Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible malware - Folder with 10 files recreated after reboot even if deleted


  • This topic is locked This topic is locked
1 reply to this topic

#1 GoshenBleeping

GoshenBleeping

  • Members
  • 264 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:35 PM

Posted 28 April 2017 - 09:00 PM

We borrowed a DVD (made in 1998) from the library. After watching the movie, we noticed that a new folder was 
 
created with 10 files. If I delete the folder and reboot, the folder is created with a different name and the 10 
 
files are created with different names. Never happened before. Note that if I delete this folder, when I reboot a 
 
similar folder with a different name will be created and the folder will contain 10 files but the names will be 
 
different than the ones shown below.
 
Folder name = Xfound154
Folder contents:
   carleton_bridge.jpg
   christian_percent_blind_recommended.pem
   hook_other_blanche_hence.txt
   lawyers apparently discrete.docx
   louisiana_variety_identification.rtf
   occurs colleagues inch thousands.sql
   polishuncleworrytheater.xls
   subjects.rug.basically.mdb
   tMXpJEDSU.xlsx
   windssamcollar.doc
 
I have pasted the FIRST.txt log and have attached the Addition.txt log.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-04-2017
Ran by David (administrator) on DAVID-PC (28-04-2017 21:52:15)
Running from C:\Users\David\Desktop
Loaded Profiles: David (Available Profiles: David & GailandDavid & Admin2 & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IObit) C:\Apps\IObit\IMFsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
() C:\Apps\BitMeter\BitMeterCaptureService.exe
() C:\Apps\BitMeter\BitMeterWebService.exe
(Cybereason) C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Cybereason) C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Malwarebytes) C:\Apps\Malwarebytes\mbamtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Malwarebytes) C:\Apps\Malwarebytes\MBAMService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(IObit) C:\Apps\IObit\IMF.exe
(IObit) C:\Apps\IObit\IMFTips.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will 
 
not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3738344 2015-10-08] (ELAN Microelectronics 
 
Corp.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\APPS\MALWAREBYTES\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher
 
\Avira.SystrayStartTrigger.exe [63432 2017-03-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [909744 2017-03-23] (Avira 
 
Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010
 
-03-12] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Apps\IObit\IMF.exe [5296416 2017-04-11] (IObit)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2521311373-2542757604-1943815622-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2521311373-2542757604-1943815622-1000\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-2521311373-2542757604-1943815622-1000\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-2521311373-2542757604-1943815622-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe 
 
[1421736 2017-03-28] (Garmin Ltd. or its subsidiaries)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall LastPass 
 
RunOnce.lnk [2017-04-03]
ShortcutTarget: Uninstall LastPass RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
GroupPolicy: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{2D6CCD8F-809C-4413-A7E1-E20D8FE77253}: [DhcpNameServer] 68.105.28.11 68.105.29.11 
 
68.105.28.12
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-2521311373-2542757604-1943815622-1000\Software\Microsoft\Internet Explorer\Main,Start Page = 
 
about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2521311373-2542757604-1943815622-1000 -> DefaultScope {6C322376-5C95-4D82-9F3E-
 
D67D3CB15E2D} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:
 
{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-2521311373-2542757604-1943815622-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = 
SearchScopes: HKU\S-1-5-21-2521311373-2542757604-1943815622-1000 -> {6C322376-5C95-4D82-9F3E-D67D3CB15E2D} URL = 
 
hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie=
 
{inputEncoding?}&oe={outputEncoding?}
BHO: Google Analytics Opt-out Browser Add-on -> {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} -> C:\Program Files
 
\Google\Google Analytics Opt-Out\gaoptout_x64.dll [2014-04-03] (Google, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files
 
\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft 
 
Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll [2015-06-09] ()
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files
 
\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: Google Analytics Opt-out Browser Add-on -> {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} -> C:\Program Files 
 
(x86)\Google\Google Analytics Opt-Out\gaoptout.dll [2014-04-03] (Google, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files 
 
(x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files 
 
(x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: AviraBrowserSafety.BrowserSafety -> {c3c77255-42c0-499f-b664-6e981a0b1647} -> C:\Windows
 
\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll [2015-06-09] 
 
()
BHO-x32: IObit Ads Removal -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Apps\IObit\Surfing Protection\Adblock
 
\Adblock.dll [2016-12-22] (IObit)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2015-06-09] ()
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll [2015-06-
 
09] ()
Toolbar: HKU\S-1-5-21-2521311373-2542757604-1943815622-1000 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:
 
\Program Files\WOT\WOT.dll [2015-06-09] ()
Handler-x32: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - C:\Windows\system32\mscoree.dll [2010-11-20] 
 
(Microsoft Corporation)
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll [2015-06-09] ()
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll [2015-06-09] ()
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\UGV3KXr8.default [2017-04-27]
FF NewTab: Mozilla\Firefox\Profiles\UGV3KXr8.default -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\UGV3KXr8.default -> Yahoo! Powered
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\UGV3KXr8.default -> Yahoo! Powered
FF Homepage: Mozilla\Firefox\Profiles\UGV3KXr8.default -> about:blank
FF Keyword.URL: Mozilla\Firefox\Profiles\UGV3KXr8.default -> user_pref("keyword.URL", true);
FF Extension: (Disconnect) - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\UGV3KXr8.default\Extensions
 
\2.0@disconnect.me.xpi [2017-04-12]
FF Extension: (IObit Surfing Protection & Ads Removal) - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles
 
\UGV3KXr8.default\Extensions\ascsurfingprotectionnew@iobit.com.xpi [2016-10-25]
FF Extension: (Blur) - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\UGV3KXr8.default\Extensions
 
\donottrackplus@abine.com.xpi [2017-03-31]
FF Extension: (Google Analytics Opt-out Add-on (by Google)) - C:\Users\David\AppData\Roaming\Mozilla\Firefox
 
\Profiles\UGV3KXr8.default\Extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2017-03-31]
FF Extension: (WOT) - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\UGV3KXr8.default\Extensions
 
\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2016-06-16]
FF Extension: (Video DownloadHelper) - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\UGV3KXr8.default
 
\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-03-31]
FF Extension: (Adblock Plus) - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\UGV3KXr8.default
 
\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-02-22]
FF Extension: (Site Deployment Checker) - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles
 
\UGV3KXr8.default\features\{29d1e168-7ea7-4b97-9ac7-e6b8059bed63}\deployment-checker@mozilla.org.xpi [2017-03-31]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-12] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll 
 
[2017-03-09] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] 
 
(Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-12] 
 
()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1228198.dll [2017-02-27] 
 
(Adobe Systems, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Apps\Picasa\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight
 
\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] 
 
(Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] 
 
(Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update
 
\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update
 
\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Apps\VlcMediaPlayer\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] 
 
(Adobe Systems Inc.)
StartMenuInternet: FIREFOX.EXE - C:\Apps\Firefox\firefox.exe
 
Chrome: 
=======
CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Default [2017-04-28]
CHR Extension: (Google Drive) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions
 
\apdfllckaahabafndbhieahigkjlhalf [2017-03-21]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\David\AppData\Local\Google\Chrome\User 
 
Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2017-03-21]
CHR Extension: (YouTube) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions
 
\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-21]
CHR Extension: (Adblock Plus) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions
 
\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-21]
CHR Extension: (Adobe Acrobat) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions
 
\efaidnbmnnnibpcajpcglclefindmkaj [2017-04-12]
CHR Extension: (Google Analytics Opt-out Add-on (by Google)) - C:\Users\David\AppData\Local\Google\Chrome\User 
 
Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh [2017-03-21]
CHR Extension: (AdBlock) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions
 
\gighmmpiobklfepjocnamgkkbiglidom [2017-04-15]
CHR Extension: (Disconnect) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions
 
\jeoacafpbcihiomhlakheieifhpjdfeo [2017-03-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default
 
\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-21]
CHR Extension: (Gmail) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions
 
\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-21]
CHR Extension: (Chrome Media Router) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions
 
\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-25]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - 
 
hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - 
 
hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless 
 
listed separately.)
 
S3 !SASCORE; C:\Apps\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1115552 2017-03-23] (Avira Operations 
 
GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [487432 2017-03-23] (Avira 
 
Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [487432 2017-03-23] (Avira Operations GmbH 
 
& Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1519136 2017-03-23] (Avira Operations 
 
GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [349560 2017-03-09] (Avira 
 
Operations GmbH & Co. KG)
R2 BitMeterCaptureService; C:\Apps\BitMeter\BitMeterCaptureService.exe [85425 2011-05-22] () [File not signed]
R2 BitMeterWebService; C:\Apps\BitMeter\BitMeterWebService.exe [141456 2011-05-22] () [File not signed]
R2 CybereasonRansomFree; C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe [19344 
 
2017-04-12] (Cybereason)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144104 2015-10-08] (ELAN Microelectronics Corp.)
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe 
 
[1099280 2017-03-28] (Garmin Ltd. or its subsidiaries)
R2 IMFservice; C:\Apps\IObit\IMFsrv.exe [1764640 2017-04-11] (IObit)
R2 MBAMService; C:\Apps\Malwarebytes\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless 
 
listed separately.)
 
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [176968 2017-03-23] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [148104 2017-03-23] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35328 2017-03-23] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2017-03-23] (Avira Operations GmbH & Co. KG)
S3 bpenum; C:\Windows\System32\DRIVERS\bpenum.sys [84480 2011-11-30] (Intel Corporation) [File not signed]
S3 bpmp; C:\Windows\System32\DRIVERS\bpmp.sys [182272 2011-11-30] (Intel Corporation) [File not signed]
S3 bpusb; C:\Windows\System32\Drivers\bpusb.sys [84992 2011-11-30] (Intel Corporation) [File not signed]
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-04-15] ()
R1 IMFCameraProtect; C:\Windows\system32\drivers\IMFCameraProtect.sys [26272 2017-03-29] (IObit.com)
R3 IMFDownProtect; C:\Apps\IObit\drivers\win7_amd64\IMFDownProtect.sys [21360 2017-03-08] (IObit.com)
R3 IMFFilter; C:\Apps\IObit\Drivers\win7_amd64\IMFFilter.sys [22440 2016-12-22] (IObit)
R3 IMFForceDelete; C:\Apps\IObit\drivers\win7_amd64\IMFForceDelete.sys [16216 2017-03-29] (IObit.com)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251832 2017-04-28] (Malwarebytes)
R3 RegFilter; C:\Apps\IObit\drivers\win7_amd64\regfilter.sys [34752 2016-11-03] (IObit.com)
S3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation      
 
                     )
R1 SASDIFSV; C:\Apps\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and 
 
SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Apps\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and 
 
SUPERAntiSpyware.com)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
U5 UnlockerDriver5; C:\Apps\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 MBAMFarflt; \??\C:\Windows\system32\drivers\farflt.sys [X]
S3 MFE_RR; \??\C:\Users\David\AppData\Local\Temp\mfe_rr.sys [X] <==== ATTENTION
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless 
 
listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-28 21:52 - 2017-04-28 21:52 - 00019538 _____ C:\Users\David\Desktop\FRST.txt
2017-04-28 21:51 - 2017-04-28 21:52 - 00000000 ____D C:\FRST
2017-04-28 21:46 - 2017-04-28 21:52 - 00000789 _____ C:\Users\David\Desktop\new 1.txt
2017-04-28 21:43 - 2017-04-28 21:43 - 00000000 __SHD C:\Users\David\Desktop\ This folder protects against 
 
Ransomware. Just leave it here
2017-04-28 21:43 - 2017-04-28 21:43 - 00000000 ___HD C:\Users\David\Documents\Nfound79
2017-04-28 21:43 - 2017-04-28 21:43 - 00000000 ___HD C:\Users\David\Documents\Lconfiguration165
2017-04-28 21:42 - 2017-04-28 21:42 - 00514258 _____ C:\Users\Acl5czbk\cuts-estimated-exposed.xlsx
2017-04-28 21:42 - 2017-04-28 21:42 - 00503729 _____ C:\Users\Uv3c8w\faith-hardly-renaissance-falls.xlsx
2017-04-28 21:42 - 2017-04-28 21:42 - 00232640 _____ C:\Users\Acl5czbk\EDETCQ.mdb
2017-04-28 21:42 - 2017-04-28 21:42 - 00208352 _____ C:\Users\Uv3c8w\ar8K.mdb
2017-04-28 21:42 - 2017-04-28 21:42 - 00071268 _____ C:\Users\Uv3c8w\purpose_charge_gathered_rigor.xls
2017-04-28 21:42 - 2017-04-28 21:42 - 00062750 _____ C:\Users\Acl5czbk\societiespouredhealth.xls
2017-04-28 21:42 - 2017-04-28 21:42 - 00057004 _____ C:\Users\Uv3c8w\swimming-cooling-scientists-british.pem
2017-04-28 21:42 - 2017-04-28 21:42 - 00050359 _____ C:\Users\Acl5czbk\press_sacrifice.pem
2017-04-28 21:42 - 2017-04-28 21:42 - 00024234 _____ C:\Users\Acl5czbk\planning-across-juice-needle.txt
2017-04-28 21:42 - 2017-04-28 21:42 - 00013544 _____ C:\Users\Uv3c8w\S9CcZCuO4xX5.txt
2017-04-28 21:42 - 2017-04-28 21:42 - 00012272 _____ C:\Users\Uv3c8w\own-acceptable-producing.sql
2017-04-28 21:42 - 2017-04-28 21:42 - 00011784 _____ C:\Users\Acl5czbk\pgkxsjY.sql
2017-04-28 21:42 - 2017-04-28 21:42 - 00000000 ___HD C:\Users\Uv3c8w
2017-04-28 21:42 - 2017-04-28 21:42 - 00000000 ___HD C:\Users\Acl5czbk
2017-04-28 21:42 - 2017-04-28 21:42 - 00000000 ____D C:\Xfound154
2017-04-28 21:42 - 2017-04-28 21:42 - 00000000 ____D C:\Acdate18
2017-04-28 21:40 - 2017-04-28 21:40 - 02427392 _____ (Farbar) C:\Users\David\Desktop\FRST64.exe
2017-04-28 21:26 - 2017-04-28 21:28 - 00203668 _____ C:\TDSSKiller.3.1.0.12_28.04.2017_21.26.43_log.txt
2017-04-28 19:49 - 2017-04-28 19:49 - 00000000 ____D C:\Program Files (x86)\GUM6DC1.tmp
2017-04-25 21:29 - 2017-04-25 21:29 - 00000314 _____ C:\Users\GailandDavid\Desktop\Breckenridge® Roll Tab Plaid 
 
Woven Top Elder-Beerman.URL
2017-04-25 21:19 - 2017-04-25 21:19 - 00000308 _____ C:\Users\GailandDavid\Desktop\Ruff Hewn Trapeze Twin Print 
 
Top Elder-Beerman.URL
2017-04-25 21:16 - 2017-04-25 21:16 - 00000324 _____ C:\Users\GailandDavid\Desktop\Breckenridge® Layered Look 
 
Neck Side Tie Knit Top Elder-Beerman.URL
2017-04-25 21:15 - 2017-04-25 21:15 - 00000327 _____ C:\Users\GailandDavid\Desktop\Breckenridge® Split Neck Lace 
 
Trim Shoulder Knit Top Elder-Beerman.URL
2017-04-25 21:06 - 2017-04-25 21:06 - 00000292 _____ C:\Users\GailandDavid\Desktop\Kasper® Denim Trouser Pants 
 
Elder-Beerman.URL
2017-04-25 20:48 - 2017-04-25 20:48 - 00000297 _____ C:\Users\GailandDavid\Desktop\Breckenridge® Revised Cargo 
 
Sheeting Capri Elder-Beerman.URL
2017-04-25 09:34 - 2017-04-25 09:35 - 00203742 _____ C:\TDSSKiller.3.1.0.12_25.04.2017_09.34.03_log.txt
2017-04-23 19:31 - 2017-04-23 19:31 - 00000000 ____D C:\Users\GailandDavid\AppData\Local\Cybereason
2017-04-23 19:30 - 2017-04-23 19:30 - 00000000 ____D C:\Users\GailandDavid\AppData\Roaming\Cybereason
2017-04-23 16:00 - 2017-04-23 16:00 - 00000000 ____D C:\Users\David\AppData\Roaming\Cybereason
2017-04-23 16:00 - 2017-04-23 16:00 - 00000000 ____D C:\Users\David\AppData\Local\Cybereason
2017-04-23 15:59 - 2017-04-23 15:59 - 00003992 _____ C:\Windows\System32\Tasks\Cybereason RansomFree Keepalive
2017-04-23 15:59 - 2017-04-23 15:59 - 00003098 _____ C:\Windows\System32\Tasks\Cybereason RansomFree Autostart
2017-04-23 15:59 - 2017-04-23 15:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs
 
\Cybereason RansomFree
2017-04-23 15:59 - 2017-04-23 15:59 - 00000000 ____D C:\ProgramData\Cybereason
2017-04-23 15:59 - 2017-04-23 15:59 - 00000000 ____D C:\Program Files (x86)\Cybereason
2017-04-23 15:28 - 2017-04-23 15:29 - 00000000 ____D C:\Users\David\AppData\Roaming\IObit
2017-04-23 15:28 - 2017-04-23 15:29 - 00000000 ____D C:\ProgramData\IObit
2017-04-23 15:28 - 2017-04-23 15:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit 
 
Malware Fighter
2017-04-23 15:28 - 2017-03-29 18:05 - 00026272 _____ (IObit.com) C:\Windows\system32\Drivers\IMFCameraProtect.sys
2017-04-23 15:20 - 2017-04-25 13:15 - 00000000 ____D C:\ProgramData\ProductData
2017-04-23 15:20 - 2017-04-24 09:35 - 00000000 ____D C:\Users\GailandDavid\AppData\LocalLow\IObit
2017-04-23 15:20 - 2017-04-23 15:30 - 00000000 ____D C:\Users\David\AppData\LocalLow\IObit
2017-04-23 15:20 - 2017-04-23 15:20 - 00000000 ____D C:\Users\GailandDavid\AppData\Roaming\IObit
2017-04-23 15:19 - 2017-04-23 15:19 - 00000000 ____D C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
2017-04-20 21:36 - 2017-04-28 21:40 - 00000000 ____D C:\Users\David\AppData\Roaming\Notepad++
2017-04-20 21:36 - 2017-04-20 21:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs
 
\Notepad++
2017-04-20 19:58 - 2017-04-20 19:58 - 00000000 ____D C:\Users\GailandDavid\AppData\Roaming\JGsoft
2017-04-20 19:57 - 2017-04-20 19:57 - 00000014 _____ C:\Users\David\Documents\new.txt
2017-04-20 19:56 - 2017-04-20 19:56 - 00000000 ____D C:\Users\David\AppData\Roaming\JGsoft
2017-04-20 15:50 - 2017-04-20 20:24 - 00001458 _____ C:\Users\GailandDavid\Desktop\belk shopping bag (not 
 
ordered).txt
2017-04-20 15:47 - 2017-04-20 15:47 - 00000281 _____ C:\Users\GailandDavid\Desktop\Checkout Shopping Bag Belk.URL
2017-04-20 13:04 - 2017-04-20 13:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google 
 
Earth
2017-04-20 09:27 - 2017-04-20 09:27 - 00000105 _____ C:\Users\GailandDavid\Desktop\Third Street Coffeehouse.url
2017-04-18 16:57 - 2017-04-18 16:58 - 00200840 _____ C:\TDSSKiller.3.1.0.12_18.04.2017_16.57.59_log.txt
2017-04-17 07:52 - 2017-04-17 07:53 - 00200840 _____ C:\TDSSKiller.3.1.0.12_17.04.2017_07.52.30_log.txt
2017-04-12 10:50 - 2017-04-12 10:50 - 00000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu
 
\Programs\FormatFactory
2017-04-12 10:15 - 2017-03-27 14:13 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-04-12 10:15 - 2017-03-27 13:28 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-04-12 10:15 - 2017-03-25 15:39 - 20284416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-04-12 10:15 - 2017-03-25 15:07 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-04-12 10:15 - 2017-03-25 15:06 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-04-12 10:15 - 2017-03-25 14:55 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-04-12 10:15 - 2017-03-25 14:52 - 02289152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-04-12 10:15 - 2017-03-25 14:51 - 01313280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-04-12 10:15 - 2017-03-25 14:48 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-04-12 10:15 - 2017-03-25 14:47 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-04-12 10:15 - 2017-03-25 14:47 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-04-12 10:15 - 2017-03-25 14:47 - 00047616 _____ (Microsoft Corporation) C:\Windows
 
\SysWOW64\ieetwproxystub.dll
2017-04-12 10:15 - 2017-03-25 14:46 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-04-12 10:15 - 2017-03-25 14:46 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-04-12 10:15 - 2017-03-25 14:46 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-04-12 10:15 - 2017-03-25 14:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-04-12 10:15 - 2017-03-25 14:46 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-04-12 10:15 - 2017-03-25 14:46 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-04-12 10:15 - 2017-03-25 14:46 - 00060416 _____ (Microsoft Corporation) C:\Windows
 
\SysWOW64\JavaScriptCollectionAgent.dll
2017-04-12 10:15 - 2017-03-25 14:46 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-04-12 10:15 - 2017-03-25 14:45 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-04-12 10:15 - 2017-03-25 14:45 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-04-12 10:15 - 2017-03-25 14:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-04-12 10:15 - 2017-03-25 14:45 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-04-12 10:15 - 2017-03-25 14:45 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-04-12 10:15 - 2017-03-25 14:45 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-04-12 10:15 - 2017-03-25 14:45 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-04-12 10:15 - 2017-03-25 14:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-04-12 10:15 - 2017-03-25 14:44 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-04-12 10:15 - 2017-03-25 14:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-04-12 10:15 - 2017-03-25 14:35 - 00004096 _____ (Microsoft Corporation) C:\Windows
 
\system32\ieetwcollectorres.dll
2017-04-12 10:15 - 2017-03-25 14:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-04-12 10:15 - 2017-03-25 14:14 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-04-12 10:15 - 2017-03-25 14:14 - 00048640 _____ (Microsoft Corporation) C:\Windows
 
\system32\ieetwproxystub.dll
2017-04-12 10:15 - 2017-03-25 14:13 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-04-12 10:15 - 2017-03-25 14:13 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-04-12 10:15 - 2017-03-25 14:10 - 02898432 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-04-12 10:15 - 2017-03-25 14:04 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-04-12 10:15 - 2017-03-25 14:02 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-04-12 10:15 - 2017-03-25 13:57 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-04-12 10:15 - 2017-03-25 13:56 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-04-12 10:15 - 2017-03-25 13:56 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-04-12 10:15 - 2017-03-25 13:56 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-04-12 10:15 - 2017-03-25 13:56 - 00114688 _____ (Microsoft Corporation) C:\Windows
 
\system32\ieetwcollector.exe
2017-04-12 10:15 - 2017-03-25 13:52 - 25746944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-04-12 10:15 - 2017-03-25 13:45 - 00968704 _____ (Microsoft Corporation) C:\Windows
 
\system32\MsSpellCheckingFacility.exe
2017-04-12 10:15 - 2017-03-25 13:41 - 06045696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-04-12 10:15 - 2017-03-25 13:41 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-04-12 10:15 - 2017-03-25 13:30 - 00077824 _____ (Microsoft Corporation) C:\Windows
 
\system32\JavaScriptCollectionAgent.dll
2017-04-12 10:15 - 2017-03-25 13:29 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-04-12 10:15 - 2017-03-25 13:24 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-04-12 10:15 - 2017-03-25 13:23 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-04-12 10:15 - 2017-03-25 13:20 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-04-12 10:15 - 2017-03-25 13:19 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-04-12 10:15 - 2017-03-25 13:17 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-04-12 10:15 - 2017-03-25 13:06 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-04-12 10:15 - 2017-03-25 13:04 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-04-12 10:15 - 2017-03-25 13:00 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-04-12 10:15 - 2017-03-25 12:59 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-04-12 10:15 - 2017-03-25 12:57 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-04-12 10:15 - 2017-03-25 12:57 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-04-12 10:15 - 2017-03-25 12:28 - 15259136 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-04-12 10:15 - 2017-03-25 12:27 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-04-12 10:15 - 2017-03-25 12:24 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-04-12 10:15 - 2017-03-25 12:10 - 01546240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-04-12 10:15 - 2017-03-25 12:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-04-12 10:15 - 2017-03-24 18:50 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-04-12 10:15 - 2017-03-24 18:42 - 00313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-04-12 10:15 - 2017-03-22 11:32 - 03165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-04-12 10:15 - 2017-03-22 11:32 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-04-12 10:15 - 2017-03-22 11:32 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-04-12 10:15 - 2017-03-22 11:30 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2017-04-12 10:15 - 2017-03-22 11:24 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-04-12 10:15 - 2017-03-22 11:17 - 02651136 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-04-12 10:15 - 2017-03-22 11:15 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-04-12 10:15 - 2017-03-22 11:15 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-04-12 10:15 - 2017-03-22 11:15 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-04-12 10:15 - 2017-03-22 11:15 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-04-12 10:15 - 2017-03-22 11:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-04-12 10:15 - 2017-03-22 11:15 - 00012288 _____ (Microsoft Corporation) C:\Windows
 
\system32\wu.upgrade.ps.dll
2017-04-12 10:15 - 2017-03-22 11:05 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-04-12 10:15 - 2017-03-22 11:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-04-12 10:15 - 2017-03-22 11:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-04-12 10:15 - 2017-03-22 11:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2017-04-12 10:15 - 2017-03-14 11:34 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers
 
\dxgkrnl.sys
2017-04-12 10:15 - 2017-03-14 11:34 - 00265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers
 
\dxgmms1.sys
2017-04-12 10:15 - 2017-03-14 11:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-04-12 10:15 - 2017-03-10 12:35 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-04-12 10:15 - 2017-03-10 12:31 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-04-12 10:15 - 2017-03-10 12:31 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-04-12 10:15 - 2017-03-10 12:31 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-04-12 10:15 - 2017-03-10 12:31 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-04-12 10:15 - 2017-03-10 12:27 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-04-12 10:15 - 2017-03-10 12:20 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-04-12 10:15 - 2017-03-10 12:19 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-04-12 10:15 - 2017-03-10 12:19 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-04-12 10:15 - 2017-03-10 12:00 - 03219968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-04-12 10:15 - 2017-03-10 11:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-04-12 10:15 - 2017-03-08 16:20 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2017-04-12 10:15 - 2017-03-08 16:10 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2017-04-12 10:15 - 2017-03-08 00:37 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-04-12 10:15 - 2017-03-08 00:36 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-04-12 10:15 - 2017-03-08 00:36 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-04-12 10:15 - 2017-03-08 00:36 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers
 
\ksecpkg.sys
2017-04-12 10:15 - 2017-03-08 00:36 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers
 
\ksecdd.sys
2017-04-12 10:15 - 2017-03-08 00:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-04-12 10:15 - 2017-03-08 00:33 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-04-12 10:15 - 2017-03-08 00:33 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-04-12 10:15 - 2017-03-08 00:33 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-04-12 10:15 - 2017-03-08 00:33 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-04-12 10:15 - 2017-03-08 00:33 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-04-12 10:15 - 2017-03-08 00:33 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-04-12 10:15 - 2017-03-08 00:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-04-12 10:15 - 2017-03-08 00:33 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-04-12 10:15 - 2017-03-08 00:33 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-04-12 10:15 - 2017-03-08 00:33 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-04-12 10:15 - 2017-03-08 00:33 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-04-12 10:15 - 2017-03-08 00:33 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-04-12 10:15 - 2017-03-08 00:33 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-04-12 10:15 - 2017-03-08 00:33 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-04-12 10:15 - 2017-03-08 00:33 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-04-12 10:15 - 2017-03-08 00:33 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-04-12 10:15 - 2017-03-08 00:33 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-04-12 10:15 - 2017-03-08 00:33 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-04-12 10:15 - 2017-03-08 00:33 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-04-12 10:15 - 2017-03-08 00:33 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-04-12 10:15 - 2017-03-08 00:33 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-04-12 10:15 - 2017-03-08 00:33 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-04-12 10:15 - 2017-03-08 00:33 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-04-12 10:15 - 2017-03-08 00:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-04-12 10:15 - 2017-03-08 00:33 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-04-12 10:15 - 2017-03-08 00:33 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-04-12 10:15 - 2017-03-08 00:33 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-04-12 10:15 - 2017-03-08 00:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-04-12 10:15 - 2017-03-08 00:33 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-04-12 10:15 - 2017-03-08 00:33 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-04-12 10:15 - 2017-03-08 00:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-04-12 10:15 - 2017-03-08 00:33 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-04-12 10:15 - 2017-03-08 00:33 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-04-12 10:15 - 2017-03-08 00:33 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-04-12 10:15 - 2017-03-08 00:33 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-04-12 10:15 - 2017-03-08 00:33 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-
 
security-base-l1-1-0.dll
2017-04-12 10:15 - 2017-03-08 00:33 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-
 
core-file-l1-1-0.dll
2017-04-12 10:15 - 2017-03-08 00:33 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-
 
core-threadpool-l1-1-0.dll
2017-04-12 10:15 - 2017-03-08 00:33 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-
 
core-processthreads-l1-1-0.dll
2017-04-12 10:15 - 2017-03-08 00:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-
 
core-sysinfo-l1-1-0.dll
2017-04-12 10:15 - 2017-03-08 00:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-
 
core-synch-l1-1-0.dll
2017-04-12 10:15 - 2017-03-08 00:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-
 
core-localregistry-l1-1-0.dll
2017-04-12 10:15 - 2017-03-08 00:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-
 
core-localization-l1-1-0.dll
2017-04-12 10:15 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-
 
core-rtlsupport-l1-1-0.dll
2017-04-12 10:15 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-
 
core-processenvironment-l1-1-0.dll
2017-04-12 10:15 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-
 
core-namedpipe-l1-1-0.dll
2017-04-12 10:15 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-
 
core-misc-l1-1-0.dll
2017-04-12 10:15 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-
 
core-memory-l1-1-0.dll
2017-04-12 10:15 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-
 
core-libraryloader-l1-1-0.dll
2017-04-12 10:15 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-
 
core-heap-l1-1-0.dll
2017-04-12 10:15 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-
 
core-xstate-l1-1-0.dll
2017-04-12 10:15 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-
 
core-util-l1-1-0.dll
2017-04-12 10:15 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-
 
core-string-l1-1-0.dll
2017-04-12 10:15 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-
 
core-profile-l1-1-0.dll
2017-04-12 10:15 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-
 
core-io-l1-1-0.dll
2017-04-12 10:15 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-
 
core-interlocked-l1-1-0.dll
2017-04-12 10:15 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-
 
core-handle-l1-1-0.dll
2017-04-12 10:15 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-
 
core-fibers-l1-1-0.dll
2017-04-12 10:15 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-
 
core-errorhandling-l1-1-0.dll
2017-04-12 10:15 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-
 
core-delayload-l1-1-0.dll
2017-04-12 10:15 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-
 
core-debug-l1-1-0.dll
2017-04-12 10:15 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-
 
core-datetime-l1-1-0.dll
2017-04-12 10:15 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-
 
core-console-l1-1-0.dll
2017-04-12 10:15 - 2017-03-08 00:26 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-04-12 10:15 - 2017-03-08 00:26 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-04-12 10:15 - 2017-03-08 00:24 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-04-12 10:15 - 2017-03-08 00:22 - 01416192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-04-12 10:15 - 2017-03-08 00:22 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-04-12 10:15 - 2017-03-08 00:22 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-04-12 10:15 - 2017-03-08 00:22 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-04-12 10:15 - 2017-03-08 00:22 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-04-12 10:15 - 2017-03-08 00:22 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-04-12 10:15 - 2017-03-08 00:22 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-04-12 10:15 - 2017-03-08 00:22 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-04-12 10:15 - 2017-03-08 00:22 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-04-12 10:15 - 2017-03-08 00:22 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-04-12 10:15 - 2017-03-08 00:22 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-04-12 10:15 - 2017-03-08 00:22 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-04-12 10:15 - 2017-03-08 00:22 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-04-12 10:15 - 2017-03-08 00:22 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-04-12 10:15 - 2017-03-08 00:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-04-12 10:15 - 2017-03-08 00:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-04-12 10:15 - 2017-03-08 00:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-04-12 10:15 - 2017-03-08 00:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-04-12 10:15 - 2017-03-08 00:22 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-04-12 10:15 - 2017-03-08 00:21 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-04-12 10:15 - 2017-03-08 00:21 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-04-12 10:15 - 2017-03-08 00:21 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-04-12 10:15 - 2017-03-08 00:21 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-04-12 10:15 - 2017-03-08 00:21 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-04-12 10:15 - 2017-03-08 00:21 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-
 
core-file-l1-1-0.dll
2017-04-12 10:15 - 2017-03-08 00:21 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-
 
core-processthreads-l1-1-0.dll
2017-04-12 10:15 - 2017-03-08 00:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-
 
core-sysinfo-l1-1-0.dll
2017-04-12 10:15 - 2017-03-08 00:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-
 
core-synch-l1-1-0.dll
2017-04-12 10:15 - 2017-03-08 00:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-
 
core-misc-l1-1-0.dll
2017-04-12 10:15 - 2017-03-08 00:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-
 
core-localregistry-l1-1-0.dll
2017-04-12 10:15 - 2017-03-08 00:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-
 
core-localization-l1-1-0.dll
2017-04-12 10:15 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-
 
core-processenvironment-l1-1-0.dll
2017-04-12 10:15 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-
 
core-namedpipe-l1-1-0.dll
2017-04-12 10:15 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-
 
core-memory-l1-1-0.dll
2017-04-12 10:15 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-
 
core-libraryloader-l1-1-0.dll
2017-04-12 10:15 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-
 
core-interlocked-l1-1-0.dll
2017-04-12 10:15 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-
 
core-heap-l1-1-0.dll
2017-04-12 10:15 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-
 
core-string-l1-1-0.dll
2017-04-12 10:15 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-
 
core-rtlsupport-l1-1-0.dll
2017-04-12 10:15 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-
 
core-profile-l1-1-0.dll
2017-04-12 10:15 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-
 
core-io-l1-1-0.dll
2017-04-12 10:15 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-
 
core-handle-l1-1-0.dll
2017-04-12 10:15 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-
 
core-fibers-l1-1-0.dll
2017-04-12 10:15 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-
 
core-errorhandling-l1-1-0.dll
2017-04-12 10:15 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-
 
core-delayload-l1-1-0.dll
2017-04-12 10:15 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-
 
core-debug-l1-1-0.dll
2017-04-12 10:15 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-
 
core-datetime-l1-1-0.dll
2017-04-12 10:15 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-
 
core-console-l1-1-0.dll
2017-04-12 10:15 - 2017-03-08 00:03 - 00148480 _____ (Microsoft Corporation) C:\Windows
 
\system32\appidpolicyconverter.exe
2017-04-12 10:15 - 2017-03-08 00:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-04-12 10:15 - 2017-03-08 00:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers
 
\appid.sys
2017-04-12 10:15 - 2017-03-08 00:03 - 00017920 _____ (Microsoft Corporation) C:\Windows
 
\system32\appidcertstorecheck.exe
2017-04-12 10:15 - 2017-03-08 00:00 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-04-12 10:15 - 2017-03-07 23:59 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-04-12 10:15 - 2017-03-07 23:57 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-04-12 10:15 - 2017-03-07 23:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers
 
\mrxsmb10.sys
2017-04-12 10:15 - 2017-03-07 23:56 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers
 
\mrxsmb.sys
2017-04-12 10:15 - 2017-03-07 23:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers
 
\mrxsmb20.sys
2017-04-12 10:15 - 2017-03-07 23:55 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-04-12 10:15 - 2017-03-07 23:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-04-12 10:15 - 2017-03-07 23:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-04-12 10:15 - 2017-03-07 23:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-04-12 10:15 - 2017-03-07 23:54 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-04-12 10:15 - 2017-03-07 23:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-04-12 10:15 - 2017-03-07 23:53 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-04-12 10:15 - 2017-03-07 23:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-
 
security-base-l1-1-0.dll
2017-04-12 10:15 - 2017-03-07 23:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-
 
core-threadpool-l1-1-0.dll
2017-04-12 10:15 - 2017-03-07 23:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-
 
core-xstate-l1-1-0.dll
2017-04-12 10:15 - 2017-03-07 23:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-
 
core-util-l1-1-0.dll
2017-04-12 10:15 - 2017-03-07 12:30 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2017-04-12 10:15 - 2017-03-07 12:17 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2017-04-12 10:15 - 2017-03-07 10:05 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2017-04-12 10:15 - 2017-03-03 21:27 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-04-12 10:15 - 2017-03-03 21:27 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\mfmjpegdec.dll
2017-04-12 10:15 - 2017-03-03 21:14 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-04-12 10:15 - 2017-03-03 21:14 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmjpegdec.dll
2017-04-12 10:15 - 2017-02-14 12:33 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-04-12 10:15 - 2017-02-14 12:19 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-04-12 10:15 - 2017-02-11 12:33 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-04-12 10:15 - 2017-02-11 12:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-04-12 10:15 - 2017-02-09 12:32 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-04-12 10:15 - 2017-02-09 12:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2017-04-12 10:15 - 2017-02-09 12:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2017-04-12 10:15 - 2017-01-18 11:36 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-04-12 10:15 - 2017-01-18 11:36 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-
 
private-l1-1-0.dll
2017-04-12 10:15 - 2017-01-18 11:36 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-
 
math-l1-1-0.dll
2017-04-12 10:15 - 2017-01-18 11:36 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-
 
multibyte-l1-1-0.dll
2017-04-12 10:15 - 2017-01-18 11:36 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-
 
string-l1-1-0.dll
2017-04-12 10:15 - 2017-01-18 11:36 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-
 
stdio-l1-1-0.dll
2017-04-12 10:15 - 2017-01-18 11:36 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-
 
runtime-l1-1-0.dll
2017-04-12 10:15 - 2017-01-18 11:36 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-
 
convert-l1-1-0.dll
2017-04-12 10:15 - 2017-01-18 11:36 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-
 
time-l1-1-0.dll
2017-04-12 10:15 - 2017-01-18 11:36 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-
 
core-localization-l1-2-0.dll
2017-04-12 10:15 - 2017-01-18 11:36 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-
 
filesystem-l1-1-0.dll
2017-04-12 10:15 - 2017-01-18 11:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-
 
process-l1-1-0.dll
2017-04-12 10:15 - 2017-01-18 11:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-
 
heap-l1-1-0.dll
2017-04-12 10:15 - 2017-01-18 11:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-
 
conio-l1-1-0.dll
2017-04-12 10:15 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-
 
utility-l1-1-0.dll
2017-04-12 10:15 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-
 
locale-l1-1-0.dll
2017-04-12 10:15 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-
 
environment-l1-1-0.dll
2017-04-12 10:15 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-
 
core-synch-l1-2-0.dll
2017-04-12 10:15 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-
 
core-processthreads-l1-1-1.dll
2017-04-12 10:15 - 2017-01-18 11:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-
 
core-xstate-l2-1-0.dll
2017-04-12 10:15 - 2017-01-18 11:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-
 
core-timezone-l1-1-0.dll
2017-04-12 10:15 - 2017-01-18 11:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-
 
core-file-l2-1-0.dll
2017-04-12 10:15 - 2017-01-18 11:36 - 00011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-
 
core-file-l1-2-0.dll
2017-04-12 10:15 - 2017-01-18 11:35 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-04-12 10:15 - 2017-01-18 11:35 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-
 
private-l1-1-0.dll
2017-04-12 10:15 - 2017-01-18 11:35 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-
 
math-l1-1-0.dll
2017-04-12 10:15 - 2017-01-18 11:35 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-
 
multibyte-l1-1-0.dll
2017-04-12 10:15 - 2017-01-18 11:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-
 
string-l1-1-0.dll
2017-04-12 10:15 - 2017-01-18 11:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-
 
stdio-l1-1-0.dll
2017-04-12 10:15 - 2017-01-18 11:35 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-
 
runtime-l1-1-0.dll
2017-04-12 10:15 - 2017-01-18 11:35 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-
 
convert-l1-1-0.dll
2017-04-12 10:15 - 2017-01-18 11:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-
 
time-l1-1-0.dll
2017-04-12 10:15 - 2017-01-18 11:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-
 
core-localization-l1-2-0.dll
2017-04-12 10:15 - 2017-01-18 11:35 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-
 
filesystem-l1-1-0.dll
2017-04-12 10:15 - 2017-01-18 11:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-
 
process-l1-1-0.dll
2017-04-12 10:15 - 2017-01-18 11:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-
 
heap-l1-1-0.dll
2017-04-12 10:15 - 2017-01-18 11:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-
 
conio-l1-1-0.dll
2017-04-12 10:15 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-
 
utility-l1-1-0.dll
2017-04-12 10:15 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-
 
locale-l1-1-0.dll
2017-04-12 10:15 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-
 
environment-l1-1-0.dll
2017-04-12 10:15 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-
 
core-synch-l1-2-0.dll
2017-04-12 10:15 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-
 
core-processthreads-l1-1-1.dll
2017-04-12 10:15 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-
 
core-xstate-l2-1-0.dll
2017-04-12 10:15 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-
 
core-timezone-l1-1-0.dll
2017-04-12 10:15 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-
 
core-file-l2-1-0.dll
2017-04-12 10:15 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-
 
core-file-l1-2-0.dll
2017-04-12 10:15 - 2016-03-23 18:40 - 03181568 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2017-04-12 10:15 - 2016-03-23 18:40 - 00016384 _____ (Microsoft Corporation) C:\Windows
 
\system32\RdpGroupPolicyExtension.dll
2017-04-11 14:40 - 2017-04-11 14:41 - 00000000 ____D C:\Program Files (x86)\GUM646D.tmp
2017-04-04 20:39 - 2017-04-04 20:39 - 00000000 ____D C:\Users\Admin2\AppData\LocalLow\Adobe
2017-04-04 20:39 - 2017-04-04 20:39 - 00000000 ____D C:\Users\Admin2\AppData\Local\CEF
2017-04-04 20:39 - 2017-04-04 20:39 - 00000000 ____D C:\Users\Admin2\AppData\Local\Adobe
2017-04-04 18:28 - 2017-04-04 18:28 - 00000000 ____D C:\Users\David\AppData\Roaming\SUPERAntiSpyware.com
2017-04-04 18:28 - 2017-04-04 18:28 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2017-04-04 18:28 - 2017-04-04 18:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs
 
\SUPERAntiSpyware
2017-04-04 17:14 - 2017-04-28 21:43 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-04 17:14 - 2017-04-15 14:39 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-04-04 17:14 - 2017-04-04 17:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs
 
\Malwarebytes
2017-04-04 16:52 - 2017-04-04 16:53 - 00201326 _____ C:\TDSSKiller.3.1.0.12_04.04.2017_16.52.41_log.txt
2017-04-02 22:18 - 2017-04-02 22:18 - 00000000 ____D C:\Users\GailandDavid\AppData\Local\IsolatedStorage
2017-04-02 22:18 - 2017-04-02 22:18 - 00000000 ____D C:\Users\GailandDavid\AppData\Local\1Password
2017-04-02 21:58 - 2017-04-02 21:58 - 00000000 ____D C:\Users\David\AppData\Local\IsolatedStorage
2017-04-01 09:13 - 2017-04-01 09:13 - 00001385 _____ C:\Users\GailandDavid\Desktop\homes.lnk
2017-03-31 10:13 - 2017-03-31 10:15 - 00201326 _____ C:\TDSSKiller.3.1.0.12_31.03.2017_10.13.32_log.txt
2017-03-30 14:30 - 2017-03-30 14:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-28 21:52 - 2017-03-12 16:34 - 00000000 ____D C:\ProgramData\BitMeterOS
2017-04-28 21:49 - 2009-07-14 00:45 - 00032336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-
 
5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-28 21:49 - 2009-07-14 00:45 - 00032336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-
 
5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-28 21:46 - 2009-07-14 01:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-28 21:46 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-04-28 21:44 - 2017-02-28 15:13 - 05201988 _____ C:\Windows\ntbtlog.txt
2017-04-28 21:42 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-28 21:33 - 2016-06-16 19:35 - 00000000 ____D C:\AdwCleaner
2017-04-28 21:13 - 2016-06-17 21:50 - 00000000 ____D C:\Users\GailandDavid\AppData\Roaming\vlc
2017-04-28 19:49 - 2016-04-15 10:09 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-28 19:49 - 2016-04-15 10:09 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-28 18:52 - 2016-07-12 21:07 - 00000000 ____D C:\Users\GailandDavid\AppData\Roaming\dvdcss
2017-04-28 10:27 - 2017-03-17 16:54 - 00000000 ____D C:\temp2
2017-04-28 10:21 - 2016-11-16 10:12 - 00000000 ____D C:\Users\GailandDavid\AppData\LocalLow\Mozilla
2017-04-25 17:12 - 2016-11-02 21:52 - 00000000 ____D C:\Users\David\AppData\Roaming\vlc
2017-04-23 16:02 - 2016-06-16 16:59 - 00000000 ____D C:\temp
2017-04-20 21:11 - 2016-06-16 10:22 - 00086144 _____ C:\Users\David\AppData\Local\GDIPFONTCACHEV1.DAT
2017-04-20 20:59 - 2016-06-17 07:42 - 00086144 _____ C:\Users\GailandDavid\AppData\Local\GDIPFONTCACHEV1.DAT
2017-04-20 20:58 - 2009-07-14 00:45 - 00342352 _____ C:\Windows\system32\FNTCACHE.DAT
2017-04-20 20:57 - 2016-06-16 16:14 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation 
 
Information
2017-04-20 19:38 - 2017-03-21 12:43 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google 
 
Chrome.lnk
2017-04-20 13:14 - 2016-11-16 10:08 - 00000000 ____D C:\Users\David\AppData\LocalLow\Mozilla
2017-04-20 13:04 - 2016-04-15 10:09 - 00000000 ____D C:\Program Files (x86)\Google
2017-04-18 16:45 - 2016-07-29 19:12 - 00025088 _____ C:\Users\GailandDavid\AppData\Local\DCBC2A71-70D8-4DAN-EHR8
 
-E0D61DEA3FDF.ini
2017-04-18 16:28 - 2017-01-11 08:43 - 00000000 ____D C:\FFOutput
2017-04-15 20:07 - 2016-08-30 15:57 - 00000000 ____D C:\Users\GailandDavid\AppData\Roaming\Psiphon3
2017-04-14 10:38 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2017-04-12 10:36 - 2016-05-10 11:49 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-04-12 10:35 - 2016-05-10 11:49 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat 
 
Reader DC.lnk
2017-04-12 10:34 - 2009-07-14 01:08 - 00032574 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-04-12 10:27 - 2016-04-15 10:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs
 
\Microsoft Silverlight
2017-04-12 10:26 - 2016-04-15 10:09 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-04-12 10:26 - 2016-04-15 10:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-04-12 10:25 - 2016-04-16 06:47 - 00000000 ____D C:\Windows\system32\MRT
2017-04-12 10:21 - 2016-04-16 06:47 - 148601744 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-04-12 10:18 - 2016-04-15 10:18 - 00774004 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-04-12 09:52 - 2016-11-26 14:22 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-04-12 09:52 - 2016-04-15 10:19 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows
 
\SysWOW64\FlashPlayerApp.exe
2017-04-12 09:52 - 2016-04-15 10:19 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows
 
\SysWOW64\FlashPlayerCPLApp.cpl
2017-04-12 09:52 - 2016-04-15 10:19 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-04-12 09:52 - 2016-04-15 10:19 - 00000000 ____D C:\Windows\system32\Macromed
2017-04-12 09:51 - 2016-06-16 10:36 - 00000000 ____D C:\Users\David\AppData\Local\Adobe
2017-04-05 09:11 - 2016-06-17 07:58 - 00000000 ____D C:\Users\GailandDavid\AppData\LocalLow\Adblock Plus for IE
2017-04-04 20:39 - 2016-06-17 18:17 - 00000000 ____D C:\Users\Admin2\AppData\Roaming\Adobe
2017-04-04 20:38 - 2016-12-15 13:08 - 00000000 ____D C:\Users\Admin2\AppData\LocalLow\Mozilla
2017-04-04 20:34 - 2016-06-16 20:29 - 00000000 ____D C:\Users\David\AppData\LocalLow\Adblock Plus for IE
2017-04-04 20:32 - 2016-06-16 17:05 - 00000000 ____D C:\Users\GailandDavid
2017-04-04 17:14 - 2017-02-22 20:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-31 10:10 - 2017-02-14 19:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUMo
2017-03-31 09:27 - 2016-06-16 16:57 - 00000000 ____D C:\DANDG
2017-03-30 14:30 - 2016-11-27 12:02 - 00003554 _____ C:\Windows\System32\Tasks\GarminUpdaterTask
2017-03-30 14:30 - 2016-11-27 12:02 - 00000000 ____D C:\Program Files (x86)\Garmin
2017-03-30 14:30 - 2016-06-17 07:11 - 00000000 ____D C:\ProgramData\Garmin
2017-03-30 14:30 - 2016-06-16 17:32 - 00000000 ____D C:\ProgramData\Package Cache
 
==================== Files in the root of some directories =======
 
2017-04-02 22:53 - 2017-04-03 20:11 - 19110936 _____ (LastPass) C:\Program Files (x86)\Common Files
 
\lpuninstall.exe
2016-09-21 09:58 - 2016-09-21 09:58 - 0000017 _____ () C:\Users\David\AppData\Local\resmon.resmoncfg
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-04-13 10:23
 
==================== End of FRST.txt ===========

Attached Files



BC AdBot (Login to Remove)

 


#2 GoshenBleeping

GoshenBleeping
  • Topic Starter

  • Members
  • 264 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:35 PM

Posted 29 April 2017 - 06:23 AM

NEVER MIND!!!  My error.  I did not realize until after I posted this that CyberReason RansomFree created the weird folder and files.  You can ignore this post.  Thank you.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users