-04-12 12:22 - 2017-03-28 00:38 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2017-04-12 12:22 - 2017-03-28 00:37 - 22568960 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-04-12 12:22 - 2017-03-28 00:37 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp
2017-04-12 12:22 - 2017-03-28 00:37 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apds.dll
2017-04-12 12:22 - 2017-03-28 00:37 - 00177664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2017-04-12 12:22 - 2017-03-28 00:37 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll
2017-04-12 12:22 - 2017-03-28 00:37 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManagerProxy.dll
2017-04-12 12:22 - 2017-03-28 00:37 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-04-12 12:22 - 2017-03-28 00:37 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DdcWnsListener.dll
2017-04-12 12:22 - 2017-03-28 00:36 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ipsecsnp.dll
2017-04-12 12:22 - 2017-03-28 00:36 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-04-12 12:22 - 2017-03-28 00:36 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2017-04-12 12:22 - 2017-03-28 00:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpRelayTransport.dll
2017-04-12 12:22 - 2017-03-28 00:36 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-04-12 12:22 - 2017-03-28 00:36 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2017-04-12 12:22 - 2017-03-28 00:36 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll
2017-04-12 12:22 - 2017-03-28 00:36 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicDisplay.sys
2017-04-12 12:22 - 2017-03-28 00:36 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-04-12 12:22 - 2017-03-28 00:36 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-04-12 12:22 - 2017-03-28 00:35 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-04-12 12:22 - 2017-03-28 00:35 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2017-04-12 12:22 - 2017-03-28 00:35 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2017-04-12 12:22 - 2017-03-28 00:35 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-04-12 12:22 - 2017-03-28 00:35 - 00156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.Client.dll
2017-04-12 12:22 - 2017-03-28 00:35 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.SystemManagement.dll
2017-04-12 12:22 - 2017-03-28 00:35 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2017-04-12 12:22 - 2017-03-28 00:35 - 00113152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Lights.dll
2017-04-12 12:22 - 2017-03-28 00:35 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-04-12 12:22 - 2017-03-28 00:35 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll
2017-04-12 12:22 - 2017-03-28 00:35 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Printers.dll
2017-04-12 12:22 - 2017-03-28 00:34 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp
2017-04-12 12:22 - 2017-03-28 00:34 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.SyncEngine.dll
2017-04-12 12:22 - 2017-03-28 00:34 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2017-04-12 12:22 - 2017-03-28 00:34 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_ClosedCaptioning.dll
2017-04-12 12:22 - 2017-03-28 00:34 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBroker.dll
2017-04-12 12:22 - 2017-03-28 00:34 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll
2017-04-12 12:22 - 2017-03-28 00:34 - 00113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll
2017-04-12 12:22 - 2017-03-28 00:34 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2017-04-12 12:22 - 2017-03-28 00:33 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.XboxLive.Storage.dll
2017-04-12 12:22 - 2017-03-28 00:33 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ipsmsnap.dll
2017-04-12 12:22 - 2017-03-28 00:33 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-04-12 12:22 - 2017-03-28 00:33 - 00196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll
2017-04-12 12:22 - 2017-03-28 00:33 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinRtTracing.dll
2017-04-12 12:22 - 2017-03-28 00:33 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFi.dll
2017-04-12 12:22 - 2017-03-28 00:33 - 00182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceDirectoryClient.dll
2017-04-12 12:22 - 2017-03-28 00:33 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Core.dll
2017-04-12 12:22 - 2017-03-28 00:33 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2017-04-12 12:22 - 2017-03-28 00:33 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll
2017-04-12 12:22 - 2017-03-28 00:33 - 00082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.UserDeviceAssociation.dll
2017-04-12 12:22 - 2017-03-28 00:32 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-04-12 12:22 - 2017-03-28 00:32 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-04-12 12:22 - 2017-03-28 00:32 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-04-12 12:22 - 2017-03-28 00:32 - 00271360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2017-04-12 12:22 - 2017-03-28 00:32 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-04-12 12:22 - 2017-03-28 00:32 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WwaApi.dll
2017-04-12 12:22 - 2017-03-28 00:32 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vaultcli.dll
2017-04-12 12:22 - 2017-03-28 00:32 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Radios.dll
2017-04-12 12:22 - 2017-03-28 00:32 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-04-12 12:22 - 2017-03-28 00:31 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-04-12 12:22 - 2017-03-28 00:31 - 00547840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Input.dll
2017-04-12 12:22 - 2017-03-28 00:31 - 00418304 _____ C:\WINDOWS\system32\Windows.Perception.Stub.dll
2017-04-12 12:22 - 2017-03-28 00:31 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-04-12 12:22 - 2017-03-28 00:31 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-04-12 12:22 - 2017-03-28 00:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.Phone.dll
2017-04-12 12:22 - 2017-03-28 00:31 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2017-04-12 12:22 - 2017-03-28 00:31 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-04-12 12:22 - 2017-03-28 00:31 - 00276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-04-12 12:22 - 2017-03-28 00:31 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2017-04-12 12:22 - 2017-03-28 00:31 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-04-12 12:22 - 2017-03-28 00:31 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-04-12 12:22 - 2017-03-28 00:31 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-04-12 12:22 - 2017-03-28 00:31 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SerialCommunication.dll
2017-04-12 12:22 - 2017-03-28 00:31 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Lights.dll
2017-04-12 12:22 - 2017-03-28 00:30 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebcamUi.dll
2017-04-12 12:22 - 2017-03-28 00:30 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NaturalLanguage6.dll
2017-04-12 12:22 - 2017-03-28 00:30 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sbe.dll
2017-04-12 12:22 - 2017-03-28 00:30 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-04-12 12:22 - 2017-03-28 00:30 - 00692224 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2017-04-12 12:22 - 2017-03-28 00:30 - 00651264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll
2017-04-12 12:22 - 2017-03-28 00:30 - 00568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.LowLevel.dll
2017-04-12 12:22 - 2017-03-28 00:30 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll
2017-04-12 12:22 - 2017-03-28 00:30 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-04-12 12:22 - 2017-03-28 00:30 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2017-04-12 12:22 - 2017-03-28 00:30 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafpos.dll
2017-04-12 12:22 - 2017-03-28 00:30 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-04-12 12:22 - 2017-03-28 00:29 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.dll
2017-04-12 12:22 - 2017-03-28 00:29 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Import.dll
2017-04-12 12:22 - 2017-03-28 00:29 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-04-12 12:22 - 2017-03-28 00:29 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2017-04-12 12:22 - 2017-03-28 00:29 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2017-04-12 12:22 - 2017-03-28 00:29 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-04-12 12:22 - 2017-03-28 00:29 - 00379904 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2017-04-12 12:22 - 2017-03-28 00:29 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-04-12 12:22 - 2017-03-28 00:29 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-04-12 12:22 - 2017-03-28 00:29 - 00293888 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-04-12 12:22 - 2017-03-28 00:29 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2017-04-12 12:22 - 2017-03-28 00:29 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2017-04-12 12:22 - 2017-03-28 00:29 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-04-12 12:22 - 2017-03-28 00:29 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2017-04-12 12:22 - 2017-03-28 00:29 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-04-12 12:22 - 2017-03-28 00:29 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-04-12 12:22 - 2017-03-28 00:29 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2017-04-12 12:22 - 2017-03-28 00:29 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-04-12 12:22 - 2017-03-28 00:28 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-04-12 12:22 - 2017-03-28 00:28 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll
2017-04-12 12:22 - 2017-03-28 00:28 - 00551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-04-12 12:22 - 2017-03-28 00:28 - 00456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-04-12 12:22 - 2017-03-28 00:28 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-04-12 12:22 - 2017-03-28 00:28 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-04-12 12:22 - 2017-03-28 00:28 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-04-12 12:22 - 2017-03-28 00:28 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Picker.dll
2017-04-12 12:22 - 2017-03-28 00:28 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-04-12 12:22 - 2017-03-28 00:28 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-04-12 12:22 - 2017-03-28 00:28 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2017-04-12 12:22 - 2017-03-28 00:27 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2017-04-12 12:22 - 2017-03-28 00:27 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2017-04-12 12:22 - 2017-03-28 00:27 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.PointOfService.dll
2017-04-12 12:22 - 2017-03-28 00:27 - 00671744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mbsmsapi.dll
2017-04-12 12:22 - 2017-03-28 00:27 - 00645120 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2017-04-12 12:22 - 2017-03-28 00:27 - 00472064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2017-04-12 12:22 - 2017-03-28 00:27 - 00441856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2017-04-12 12:22 - 2017-03-28 00:27 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-04-12 12:22 - 2017-03-28 00:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WwaApi.dll
2017-04-12 12:22 - 2017-03-28 00:27 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-04-12 12:22 - 2017-03-28 00:26 - 01145344 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2017-04-12 12:22 - 2017-03-28 00:26 - 00642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll
2017-04-12 12:22 - 2017-03-28 00:26 - 00549376 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-04-12 12:22 - 2017-03-28 00:26 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2017-04-12 12:22 - 2017-03-28 00:26 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2017-04-12 12:22 - 2017-03-28 00:26 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-04-12 12:22 - 2017-03-28 00:26 - 00284160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-04-12 12:22 - 2017-03-28 00:25 - 18364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-04-12 12:22 - 2017-03-28 00:25 - 01196544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2017-04-12 12:22 - 2017-03-28 00:25 - 01010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-04-12 12:22 - 2017-03-28 00:25 - 00966144 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbe.dll
2017-04-12 12:22 - 2017-03-28 00:25 - 00963584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebcamUi.dll
2017-04-12 12:22 - 2017-03-28 00:25 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2017-04-12 12:22 - 2017-03-28 00:25 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-04-12 12:22 - 2017-03-28 00:25 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-04-12 12:22 - 2017-03-28 00:24 - 19416576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-04-12 12:22 - 2017-03-28 00:24 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-04-12 12:22 - 2017-03-28 00:24 - 06288384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-04-12 12:22 - 2017-03-28 00:24 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2017-04-12 12:22 - 2017-03-28 00:24 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-04-12 12:22 - 2017-03-28 00:23 - 09130496 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-04-12 12:22 - 2017-03-28 00:23 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-04-12 12:22 - 2017-03-28 00:23 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-04-12 12:22 - 2017-03-28 00:23 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-04-12 12:22 - 2017-03-28 00:23 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2017-04-12 12:22 - 2017-03-28 00:23 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManMigrationPlugin.dll
2017-04-12 12:22 - 2017-03-28 00:22 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2017-04-12 12:22 - 2017-03-28 00:22 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll
2017-04-12 12:22 - 2017-03-28 00:21 - 23681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-04-12 12:22 - 2017-03-28 00:21 - 03778048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-04-12 12:22 - 2017-03-28 00:21 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2017-04-12 12:22 - 2017-03-28 00:21 - 01403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll
2017-04-12 12:22 - 2017-03-28 00:21 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTMediaFrame.dll
2017-04-12 12:22 - 2017-03-28 00:21 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CastLaunch.dll
2017-04-12 12:22 - 2017-03-28 00:20 - 01105408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll
2017-04-12 12:22 - 2017-03-28 00:20 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-04-12 12:22 - 2017-03-28 00:19 - 07655424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-04-12 12:22 - 2017-03-28 00:19 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-04-12 12:22 - 2017-03-28 00:19 - 00442368 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-04-12 12:22 - 2017-03-28 00:19 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2017-04-12 12:22 - 2017-03-28 00:19 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2017-04-12 12:22 - 2017-03-28 00:18 - 12181504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-04-12 12:22 - 2017-03-28 00:18 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-04-12 12:22 - 2017-03-28 00:18 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-04-12 12:22 - 2017-03-28 00:18 - 01078784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2017-04-12 12:22 - 2017-03-28 00:18 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2017-04-12 12:22 - 2017-03-28 00:17 - 13087232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-04-12 12:22 - 2017-03-28 00:17 - 05114368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2017-04-12 12:22 - 2017-03-28 00:17 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-04-12 12:22 - 2017-03-28 00:17 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2017-04-12 12:22 - 2017-03-28 00:17 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-04-12 12:22 - 2017-03-28 00:16 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2017-04-12 12:22 - 2017-03-28 00:16 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2017-04-12 12:22 - 2017-03-28 00:16 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-04-12 12:22 - 2017-03-28 00:15 - 02390016 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-04-12 12:22 - 2017-03-28 00:15 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2017-04-12 12:22 - 2017-03-28 00:15 - 00945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-04-12 12:22 - 2017-03-28 00:15 - 00937984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-04-12 12:22 - 2017-03-28 00:15 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2017-04-12 12:22 - 2017-03-28 00:15 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Geolocation.dll
2017-04-12 12:22 - 2017-03-28 00:15 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2017-04-12 12:22 - 2017-03-28 00:15 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2017-04-12 12:22 - 2017-03-28 00:14 - 08126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-04-12 12:22 - 2017-03-28 00:14 - 03520512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2017-04-12 12:22 - 2017-03-28 00:14 - 01692160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-04-12 12:22 - 2017-03-28 00:14 - 01643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2017-04-12 12:22 - 2017-03-28 00:14 - 01080320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Ocr.dll
2017-04-12 12:22 - 2017-03-28 00:14 - 00975872 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-04-12 12:22 - 2017-03-28 00:14 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-04-12 12:22 - 2017-03-28 00:14 - 00913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2017-04-12 12:22 - 2017-03-28 00:14 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-04-12 12:22 - 2017-03-28 00:14 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2017-04-12 12:22 - 2017-03-28 00:14 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Geolocation.dll
2017-04-12 12:22 - 2017-03-28 00:14 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2017-04-12 12:22 - 2017-03-28 00:14 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-04-12 12:22 - 2017-03-28 00:13 - 06045184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-04-12 12:22 - 2017-03-28 00:13 - 04596224 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2017-04-12 12:22 - 2017-03-28 00:13 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-04-12 12:22 - 2017-03-28 00:13 - 02095616 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-04-12 12:22 - 2017-03-28 00:13 - 01359872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-04-12 12:22 - 2017-03-28 00:13 - 01040896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalLanguage6.dll
2017-04-12 12:22 - 2017-03-28 00:13 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-04-12 12:22 - 2017-03-28 00:13 - 00759296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-04-12 12:22 - 2017-03-28 00:13 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-04-12 12:22 - 2017-03-28 00:13 - 00611328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.dll
2017-04-12 12:22 - 2017-03-28 00:13 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
2017-04-12 12:22 - 2017-03-28 00:12 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-04-12 12:22 - 2017-03-28 00:12 - 02208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll
2017-04-12 12:22 - 2017-03-28 00:12 - 02026496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-04-12 12:22 - 2017-03-28 00:12 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-04-12 12:22 - 2017-03-28 00:12 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2017-04-12 12:22 - 2017-03-28 00:12 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2017-04-12 12:22 - 2017-03-28 00:11 - 02914816 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-04-12 12:22 - 2017-03-28 00:11 - 01981440 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-04-12 12:22 - 2017-03-28 00:11 - 01576448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2017-04-12 12:22 - 2017-03-28 00:11 - 01275392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2017-04-12 12:22 - 2017-03-28 00:11 - 00765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2017-04-12 12:22 - 2017-03-28 00:10 - 08076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-04-12 12:22 - 2017-03-28 00:10 - 02424320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Perception.dll
2017-04-12 12:22 - 2017-03-28 00:10 - 02316288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-04-12 12:22 - 2017-03-28 00:10 - 01783296 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-04-12 12:22 - 2017-03-28 00:10 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-04-12 12:22 - 2017-03-28 00:10 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2017-04-12 12:22 - 2017-03-28 00:10 - 01424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2017-04-12 12:22 - 2017-03-28 00:10 - 01266176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2017-04-12 12:22 - 2017-03-28 00:10 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-04-12 12:22 - 2017-03-28 00:10 - 00875520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-04-12 12:22 - 2017-03-28 00:10 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2017-04-12 12:22 - 2017-03-28 00:10 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-04-12 12:22 - 2017-03-28 00:09 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-04-12 12:22 - 2017-03-28 00:09 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-04-12 12:22 - 2017-03-28 00:09 - 01369088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll
2017-04-12 12:22 - 2017-03-28 00:09 - 01328640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2017-04-12 12:22 - 2017-03-28 00:09 - 01131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-04-12 12:22 - 2017-03-28 00:09 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-04-12 12:22 - 2017-03-28 00:09 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-04-12 12:22 - 2017-03-28 00:08 - 03612672 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-04-12 12:22 - 2017-03-28 00:08 - 03542016 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2017-04-12 12:22 - 2017-03-28 00:08 - 02895872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-04-12 12:22 - 2017-03-28 00:08 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2017-04-12 12:22 - 2017-03-28 00:07 - 00908800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2017-04-12 12:22 - 2017-03-28 00:07 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2017-04-12 12:22 - 2017-03-28 00:07 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2017-04-12 12:22 - 2017-03-28 00:06 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-04-12 12:22 - 2017-03-28 00:06 - 00999424 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-04-12 12:22 - 2017-03-28 00:06 - 00924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2017-04-12 12:22 - 2017-03-28 00:05 - 01633792 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-04-12 12:22 - 2017-03-27 23:48 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-04-12 12:22 - 2017-03-18 11:50 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-04-12 12:22 - 2017-03-18 11:35 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-04-12 12:22 - 2017-03-15 23:47 - 00038768 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompPkgSup.dll
2017-04-02 08:15 - 2017-04-02 08:15 - 00087904 _____ (Microsoft Corporation) C:\WINDOWS\system32\UNPUXWorker.exe
2017-04-01 03:24 - 2017-04-01 03:24 - 00000852 _____ C:\Users\Zach\AppData\Local\recently-used.xbel
2017-04-01 03:24 - 2017-04-01 03:24 - 00000000 ____D C:\Users\Zach\.thumbnails
2017-04-01 03:21 - 2017-04-01 03:21 - 00000000 ____D C:\Users\Zach\AppData\Local\gegl-0.2
2017-04-01 03:21 - 2017-04-01 03:21 - 00000000 ____D C:\Users\Zach\AppData\Local\fontconfig
2017-03-29 20:06 - 2017-04-19 16:16 - 00000043 _____ C:\Users\Zach\jagex_cl_oldschool_LIVE.dat
2017-03-29 19:04 - 2017-03-29 19:04 - 00833024 ____N C:\WINDOWS\system32\tprdpw32.exe
2017-03-29 01:51 - 2017-04-25 22:39 - 00001966 _____ C:\Users\Public\Desktop\RuneMate.lnk
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-28 10:56 - 2016-07-16 01:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-04-28 10:55 - 2017-01-09 06:59 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-28 10:54 - 2017-01-09 06:56 - 00000000 ____D C:\ProgramData\NVIDIA
2017-04-28 10:54 - 2016-06-09 14:07 - 00000000 ____D C:\Users\Zach\AppData\Local\CrashDumps
2017-04-28 10:36 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2017-04-28 10:33 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-04-28 10:33 - 2016-04-25 19:38 - 00000000 ____D C:\Users\Zach\AppData\Local\Packages
2017-04-28 10:32 - 2016-04-25 20:19 - 00000000 ____D C:\Program Files (x86)\Steam
2017-04-28 10:26 - 2016-04-25 19:39 - 00000000 ____D C:\Program Files (x86)\Google
2017-04-28 10:07 - 2017-01-09 06:55 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-04-28 09:59 - 2017-03-26 02:36 - 00002045 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-04-28 09:54 - 2017-03-26 02:36 - 00000000 ____D C:\Program Files\adasdasd
2017-04-28 09:25 - 2017-01-09 06:56 - 00000000 ____D C:\Users\Zach
2017-04-28 09:25 - 2016-05-26 10:30 - 00000024 _____ C:\Users\Zach\random.dat
2017-04-28 09:24 - 2016-04-25 19:59 - 00000000 ____D C:\Users\Zach\AppData\Local\Battle.net
2017-04-28 06:24 - 2016-04-25 19:56 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-04-28 06:03 - 2016-05-03 22:31 - 00000000 ____D C:\Users\Zach\AppData\Roaming\.minecraft
2017-04-28 05:08 - 2016-05-26 10:30 - 00000024 _____ C:\Users\Zach\jagexappletviewer.preferences
2017-04-28 05:06 - 2016-05-26 10:30 - 00000043 _____ C:\Users\Zach\jagex_cl_runescape_LIVE.dat
2017-04-27 21:59 - 2016-05-28 17:39 - 00000044 _____ C:\Users\Zach\jagex_cl_runescape_LIVE1.dat
2017-04-27 04:36 - 2016-04-25 20:10 - 00000000 ____D C:\Users\Zach\AppData\Roaming\Skype
2017-04-27 03:09 - 2016-04-25 20:10 - 00002640 _____ C:\Users\Public\Desktop\Skype.lnk
2017-04-27 03:09 - 2016-04-25 20:10 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-04-27 03:09 - 2016-04-25 20:10 - 00000000 ____D C:\ProgramData\Skype
2017-04-27 03:09 - 2016-03-03 14:49 - 00000000 ____D C:\ProgramData\Package Cache
2017-04-26 06:31 - 2016-06-06 20:03 - 00000000 ____D C:\Users\Zach\AppData\Local\Spotify
2017-04-26 06:11 - 2016-06-06 19:53 - 00000000 ____D C:\Users\Zach\AppData\Roaming\Spotify
2017-04-25 22:39 - 2017-03-26 21:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RuneMate
2017-04-25 22:39 - 2017-03-26 21:40 - 00000000 ____D C:\Program Files (x86)\RuneMate
2017-04-25 04:33 - 2016-05-17 14:37 - 00000000 ____D C:\Users\Zach\AppData\Local\Warframe
2017-04-24 04:51 - 2016-04-25 19:59 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2017-04-23 11:51 - 2017-03-26 02:36 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-04-22 00:26 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-04-22 00:26 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-04-19 12:42 - 2017-01-09 06:55 - 00343392 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-04-19 00:39 - 2016-05-03 22:30 - 00000000 ____D C:\Program Files (x86)\Minecraft
2017-04-18 23:01 - 2017-01-09 07:02 - 00003266 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-04-18 23:01 - 2016-04-25 19:39 - 00002360 _____ C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-04-18 23:01 - 2016-04-25 19:39 - 00000000 ___RD C:\Users\Zach\OneDrive
2017-04-18 22:47 - 2017-03-24 19:13 - 00000000 ____D C:\Users\Zach\AppData\Local\Jagex
2017-04-18 22:47 - 2017-03-24 19:13 - 00000000 ____D C:\ProgramData\Jagex
2017-04-18 22:46 - 2016-07-16 06:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-04-18 22:46 - 2016-07-16 06:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-04-18 22:46 - 2016-03-03 14:51 - 00000000 ____D C:\Program Files\Microsoft Office
2017-04-18 22:43 - 2017-01-29 19:12 - 00000000 ____D C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dustin Blackman
2017-04-18 22:43 - 2017-01-29 19:12 - 00000000 ____D C:\Users\Zach\AppData\Local\Championify
2017-04-18 22:43 - 2016-05-25 19:03 - 00000000 ____D C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2017-04-18 22:43 - 2016-05-25 19:02 - 00000000 ____D C:\Users\Zach\AppData\Local\Discord
2017-04-18 19:18 - 2017-01-12 23:00 - 00000000 ____D C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HearthSim
2017-04-18 19:18 - 2017-01-12 23:00 - 00000000 ____D C:\Users\Zach\AppData\Local\HearthstoneDeckTracker
2017-04-14 15:18 - 2017-03-26 02:36 - 00077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-04-14 13:06 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\rescache
2017-04-13 11:03 - 2016-02-13 08:20 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-04-13 11:01 - 2016-07-16 06:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-04-13 11:01 - 2016-07-16 06:47 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-04-13 11:01 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-04-13 11:01 - 2016-07-16 06:47 - 00000000 ___RD C:\Program Files\Windows Defender
2017-04-13 11:01 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2017-04-13 11:01 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\setup
2017-04-13 11:01 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-04-13 11:01 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-04-13 11:01 - 2016-07-16 06:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-04-13 11:01 - 2016-07-16 06:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-04-13 11:01 - 2016-07-16 06:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-04-13 11:01 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-04-13 10:27 - 2016-04-26 11:28 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-04-13 10:26 - 2016-04-26 11:28 - 148601744 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-04-09 10:26 - 2017-03-26 02:36 - 00111544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-04-09 10:26 - 2017-03-26 02:36 - 00092096 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-04-09 10:26 - 2017-03-26 02:36 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-04-09 03:27 - 2016-05-19 15:30 - 00000000 ____D C:\Users\Zach\AppData\Local\Eclipse
2017-04-07 19:50 - 2016-04-26 11:28 - 00532136 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-04-06 14:00 - 2017-03-26 02:36 - 00186304 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-04-03 21:42 - 2016-04-25 19:39 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-03 21:42 - 2016-04-25 19:39 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-03 10:18 - 2017-01-09 06:59 - 00003496 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachineDaily
2017-04-03 10:18 - 2017-01-09 06:59 - 00003360 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachine
2017-04-03 10:18 - 2016-05-11 15:43 - 00000000 ____D C:\Program Files (x86)\Gyazo
2017-04-01 13:52 - 2016-07-16 06:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-04-01 13:52 - 2016-07-16 06:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-29 20:06 - 2016-05-26 10:30 - 00000000 ____D C:\Users\Zach\jagexcache
 
==================== Files in the root of some directories =======
 
2017-04-01 03:24 - 2017-04-01 03:24 - 0000852 _____ () C:\Users\Zach\AppData\Local\recently-used.xbel
2016-07-07 22:39 - 2016-07-07 22:39 - 0007605 _____ () C:\Users\Zach\AppData\Local\Resmon.ResmonCfg
2017-01-09 06:56 - 2017-01-09 06:56 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Files to move or delete:
====================
C:\Users\Zach\AppData\Roaming\Interstatnogui\interstatnogui.exe
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-04-23 17:18
 
==================== End of FRST.txt ============================


#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,185 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:45 PM

Posted 28 April 2017 - 12:11 PM

  • Please download Malwarebytes Anti-Rootkit and save the file to your Desktop.
  • Right-Click MBAR.exe and select AVOiBNU.jpgRun as administrator to run the installer.
  • Select your Desktop as the location to extract the contents and click OK. The programme should open upon completion.
  • Click Next, followed by Update. Upon update completion, click Next.
  • Ensure Drivers, Sectors & System are checked and click Scan.
  • Note: Do not use your computer during the scan.
  • Upon completion:
    • If no infection is found, close the MBAR window.
    • If an infection is found, ensure Create Restore Point is checked and click Cleanup. Reboot when prompted.
  • Two logs (mbar-log.txt and system-log.txt) will be created. Copy the contents of both logs and paste in your next reply. Both logs can be found in the MBAR folder.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 Zeathe

Zeathe
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 28 April 2017 - 12:25 PM

Mbar Log - Malwarebytes Anti-Rootkit BETA 1.9.4.1001

www.malwarebytes.org
 
Database version:
  main:    v2017.04.28.07
  rootkit: v2017.04.02.01
 
Windows 10 x64 NTFS (Safe Mode/Networking)
Internet Explorer 11.1066.14393.0
Zach :: ZACH [administrator]
 
4/28/2017 12:14:44 PM
mbar-log-2017-04-28 (12-14-44).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 273990
Time elapsed: 5 minute(s), 55 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 3
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NetUtils2016 (Adware.NetUtils) -> Delete on reboot. [611624d20a9eb185d8a6dfd69869ea16]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\drmkpro64 (Rootkit.Agent.PUA) -> Delete on reboot. [4b2cd71fbceccc6a43162c1a15ec8f71]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDOWSMANAGEMENTSERVICE (Trojan.Clicker) -> Delete on reboot. [7502d91d4167a096ebe59322936ef20e]
 
Registry Values Detected: 1
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDOWSMANAGEMENTSERVICE|ImagePath (Trojan.Clicker) -> Data: "C:\Users\Zach\AppData\Local\eopzmc\ct.exe" /svc -> Delete on reboot. [7502d91d4167a096ebe59322936ef20e]
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 8
C:\WINDOWS\SYSTEM32\drivers\ndistpr64.sys (Rootkit.Agent.PUA) -> Delete on reboot. [06010fff408a9d867ca7b51afc3d0c5e]
c:\windows\system32\tprdpw32.exe (Rootkit.Agent.PUA) -> Delete on reboot. [5e1971858721f0461274affe5ca5e51b]
C:\Users\Zach\AppData\Local\Temp\423021656\ic-0.92d38aba8ea2e8.exe (Adware.OptimizerEliteMax) -> Delete on reboot. [43346f87eeba35010604ba4fd62ae51b]
C:\Users\Zach\AppData\Local\ejrjzrxh\qdcomsvc.exe (Adware.Yelloader) -> Delete on reboot. [c5b29363099fcc6abf75279511f05ea2]
c:\users\zach\appdata\local\eopzmc\ct.exe (Adware.Yelloader) -> Delete on reboot. [a4d3fbfb832542f4c073ab1112ef56aa]
C:\Windows\System32\NetUtils2016.dll (Adware.NetUtils) -> Delete on reboot. [2156e2146840fa3c52c9bd6ba0603dc3]
C:\Windows\System32\drivers\NetUtils2016.sys (Adware.NetUtils) -> Delete on reboot. [999995e6e594d8f7aa72029c8eb2b952]
C:\Windows\System32\drivers\etc\hosts (Hijack.HostFile) -> Bad: (127.0.0.1 clients2.google.com ) Good: () -> Replace on reboot. [8fe809ed1692c472795f5dce5aa628d8]
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
 
System Log- ---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.4.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 10.0.9200 Windows 10 x64
 
System is currently in a safe mode
 
Account is Administrative
 
Internet Explorer version: 11.1066.14393.0
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 4.008000 GHz
Memory total: 17140727808, free: 15083945984
 
Downloaded database version: v2017.04.28.07
=======================================
Initializing...
Driver version: 0.3.0.4
------------ Kernel report ------------
     04/28/2017 12:14:41
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\system32\drivers\ndistpr64.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\system32\drivers\NDIS.SYS
\SystemRoot\system32\drivers\TDI.SYS
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\isapnp.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\nvraid.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\drivers\pcmcia.sys
\SystemRoot\System32\drivers\bxvbda.sys
\SystemRoot\System32\drivers\vmbus.sys
\SystemRoot\System32\drivers\hvsocket.sys
\SystemRoot\System32\drivers\vmbkmcl.sys
\SystemRoot\System32\drivers\winhv.sys
\SystemRoot\System32\drivers\pciide.sys
\SystemRoot\System32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\intelide.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\sdbus.sys
\SystemRoot\System32\drivers\evbda.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorV.sys
\SystemRoot\System32\drivers\vstxraid.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\3ware.sys
\SystemRoot\System32\drivers\amdsata.sys
\SystemRoot\System32\drivers\amdxata.sys
\SystemRoot\System32\drivers\amdsbs.sys
\SystemRoot\System32\drivers\arcsas.sys
\SystemRoot\System32\drivers\iaStorAV.sys
\SystemRoot\System32\drivers\lsi_sas.sys
\SystemRoot\System32\drivers\lsi_sas2i.sys
\SystemRoot\System32\drivers\lsi_sas3i.sys
\SystemRoot\System32\drivers\lsi_sss.sys
\SystemRoot\System32\drivers\megasas.sys
\SystemRoot\System32\drivers\megasr.sys
\SystemRoot\System32\drivers\mvumis.sys
\SystemRoot\System32\drivers\nvstor.sys
\SystemRoot\System32\drivers\percsas2i.sys
\SystemRoot\System32\drivers\percsas3i.sys
\SystemRoot\System32\drivers\SiSRaid2.sys
\SystemRoot\System32\drivers\sisraid4.sys
\SystemRoot\System32\drivers\stexstor.sys
\SystemRoot\System32\drivers\atapi.sys
\SystemRoot\System32\drivers\ataport.SYS
\SystemRoot\System32\drivers\vsmraid.sys
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\stornvme.sys
\SystemRoot\System32\drivers\ADP80XX.SYS
\SystemRoot\System32\drivers\HpSAMD.sys
\SystemRoot\System32\drivers\MegaSas2i.sys
\SystemRoot\System32\drivers\EhStorTcgDrv.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\drivers\storvsc.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\drivers\vmstorfl.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\USBSTOR.SYS
\SystemRoot\System32\drivers\uaspstor.sys
\SystemRoot\System32\drivers\storufs.sys
\SystemRoot\System32\drivers\sdstor.sys
\SystemRoot\System32\drivers\scmbus.sys
\SystemRoot\System32\drivers\sbp2port.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\WINDOWS\system32\drivers\NetUtils2016.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\bwcW10x64.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\iaLPSS2i_I2C.sys
\SystemRoot\system32\drivers\SpbCx.sys
\SystemRoot\System32\drivers\TeeDriverW8x64.sys
\SystemRoot\System32\drivers\asmtxhci.sys
\SystemRoot\System32\drivers\e2xw10x64.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\iaLPSS2i_GPIO2.sys
\SystemRoot\System32\Drivers\msgpioclx.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\acpipagr.sys
\SystemRoot\System32\drivers\UEFI.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\system32\drivers\LGBusEnum.sys
\SystemRoot\system32\drivers\LGJoyXlCore.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\SiUSBXp.sys
\SystemRoot\system32\drivers\SiLib.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\asmthub3.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_storahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\System32\drivers\condrv.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2017.04.28.07
  rootkit: v2017.04.02.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffe1049a42b060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe1049a43aae0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe1049a42b060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffe104987d6e40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe104987d8e40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe104987dd060, DeviceName: \Device\0000003d\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File C:\WINDOWS\SYSTEM32\drivers\ndistpr64.sys will be destroyed
Infected: C:\WINDOWS\SYSTEM32\drivers\ndistpr64.sys --> [Rootkit.Agent.PUA]
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 0
 
GPT Protective MBR Partition information:
 
    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
GPT Partition information:
 
    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 3414390865
    GPT Header CurrentLba = 1 BackupLba 488397167
    GPT Header FirstUsableLba 34  LastUsableLba 488397134
    GPT Header Guid 18250002-70a4-4652-98f3-e1af672faec6
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128
 
    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 3414390865
    Backup GPT header CurrentLba = 488397167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 488397134
    Backup GPT header Guid 18250002-70a4-4652-98f3-e1af672faec6
    Backup GPT header Contains 128 partition entries starting at LBA 488397135
    Backup GPT header Partition entry size = 128
 
    Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID dacae230-ff62-4854-ad63-24f9969eba60
    FirstLBA 2048  Last LBA 923647
    Attributes 1
    Partition Name                 Basic data partition
 
    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID c2bb6dbc-481c-4590-85b1-431be55f2a
    FirstLBA 923648  Last LBA 1126399
    Attributes 0
    Partition Name                 EFI system partition
 
    GPT Partition 1 is bootable
    Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 2858ee78-fb8c-4f4a-b97-1c8a657f42d
    FirstLBA 1126400  Last LBA 1159167
    Attributes 0
    Partition Name         Microsoft reserved partition
 
    Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 261c260-a8a4-47c7-ab6a-97a55269fea
    FirstLBA 1159168  Last LBA 488396799
    Attributes 0
    Partition Name                 Basic data partition
 
Disk Size: 250059350016 bytes
Sector size: 512 bytes
 
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffe1049a42a060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe1049a455040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe1049a42a060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffe104987d6c40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe104987d6040, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe104987db060, DeviceName: \Device\0000003e\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 0
 
GPT Protective MBR Partition information:
 
    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
GPT Partition information:
 
    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 3211609983
    GPT Header CurrentLba = 1 BackupLba 1953525167
    GPT Header FirstUsableLba 34  LastUsableLba 1953525134
    GPT Header Guid 5a1dc000-8aa0-4d21-a3ea-cd84efcdf1
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128
 
    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 3211609983
    Backup GPT header CurrentLba = 1953525167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 1953525134
    Backup GPT header Guid 5a1dc000-8aa0-4d21-a3ea-cd84efcdf1
    Backup GPT header Contains 128 partition entries starting at LBA 1953525135
    Backup GPT header Partition entry size = 128
 
    Partition 0 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID dc7da3c7-2ea8-40a7-a93f-7877b4d44e50
    FirstLBA 34  Last LBA 262177
    Attributes 0
    Partition Name         Microsoft reserved partition
 
    Partition 1 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID d1e2d5d3-d5d8-4753-acdd-ceedfdbf5737
    FirstLBA 264192  Last LBA 1953523711
    Attributes 0
    Partition Name                 Basic data partition
 
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
 
Done!
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xffffe104974dd060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe104974e19c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe104974dd060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
DevicePointer: 0xffffe104974de060, DeviceName: \Device\00000040\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 0
 
Partition information:
 
    Partition 0 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 32  Numsec = 242614240
    Partition is not bootable
    Partition file system is FAT32
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
Disk Size: 124218507264 bytes
Sector size: 512 bytes
 
Done!
Infected: c:\windows\system32\tprdpw32.exe --> [Rootkit.Agent.PUA]
Infected: C:\Users\Zach\AppData\Local\Temp\423021656\ic-0.92d38aba8ea2e8.exe --> [Adware.OptimizerEliteMax]
Infected: C:\Users\Zach\AppData\Local\ejrjzrxh\qdcomsvc.exe --> [Adware.Yelloader]
Infected: c:\users\zach\appdata\local\eopzmc\ct.exe --> [Adware.Yelloader]
File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768)
Infected: C:\Windows\System32\NetUtils2016.dll --> [Adware.NetUtils]
File C:\Windows\System32\drivers\NetUtils2016.sys will be destroyed
Infected: C:\Windows\System32\drivers\NetUtils2016.sys --> [Adware.NetUtils]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NetUtils2016 --> [Adware.NetUtils]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\drmkpro64 --> [Rootkit.Agent.PUA]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDOWSMANAGEMENTSERVICE|ImagePath --> [Trojan.Clicker]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDOWSMANAGEMENTSERVICE --> [Trojan.Clicker]
Infected: C:\Windows\System32\drivers\etc\hosts --> [Hijack.HostFile]
Scan finished
Creating System Restore point...
Could not create restore point...
Cleaning up...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,185 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:45 PM

Posted 28 April 2017 - 12:34 PM

Download the attached file and save it in the same directory FRST64 is saved.

  • Start FRST64 with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

Please download Junkware Removal Tool to your Desktop.

  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.

Download AdwCleaner from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

iO5EZayK.png


  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this

adwcleaner_delete_restart.jpg


  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 Zeathe

Zeathe
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 28 April 2017 - 12:49 PM

Fix Log- Fix result of Farbar Recovery Scan Tool (x64) Version: 27-04-2017

Ran by Zach (28-04-2017 12:41:01) Run:2
Running from C:\Users\Zach\Desktop
Loaded Profiles: Zach (Available Profiles: Zach)
Boot Mode: Safe Mode (with Networking)
==============================================
 
fixlist content:
*****************
Task: {07ABA8E6-C32F-414C-851F-AA754EE1D232} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION 
Task: {16061F12-E0E5-4EAC-9A6A-694D07A333CD} - \Updater_Online_Application -> No File <==== ATTENTION 
Task: {21DB0BAB-F6A0-4A1F-B48C-CFF03362AB50} - \Online Application V2G1 -> No File <==== ATTENTION 
Task: {56E73983-A813-4FFD-A3E7-BE01E89C1F71} - \Online Application V2G2 -> No File <==== ATTENTION 
Task: {5C8605C9-220E-404D-A9E3-3AE05598FBCD} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION 
Task: {94559025-BE11-4C71-8436-A6E0D405DCEB} - \Online Application V2G3 -> No File <==== ATTENTION 
Task: {C3DE10B9-CF84-402C-8155-D11EBFB29788} - System32\Tasks\HDWallPaper => C:\Program Files (x86)\HDWallPaper\HDWallPaper.exe  <==== ATTENTION 
HKU\S-1-5-21-2757729625-709039285-700629499-1003\...\Run: [Interstatnogui] => C:\Users\Zach\AppData\Roaming\Interstatnogui\interstatnogui.exe [2987352 2017-04-28] (IT Genius) <===== ATTENTION 
S2 windowsmanagementservice; C:\Users\Zach\AppData\Local\eopzmc\ct.exe [947200 2017-03-29] () [File not signed] <==== ATTENTION 
C:\Users\Zach\AppData\Local\eopzmc
R0 drmkpro64; C:\WINDOWS\System32\drivers\ndistpr64.sys [78112 2013-09-28] () [File not signed] <==== ATTENTION 
C:\WINDOWS\System32\drivers\ndistpr64.sys
R1 NetUtils2016; C:\WINDOWS\system32\drivers\NetUtils2016.sys [907160 2017-04-28] () <==== ATTENTION 
C:\WINDOWS\system32\drivers\NetUtils2016.sys
Task: {07ABA8E6-C32F-414C-851F-AA754EE1D232} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION 
Task: {16061F12-E0E5-4EAC-9A6A-694D07A333CD} - \Updater_Online_Application -> No File <==== ATTENTION 
Task: {21DB0BAB-F6A0-4A1F-B48C-CFF03362AB50} - \Online Application V2G1 -> No File <==== ATTENTION 
Task: {56E73983-A813-4FFD-A3E7-BE01E89C1F71} - \Online Application V2G2 -> No File <==== ATTENTION 
Task: {5C8605C9-220E-404D-A9E3-3AE05598FBCD} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION 
Task: {94559025-BE11-4C71-8436-A6E0D405DCEB} - \Online Application V2G3 -> No File <==== ATTENTION 
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File] 
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File] 
2017-04-28 08:28 - 2017-04-28 08:28 - 00000000 ____D C:\Users\Zach\AppData\Local\Tempzxpsignaf17be341287575a 
2017-04-28 08:28 - 2017-04-28 08:28 - 00000000 ____D C:\Users\Zach\AppData\Local\Tempzxpsign0b2e242e5f07f26b 
2017-04-28 08:27 - 2017-04-28 08:27 - 00000000 ____D C:\Users\Zach\AppData\Local\Tempzxpsigne55cb9584d820330 
2017-04-28 08:26 - 2017-04-28 08:26 - 00000000 ____D C:\Users\Zach\AppData\Local\Tempzxpsign77defc96c785a5c1 
2017-04-28 08:25 - 2017-04-28 08:25 - 00000000 ____D C:\Users\Zach\AppData\Local\Tempzxpsignf5a00191f0e12cb0 
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden <==== ATTENTION 
Online Application (x32 Version: 2.6.0 - Microleaves) Hidden <==== ATTENTION 
HKU\S-1-5-21-2757729625-709039285-700629499-1003\...\Run: [Interstatnogui] => C:\Users\Zach\AppData\Roaming\Interstatnogui\interstatnogui.exe [2987352 2017-04-28] (IT Genius) <===== ATTENTION
C:\Users\Zach\AppData\Roaming\Interstatnogui
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => 127.0.0.1:8003
ProxyEnable: [S-1-5-19] => Proxy is enabled.
ProxyServer: [S-1-5-19] => 127.0.0.1:8003
ProxyEnable: [S-1-5-20] => Proxy is enabled.
ProxyServer: [S-1-5-20] => 127.0.0.1:8003
ProxyServer: [S-1-5-21-2757729625-709039285-700629499-1003] => 127.0.0.1:8003
C:\Users\Zach\AppData\Roaming\Interstatnogui\interstatnogui.exe
Hosts:
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{f6f3c355-1799-471d-8df1-1f5d967ae6ba}: [DhcpNameServer] 192.168.0.1
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON 
CMD: ipconfig /flushdns 
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP: 
Reboot:
 
*****************
 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07ABA8E6-C32F-414C-851F-AA754EE1D232} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{16061F12-E0E5-4EAC-9A6A-694D07A333CD} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater_Online_Application => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21DB0BAB-F6A0-4A1F-B48C-CFF03362AB50} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G1 => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56E73983-A813-4FFD-A3E7-BE01E89C1F71} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G2 => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C8605C9-220E-404D-A9E3-3AE05598FBCD} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94559025-BE11-4C71-8436-A6E0D405DCEB} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G3 => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C3DE10B9-CF84-402C-8155-D11EBFB29788} => key not found. 
C:\WINDOWS\System32\Tasks\HDWallPaper => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HDWallPaper => key not found. 
HKU\S-1-5-21-2757729625-709039285-700629499-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Interstatnogui => value not found.
windowsmanagementservice => service not found.
"C:\Users\Zach\AppData\Local\eopzmc" => not found.
drmkpro64 => service not found.
"C:\WINDOWS\System32\drivers\ndistpr64.sys" => not found.
NetUtils2016 => service not found.
"C:\WINDOWS\system32\drivers\NetUtils2016.sys" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07ABA8E6-C32F-414C-851F-AA754EE1D232} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{16061F12-E0E5-4EAC-9A6A-694D07A333CD} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater_Online_Application => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21DB0BAB-F6A0-4A1F-B48C-CFF03362AB50} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G1 => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56E73983-A813-4FFD-A3E7-BE01E89C1F71} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G2 => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C8605C9-220E-404D-A9E3-3AE05598FBCD} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94559025-BE11-4C71-8436-A6E0D405DCEB} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G3 => key not found. 
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3 => key not found. 
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9 => key not found. 
"C:\Users\Zach\AppData\Local\Tempzxpsignaf17be341287575a" => not found.
"C:\Users\Zach\AppData\Local\Tempzxpsign0b2e242e5f07f26b" => not found.
"C:\Users\Zach\AppData\Local\Tempzxpsigne55cb9584d820330" => not found.
"C:\Users\Zach\AppData\Local\Tempzxpsign77defc96c785a5c1" => not found.
"C:\Users\Zach\AppData\Local\Tempzxpsignf5a00191f0e12cb0" => not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}\\SystemComponent => value not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}\\SystemComponent => value not found.
HKU\S-1-5-21-2757729625-709039285-700629499-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Interstatnogui => value not found.
"C:\Users\Zach\AppData\Roaming\Interstatnogui" => not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value not found.
HKU\S-1-5-21-2757729625-709039285-700629499-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value not found.
"C:\Users\Zach\AppData\Roaming\Interstatnogui\interstatnogui.exe" => not found.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f6f3c355-1799-471d-8df1-1f5d967ae6ba}\\DhcpNameServer => value removed successfully
 
========= netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset C:\resettcpip.txt =========
 
Resetting Interface, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.
 
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
 
Failed to clear log AirSpaceChannel. The requested operation cannot be performed over an enabled direct channel. The channel must first be disabled before performing the requested operation.
Failed to clear log Microsoft-Windows-LiveId/Analytic. Access is denied.
Failed to clear log Microsoft-Windows-LiveId/Operational. Access is denied.
 
========= End of CMD: =========
 
 
========= Bitsadmin /Reset /Allusers =========
 
 
BITSADMIN version 3.0
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to connect to BITS - 0x8007043c
This service cannot be started in Safe Mode
 
 
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9459312 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 10059854 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
Zach => 25030 B
 
RecycleBin => 0 B
EmptyTemp: => 18.6 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 12:41:07 ====
 
 
 
JRT Log- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Home x64 
Ran by Zach (Limited) on Fri 04/28/2017 at 12:42:53.76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 1 
 
Successfully deleted: C:\Users\Zach\AppData\Roaming\microleaves (Folder) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 04/28/2017 at 12:43:26.99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
ADW Log- # AdwCleaner v6.046 - Logfile created 28/04/2017 at 12:45:30
# Updated on 24/04/2017 by Malwarebytes
# Database : 2017-04-28.1 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : Zach - ZACH
# Running from : C:\Users\Zach\Desktop\adwcleaner_6.046.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
No malicious services found.
 
 
***** [ Folders ] *****
 
Folder Found:  C:\Users\Zach\AppData\Local\AppTrailers
Folder Found:  C:\Users\Zach\AppData\Local\AdvinstAnalytics
Folder Found:  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget
Folder Found:  C:\Users\Zach\AppData\Roaming\AGData
 
 
***** [ Files ] *****
 
No malicious files found.
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
No malicious task found.
 
 
***** [ Registry ] *****
 
Key Found:  HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WindowService
Key Found:  [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WindowService
Key Found:  HKU\S-1-5-21-2757729625-709039285-700629499-1003\Software\Interstatnogui
Key Found:  HKU\S-1-5-21-2757729625-709039285-700629499-1003\Software\AppDataLow\Software\AppTrailers
Key Found:  HKCU\Software\Interstatnogui
Key Found:  HKCU\Software\AppDataLow\Software\AppTrailers
Key Found:  HKLM\SOFTWARE\Microleaves
Key Found:  HKLM\SOFTWARE\mbs_install
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
Key Found:  [x64] HKCU\Software\Interstatnogui
Key Found:  [x64] HKCU\Software\AppDataLow\Software\AppTrailers
Key Found:  [x64] HKLM\SOFTWARE\HDWallpaper
Key Found:  HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
Key Found:  HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
Key Found:  [x64] HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
Key Found:  [x64] HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
Value Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [chromebrowser]
Value Found:  HKU\S-1-5-21-2757729625-709039285-700629499-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Interstatnogui]
Value Found:  HKU\S-1-5-21-2757729625-709039285-700629499-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Spoutly.exe]
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
No malicious Chromium based browser items found.
 
*************************
 
C:\AdwCleaner\AdwCleaner[S0].txt - [3109 Bytes] - [28/04/2017 12:45:30]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3182 Bytes] ##########


#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,185 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:45 PM

Posted 28 April 2017 - 01:09 PM

That was fast.

 

One more scan and  let me know how is i doing:

 

favicon-32x32.png Please download Malwarebytes to your desktop.
 
Double-click mb3-setup-1878.1878-3.4.5.2467.exe and follow the prompts to install the program.
 
Once the program has fully updated, Proceed with the Scan options and select "Threat Scan".
 
The Scan Pane is the introduction to scan-related options in the program. When you click Scan in the Menu Pane, you will see the screen shown below.
 
10a.png
 
After a scan has been executed, scan results are displayed as shown below. In this scan, three threats were detected.
 
13a.png
 
Put a checkmark on all detected and click on "Quarantine Selected"
 
18a.png
 
Selected reports may be viewed on screen, or exported to a text file for later viewing. Please note that only manual (on demand) scans are available for users of the free version of Malwarebytes.
 
19a.png
 
Please note that an Export button is shown at the bottom left corner of this screen. This allows you to make a copy of the log for use by other programs. You may export to your clipboard or to a text (TXT) file. Export to a .txt file and post its contents.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 Zeathe

Zeathe
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 28 April 2017 - 01:16 PM

Log- Malwarebytes

www.malwarebytes.com
 
-Log Details-
Scan Date: 4/28/17
Scan Time: 1:12 PM
Logfile: Malwarebytes Log.txt
Administrator: Yes
 
-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.75
Update Package Version: 1.0.1832
License: Free
 
-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: ZACH\Zach
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 358474
Time Elapsed: 1 min, 10 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 2
PUP.Optional.BetterAds, HKLM\SOFTWARE\WOW6432NODE\betterads, Quarantined, [476], [383836],1.0.1832
PUP.Optional.WindowService, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\REALTEK_AMD64, Quarantined, [633], [384877],1.0.1832
 
Registry Value: 4
PUM.Optional.LowRiskFileTypes, HKU\S-1-5-21-2757729625-709039285-700629499-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\ASSOCIATIONS|LOWRISKFILETYPES, Quarantined, [15248], [251589],1.0.1832
PUP.Optional.AppTrailers, HKU\S-1-5-21-2757729625-709039285-700629499-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UFH\SHC|33, Quarantined, [825], [393166],1.0.1832
PUP.Optional.AppTrailers, HKU\S-1-5-21-2757729625-709039285-700629499-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UFH\SHC|34, Quarantined, [825], [393166],1.0.1832
PUP.Optional.WindowService, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\REALTEK_AMD64|IMAGEPATH, Quarantined, [633], [384877],1.0.1832
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 3
PUP.Optional.OnlineIO, C:\WINDOWS\INSTALLER\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Quarantined, [534], [391425],1.0.1832
PUP.Optional.InterStat, C:\Users\Zach\AppData\Local\CrashRpt\UnsentCrashReports\Interstatnogui_389\Logs, Quarantined, [1347], [373566],1.0.1832
PUP.Optional.InterStat, C:\USERS\ZACH\APPDATA\LOCAL\CRASHRPT\UNSENTCRASHREPORTS\Interstatnogui_389, Quarantined, [1347], [373566],1.0.1832
 
File: 5
PUP.Optional.OnlineIO, C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}\online.exe, Quarantined, [534], [391425],1.0.1832
PUP.Optional.OnlineIO, C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}\SystemFoldermsiexec.exe, Quarantined, [534], [391425],1.0.1832
Rootkit.Agent.PUA, C:\PROGRAMDATA\MALWAREBYTES' ANTI-MALWARE (PORTABLE)\NDISTPR64.SYS-K.MBAM, Quarantined, [6707], [384893],1.0.1832
Trojan.Clicker, C:\WINDOWS\SYSTEM32\TPRDPW32.EXE, Quarantined, [26], [384598],1.0.1832
PUP.Optional.OnlineIO, C:\WINDOWS\INSTALLER\SOURCEHASH{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Quarantined, [534], [391431],1.0.1832
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)

Edited by Zeathe, 28 April 2017 - 01:39 PM.


#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,185 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:45 PM

Posted 28 April 2017 - 02:27 PM

Entries still popping out.

 

Temporarily disable your AntiVirus and AntiSpyware protection - instructions here.

  • Please visit the ESET Online Scanner website
  • Click the SCAN NOW button to download the esetonlinescanner_enu.exe file to the Desktop
  • Double click esetonlinescanner_enu.exe. Accept the Terms of Use
  • Select Enable detection of potentially unwanted applications
  • In Advanced Settings: make sure that Clean threats automatically is unchecked
  • And Enable detection of potentially unsafe applications, Enable detection of suspicious applications, Scan archives, and Enable Anti-Stealth technology are all checked.
  • Click Scan
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When completed it'll show a list of "Threats found", click beneath it on Save to text file.... and save it as ESET log.txt on your Desktop.
  • Then click Do not clean. Place a checkmark at Delete application's data on close, click Finish and close the program.


Post the ESET log.txt report.

Don't forget to re-enable previously switched-off protection software!


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 Zeathe

Zeathe
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 28 April 2017 - 05:04 PM

ESET Log-

C:\Users\Zach\Desktop\cc_setup529.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application



#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,185 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:45 PM

Posted 28 April 2017 - 06:07 PM

If that was it, congratulations. Your system seems clear.

 

Lets do some cleanup of the tools we used.

 

Please download DelFix by Xplode and save to your Desktop.

  • Double-click on delfix.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator.
  • Put a check mark next to these items:
    - Remove disinfection tools
    - Create registry backup
    delfix.jpg
    .
  • Click the "Run" button.
  • When the tool has finished, it will create and open a log report (DelFix.txt)

 

 

Always keep your antivirus active and updated.

 

Best regards.      :hello:

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 Zeathe

Zeathe
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 28 April 2017 - 06:19 PM

It seems a little better now but my chrome still gets redirected to a page called "Rambler" when I search for stuff.



#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,185 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:45 PM

Posted 28 April 2017 - 06:39 PM

Reset Chrome to its default.

 

Google Chrome has an option that will reset itself to its default settings. To find this option, click the menu button (three horizontal lines) in the upper-right corner of the browser window and select “Settings”. Start typing “reset settings” in the search box. Settings matching the search term start displaying. Click the Perform a search for “reset browser” and you’ll see the Reset browser settings button.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 Zeathe

Zeathe
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 28 April 2017 - 06:45 PM

That doesn't seem to work. Should I just re-install the whole browser?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users