Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can you check if im infected?


  • This topic is locked This topic is locked
4 replies to this topic

#1 insaniak

insaniak

  • Members
  • 198 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 29 April 2017 - 02:12 PM

I feel like my computer is infect it is slow.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-04-2017
Ran by Kyle (administrator) on COMPUTER (29-04-2017 12:08:51)
Running from C:\Users\Kyle\Downloads
Loaded Profiles: Kyle (Available Profiles: Kyle)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(HP Inc.) C:\Program Files\HP\HP OfficeJet Pro 6970\Bin\ScanToPCActivationApp.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(HP Inc.) C:\Program Files\HP\HP OfficeJet Pro 6970\Bin\HPNetworkCommunicatorCom.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.3.1.204\WsAppService.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14021336 2015-06-18] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17406072 2017-01-23] (Logitech Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [1046488 2017-03-16] (DivX, LLC)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe [1971856 2016-11-18] ()
HKU\S-1-5-21-3692638734-338059300-4178884787-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-12] (Piriform Ltd)
HKU\S-1-5-21-3692638734-338059300-4178884787-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27545048 2017-03-14] (Skype Technologies S.A.)
HKU\S-1-5-21-3692638734-338059300-4178884787-1000\...\Run: [HP OfficeJet Pro 6970 (NET)] => C:\Program Files\HP\HP OfficeJet Pro 6970\Bin\ScanToPCActivationApp.exe [3764360 2016-11-17] (HP Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk [2017-01-03]
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe ()
GroupPolicy: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [.DEFAULT] => 35.185.20.7:80
ProxyServer: [S-1-5-21-3692638734-338059300-4178884787-1000] => 35.185.20.7:80
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{696FAFAF-E205-431D-BCEB-ABBB19F4E6F1}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3692638734-338059300-4178884787-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3692638734-338059300-4178884787-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-3692638734-338059300-4178884787-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2017-03-14] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-03-14] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\br7ruebf.default-1467864717016 [2017-04-29]
FF Extension: (Grammarly for Firefox) - C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\br7ruebf.default-1467864717016\Extensions\87677a2c52b84ad3a151a4a72f5bd3c4@jetpack.xpi [2017-04-10]
FF Extension: (Firefox Hotfix) - C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\br7ruebf.default-1467864717016\Extensions\firefox-hotfix@mozilla.org.xpi [2017-03-09]
FF Extension: (Ghostery) - C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\br7ruebf.default-1467864717016\Extensions\firefox@ghostery.com.xpi [2017-02-11]
FF Extension: (Messenger for Google™ Hangouts) - C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\br7ruebf.default-1467864717016\Extensions\jid1-uqbSKwXpf2K6yl@jetpack.xpi [2017-01-23]
FF Extension: (Adblock Plus) - C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\br7ruebf.default-1467864717016\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF Extension: (Disable TLS Certificate Transparency) - C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\br7ruebf.default-1467864717016\features\{32990139-4259-4314-8b77-c210d56a2cc6}\disable-cert-transparency@mozilla.org.xpi [2017-04-18]
FF Extension: (Disable Prefetch) - C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\br7ruebf.default-1467864717016\features\{32990139-4259-4314-8b77-c210d56a2cc6}\disable-prefetch@mozilla.org.xpi [2017-04-18]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-07-07]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-11] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-12-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2017-03-15] (DivX, LLC)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 10\npnitromozilla.dll [2015-05-06] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2016-04-23] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-12-09] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default [2017-04-29]
CHR Extension: (Google Slides) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-23]
CHR Extension: (Google Docs) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-23]
CHR Extension: (Google Drive) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-23]
CHR Extension: (YouTube) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-23]
CHR Extension: (Adobe Acrobat) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-30]
CHR Extension: (Google Sheets) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-23]
CHR Extension: (Google Docs Offline) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-29]
CHR Extension: (Google Hangouts) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2017-03-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-30]
CHR Extension: (Gmail) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-23]
CHR Extension: (Chrome Media Router) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-29]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2016-04-23]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1517576 2017-04-23] ()
S4 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [445976 2016-08-11] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [425496 2016-08-11] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [462360 2016-08-11] (BlueStack Systems, Inc.)
S4 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1444544 2016-03-01] (Disc Soft Ltd)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2505472 2015-10-09] (ESET)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-01-23] (Logitech Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
S3 NitroDriverReadSpool10; C:\Program Files\Nitro\Pro 10\NitroPDFDriverService10x64.exe [324760 2015-05-06] (Nitro PDF Software)
S3 NitroUpdateService; C:\Program Files\Nitro\Pro 10\Nitro_UpdateService.exe [418968 2015-05-06] ()
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10216688 2016-11-28] (TeamViewer GmbH)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [838128 2016-12-15] (Tunngle.net GmbH)
S3 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12471368 2016-04-14] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-09-18] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.1.204\WsAppService.exe [437392 2016-11-16] (Wondershare)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-08-11] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [307768 2016-07-28] (Bluestack System Inc. )
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-03-20] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-03-20] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [264040 2015-07-30] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [186784 2015-07-30] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [142976 2015-10-07] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [206312 2015-07-30] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [52872 2015-07-30] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [69840 2015-07-30] (ESET)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [67736 2017-01-23] (Logitech Inc.)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2017-01-23] (Logitech Inc.)
R3 LGSUsbFilt; C:\Windows\System32\DRIVERS\LGSUsbFilt.Sys [41752 2017-01-23] (Logitech Inc.)
S3 OSFMount; C:\Program Files\OSFMount\OSFMount.sys [1299384 2014-02-07] (PassMark Software)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [39464 2016-04-27] (Tunngle.net GmbH)
R3 tapstrong; C:\Windows\System32\DRIVERS\tapstrong.sys [34712 2016-03-09] (The OpenVPN Project)
U5 TrueSight; C:\Windows\System32\Drivers\TrueSight.sys [24688 2016-03-19] ()
S1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [121248 2016-08-16] (Oracle Corporation)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [75512 2015-11-05] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [34520 2015-07-09] (VMware, Inc.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S0 edevmon; system32\DRIVERS\edevmon.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-29 12:08 - 2017-04-29 12:09 - 00020403 _____ C:\Users\Kyle\Downloads\FRST.txt
2017-04-29 12:08 - 2017-04-29 12:08 - 00000000 ____D C:\FRST
2017-04-29 12:07 - 2017-04-29 12:07 - 02427392 _____ (Farbar) C:\Users\Kyle\Downloads\FRST64.exe
2017-04-29 12:05 - 2017-04-29 12:06 - 00000000 ____D C:\AdwCleaner
2017-04-29 12:05 - 2017-04-29 12:05 - 00003474 _____ C:\Users\Kyle\Desktop\Rkill.txt
2017-04-29 11:59 - 2017-04-29 11:59 - 00001737 _____ C:\Users\Public\Desktop\Update NOD32 license.lnk
2017-04-29 11:48 - 2015-10-07 06:16 - 00142976 _____ (ESET) C:\Windows\system32\Drivers\ekbdflt.sys
2017-04-29 11:48 - 2015-07-30 12:41 - 00264040 _____ (ESET) C:\Windows\system32\Drivers\eamonm.sys
2017-04-29 11:48 - 2015-07-30 12:41 - 00206312 _____ (ESET) C:\Windows\system32\Drivers\epfw.sys
2017-04-29 11:48 - 2015-07-30 12:41 - 00186784 _____ (ESET) C:\Windows\system32\Drivers\ehdrv.sys
2017-04-29 11:47 - 2017-04-29 11:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2017-04-29 11:47 - 2017-04-29 11:47 - 00000000 ____D C:\ProgramData\ESET
2017-04-29 11:47 - 2017-04-29 11:47 - 00000000 ____D C:\Program Files\ESET
2017-04-29 11:45 - 2017-04-29 11:46 - 00509040 _____ C:\Windows\system32\FNTCACHE.DAT
2017-04-29 11:14 - 2017-04-29 11:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-04-29 02:29 - 2017-04-29 02:35 - 00000000 ____D C:\Users\Kyle\Desktop\Claymore's Dual Ethereum+Decred_Siacoin_Lbry_Pascal AMD+NVIDIA GPU Miner v9.2
2017-04-29 02:23 - 2017-04-29 02:23 - 00000489 _____ C:\Users\Kyle\Desktop\UTC--2017-04-29T09-23-40.168Z--272732900e88d9827ede3b27997a2e1d7cfddb61
2017-04-29 02:20 - 2017-04-29 02:30 - 00000146 _____ C:\Users\Kyle\Desktop\coolkids.txt
2017-04-29 02:14 - 2017-04-29 02:14 - 00954095 _____ C:\Users\Kyle\Downloads\ethminer-0.9.41-genoil-1.1.7.zip
2017-04-29 01:10 - 2017-04-29 01:10 - 12710142 _____ C:\Users\Kyle\Downloads\Claymore.s.Dual.Ethereum.Decred_Siacoin_Lbry_Pascal.AMD.NVIDIA.GPU.Miner.v9.2.zip
2017-04-28 23:02 - 2016-06-22 00:31 - 00000000 ____D C:\Users\Kyle\Desktop\Profess Messer's - CompTIA 220-901-902 A+
2017-04-28 20:18 - 2017-04-28 22:45 - 904106415 _____ C:\Users\Kyle\Downloads\sd36PrfsaMsrsC0mpTIA220901N902A-plus.part6.rar
2017-04-28 20:13 - 2017-04-28 20:13 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\Google
2017-04-28 14:27 - 2017-04-28 20:01 - 2040109465 _____ C:\Users\Kyle\Downloads\sd36PrfsaMsrsC0mpTIA220901N902A-plus.part5.rar
2017-04-28 11:34 - 2017-04-28 11:38 - 00000033 _____ C:\Users\Kyle\Desktop\longterm.txt
2017-04-28 01:11 - 2017-04-28 11:52 - 1916825668 _____ C:\Users\Kyle\Downloads\sd36PrfsaMsrsC0mpTIA220901N902A-plus.part5.rar.part
2017-04-27 19:39 - 2017-04-27 19:40 - 65162155 _____ (BitPay ) C:\Users\Kyle\Downloads\Copay.exe
2017-04-27 12:24 - 2017-04-27 23:34 - 2040109465 _____ C:\Users\Kyle\Downloads\sd36PrfsaMsrsC0mpTIA220901N902A-plus.part4.rar
2017-04-27 11:12 - 2017-04-27 11:13 - 00000000 ____D C:\Users\Kyle\AppData\Local\exodus
2017-04-27 10:45 - 2017-04-29 02:32 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\Exodus
2017-04-27 10:45 - 2017-04-27 11:12 - 00002192 _____ C:\Users\Kyle\Desktop\Exodus.lnk
2017-04-27 10:45 - 2017-04-27 11:12 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Exodus Movement Inc
2017-04-27 10:44 - 2017-04-27 10:45 - 77888008 _____ (Exodus Movement Inc) C:\Users\Kyle\Downloads\InstallExodus-1.23.1.exe
2017-04-27 01:38 - 2017-04-27 01:38 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitcoin Core
2017-04-27 01:38 - 2017-04-27 01:38 - 00000000 ____D C:\Program Files\Bitcoin
2017-04-27 01:37 - 2017-04-27 01:38 - 13833808 _____ (Bitcoin Core project) C:\Users\Kyle\Downloads\bitcoin-0.14.1-win64-setup.exe
2017-04-27 00:43 - 2017-04-27 11:57 - 2040109465 _____ C:\Users\Kyle\Downloads\sd36PrfsaMsrsC0mpTIA220901N902A-plus.part3.rar
2017-04-27 00:22 - 2017-04-27 00:25 - 00000629 ____H C:\Users\Kyle\Downloads\index&session_id=Xju8jkIia346FtznPZxWtJFlg18euKvl.dls
2017-04-27 00:12 - 2017-04-27 00:12 - 04105304 _____ C:\Users\Kyle\Downloads\sbsetup(1).exe
2017-04-26 22:40 - 2017-04-27 09:50 - 2040109465 _____ C:\Users\Kyle\Downloads\sd36PrfsaMsrsC0mpTIA220901N902A-plus.part2.rar
2017-04-26 14:33 - 2017-04-27 01:44 - 2040109465 _____ C:\Users\Kyle\Downloads\sd36PrfsaMsrsC0mpTIA220901N902A-plus.part1.rar
2017-04-26 11:20 - 2016-07-24 10:18 - 00000000 ____D C:\Users\Kyle\Desktop\Guitar Tricks Core Learning System 2
2017-04-25 22:19 - 2017-04-25 22:19 - 00029020 _____ C:\Users\Hima\Downloads\wkgap.GuitarTricks..Core.Learning.System.Guitar.Fundamentals.2.part09.rar.html
2017-04-25 22:19 - 2017-04-25 22:19 - 00000000 ____D C:\Users\Hima
2017-04-25 22:08 - 2017-04-25 22:08 - 04105304 _____ C:\Users\Kyle\Downloads\sbsetup.exe
2017-04-25 21:25 - 2016-08-03 15:21 - 471796170 _____ C:\Users\Kyle\Desktop\CompTIA A Certification All-in-One 220-901  220-902 Exam Guide, Ninth Edition.pdf
2017-04-25 14:16 - 2017-04-25 16:53 - 471796316 _____ C:\Users\Kyle\Downloads\CompTIA_A_Certification_All-in-One_220-901__220-902_Exam_Guide,_Ninth_Edition.rar
2017-04-25 12:21 - 2017-04-25 12:21 - 00000218 _____ C:\Users\Kyle\AppData\Local\recently-used.xbel
2017-04-25 00:30 - 2017-04-25 00:30 - 00000000 ____D C:\Users\Kyle\Desktop\Converted Music
2017-04-25 00:19 - 2017-04-25 00:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
2017-04-25 00:18 - 2017-04-25 00:19 - 00000000 ____D C:\ProgramData\YTD Video Downloader
2017-04-25 00:03 - 2017-04-25 00:19 - 00001289 _____ C:\Users\Public\Desktop\YTD Video Downloader.lnk
2017-04-25 00:03 - 2017-04-25 00:03 - 00000000 ____D C:\Program Files (x86)\GreenTree Applications
2017-04-23 18:23 - 2017-04-23 20:22 - 00000000 ____D C:\Users\Kyle\Documents\ezvid
2017-04-23 18:23 - 2017-04-23 18:23 - 00003584 _____ C:\Users\Kyle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-04-23 18:23 - 2017-04-23 18:23 - 00000000 ____D C:\Users\Kyle\AppData\Local\ezvid,_inc
2017-04-23 18:22 - 2017-04-23 20:57 - 00000000 ____D C:\Program Files (x86)\ezvid
2017-04-23 18:21 - 2017-04-23 18:21 - 00000000 ____D C:\Users\Kyle\AppData\Local\Icecream
2017-04-23 18:21 - 2017-04-23 18:21 - 00000000 ____D C:\Users\Kyle\AppData\Local\CrashRpt
2017-04-23 18:21 - 2017-04-23 18:21 - 00000000 ____D C:\Users\Kyle\.Icecream Screen Recorder
2017-04-22 12:52 - 2017-04-22 12:52 - 00000962 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
2017-04-22 12:52 - 2017-04-22 12:52 - 00000000 ____D C:\Program Files\HP
2017-04-22 12:52 - 2016-11-17 07:08 - 00836232 ____N (HP Inc.) C:\Windows\system32\HPDiscoPM0C54.dll
2017-04-22 12:12 - 2017-04-22 12:51 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\HP_Easy_Start
2017-04-22 12:11 - 2017-04-22 12:11 - 05618000 _____ C:\Users\Kyle\Downloads\HPEasyStart_5_0_3133_35.exe
2017-04-20 23:19 - 2017-04-20 23:19 - 00006172 _____ C:\Users\Kyle\Downloads\Transcript exported Fri, 21 Apr 2017 06-18-58 GMT.txt
2017-04-20 22:30 - 2017-04-20 22:31 - 994624397 _____ C:\Users\Kyle\Downloads\Hyperloop Interview With SpaceX Engineer Victoria.mp4
2017-04-17 20:32 - 2017-04-17 20:32 - 00026056 _____ C:\Users\Kyle\Desktop\Comcast Chat ARUN.pdf
2017-04-17 19:56 - 2017-04-19 12:34 - 00000148 _____ C:\Users\Kyle\Desktop\Agent that told me.txt
2017-04-17 13:32 - 2017-04-17 13:32 - 00023449 _____ C:\Users\Kyle\Desktop\Conversation comcast.pdf
2017-04-16 16:49 - 2017-04-16 16:49 - 00003146 _____ C:\Windows\System32\Tasks\StartCN
2017-04-16 16:49 - 2017-04-16 16:49 - 00000000 ____D C:\Users\Kyle\AppData\LocalLow\AMD
2017-04-16 16:49 - 2017-04-16 16:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2017-04-16 16:33 - 2017-04-16 16:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FinalWire
2017-04-16 16:32 - 2017-04-16 16:32 - 00000000 ____D C:\Program Files (x86)\FinalWire
2017-04-12 18:13 - 2017-04-12 18:14 - 00003593 _____ C:\Users\Kyle\AppData\LocalLow\lpm.dat
2017-04-12 15:30 - 2017-04-12 15:30 - 00000000 ____D C:\Windows\System32\Tasks\Nero
2017-04-12 15:28 - 2017-04-12 15:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 2017
2017-04-12 15:28 - 2017-04-12 15:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2017-04-11 14:42 - 2017-03-25 12:39 - 20284416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-04-11 14:42 - 2017-03-25 12:07 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-04-11 14:42 - 2017-03-25 12:06 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-04-11 14:42 - 2017-03-25 10:52 - 25746944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-04-11 14:42 - 2017-03-25 09:28 - 15259136 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-04-11 14:42 - 2017-03-25 09:24 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-04-11 14:42 - 2017-03-22 08:32 - 03165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-04-11 14:42 - 2017-03-22 08:32 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-04-11 14:42 - 2017-03-22 08:32 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-04-11 14:42 - 2017-03-22 08:24 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-04-11 14:42 - 2017-03-22 08:17 - 02651136 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-04-11 14:42 - 2017-03-22 08:15 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-04-11 14:42 - 2017-03-22 08:15 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-04-11 14:42 - 2017-03-22 08:15 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-04-11 14:42 - 2017-03-22 08:05 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-04-11 14:42 - 2017-03-22 08:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-04-11 14:42 - 2017-03-22 08:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-04-11 14:42 - 2017-01-18 08:36 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-04-11 14:42 - 2017-01-18 08:36 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-04-11 14:42 - 2017-01-18 08:36 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-04-11 14:42 - 2017-01-18 08:36 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-11 14:42 - 2017-01-18 08:36 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-04-11 14:42 - 2017-01-18 08:36 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-11 14:42 - 2017-01-18 08:36 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-11 14:42 - 2017-01-18 08:36 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-04-11 14:42 - 2017-01-18 08:36 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-04-11 14:42 - 2017-01-18 08:36 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-04-11 14:42 - 2017-01-18 08:36 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-11 14:42 - 2017-01-18 08:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-04-11 14:42 - 2017-01-18 08:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-04-11 14:42 - 2017-01-18 08:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-04-11 14:42 - 2017-01-18 08:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-04-11 14:42 - 2017-01-18 08:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-04-11 14:42 - 2017-01-18 08:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-04-11 14:42 - 2017-01-18 08:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-04-11 14:42 - 2017-01-18 08:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-11 14:42 - 2017-01-18 08:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-04-11 14:42 - 2017-01-18 08:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-04-11 14:42 - 2017-01-18 08:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-04-11 14:42 - 2017-01-18 08:36 - 00011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-04-11 14:42 - 2017-01-18 08:35 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-04-11 14:42 - 2017-01-18 08:35 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-04-11 14:42 - 2017-01-18 08:35 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-04-11 14:42 - 2017-01-18 08:35 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-11 14:42 - 2017-01-18 08:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-04-11 14:42 - 2017-01-18 08:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-11 14:42 - 2017-01-18 08:35 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-11 14:42 - 2017-01-18 08:35 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-04-11 14:42 - 2017-01-18 08:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-04-11 14:42 - 2017-01-18 08:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-04-11 14:42 - 2017-01-18 08:35 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-11 14:42 - 2017-01-18 08:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-04-11 14:42 - 2017-01-18 08:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-04-11 14:42 - 2017-01-18 08:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-04-11 14:42 - 2017-01-18 08:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-04-11 14:42 - 2017-01-18 08:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-04-11 14:42 - 2017-01-18 08:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-04-11 14:42 - 2017-01-18 08:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-04-11 14:42 - 2017-01-18 08:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-11 14:42 - 2017-01-18 08:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-04-11 14:42 - 2017-01-18 08:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-04-11 14:42 - 2017-01-18 08:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-04-11 14:42 - 2017-01-18 08:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2017-04-11 14:42 - 2016-03-23 15:40 - 03181568 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2017-04-11 14:42 - 2016-03-23 15:40 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2017-04-11 14:41 - 2017-03-27 11:13 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-04-11 14:41 - 2017-03-27 10:28 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-04-11 14:41 - 2017-03-25 11:55 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-04-11 14:41 - 2017-03-25 11:52 - 02289152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-04-11 14:41 - 2017-03-25 11:51 - 01313280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-04-11 14:41 - 2017-03-25 11:48 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-04-11 14:41 - 2017-03-25 11:47 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-04-11 14:41 - 2017-03-25 11:47 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-04-11 14:41 - 2017-03-25 11:47 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-04-11 14:41 - 2017-03-25 11:46 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-04-11 14:41 - 2017-03-25 11:46 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-04-11 14:41 - 2017-03-25 11:46 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-04-11 14:41 - 2017-03-25 11:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-04-11 14:41 - 2017-03-25 11:46 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-04-11 14:41 - 2017-03-25 11:46 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-04-11 14:41 - 2017-03-25 11:46 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-04-11 14:41 - 2017-03-25 11:46 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-04-11 14:41 - 2017-03-25 11:45 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-04-11 14:41 - 2017-03-25 11:45 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-04-11 14:41 - 2017-03-25 11:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-04-11 14:41 - 2017-03-25 11:45 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-04-11 14:41 - 2017-03-25 11:45 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-04-11 14:41 - 2017-03-25 11:45 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-04-11 14:41 - 2017-03-25 11:45 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-04-11 14:41 - 2017-03-25 11:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-04-11 14:41 - 2017-03-25 11:44 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-04-11 14:41 - 2017-03-25 11:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-04-11 14:41 - 2017-03-25 11:35 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-04-11 14:41 - 2017-03-25 11:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-04-11 14:41 - 2017-03-25 11:14 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-04-11 14:41 - 2017-03-25 11:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-04-11 14:41 - 2017-03-25 11:13 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-04-11 14:41 - 2017-03-25 11:13 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-04-11 14:41 - 2017-03-25 11:10 - 02898432 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-04-11 14:41 - 2017-03-25 11:04 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-04-11 14:41 - 2017-03-25 11:02 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-04-11 14:41 - 2017-03-25 10:57 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-04-11 14:41 - 2017-03-25 10:56 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-04-11 14:41 - 2017-03-25 10:56 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-04-11 14:41 - 2017-03-25 10:56 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-04-11 14:41 - 2017-03-25 10:56 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-04-11 14:41 - 2017-03-25 10:45 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-04-11 14:41 - 2017-03-25 10:41 - 06045696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-04-11 14:41 - 2017-03-25 10:41 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-04-11 14:41 - 2017-03-25 10:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-04-11 14:41 - 2017-03-25 10:29 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-04-11 14:41 - 2017-03-25 10:24 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-04-11 14:41 - 2017-03-25 10:23 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-04-11 14:41 - 2017-03-25 10:20 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-04-11 14:41 - 2017-03-25 10:19 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-04-11 14:41 - 2017-03-25 10:17 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-04-11 14:41 - 2017-03-25 10:06 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-04-11 14:41 - 2017-03-25 10:04 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-04-11 14:41 - 2017-03-25 10:00 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-04-11 14:41 - 2017-03-25 09:59 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-04-11 14:41 - 2017-03-25 09:57 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-04-11 14:41 - 2017-03-25 09:57 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-04-11 14:41 - 2017-03-25 09:27 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-04-11 14:41 - 2017-03-25 09:10 - 01546240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-04-11 14:41 - 2017-03-25 09:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-04-11 14:41 - 2017-03-24 15:50 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-04-11 14:41 - 2017-03-24 15:42 - 00313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-04-11 14:41 - 2017-03-22 08:30 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2017-04-11 14:41 - 2017-03-22 08:15 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-04-11 14:41 - 2017-03-22 08:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-04-11 14:41 - 2017-03-22 08:15 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2017-04-11 14:41 - 2017-03-22 08:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2017-04-11 14:41 - 2017-03-14 08:34 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-04-11 14:41 - 2017-03-14 08:34 - 00265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-04-11 14:41 - 2017-03-14 08:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-04-11 14:41 - 2017-03-10 09:35 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-04-11 14:41 - 2017-03-10 09:31 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-04-11 14:41 - 2017-03-10 09:31 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-04-11 14:41 - 2017-03-10 09:31 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-04-11 14:41 - 2017-03-10 09:31 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-04-11 14:41 - 2017-03-10 09:27 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-04-11 14:41 - 2017-03-10 09:20 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-04-11 14:41 - 2017-03-10 09:19 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-04-11 14:41 - 2017-03-10 09:19 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-04-11 14:41 - 2017-03-10 09:00 - 03219968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-04-11 14:41 - 2017-03-10 08:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-04-11 14:41 - 2017-03-08 13:20 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2017-04-11 14:41 - 2017-03-08 13:10 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2017-04-11 14:41 - 2017-03-07 21:37 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-04-11 14:41 - 2017-03-07 21:36 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-04-11 14:41 - 2017-03-07 21:36 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-04-11 14:41 - 2017-03-07 21:36 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-04-11 14:41 - 2017-03-07 21:36 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-04-11 14:41 - 2017-03-07 21:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-04-11 14:41 - 2017-03-07 21:33 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-04-11 14:41 - 2017-03-07 21:33 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-04-11 14:41 - 2017-03-07 21:33 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-04-11 14:41 - 2017-03-07 21:33 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-04-11 14:41 - 2017-03-07 21:33 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-04-11 14:41 - 2017-03-07 21:33 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-04-11 14:41 - 2017-03-07 21:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-04-11 14:41 - 2017-03-07 21:33 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-04-11 14:41 - 2017-03-07 21:33 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-04-11 14:41 - 2017-03-07 21:33 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-04-11 14:41 - 2017-03-07 21:33 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-04-11 14:41 - 2017-03-07 21:33 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-04-11 14:41 - 2017-03-07 21:33 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-04-11 14:41 - 2017-03-07 21:33 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-04-11 14:41 - 2017-03-07 21:33 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-04-11 14:41 - 2017-03-07 21:33 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-04-11 14:41 - 2017-03-07 21:33 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-04-11 14:41 - 2017-03-07 21:33 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-04-11 14:41 - 2017-03-07 21:33 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-04-11 14:41 - 2017-03-07 21:33 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-04-11 14:41 - 2017-03-07 21:33 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-04-11 14:41 - 2017-03-07 21:33 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-04-11 14:41 - 2017-03-07 21:33 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-04-11 14:41 - 2017-03-07 21:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-04-11 14:41 - 2017-03-07 21:33 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-04-11 14:41 - 2017-03-07 21:33 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-04-11 14:41 - 2017-03-07 21:33 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-04-11 14:41 - 2017-03-07 21:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-04-11 14:41 - 2017-03-07 21:33 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-04-11 14:41 - 2017-03-07 21:33 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-04-11 14:41 - 2017-03-07 21:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-04-11 14:41 - 2017-03-07 21:33 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-04-11 14:41 - 2017-03-07 21:33 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-04-11 14:41 - 2017-03-07 21:33 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-04-11 14:41 - 2017-03-07 21:33 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-04-11 14:41 - 2017-03-07 21:33 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-04-11 14:41 - 2017-03-07 21:33 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-04-11 14:41 - 2017-03-07 21:33 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-11 14:41 - 2017-03-07 21:33 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-11 14:41 - 2017-03-07 21:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-11 14:41 - 2017-03-07 21:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-04-11 14:41 - 2017-03-07 21:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-11 14:41 - 2017-03-07 21:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-04-11 14:41 - 2017-03-07 21:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-11 14:41 - 2017-03-07 21:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-11 14:41 - 2017-03-07 21:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-11 14:41 - 2017-03-07 21:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-04-11 14:41 - 2017-03-07 21:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-04-11 14:41 - 2017-03-07 21:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-11 14:41 - 2017-03-07 21:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-04-11 14:41 - 2017-03-07 21:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-04-11 14:41 - 2017-03-07 21:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-04-11 14:41 - 2017-03-07 21:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-04-11 14:41 - 2017-03-07 21:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-04-11 14:41 - 2017-03-07 21:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-04-11 14:41 - 2017-03-07 21:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-11 14:41 - 2017-03-07 21:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-04-11 14:41 - 2017-03-07 21:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-04-11 14:41 - 2017-03-07 21:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-11 14:41 - 2017-03-07 21:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-04-11 14:41 - 2017-03-07 21:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-04-11 14:41 - 2017-03-07 21:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-04-11 14:41 - 2017-03-07 21:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-04-11 14:41 - 2017-03-07 21:26 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-04-11 14:41 - 2017-03-07 21:26 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-04-11 14:41 - 2017-03-07 21:24 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-04-11 14:41 - 2017-03-07 21:22 - 01416192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-04-11 14:41 - 2017-03-07 21:22 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-04-11 14:41 - 2017-03-07 21:22 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-04-11 14:41 - 2017-03-07 21:22 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-04-11 14:41 - 2017-03-07 21:22 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-04-11 14:41 - 2017-03-07 21:22 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-04-11 14:41 - 2017-03-07 21:22 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-04-11 14:41 - 2017-03-07 21:22 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-04-11 14:41 - 2017-03-07 21:22 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-04-11 14:41 - 2017-03-07 21:22 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-04-11 14:41 - 2017-03-07 21:22 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-04-11 14:41 - 2017-03-07 21:22 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-04-11 14:41 - 2017-03-07 21:22 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-04-11 14:41 - 2017-03-07 21:22 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-04-11 14:41 - 2017-03-07 21:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-04-11 14:41 - 2017-03-07 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-04-11 14:41 - 2017-03-07 21:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-04-11 14:41 - 2017-03-07 21:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-04-11 14:41 - 2017-03-07 21:22 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-04-11 14:41 - 2017-03-07 21:21 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-04-11 14:41 - 2017-03-07 21:21 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-04-11 14:41 - 2017-03-07 21:21 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-04-11 14:41 - 2017-03-07 21:21 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-04-11 14:41 - 2017-03-07 21:21 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-04-11 14:41 - 2017-03-07 21:21 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-04-11 14:41 - 2017-03-07 21:21 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-11 14:41 - 2017-03-07 21:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-11 14:41 - 2017-03-07 21:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-04-11 14:41 - 2017-03-07 21:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-04-11 14:41 - 2017-03-07 21:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-11 14:41 - 2017-03-07 21:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-04-11 14:41 - 2017-03-07 21:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-11 14:41 - 2017-03-07 21:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-11 14:41 - 2017-03-07 21:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-04-11 14:41 - 2017-03-07 21:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-11 14:41 - 2017-03-07 21:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-11 14:41 - 2017-03-07 21:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-04-11 14:41 - 2017-03-07 21:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-04-11 14:41 - 2017-03-07 21:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-11 14:41 - 2017-03-07 21:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-04-11 14:41 - 2017-03-07 21:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-04-11 14:41 - 2017-03-07 21:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-04-11 14:41 - 2017-03-07 21:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-04-11 14:41 - 2017-03-07 21:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-11 14:41 - 2017-03-07 21:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-04-11 14:41 - 2017-03-07 21:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-04-11 14:41 - 2017-03-07 21:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-04-11 14:41 - 2017-03-07 21:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-04-11 14:41 - 2017-03-07 21:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-04-11 14:41 - 2017-03-07 21:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-04-11 14:41 - 2017-03-07 21:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-04-11 14:41 - 2017-03-07 21:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-04-11 14:41 - 2017-03-07 21:00 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-04-11 14:41 - 2017-03-07 20:59 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-04-11 14:41 - 2017-03-07 20:57 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-04-11 14:41 - 2017-03-07 20:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-04-11 14:41 - 2017-03-07 20:56 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-04-11 14:41 - 2017-03-07 20:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-04-11 14:41 - 2017-03-07 20:55 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-04-11 14:41 - 2017-03-07 20:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-04-11 14:41 - 2017-03-07 20:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-04-11 14:41 - 2017-03-07 20:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-04-11 14:41 - 2017-03-07 20:54 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-04-11 14:41 - 2017-03-07 20:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-04-11 14:41 - 2017-03-07 20:53 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-04-11 14:41 - 2017-03-07 20:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-04-11 14:41 - 2017-03-07 20:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-11 14:41 - 2017-03-07 20:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-04-11 14:41 - 2017-03-07 20:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-04-11 14:41 - 2017-03-07 09:30 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2017-04-11 14:41 - 2017-03-07 09:17 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2017-04-11 14:41 - 2017-03-07 07:05 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2017-04-11 14:41 - 2017-03-03 18:27 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-04-11 14:41 - 2017-03-03 18:27 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\mfmjpegdec.dll
2017-04-11 14:41 - 2017-03-03 18:14 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-04-11 14:41 - 2017-03-03 18:14 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmjpegdec.dll
2017-04-11 14:41 - 2017-02-14 09:33 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-04-11 14:41 - 2017-02-14 09:19 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-04-11 14:41 - 2017-02-11 09:33 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-04-11 14:41 - 2017-02-11 09:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-04-11 14:41 - 2017-02-09 09:32 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-04-11 14:41 - 2017-02-09 09:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2017-04-11 14:41 - 2017-02-09 09:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2017-04-07 22:36 - 2017-04-07 22:41 - 00000000 ____D C:\Users\Kyle\Desktop\Summoners War Exporter Files
2017-04-07 22:36 - 2017-04-07 22:36 - 00002841 _____ C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Summoners War Exporter.lnk
2017-04-07 22:36 - 2017-04-07 22:36 - 00002833 _____ C:\Users\Kyle\Desktop\Summoners War Exporter.lnk
2017-04-07 22:36 - 2017-04-07 22:36 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\Summoners War Exporter
2017-04-07 22:35 - 2017-04-07 22:36 - 35549871 _____ (porksmash & Xzandro) C:\Users\Kyle\Downloads\Summoners.War.Exporter-Setup-0.0.14-win-x64.exe
2017-04-07 11:57 - 2017-04-07 11:57 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-04-07 11:57 - 2017-04-07 11:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-04-03 15:57 - 2017-04-03 15:57 - 00000004 _____ C:\Users\Kyle\Desktop\New Text Document (9).txt
2017-04-03 10:44 - 2017-04-05 11:22 - 00000287 _____ C:\Users\Kyle\Desktop\New Text Document (7).txt
2017-04-02 20:51 - 2017-04-02 20:51 - 00000026 _____ C:\Users\Kyle\Desktop\New Text Document (6).txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-29 12:05 - 2017-01-03 13:38 - 00000000 ____D C:\Users\Kyle\Desktop\Scans
2017-04-29 12:05 - 2016-03-26 10:38 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\Skype
2017-04-29 12:04 - 2016-07-29 10:52 - 00000000 ____D C:\ProgramData\VMware
2017-04-29 12:04 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-29 12:03 - 2016-11-20 23:35 - 00000000 ____D C:\Users\Kyle\AppData\LocalLow\Mozilla
2017-04-29 12:03 - 2016-08-05 11:15 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2017-04-29 12:03 - 2009-07-13 22:13 - 00790070 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-29 12:03 - 2009-07-13 21:45 - 00029200 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-29 12:03 - 2009-07-13 21:45 - 00029200 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-29 12:03 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2017-04-29 11:58 - 2016-07-07 11:14 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS
2017-04-29 11:58 - 2016-03-20 02:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-04-29 11:48 - 2016-03-19 22:21 - 00000000 ____D C:\Users\Kyle\AppData\Local\ESET
2017-04-29 11:43 - 2016-03-20 00:50 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\ESET
2017-04-29 11:41 - 2016-12-04 22:23 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\TeamViewer
2017-04-29 11:41 - 2016-03-20 18:48 - 00000000 ____D C:\Users\Kyle\AppData\Local\CrashDumps
2017-04-29 11:41 - 2016-03-19 15:48 - 00000000 ____D C:\Program Files (x86)\Steam
2017-04-29 11:12 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\Offline Web Pages
2017-04-29 02:00 - 2016-03-21 12:54 - 00000000 ____D C:\Users\Kyle\AppData\Local\Adobe
2017-04-29 00:35 - 2017-01-24 18:28 - 00000000 ____D C:\Users\Kyle\AppData\Local\Ubisoft Game Launcher
2017-04-29 00:29 - 2016-03-19 21:09 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\TS3Client
2017-04-29 00:29 - 2016-03-19 15:57 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-28 21:24 - 2017-01-23 22:05 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-28 21:24 - 2017-01-23 22:05 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-28 11:47 - 2016-03-19 16:16 - 00000000 ____D C:\Users\Kyle\AppData\Local\TeamSpeak 3 Client
2017-04-27 11:13 - 2017-02-28 00:28 - 00000000 ____D C:\Users\Kyle\AppData\Local\SquirrelTemp
2017-04-27 05:25 - 2017-01-23 22:06 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-26 11:31 - 2017-02-28 00:28 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Grammarly
2017-04-26 11:31 - 2017-02-28 00:28 - 00000000 ____D C:\Users\Kyle\AppData\Local\GrammarlyForWindows
2017-04-25 13:42 - 2016-09-11 23:39 - 00000000 ____D C:\Users\Kyle\AppData\Local\Deployment
2017-04-25 00:09 - 2016-07-23 18:15 - 00000000 ____D C:\ProgramData\Wondershare Video Converter Ultimate
2017-04-23 21:01 - 2017-01-16 12:36 - 00000000 ____D C:\Users\Kyle\Desktop\Security in Computer Text
2017-04-23 21:01 - 2017-01-15 23:25 - 00000000 ____D C:\Users\Kyle\Desktop\SRA 111
2017-04-23 20:59 - 2016-03-20 03:11 - 00000000 ____D C:\Program Files (x86)\HP
2017-04-23 20:58 - 2016-03-20 03:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2017-04-23 20:58 - 2016-03-20 02:54 - 00000000 ____D C:\ProgramData\HP
2017-04-23 18:21 - 2016-03-19 15:38 - 00000000 ____D C:\Users\Kyle
2017-04-22 12:53 - 2016-03-20 09:36 - 00000000 ____D C:\Users\Kyle\AppData\Local\HP
2017-04-22 00:59 - 2017-01-16 20:34 - 00000000 ____D C:\Users\Kyle\Desktop\IST 110
2017-04-18 13:25 - 2016-03-26 14:41 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\vlc
2017-04-17 22:52 - 2017-02-10 12:46 - 00000000 ____D C:\Users\Kyle\Desktop\Music to go into itunes
2017-04-17 20:32 - 2016-07-07 16:53 - 00000000 ____D C:\Users\Kyle\AppData\Local\CutePDF Writer
2017-04-16 17:20 - 2017-01-23 22:06 - 00000000 ____D C:\Users\Kyle\AppData\Local\Google
2017-04-16 16:48 - 2017-01-04 13:09 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-04-16 16:47 - 2017-01-23 12:26 - 00000060 _____ C:\ProgramData\SoftwareUpdateTemp.xml
2017-04-16 16:46 - 2016-03-19 15:41 - 00000000 ____D C:\AMD
2017-04-12 22:50 - 2016-12-02 13:24 - 00000000 ____D C:\Users\Kyle\Desktop\Sylabus
2017-04-12 22:50 - 2016-07-10 11:33 - 00000000 ____D C:\Users\Kyle\Desktop\School
2017-04-12 18:52 - 2016-03-20 00:35 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\deluge
2017-04-12 18:13 - 2016-12-30 12:36 - 00003652 _____ C:\Windows\System32\Tasks\DivXUpdate
2017-04-12 18:13 - 2016-12-30 12:36 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\DivX
2017-04-12 18:13 - 2016-12-30 12:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2017-04-12 18:13 - 2016-12-30 12:35 - 00000000 ____D C:\Program Files (x86)\DivX
2017-04-12 18:13 - 2016-12-30 12:34 - 00000000 ____D C:\ProgramData\DivX
2017-04-12 15:35 - 2016-09-16 21:26 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\Nero
2017-04-12 15:30 - 2016-09-16 21:28 - 00000000 ____D C:\ProgramData\Nero
2017-04-12 15:30 - 2016-09-16 21:28 - 00000000 ____D C:\Program Files (x86)\Nero
2017-04-12 07:27 - 2016-03-19 21:51 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-04-12 07:27 - 2016-03-19 21:51 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-04-12 04:18 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2017-04-12 03:15 - 2016-07-07 10:58 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-04-12 03:12 - 2016-03-26 10:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-04-12 03:11 - 2016-03-26 10:37 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-04-12 03:11 - 2016-03-26 10:37 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-04-12 03:10 - 2016-03-19 18:49 - 00000000 ____D C:\Windows\system32\MRT
2017-04-12 03:04 - 2016-03-19 15:36 - 148601744 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-04-12 03:01 - 2014-09-18 22:41 - 00782192 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-04-12 03:00 - 2009-07-13 19:34 - 00000513 _____ C:\Windows\win.ini
2017-04-11 02:49 - 2016-03-20 12:04 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-04-11 02:48 - 2016-03-20 12:03 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-04-11 02:48 - 2016-03-20 12:03 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-04-11 02:48 - 2016-03-20 12:03 - 00000000 ____D C:\Windows\system32\Macromed
2017-04-11 02:48 - 2016-03-20 03:12 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-04-07 11:57 - 2016-03-26 10:38 - 00000000 ____D C:\ProgramData\Skype
2017-04-03 12:07 - 2016-10-31 22:41 - 00000000 ____D C:\ProgramData\BlueStacksSetup

==================== Files in the root of some directories =======

2017-01-11 16:27 - 2017-01-11 16:27 - 7680000 _____ () C:\Program Files (x86)\GUT6753.tmp
2017-04-23 18:23 - 2017-04-23 18:23 - 0003584 _____ () C:\Users\Kyle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-04-25 12:21 - 2017-04-25 12:21 - 0000218 _____ () C:\Users\Kyle\AppData\Local\recently-used.xbel
2016-08-07 20:09 - 2016-08-07 20:09 - 0000003 _____ () C:\Users\Kyle\AppData\Local\updater.log
2016-08-07 20:09 - 2016-08-07 20:09 - 0000424 _____ () C:\Users\Kyle\AppData\Local\UserProducts.xml
2016-03-20 02:53 - 2016-03-20 02:53 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-03-20 02:54 - 2017-04-25 00:09 - 0007095 _____ () C:\ProgramData\hpzinstall.log
2017-01-23 12:26 - 2017-04-16 16:47 - 0000060 _____ () C:\ProgramData\SoftwareUpdateTemp.xml

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-04-23 02:32

==================== End of FRST.txt ============================



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:16 AM

Posted 30 April 2017 - 09:41 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
GroupPolicy: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3692638734-338059300-4178884787-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-30]
CHR Extension: (Chrome Media Router) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-29]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S0 edevmon; system32\DRIVERS\edevmon.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Include also the Addition.txt file that was created by the Farbar tool.
I need to check it out.

Please let me know what problem persists with this computer.

#3 insaniak

insaniak
  • Topic Starter

  • Members
  • 198 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 05 May 2017 - 03:41 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 03-05-2017 01
Ran by Kyle (05-05-2017 01:34:09) Run:1
Running from C:\Users\Kyle\Downloads
Loaded Profiles: Kyle (Available Profiles: Kyle)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
GroupPolicy: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3692638734-338059300-4178884787-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-30]
CHR Extension: (Chrome Media Router) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-29]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S0 edevmon; system32\DRIVERS\edevmon.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]

End
*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\S-1-5-21-3692638734-338059300-4178884787-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
HKLM\System\CurrentControlSet\Services\catchme => key removed successfully
catchme => service removed successfully
HKLM\System\CurrentControlSet\Services\edevmon => key could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\VGPU => key removed successfully
VGPU => service removed successfully
HKLM\System\CurrentControlSet\Services\ZAM => key removed successfully
ZAM => service removed successfully
HKLM\System\CurrentControlSet\Services\ZAM_Guard => key removed successfully
ZAM_Guard => service removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 15938337 B
Java, Flash, Steam htmlcache => 375616251 B
Windows/system/drivers => 10252267 B
Edge => 0 B
Chrome => 555740151 B
Firefox => 394565267 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 418 B
systemprofile32 => 33806 B
LocalService => 0 B
NetworkService => 0 B
Kyle => 532836161 B

RecycleBin => 15000571 B
EmptyTemp: => 1.8 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 05-05-2017 01:35:24)

Result of scheduled keys to remove after reboot:

HKLM\System\CurrentControlSet\Services\edevmon => key could not remove, key could be protected

==== End of Fixlog 01:35:24 ====

 

It didnt create an additional txt



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:16 AM

Posted 05 May 2017 - 08:30 AM

It didnt create an additional txt

The addition.txt file is not created when using the Fix button.


Restore point if all fails.
+++++++++++++++++++++++++++
Link.
http://kb.macrium.com/KnowledgebaseArticle50010.aspx


This program will recreate the correct registry setting and re-register all VSS components. Please download one of the below programs to fix your problem:

Operating system 32 or 64 bit.

VSSfix 32bit
http://updates.macrium.com/reflect/utilities/vssfix.exe

VSSfix 64bit
http://updates.macrium.com/reflect/utilities/vssfixx64.exe

You can right click the exe file and run as Administrator in normal mode and see if that solves the problem. If not try running in Safe Mode.

Keep me posted.
++++++++++

#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:16 AM

Posted 11 May 2017 - 07:13 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users