Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Have a virus that I can't remove!


  • This topic is locked This topic is locked
14 replies to this topic

#1 halosldr

halosldr

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:13 PM

Posted 07 May 2017 - 04:57 PM

Hello anyone who take the time to read this post, thank you for your help!  I have an unknown virus that is destroying my computer (I am writing this from my laptop).  The virus has shut down my anti virus software, opens random webpages, and has installed ransomware/spyware/adware programs on my computer along with changing my default search engine.  Attached is the FRST report from the infected computer:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-05-2017
Ran by Michael (administrator) on DESKTOP-6ANAICP (07-05-2017 17:13:56)
Running from D:\Downloads
Loaded Profiles: Michael (Available Profiles: Michael)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(The Privoxy team - www.privoxy.org) C:\Windows\ainet\oxy.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Search Module Ltd.) C:\Program Files\Common Files\Noobzo\GNUpdate\smu.exe
() C:\Windows\runSW.exe
() C:\Program Files (x86)\Realtek\REALTEK USB Wireless LAN Driver\WPSService20.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Electronic Arts) D:\Origin\OriginWebHelperService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
() C:\Windows\System32\tprdpw64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(ct Corp.) C:\Users\Michael\AppData\Local\wedooqr\ct.exe
() C:\Users\Michael\AppData\Local\ntuserlitelist\dataup\dataup.exe
() C:\Windows\SysWOW64\msblsn.exe
() C:\Windows\SysWOW64\tmp\xf32.exe
(Digital Action Consulting LTD) C:\Program Files (x86)\Maskit\MaskitService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Program Files (x86)\SystemHealer\HealerConsole.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek) C:\Windows\SwUSB.exe
(Digital Action Consulting LTD) C:\Program Files (x86)\Maskit\Maskit.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Valve Corporation) D:\Steam\Steam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Mitch) C:\Users\Michael\AppData\Roaming\854118\78245.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Mitch) C:\Users\Michael\AppData\Roaming\128623\721805.exe
(Valve Corporation) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Mitch) C:\Users\Michael\AppData\Roaming\361866\352032.exe
(Mitch) C:\Users\Michael\AppData\Roaming\314273\27705.exe
(MDJ) C:\Program Files (x86)\BeCleaner\8FYLH.exe
(Mitch) C:\Users\Michael\AppData\Roaming\301798\516728.exe
(Mitch) C:\Users\Michael\AppData\Roaming\687187\625762.exe
(Mitch) C:\Users\Michael\AppData\Roaming\509172\101424.exe
(MDJ) C:\Program Files (x86)\PubHotspot\R2NUI.exe
(Mitch) C:\Users\Michael\AppData\Roaming\470829\544915.exe
() C:\Program Files (x86)\Itibiti Soft Phone\Phone\Itibiti.exe
(ELLS LLC) C:\Users\Michael\AppData\Local\WeatherBuddy\WeatherBuddy.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Users\Michael\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
(winscr) C:\Users\Michael\AppData\Local\ntuserlitelist\winscr\winscr.exe
() C:\Users\Michael\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
() C:\Users\Michael\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
() C:\Users\Michael\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\Users\Michael\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-03-28] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => "D:\iTunesHelper.exe"
HKLM\...\Run: [gplyra] => C:\Users\Michael\AppData\Roaming\gplyra\gplyra\start.cmd [216 2017-01-10] ()
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [309184 2012-03-28] (Citrix Systems, Inc.)
HKU\S-1-5-21-3037864898-947855696-3704173322-1002\...\Run: [Steam] => D:\Steam\steam.exe [3019552 2017-04-25] (Valve Corporation)
HKU\S-1-5-21-3037864898-947855696-3704173322-1002\...\Run: [Google Update] => C:\Users\Michael\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-28] (Google Inc.)
HKU\S-1-5-21-3037864898-947855696-3704173322-1002\...\Run: [DAEMON Tools Lite Automount] => D:\DAEMON Tools Lite\DTAgent.exe [4701888 2017-02-06] (Disc Soft Ltd)
HKU\S-1-5-21-3037864898-947855696-3704173322-1002\...\Run: [8KQDUQEFT9E1FV2] => C:\Program Files\Z2IVQFBHBY\Z2IVQFBHB.exe [1208320 2017-05-07] (MDJ)
HKU\S-1-5-21-3037864898-947855696-3704173322-1002\...\Run: [KGCKT1V3I9T89XY] => C:\Program Files\BI6MLDKOL0\BI6MLDKOL.exe [1208320 2017-05-07] (MDJ)
HKU\S-1-5-21-3037864898-947855696-3704173322-1002\...\Run: [659320] => C:\Users\Michael\AppData\Roaming\854118\78245.exe [7680 2017-05-07] (Mitch)
HKU\S-1-5-21-3037864898-947855696-3704173322-1002\...\Run: [C001N2XBQ421F6A] => C:\Program Files\X1X0AI23FB\X1X0AI23F.exe [1208320 2017-05-07] (MDJ)
HKU\S-1-5-21-3037864898-947855696-3704173322-1002\...\Run: [196272] => C:\Users\Michael\AppData\Roaming\128623\721805.exe [7680 2017-05-07] (Mitch)
HKU\S-1-5-21-3037864898-947855696-3704173322-1002\...\Run: [B8CLIUFECBNF4B7] => C:\Program Files\5Q003SABGP\5Q003SABG.exe [1208320 2017-05-07] (MDJ)
HKU\S-1-5-21-3037864898-947855696-3704173322-1002\...\Run: [DT8W58D8G67XOXA] => C:\Program Files\JXC93Z2E4K\JXC93Z2E4.exe [1208320 2017-05-07] (MDJ)
HKU\S-1-5-21-3037864898-947855696-3704173322-1002\...\Run: [851100] => C:\Users\Michael\AppData\Roaming\361866\352032.exe [7680 2017-05-07] (Mitch)
HKU\S-1-5-21-3037864898-947855696-3704173322-1002\...\Run: [294384] => C:\Users\Michael\AppData\Roaming\314273\27705.exe [7680 2017-05-07] (Mitch)
HKU\S-1-5-21-3037864898-947855696-3704173322-1002\...\Run: [12SB4ARB0B8BWOL] => C:\Program Files (x86)\BeCleaner\8FYLH.exe [1208320 2017-05-07] (MDJ)
HKU\S-1-5-21-3037864898-947855696-3704173322-1002\...\Run: [980460] => C:\Users\Michael\AppData\Roaming\301798\516728.exe [7680 2017-05-07] (Mitch)
HKU\S-1-5-21-3037864898-947855696-3704173322-1002\...\Run: [5IHPV93TR5M1TZ0] => C:\Program Files\L7YTQ62C6R\L7YTQ62C6.exe [1208320 2017-05-07] (MDJ)
HKU\S-1-5-21-3037864898-947855696-3704173322-1002\...\Run: [158866] => C:\Users\Michael\AppData\Roaming\687187\625762.exe [7680 2017-05-07] (Mitch)
HKU\S-1-5-21-3037864898-947855696-3704173322-1002\...\Run: [9GI8O8GFPXWV6X6] => C:\Program Files\CGTXB68X5M\CGTXB68X5.exe [1208320 2017-05-07] (MDJ)
HKU\S-1-5-21-3037864898-947855696-3704173322-1002\...\Run: [FB3X9Y8ROHY2Q35] => C:\Program Files\KR4QTZE11X\KR4QTZE11.exe [1208320 2017-05-07] (MDJ)
HKU\S-1-5-21-3037864898-947855696-3704173322-1002\...\Run: [528300] => C:\Users\Michael\AppData\Roaming\509172\101424.exe [7680 2017-05-07] (Mitch)
HKU\S-1-5-21-3037864898-947855696-3704173322-1002\...\Run: [UEU8L5M6C96MGQL] => C:\Program Files (x86)\PubHotspot\R2NUI.exe [1208320 2017-05-07] (MDJ)
HKU\S-1-5-21-3037864898-947855696-3704173322-1002\...\Run: [193507] => C:\Users\Michael\AppData\Roaming\470829\544915.exe [7680 2017-05-07] (Mitch)
HKU\S-1-5-21-3037864898-947855696-3704173322-1002\...\Run: [4WJ2N61NQR98RXO] => C:\Program Files\FLCH12VZ1U\FLCH12VZ1.exe [1208320 2017-05-07] (MDJ)
HKU\S-1-5-21-3037864898-947855696-3704173322-1002\...\Run: [7O3MTAA2WIV15JC] => C:\Program Files\HFTS9MAV3O\HFTS9MAV3.exe [1208320 2017-05-07] (MDJ)
HKU\S-1-5-21-3037864898-947855696-3704173322-1002\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\ItibitiLauncher.exe [2637824 2016-09-08] () <===== ATTENTION
HKU\S-1-5-21-3037864898-947855696-3704173322-1002\...\RunOnce: [Uninstall C:\Users\Michael\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Michael\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"
HKU\S-1-5-21-3037864898-947855696-3704173322-1002\...\MountPoints2: {0e2679d7-d73f-11e5-9bcc-f832e4be051c} - "F:\setup.exe" 
HKU\S-1-5-21-3037864898-947855696-3704173322-1002\...\MountPoints2: {9f554524-f0f7-11e6-9c05-f832e4be051c} - "E:\setup.exe" 
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.8.0.50\buShell.dll -> No File
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.8.0.50\buShell.dll -> No File
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.8.0.50\buShell.dll -> No File
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WeatherBuddy.lnk [2017-05-07] <===== ATTENTION
ShortcutTarget: WeatherBuddy.lnk -> C:\Users\Michael\AppData\Local\WeatherBuddy\WeatherBuddy.exe (ELLS LLC) <===== ATTENTION
GroupPolicy: Restriction - Windows Defender <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [S-1-5-21-3037864898-947855696-3704173322-1002] => Proxy is enabled.
ProxyServer: [S-1-5-21-3037864898-947855696-3704173322-1002] => 127.0.0.1:8118
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 75.75.76.76
Tcpip\..\Interfaces\{1fb3b045-373a-43f2-8756-7a81916ca274}: [DhcpNameServer] 75.75.75.75 75.75.76.76 75.75.76.76
Tcpip\..\Interfaces\{57e15869-0632-4c5a-a9fe-d012d1d2bf47}: [DhcpNameServer] 192.168.1.1
ManualProxies: 1127.0.0.1:8118
 
Internet Explorer:
==================
HKU\S-1-5-21-3037864898-947855696-3704173322-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www-searching.com/?pid=s&s=H57zamobl20488BU,1e1250cd-ab92-4fbb-a58e-053f46b94c8c,&vp=ch&prd=set_ie
HKU\S-1-5-21-3037864898-947855696-3704173322-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-3037864898-947855696-3704173322-1002 -> {F1D94C41-48DD-4D27-B1EC-38810C66AAC9} URL = hxxp://www-searching.com/s.ashx?prd=opensearch&q={searchTerms}&s=H57zamobl20488BU,1e1250cd-ab92-4fbb-a58e-053f46b94c8c,
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.8.0.50\coIEPlg.dll => No File
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.8.0.50\coIEPlg.dll => No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.8.0.50\coIEPlg.dll No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.8.0.50\coIEPlg.dll No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
 
FireFox:
========
FF DefaultProfile: pi2w4vgh.default
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\pi2w4vgh.default [2017-05-07]
FF NewTab: Mozilla\Firefox\Profiles\pi2w4vgh.default -> hxxp://www-searching.com/?site=shyosffdefault&prd=set_ff&s=H57zamobl20488BU,1e1250cd-ab92-4fbb-a58e-053f46b94c8c,
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\pi2w4vgh.default -> Google
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\pi2w4vgh.default -> 
FF Homepage: Mozilla\Firefox\Profiles\pi2w4vgh.default -> hxxp://www-searching.com/?site=shyosffdefault&prd=set_ff&s=H57zamobl20488BU,1e1250cd-ab92-4fbb-a58e-053f46b94c8c,
FF Keyword.URL: Mozilla\Firefox\Profiles\pi2w4vgh.default -> hxxp://www-searching.com/search.aspx?site=shdefault1&prd=smw&pid=s&shr=d&q={searchTerms}&s=H57zamobl20488BU,1e1250cd-ab92-4fbb-a58e-053f46b94c8c,
FF Extension: (Fast search) - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\pi2w4vgh.default\Extensions\amcontextmenu@loucypher [2017-05-07]
FF Extension: (MEGA) - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\pi2w4vgh.default\Extensions\firefox@mega.co.nz.xpi [2017-05-02]
FF Extension: (Adblock Plus) - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\pi2w4vgh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-28]
FF SearchPlugin: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\pi2w4vgh.default\searchplugins\smod.xml [2017-05-07]
FF Extension: (VK+OK AdBlock) - C:\Program Files (x86)\Mozilla Firefox\browser\features\{35998068-D378-47CF-8F13-02C7F10D885B} [2017-05-07] [not signed]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.7.0.76\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.7.0.76\coFFAddon [2016-12-07]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.7.0.76\coFFAddon
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-12] ()
FF Plugin: @Citrix.com/npagee64,version=10.5.51.10 -> C:\Program Files\Citrix\Secure Access Client\npagee64.dll [2014-08-14] (Citrix Systems, Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-12] ()
FF Plugin-x32: @Citrix.com/npagee,version=10.5.51.10 -> C:\Program Files\Citrix\Secure Access Client\npagee.dll [2014-08-14] (Citrix Systems, Inc.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-03-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-03-16] (NVIDIA Corporation)
FF Plugin HKU\S-1-5-21-3037864898-947855696-3704173322-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\Michael\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3037864898-947855696-3704173322-1002: @talk.google.com/O1DPlugin -> C:\Users\Michael\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3037864898-947855696-3704173322-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-3037864898-947855696-3704173322-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2012-03-28] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll [2012-03-19] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Michael\AppData\Roaming\mozilla\plugins\npagee.dll [2014-08-14] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Michael\AppData\Roaming\mozilla\plugins\npagee64.dll [2014-08-14] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Michael\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Michael\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
 
Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.8.0.50\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3037864898-947855696-3704173322-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlcgehabolcakkjhgmgpkagpolbjlhfa] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
"drmkpro64" => service could not be unlocked. <===== ATTENTION
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-03-17] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1522184 2017-04-09] ()
S2 CORE Software Updater; C:\WINDOWS\SysWOW64\msblsn.exe [2679858 2017-04-24] () [File not signed] <==== ATTENTION
R2 Dataup; C:\Users\Michael\AppData\Local\ntuserlitelist\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
S3 Disc Soft Lite Bus Service; D:\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-02-06] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [395024 2016-12-27] (EasyAntiCheat Ltd)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [284736 2017-03-17] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6625856 2016-11-10] (GOG.com)
R2 MaskitService; C:\Program Files (x86)\Maskit\MaskitService.exe [93696 2017-04-25] (Digital Action Consulting LTD) [File not signed]
S2 N360; C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\N360.exe [289080 2016-11-12] (Symantec Corporation)
R2 NetworkStat; C:\WINDOWS\ainet\oxy.exe [373248 2016-01-22] (The Privoxy team - www.privoxy.org) [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [464440 2017-03-16] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-02-23] (NVIDIA Corporation)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [2146704 2017-04-28] (Electronic Arts)
R2 Origin Web Helper Service; D:\Origin\OriginWebHelperService.exe [3115928 2017-04-28] (Electronic Arts)
R2 RunSwUSB; C:\Windows\runSW.exe [44104 2014-01-16] ()
S2 SkypeUpdate; D:\Skype\Updater\Updater.exe [327296 2016-01-29] (Skype Technologies)
R2 SMUpd; C:\Program Files\Common Files\Noobzo\GNUpdate\smu.exe [2989056 2017-05-07] (Search Module Ltd.) [File not signed] <==== ATTENTION
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2017-03-28] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2017-03-28] (Microsoft Corporation)
R2 windowsmanagementservice; C:\Users\Michael\AppData\Local\wedooqr\ct.exe [651776 2017-05-04] (ct Corp.) [File not signed] <==== ATTENTION
R2 WPSService20; C:\Program Files (x86)\Realtek\REALTEK USB Wireless LAN Driver\WPSService20.exe [96768 2013-05-07] () [File not signed]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.7.0.76\Definitions\BASHDefs\20161206.001\BHDrvx64.sys [1874136 2016-11-07] (Symantec Corporation)
R1 ccSet_N360; C:\WINDOWS\system32\drivers\N360x64\1608010.00E\ccSetx64.sys [174328 2016-06-01] (Symantec Corporation)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-02-19] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-02-19] (Disc Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497368 2016-10-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156888 2016-10-04] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.7.0.76\Definitions\IPSDefs\20161207.001\IDSvia64.sys [1012952 2016-11-01] (Symantec Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R1 NetUtils2016; C:\WINDOWS\system32\drivers\NetUtils2016.sys [907160 2017-05-07] () <==== ATTENTION
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f37f8f12da8b10d7\nvlddmkm.sys [14574640 2017-03-17] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-02-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [46016 2017-02-23] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [59448 2017-03-16] (NVIDIA Corporation)
S3 ptun0901; C:\WINDOWS\System32\drivers\ptun0901.sys [27136 2016-06-15] (The OpenVPN Project)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [935168 2016-02-19] (Realtek                                            )
R3 RtlWlanu; C:\WINDOWS\System32\drivers\rtwlanu.sys [5195776 2016-07-16] (Realtek Semiconductor Corporation                           )
R3 SMUpdd; C:\Program Files\Common Files\Noobzo\GNUpdate\smw.sys [52992 2017-05-07] ()
S3 SRTSP; C:\WINDOWS\System32\Drivers\N360x64\1608010.00E\SRTSP64.SYS [784624 2016-11-11] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\N360x64\1608010.00E\SRTSPX64.SYS [49400 2016-11-11] (Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\N360x64\1608010.00E\SYMEFASI64.SYS [1628888 2016-11-11] (Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\N360x64\1608010.00E\SymELAM.sys [24192 2016-06-01] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [100592 2016-10-18] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\N360x64\1608010.00E\Ironx64.SYS [289520 2016-11-11] (Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\Drivers\N360x64\1608010.00E\SYMNETS.SYS [567512 2016-11-11] (Symantec Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S1 xuicnmxu; C:\WINDOWS\system32\drivers\xuicnmxu.sys [55168 2017-05-07] (Microsoft Corporation)
R5 drmkpro64;  <===== ATTENTION: Locked Service
S3 NAVENG; \??\C:\Program Files (x86)\Norton 360\NortonData\22.7.0.76\Definitions\SDSDefs\20161015.001\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton 360\NortonData\22.7.0.76\Definitions\SDSDefs\20161015.001\EX64.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-07 17:13 - 2017-05-07 17:13 - 00055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xuicnmxu.sys
2017-05-07 17:13 - 2017-05-07 17:13 - 00000000 ____D C:\FRST
2017-05-07 04:41 - 2017-05-07 16:54 - 00000000 ____D C:\Users\Michael\AppData\Local\llssoft
2017-05-07 04:40 - 2017-05-07 16:54 - 00000000 ____D C:\Users\Michael\AppData\Local\ntuserlitelist
2017-05-07 04:40 - 2017-05-07 16:42 - 00006610 _____ C:\WINDOWS\TEMPcoral.vbs
2017-05-07 04:35 - 2017-05-07 04:35 - 1500119368 _____ C:\WINDOWS\MEMORY.DMP
2017-05-07 04:35 - 2017-05-07 04:35 - 00545860 _____ C:\WINDOWS\Minidump\050717-8328-01.dmp
2017-05-07 04:35 - 2017-05-07 04:35 - 00000258 __RSH C:\Users\Michael\ntuser.pol
2017-05-07 04:35 - 2017-05-07 04:35 - 00000000 ____D C:\WINDOWS\Minidump
2017-05-07 04:33 - 2017-05-07 04:33 - 00002210 _____ C:\Users\Michael\Desktop\WeatherBuddy.lnk
2017-05-07 04:33 - 2017-05-07 04:33 - 00000062 _____ C:\WINDOWS\WeatherBuddy.INI
2017-05-07 04:33 - 2017-05-07 04:33 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WeatherBuddy
2017-05-07 04:33 - 2017-05-07 04:33 - 00000000 ____D C:\Users\Michael\AppData\Local\WeatherBuddy
2017-05-07 04:32 - 2017-05-07 04:41 - 00000269 _____ C:\WINDOWS\SysWOW64\lastupd.dat
2017-05-07 04:32 - 2017-05-07 04:32 - 07735337 _____ C:\WINDOWS\youtube-dl.exe
2017-05-07 04:31 - 2017-05-07 04:40 - 00000000 ____D C:\WINDOWS\SysWOW64\tmp
2017-05-07 04:31 - 2017-05-07 04:31 - 00000000 ____D C:\ProgramData\chocolatey
2017-05-07 04:30 - 2017-05-07 17:03 - 00001053 _____ C:\WINDOWS\SysWOW64\splsrv.exe
2017-05-07 04:30 - 2017-05-07 04:30 - 00003788 _____ C:\WINDOWS\System32\Tasks\SoftUpgrade
2017-05-07 04:30 - 2017-05-07 04:30 - 00001094 _____ C:\Users\Michael\Desktop\VA Downloader.lnk
2017-05-07 04:30 - 2017-05-07 04:30 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Itibiti
2017-05-07 04:30 - 2017-05-07 04:30 - 00000000 ____D C:\Users\Michael\AppData\Roaming\InterStat
2017-05-07 04:30 - 2017-05-07 04:30 - 00000000 ____D C:\Users\Michael\AppData\Local\wedooqr
2017-05-07 04:30 - 2017-05-07 04:30 - 00000000 ____D C:\Users\Michael\AppData\Local\VAB
2017-05-07 04:30 - 2017-05-07 04:30 - 00000000 ____D C:\Users\Michael\AppData\Local\CrashRpt
2017-05-07 04:30 - 2017-05-07 04:30 - 00000000 ____D C:\Program Files (x86)\SoftUpgrade
2017-05-07 04:30 - 2017-04-24 15:46 - 02679858 _____ C:\WINDOWS\SysWOW64\msblsn.exe
2017-05-07 04:30 - 2017-02-20 20:38 - 41569792 _____ C:\WINDOWS\ffmpeg.exe
2017-05-07 04:30 - 2017-02-20 20:38 - 00000003 _____ C:\WINDOWS\SysWOW64\delay.dat
2017-05-07 04:29 - 2017-05-07 04:29 - 00001188 _____ C:\Users\Public\Desktop\KNCTR.lnk
2017-05-07 04:29 - 2017-05-07 04:29 - 00000946 _____ C:\Users\Michael\Desktop\s5.lnk
2017-05-07 04:29 - 2017-05-07 04:29 - 00000000 ____D C:\Users\Michael\AppData\Roaming\c
2017-05-07 04:29 - 2017-05-07 04:29 - 00000000 ____D C:\Users\Michael\AppData\Local\woibe
2017-05-07 04:29 - 2017-05-07 04:29 - 00000000 ____D C:\Users\Michael\AppData\Local\AnonymizerLauncher
2017-05-07 04:29 - 2017-05-07 04:29 - 00000000 ____D C:\Users\Michael\.proxycheck
2017-05-07 04:29 - 2017-05-07 04:29 - 00000000 ____D C:\Users\Michael\.AnonymizerLauncher
2017-05-07 04:29 - 2017-05-07 04:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KNCTR
2017-05-07 04:29 - 2017-05-07 04:29 - 00000000 ____D C:\Program Files (x86)\s5
2017-05-07 04:29 - 2017-05-07 04:29 - 00000000 ____D C:\Program Files (x86)\Itibiti Soft Phone
2017-05-07 04:27 - 2017-05-07 04:35 - 00000308 _____ C:\WINDOWS\Tasks\System HealerStartUp.job
2017-05-07 04:27 - 2017-05-07 04:35 - 00000308 _____ C:\WINDOWS\Tasks\System HealerPeriod.job
2017-05-07 04:27 - 2017-05-07 04:35 - 00000000 ____D C:\Users\Michael\AppData\Roaming\System Healer
2017-05-07 04:27 - 2017-05-07 04:28 - 00000000 ____D C:\Program Files\HFTS9MAV3O
2017-05-07 04:27 - 2017-05-07 04:28 - 00000000 ____D C:\Program Files\FLCH12VZ1U
2017-05-07 04:27 - 2017-05-07 04:27 - 00320000 _____ (t ) C:\ProgramData\smp2.exe
2017-05-07 04:27 - 2017-05-07 04:27 - 00187904 _____ C:\WINDOWS\rsrcs.dll
2017-05-07 04:27 - 2017-05-07 04:27 - 00024494 _____ C:\WINDOWS\System32\Tasks\{7A0A0A47-0D0C-7F0F-0E11-797E0F091109}
2017-05-07 04:27 - 2017-05-07 04:27 - 00004426 _____ C:\WINDOWS\System32\Tasks\SMW_UpdateTask_Time_3834323432373730352d4a4a5b415a34782a456c375a
2017-05-07 04:27 - 2017-05-07 04:27 - 00004264 _____ C:\WINDOWS\System32\Tasks\SMW_P
2017-05-07 04:27 - 2017-05-07 04:27 - 00003686 _____ C:\WINDOWS\System32\Tasks\System Healer Task
2017-05-07 04:27 - 2017-05-07 04:27 - 00003440 _____ C:\WINDOWS\System32\Tasks\SystemHealer Run Delay
2017-05-07 04:27 - 2017-05-07 04:27 - 00003422 _____ C:\WINDOWS\System32\Tasks\AGProxyCheck
2017-05-07 04:27 - 2017-05-07 04:27 - 00003370 _____ C:\WINDOWS\System32\Tasks\SystemHealer Monitor
2017-05-07 04:27 - 2017-05-07 04:27 - 00002936 _____ C:\WINDOWS\System32\Tasks\System HealerPeriod
2017-05-07 04:27 - 2017-05-07 04:27 - 00002642 _____ C:\WINDOWS\System32\Tasks\System HealerStartUp
2017-05-07 04:27 - 2017-05-07 04:27 - 00001131 _____ C:\Users\Public\Desktop\Launch System Healer.lnk
2017-05-07 04:27 - 2017-05-07 04:27 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget
2017-05-07 04:27 - 2017-05-07 04:27 - 00000000 ____D C:\Users\Michael\AppData\Roaming\509172
2017-05-07 04:27 - 2017-05-07 04:27 - 00000000 ____D C:\Users\Michael\AppData\Roaming\470829
2017-05-07 04:27 - 2017-05-07 04:27 - 00000000 ____D C:\ProgramData\SearchModule
2017-05-07 04:27 - 2017-05-07 04:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer
2017-05-07 04:27 - 2017-05-07 04:27 - 00000000 ____D C:\ProgramData\dc2ef4c3-3a77-1
2017-05-07 04:27 - 2017-05-07 04:27 - 00000000 ____D C:\ProgramData\dc2ef4c3-25a5-0
2017-05-07 04:27 - 2017-05-07 04:27 - 00000000 ____D C:\Program Files\Common Files\Noobzo
2017-05-07 04:27 - 2017-05-07 04:27 - 00000000 ____D C:\Program Files (x86)\SystemHealer
2017-05-07 04:27 - 2017-05-07 04:27 - 00000000 ____D C:\Program Files (x86)\AnonymizerGadget
2017-05-07 04:26 - 2017-05-07 05:54 - 00000000 ____D C:\Program Files (x86)\Maskit
2017-05-07 04:26 - 2017-05-07 04:35 - 00624640 _____ C:\WINDOWS\system32\NetUtils2016.dll
2017-05-07 04:26 - 2017-05-07 04:35 - 00000332 _____ C:\WINDOWS\Tasks\Update Service for FF20459C-DA6E-41A7-80BC-8F4FEFD9C5752.job
2017-05-07 04:26 - 2017-05-07 04:35 - 00000332 _____ C:\WINDOWS\Tasks\Update Service for FF20459C-DA6E-41A7-80BC-8F4FEFD9C575.job
2017-05-07 04:26 - 2017-05-07 04:29 - 00000000 ____D C:\Program Files (x86)\PubHotspot
2017-05-07 04:26 - 2017-05-07 04:28 - 00000000 ____D C:\Program Files\X1X0AI23FB
2017-05-07 04:26 - 2017-05-07 04:28 - 00000000 ____D C:\Program Files\L7YTQ62C6R
2017-05-07 04:26 - 2017-05-07 04:28 - 00000000 ____D C:\Program Files\KR4QTZE11X
2017-05-07 04:26 - 2017-05-07 04:28 - 00000000 ____D C:\Program Files\JXC93Z2E4K
2017-05-07 04:26 - 2017-05-07 04:28 - 00000000 ____D C:\Program Files\CGTXB68X5M
2017-05-07 04:26 - 2017-05-07 04:28 - 00000000 ____D C:\Program Files\5Q003SABGP
2017-05-07 04:26 - 2017-05-07 04:28 - 00000000 ____D C:\Program Files (x86)\BeCleaner
2017-05-07 04:26 - 2017-05-07 04:27 - 00000000 ____D C:\WINDOWS\ainet
2017-05-07 04:26 - 2017-05-07 04:27 - 00000000 ____D C:\Users\Michael\AppData\Roaming\gplyra
2017-05-07 04:26 - 2017-05-07 04:27 - 00000000 ____D C:\Users\Michael\AppData\Roaming\AGData
2017-05-07 04:26 - 2017-05-07 04:27 - 00000000 ____D C:\Program Files\Z2IVQFBHBY
2017-05-07 04:26 - 2017-05-07 04:27 - 00000000 ____D C:\Program Files\BI6MLDKOL0
2017-05-07 04:26 - 2017-05-07 04:26 - 00907160 _____ C:\WINDOWS\system32\Drivers\NetUtils2016.sys
2017-05-07 04:26 - 2017-05-07 04:26 - 00140800 _____ C:\Users\Michael\AppData\Local\installer.dat
2017-05-07 04:26 - 2017-05-07 04:26 - 00042496 _____ (icaredigitalsolutions) C:\WINDOWS\act_win_2509.exe
2017-05-07 04:26 - 2017-05-07 04:26 - 00011568 _____ C:\Users\Michael\AppData\Local\InstallationConfiguration.xml
2017-05-07 04:26 - 2017-05-07 04:26 - 00003284 _____ C:\WINDOWS\System32\Tasks\HDWallPaper
2017-05-07 04:26 - 2017-05-07 04:26 - 00003036 _____ C:\WINDOWS\System32\Tasks\Update Service for FF20459C-DA6E-41A7-80BC-8F4FEFD9C5752
2017-05-07 04:26 - 2017-05-07 04:26 - 00002950 _____ C:\WINDOWS\System32\Tasks\MaskitAutorun
2017-05-07 04:26 - 2017-05-07 04:26 - 00002732 _____ C:\WINDOWS\System32\Tasks\Update Service for FF20459C-DA6E-41A7-80BC-8F4FEFD9C575
2017-05-07 04:26 - 2017-05-07 04:26 - 00001122 _____ C:\Users\Michael\Desktop\PubHotspot.lnk
2017-05-07 04:26 - 2017-05-07 04:26 - 00001119 _____ C:\Users\Public\Desktop\HDWallPaper.lnk
2017-05-07 04:26 - 2017-05-07 04:26 - 00001050 _____ C:\Users\Michael\Desktop\Play Warframe.lnk
2017-05-07 04:26 - 2017-05-07 04:26 - 00001044 _____ C:\Users\Michael\Desktop\Play WarThunder.lnk
2017-05-07 04:26 - 2017-05-07 04:26 - 00000258 __RSH C:\ProgramData\ntuser.pol
2017-05-07 04:26 - 2017-05-07 04:26 - 00000000 ____H C:\WINDOWS\system32\BIT91A1.tmp
2017-05-07 04:26 - 2017-05-07 04:26 - 00000000 ____D C:\WINDOWS\system32\sstmp
2017-05-07 04:26 - 2017-05-07 04:26 - 00000000 ____D C:\WINDOWS\net
2017-05-07 04:26 - 2017-05-07 04:26 - 00000000 ____D C:\Users\Michael\AppData\Roaming\HDWallPaper
2017-05-07 04:26 - 2017-05-07 04:26 - 00000000 ____D C:\Users\Michael\AppData\Roaming\854118
2017-05-07 04:26 - 2017-05-07 04:26 - 00000000 ____D C:\Users\Michael\AppData\Roaming\687187
2017-05-07 04:26 - 2017-05-07 04:26 - 00000000 ____D C:\Users\Michael\AppData\Roaming\361866
2017-05-07 04:26 - 2017-05-07 04:26 - 00000000 ____D C:\Users\Michael\AppData\Roaming\314273
2017-05-07 04:26 - 2017-05-07 04:26 - 00000000 ____D C:\Users\Michael\AppData\Roaming\301798
2017-05-07 04:26 - 2017-05-07 04:26 - 00000000 ____D C:\Users\Michael\AppData\Roaming\128623
2017-05-07 04:26 - 2017-05-07 04:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDWallPaper
2017-05-07 04:26 - 2017-05-07 04:26 - 00000000 ____D C:\Program Files (x86)\VKOKAdBlockUn
2017-05-07 04:26 - 2017-05-07 04:26 - 00000000 ____D C:\Program Files (x86)\VKOKAdBlockU
2017-05-07 04:26 - 2017-05-07 04:26 - 00000000 ____D C:\Program Files (x86)\HDWallPaper
2017-05-03 17:41 - 2017-05-04 03:26 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Factorio
2017-05-03 17:21 - 2017-05-03 17:21 - 00001041 _____ C:\Users\Public\Desktop\Factorio.lnk
2017-05-03 17:21 - 2017-05-03 17:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Factorio [GOG.com]
2017-05-03 17:11 - 2017-05-03 17:11 - 00619008 ____N C:\WINDOWS\system32\tprdpw64.exe
2017-04-23 23:39 - 2017-04-23 23:39 - 00000000 ____D C:\Users\Michael\Desktop\slot0002
2017-04-20 07:58 - 2017-04-20 07:58 - 00000000 ____D C:\Users\Michael\AppData\LocalLow\Unknown Worlds
2017-04-20 07:35 - 2017-04-20 07:35 - 00000202 _____ C:\Users\Michael\Desktop\Subnautica.url
2017-04-17 22:27 - 2017-04-17 22:27 - 00000000 ____D C:\Users\Michael\Documents\Eek
2017-04-17 22:27 - 2017-04-17 22:27 - 00000000 ____D C:\Users\Michael\AppData\LocalLow\Eek
2017-04-14 01:39 - 2017-04-14 01:39 - 00001396 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-04-14 01:39 - 2017-04-14 01:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-04-14 01:39 - 2017-04-14 01:39 - 00000000 ____D C:\Program Files\iPod
2017-04-14 01:39 - 2017-04-14 01:39 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2017-04-14 00:35 - 2017-04-14 00:35 - 00000104 _____ C:\Users\Michael\Desktop\YallDungeon.txt
2017-04-12 21:42 - 2017-04-12 21:42 - 00000053 _____ C:\Users\Michael\Desktop\info.txt
2017-04-12 20:38 - 2017-03-28 03:10 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-04-12 20:38 - 2017-03-28 03:10 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-04-12 20:38 - 2017-03-28 02:36 - 01617760 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-04-12 20:38 - 2017-03-28 02:36 - 01294688 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-04-12 20:38 - 2017-03-28 02:36 - 00565088 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-04-12 20:38 - 2017-03-28 02:36 - 00343904 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-04-12 20:38 - 2017-03-28 02:36 - 00142176 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-04-12 20:38 - 2017-03-28 02:35 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-04-12 20:38 - 2017-03-28 02:32 - 00198856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2017-04-12 20:38 - 2017-03-28 02:29 - 02213248 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-04-12 20:38 - 2017-03-28 02:28 - 07786336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-04-12 20:38 - 2017-03-28 02:28 - 00773720 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-04-12 20:38 - 2017-03-28 02:26 - 00603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2017-04-12 20:38 - 2017-03-28 02:26 - 00218520 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2017-04-12 20:38 - 2017-03-28 02:22 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-04-12 20:38 - 2017-03-28 02:21 - 00167848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2017-04-12 20:38 - 2017-03-28 02:20 - 01181024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-04-12 20:38 - 2017-03-28 02:20 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-04-12 20:38 - 2017-03-28 02:19 - 00601712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-04-12 20:38 - 2017-03-28 02:18 - 01705976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-04-12 20:38 - 2017-03-28 02:15 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-04-12 20:38 - 2017-03-28 02:12 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-04-12 20:38 - 2017-03-28 02:11 - 02187616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-04-12 20:38 - 2017-03-28 02:11 - 01860288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-04-12 20:38 - 2017-03-28 02:11 - 01738560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-04-12 20:38 - 2017-03-28 02:11 - 00402784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-04-12 20:38 - 2017-03-28 02:11 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-04-12 20:38 - 2017-03-28 02:10 - 07220184 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-04-12 20:38 - 2017-03-28 02:10 - 02758648 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-04-12 20:38 - 2017-03-28 02:10 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-04-12 20:38 - 2017-03-28 02:10 - 01157008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-04-12 20:38 - 2017-03-28 02:10 - 00178528 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll
2017-04-12 20:38 - 2017-03-28 02:10 - 00146776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-04-12 20:38 - 2017-03-28 02:09 - 02446704 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2017-04-12 20:38 - 2017-03-28 02:09 - 00682816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-04-12 20:38 - 2017-03-28 02:09 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-04-12 20:38 - 2017-03-28 02:09 - 00097128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Credentials.UI.CredentialPicker.dll
2017-04-12 20:38 - 2017-03-28 02:08 - 01267504 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2017-04-12 20:38 - 2017-03-28 02:08 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-04-12 20:38 - 2017-03-28 02:08 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-04-12 20:38 - 2017-03-28 02:07 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-04-12 20:38 - 2017-03-28 02:06 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-04-12 20:38 - 2017-03-28 02:05 - 22221368 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-04-12 20:38 - 2017-03-28 02:05 - 08168512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-04-12 20:38 - 2017-03-28 02:05 - 04260576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-04-12 20:38 - 2017-03-28 02:05 - 01988048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-04-12 20:38 - 2017-03-28 02:05 - 01848584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2017-04-12 20:38 - 2017-03-28 02:05 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-04-12 20:38 - 2017-03-28 02:05 - 01504056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-04-12 20:38 - 2017-03-28 02:05 - 01302136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-04-12 20:38 - 2017-03-28 02:05 - 01072248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-04-12 20:38 - 2017-03-28 02:04 - 05721808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-04-12 20:38 - 2017-03-28 02:04 - 02262776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-04-12 20:38 - 2017-03-28 02:04 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-04-12 20:38 - 2017-03-28 02:04 - 01431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-04-12 20:38 - 2017-03-28 02:04 - 01276760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-04-12 20:38 - 2017-03-28 02:04 - 00975744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-04-12 20:38 - 2017-03-28 02:04 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-04-12 20:38 - 2017-03-28 02:04 - 00277344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-04-12 20:38 - 2017-03-28 02:04 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-04-12 20:38 - 2017-03-28 02:04 - 00160088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2017-04-12 20:38 - 2017-03-28 02:04 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2017-04-12 20:38 - 2017-03-28 02:04 - 00116568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-04-12 20:38 - 2017-03-28 02:02 - 01980768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2017-04-12 20:38 - 2017-03-28 02:02 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2017-04-12 20:38 - 2017-03-28 02:02 - 00576408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-04-12 20:38 - 2017-03-28 02:00 - 01569184 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-04-12 20:38 - 2017-03-28 02:00 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-04-12 20:38 - 2017-03-28 01:59 - 06667520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-04-12 20:38 - 2017-03-28 01:59 - 04023008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-04-12 20:38 - 2017-03-28 01:59 - 02533728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-04-12 20:38 - 2017-03-28 01:58 - 20967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-04-12 20:38 - 2017-03-28 01:58 - 01851688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-04-12 20:38 - 2017-03-28 01:58 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-04-12 20:38 - 2017-03-28 01:58 - 01344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2017-04-12 20:38 - 2017-03-28 01:58 - 01277856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-04-12 20:38 - 2017-03-28 01:58 - 01202936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-04-12 20:38 - 2017-03-28 01:58 - 00981888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-04-12 20:38 - 2017-03-28 01:58 - 00961192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-04-12 20:38 - 2017-03-28 01:58 - 00387872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-04-12 20:38 - 2017-03-28 01:58 - 00372440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2017-04-12 20:38 - 2017-03-28 01:53 - 01414728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-04-12 20:38 - 2017-03-28 01:53 - 00545944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-04-12 20:38 - 2017-03-28 01:52 - 00306800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2017-04-12 20:38 - 2017-03-28 01:48 - 05685760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-04-12 20:38 - 2017-03-28 01:44 - 07216640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-04-12 20:38 - 2017-03-28 01:42 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-04-12 20:38 - 2017-03-28 01:42 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2017-04-12 20:38 - 2017-03-28 01:41 - 00372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-04-12 20:38 - 2017-03-28 01:41 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-04-12 20:38 - 2017-03-28 01:40 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2017-04-12 20:38 - 2017-03-28 01:40 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll
2017-04-12 20:38 - 2017-03-28 01:40 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-04-12 20:38 - 2017-03-28 01:39 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Radios.dll
2017-04-12 20:38 - 2017-03-28 01:39 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-04-12 20:38 - 2017-03-28 01:38 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-04-12 20:38 - 2017-03-28 01:38 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll
2017-04-12 20:38 - 2017-03-28 01:38 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-04-12 20:38 - 2017-03-28 01:38 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-04-12 20:38 - 2017-03-28 01:38 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2017-04-12 20:38 - 2017-03-28 01:37 - 22568960 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-04-12 20:38 - 2017-03-28 01:37 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp
2017-04-12 20:38 - 2017-03-28 01:37 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apds.dll
2017-04-12 20:38 - 2017-03-28 01:37 - 00177664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2017-04-12 20:38 - 2017-03-28 01:37 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2017-04-12 20:38 - 2017-03-28 01:37 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll
2017-04-12 20:38 - 2017-03-28 01:37 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.SystemManagement.dll
2017-04-12 20:38 - 2017-03-28 01:37 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManagerProxy.dll
2017-04-12 20:38 - 2017-03-28 01:37 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-04-12 20:38 - 2017-03-28 01:37 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-04-12 20:38 - 2017-03-28 01:37 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DdcWnsListener.dll
2017-04-12 20:38 - 2017-03-28 01:36 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ipsecsnp.dll
2017-04-12 20:38 - 2017-03-28 01:36 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-04-12 20:38 - 2017-03-28 01:36 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2017-04-12 20:38 - 2017-03-28 01:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpRelayTransport.dll
2017-04-12 20:38 - 2017-03-28 01:36 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinRtTracing.dll
2017-04-12 20:38 - 2017-03-28 01:36 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SerialCommunication.dll
2017-04-12 20:38 - 2017-03-28 01:36 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-04-12 20:38 - 2017-03-28 01:36 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2017-04-12 20:38 - 2017-03-28 01:36 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll
2017-04-12 20:38 - 2017-03-28 01:36 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.UserDeviceAssociation.dll
2017-04-12 20:38 - 2017-03-28 01:36 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicDisplay.sys
2017-04-12 20:38 - 2017-03-28 01:36 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-04-12 20:38 - 2017-03-28 01:36 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-04-12 20:38 - 2017-03-28 01:35 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-04-12 20:38 - 2017-03-28 01:35 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll
2017-04-12 20:38 - 2017-03-28 01:35 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.LowLevel.dll
2017-04-12 20:38 - 2017-03-28 01:35 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.XboxLive.Storage.dll
2017-04-12 20:38 - 2017-03-28 01:35 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-04-12 20:38 - 2017-03-28 01:35 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-04-12 20:38 - 2017-03-28 01:35 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2017-04-12 20:38 - 2017-03-28 01:35 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2017-04-12 20:38 - 2017-03-28 01:35 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-04-12 20:38 - 2017-03-28 01:35 - 00156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.Client.dll
2017-04-12 20:38 - 2017-03-28 01:35 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll
2017-04-12 20:38 - 2017-03-28 01:35 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.SystemManagement.dll
2017-04-12 20:38 - 2017-03-28 01:35 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2017-04-12 20:38 - 2017-03-28 01:35 - 00113152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Lights.dll
2017-04-12 20:38 - 2017-03-28 01:35 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-04-12 20:38 - 2017-03-28 01:35 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll
2017-04-12 20:38 - 2017-03-28 01:35 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Printers.dll
2017-04-12 20:38 - 2017-03-28 01:34 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2017-04-12 20:38 - 2017-03-28 01:34 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp
2017-04-12 20:38 - 2017-03-28 01:34 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.SyncEngine.dll
2017-04-12 20:38 - 2017-03-28 01:34 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-04-12 20:38 - 2017-03-28 01:34 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2017-04-12 20:38 - 2017-03-28 01:34 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_ClosedCaptioning.dll
2017-04-12 20:38 - 2017-03-28 01:34 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBroker.dll
2017-04-12 20:38 - 2017-03-28 01:34 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll
2017-04-12 20:38 - 2017-03-28 01:34 - 00113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll
2017-04-12 20:38 - 2017-03-28 01:34 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2017-04-12 20:38 - 2017-03-28 01:33 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll
2017-04-12 20:38 - 2017-03-28 01:33 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Import.dll
2017-04-12 20:38 - 2017-03-28 01:33 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-04-12 20:38 - 2017-03-28 01:33 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll
2017-04-12 20:38 - 2017-03-28 01:33 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.XboxLive.Storage.dll
2017-04-12 20:38 - 2017-03-28 01:33 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ipsmsnap.dll
2017-04-12 20:38 - 2017-03-28 01:33 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-04-12 20:38 - 2017-03-28 01:33 - 00265728 _____ C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll
2017-04-12 20:38 - 2017-03-28 01:33 - 00196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll
2017-04-12 20:38 - 2017-03-28 01:33 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinRtTracing.dll
2017-04-12 20:38 - 2017-03-28 01:33 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFi.dll
2017-04-12 20:38 - 2017-03-28 01:33 - 00182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceDirectoryClient.dll
2017-04-12 20:38 - 2017-03-28 01:33 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Core.dll
2017-04-12 20:38 - 2017-03-28 01:33 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2017-04-12 20:38 - 2017-03-28 01:33 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll
2017-04-12 20:38 - 2017-03-28 01:33 - 00082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.UserDeviceAssociation.dll
2017-04-12 20:38 - 2017-03-28 01:32 - 01243136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.FaceAnalysis.dll
2017-04-12 20:38 - 2017-03-28 01:32 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-04-12 20:38 - 2017-03-28 01:32 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.dll
2017-04-12 20:38 - 2017-03-28 01:32 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll
2017-04-12 20:38 - 2017-03-28 01:32 - 00386048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFiDirect.dll
2017-04-12 20:38 - 2017-03-28 01:32 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-04-12 20:38 - 2017-03-28 01:32 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2017-04-12 20:38 - 2017-03-28 01:32 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2017-04-12 20:38 - 2017-03-28 01:32 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-04-12 20:38 - 2017-03-28 01:32 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-04-12 20:38 - 2017-03-28 01:32 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2017-04-12 20:38 - 2017-03-28 01:32 - 00271360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2017-04-12 20:38 - 2017-03-28 01:32 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-04-12 20:38 - 2017-03-28 01:32 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WwaApi.dll
2017-04-12 20:38 - 2017-03-28 01:32 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vaultcli.dll
2017-04-12 20:38 - 2017-03-28 01:32 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2017-04-12 20:38 - 2017-03-28 01:32 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Radios.dll
2017-04-12 20:38 - 2017-03-28 01:32 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-04-12 20:38 - 2017-03-28 01:32 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2017-04-12 20:38 - 2017-03-28 01:32 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2017-04-12 20:38 - 2017-03-28 01:31 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-04-12 20:38 - 2017-03-28 01:31 - 00547840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Input.dll
2017-04-12 20:38 - 2017-03-28 01:31 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mbsmsapi.dll
2017-04-12 20:38 - 2017-03-28 01:31 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-04-12 20:38 - 2017-03-28 01:31 - 00418304 _____ C:\WINDOWS\system32\Windows.Perception.Stub.dll
2017-04-12 20:38 - 2017-03-28 01:31 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-04-12 20:38 - 2017-03-28 01:31 - 00390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2017-04-12 20:38 - 2017-03-28 01:31 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-04-12 20:38 - 2017-03-28 01:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.Phone.dll
2017-04-12 20:38 - 2017-03-28 01:31 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2017-04-12 20:38 - 2017-03-28 01:31 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-04-12 20:38 - 2017-03-28 01:31 - 00276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-04-12 20:38 - 2017-03-28 01:31 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2017-04-12 20:38 - 2017-03-28 01:31 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-04-12 20:38 - 2017-03-28 01:31 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-04-12 20:38 - 2017-03-28 01:31 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-04-12 20:38 - 2017-03-28 01:31 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SerialCommunication.dll
2017-04-12 20:38 - 2017-03-28 01:31 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Lights.dll
2017-04-12 20:38 - 2017-03-28 01:30 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebcamUi.dll
2017-04-12 20:38 - 2017-03-28 01:30 - 00819200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2017-04-12 20:38 - 2017-03-28 01:30 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NaturalLanguage6.dll
2017-04-12 20:38 - 2017-03-28 01:30 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sbe.dll
2017-04-12 20:38 - 2017-03-28 01:30 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-04-12 20:38 - 2017-03-28 01:30 - 00692224 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2017-04-12 20:38 - 2017-03-28 01:30 - 00651264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll
2017-04-12 20:38 - 2017-03-28 01:30 - 00568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.LowLevel.dll
2017-04-12 20:38 - 2017-03-28 01:30 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll
2017-04-12 20:38 - 2017-03-28 01:30 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-04-12 20:38 - 2017-03-28 01:30 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2017-04-12 20:38 - 2017-03-28 01:30 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll
2017-04-12 20:38 - 2017-03-28 01:30 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafpos.dll
2017-04-12 20:38 - 2017-03-28 01:30 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-04-12 20:38 - 2017-03-28 01:30 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-04-12 20:38 - 2017-03-28 01:29 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.dll
2017-04-12 20:38 - 2017-03-28 01:29 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Import.dll
2017-04-12 20:38 - 2017-03-28 01:29 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Ocr.dll
2017-04-12 20:38 - 2017-03-28 01:29 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-04-12 20:38 - 2017-03-28 01:29 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2017-04-12 20:38 - 2017-03-28 01:29 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2017-04-12 20:38 - 2017-03-28 01:29 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-04-12 20:38 - 2017-03-28 01:29 - 00379904 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2017-04-12 20:38 - 2017-03-28 01:29 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-04-12 20:38 - 2017-03-28 01:29 - 00314368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2017-04-12 20:38 - 2017-03-28 01:29 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-04-12 20:38 - 2017-03-28 01:29 - 00293888 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-04-12 20:38 - 2017-03-28 01:29 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-04-12 20:38 - 2017-03-28 01:29 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2017-04-12 20:38 - 2017-03-28 01:29 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2017-04-12 20:38 - 2017-03-28 01:29 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-04-12 20:38 - 2017-03-28 01:29 - 00238080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-04-12 20:38 - 2017-03-28 01:29 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2017-04-12 20:38 - 2017-03-28 01:29 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-04-12 20:38 - 2017-03-28 01:29 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-04-12 20:38 - 2017-03-28 01:29 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2017-04-12 20:38 - 2017-03-28 01:29 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-04-12 20:38 - 2017-03-28 01:28 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-04-12 20:38 - 2017-03-28 01:28 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-04-12 20:38 - 2017-03-28 01:28 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2017-04-12 20:38 - 2017-03-28 01:28 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll
2017-04-12 20:38 - 2017-03-28 01:28 - 00551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-04-12 20:38 - 2017-03-28 01:28 - 00500224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll
2017-04-12 20:38 - 2017-03-28 01:28 - 00456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-04-12 20:38 - 2017-03-28 01:28 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-04-12 20:38 - 2017-03-28 01:28 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-04-12 20:38 - 2017-03-28 01:28 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-04-12 20:38 - 2017-03-28 01:28 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Picker.dll
2017-04-12 20:38 - 2017-03-28 01:28 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-04-12 20:38 - 2017-03-28 01:28 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-04-12 20:38 - 2017-03-28 01:28 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2017-04-12 20:38 - 2017-03-28 01:27 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2017-04-12 20:38 - 2017-03-28 01:27 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2017-04-12 20:38 - 2017-03-28 01:27 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.PointOfService.dll
2017-04-12 20:38 - 2017-03-28 01:27 - 00671744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mbsmsapi.dll
2017-04-12 20:38 - 2017-03-28 01:27 - 00645120 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2017-04-12 20:38 - 2017-03-28 01:27 - 00472064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2017-04-12 20:38 - 2017-03-28 01:27 - 00441856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2017-04-12 20:38 - 2017-03-28 01:27 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-04-12 20:38 - 2017-03-28 01:27 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CryptoWinRT.dll
2017-04-12 20:38 - 2017-03-28 01:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WwaApi.dll
2017-04-12 20:38 - 2017-03-28 01:27 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-04-12 20:38 - 2017-03-28 01:26 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.3D.dll
2017-04-12 20:38 - 2017-03-28 01:26 - 01145344 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2017-04-12 20:38 - 2017-03-28 01:26 - 00642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll
2017-04-12 20:38 - 2017-03-28 01:26 - 00549376 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-04-12 20:38 - 2017-03-28 01:26 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll
2017-04-12 20:38 - 2017-03-28 01:26 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2017-04-12 20:38 - 2017-03-28 01:26 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2017-04-12 20:38 - 2017-03-28 01:26 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-04-12 20:38 - 2017-03-28 01:26 - 00284160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-04-12 20:38 - 2017-03-28 01:25 - 18364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-04-12 20:38 - 2017-03-28 01:25 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2017-04-12 20:38 - 2017-03-28 01:25 - 01196544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2017-04-12 20:38 - 2017-03-28 01:25 - 01010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-04-12 20:38 - 2017-03-28 01:25 - 00966144 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbe.dll
2017-04-12 20:38 - 2017-03-28 01:25 - 00963584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebcamUi.dll
2017-04-12 20:38 - 2017-03-28 01:25 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2017-04-12 20:38 - 2017-03-28 01:25 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-04-12 20:38 - 2017-03-28 01:25 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2017-04-12 20:38 - 2017-03-28 01:25 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-04-12 20:38 - 2017-03-28 01:24 - 19416576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-04-12 20:38 - 2017-03-28 01:24 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-04-12 20:38 - 2017-03-28 01:24 - 06288384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-04-12 20:38 - 2017-03-28 01:24 - 04614656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-04-12 20:38 - 2017-03-28 01:24 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2017-04-12 20:38 - 2017-03-28 01:24 - 00901120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2017-04-12 20:38 - 2017-03-28 01:24 - 00675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2017-04-12 20:38 - 2017-03-28 01:24 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-04-12 20:38 - 2017-03-28 01:23 - 09130496 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-04-12 20:38 - 2017-03-28 01:23 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-04-12 20:38 - 2017-03-28 01:23 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-04-12 20:38 - 2017-03-28 01:23 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-04-12 20:38 - 2017-03-28 01:23 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-04-12 20:38 - 2017-03-28 01:23 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2017-04-12 20:38 - 2017-03-28 01:23 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2017-04-12 20:38 - 2017-03-28 01:23 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManMigrationPlugin.dll
2017-04-12 20:38 - 2017-03-28 01:22 - 00516096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2017-04-12 20:38 - 2017-03-28 01:22 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTMediaFrame.dll
2017-04-12 20:38 - 2017-03-28 01:22 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2017-04-12 20:38 - 2017-03-28 01:22 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll
2017-04-12 20:38 - 2017-03-28 01:21 - 23681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-04-12 20:38 - 2017-03-28 01:21 - 03778048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-04-12 20:38 - 2017-03-28 01:21 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2017-04-12 20:38 - 2017-03-28 01:21 - 01403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll
2017-04-12 20:38 - 2017-03-28 01:21 - 01077760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll
2017-04-12 20:38 - 2017-03-28 01:21 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTMediaFrame.dll
2017-04-12 20:38 - 2017-03-28 01:21 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CastLaunch.dll
2017-04-12 20:38 - 2017-03-28 01:20 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-04-12 20:38 - 2017-03-28 01:20 - 01105408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll
2017-04-12 20:38 - 2017-03-28 01:20 - 00795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MiracastReceiver.dll
2017-04-12 20:38 - 2017-03-28 01:20 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-04-12 20:38 - 2017-03-28 01:20 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-04-12 20:38 - 2017-03-28 01:19 - 07655424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-04-12 20:38 - 2017-03-28 01:19 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-04-12 20:38 - 2017-03-28 01:19 - 00746496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2017-04-12 20:38 - 2017-03-28 01:19 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-04-12 20:38 - 2017-03-28 01:19 - 00442368 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-04-12 20:38 - 2017-03-28 01:19 - 00343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-04-12 20:38 - 2017-03-28 01:19 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2017-04-12 20:38 - 2017-03-28 01:19 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2017-04-12 20:38 - 2017-03-28 01:19 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2017-04-12 20:38 - 2017-03-28 01:19 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dialclient.dll
2017-04-12 20:38 - 2017-03-28 01:18 - 12181504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-04-12 20:38 - 2017-03-28 01:18 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-04-12 20:38 - 2017-03-28 01:18 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-04-12 20:38 - 2017-03-28 01:18 - 01078784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2017-04-12 20:38 - 2017-03-28 01:18 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2017-04-12 20:38 - 2017-03-28 01:17 - 13087232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-04-12 20:38 - 2017-03-28 01:17 - 06109696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-04-12 20:38 - 2017-03-28 01:17 - 05114368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2017-04-12 20:38 - 2017-03-28 01:17 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-04-12 20:38 - 2017-03-28 01:17 - 00895488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2017-04-12 20:38 - 2017-03-28 01:17 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2017-04-12 20:38 - 2017-03-28 01:17 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToReceiver.dll
2017-04-12 20:38 - 2017-03-28 01:17 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-04-12 20:38 - 2017-03-28 01:16 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2017-04-12 20:38 - 2017-03-28 01:16 - 01221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2017-04-12 20:38 - 2017-03-28 01:16 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2017-04-12 20:38 - 2017-03-28 01:16 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2017-04-12 20:38 - 2017-03-28 01:16 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll
2017-04-12 20:38 - 2017-03-28 01:16 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-04-12 20:38 - 2017-03-28 01:15 - 02390016 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-04-12 20:38 - 2017-03-28 01:15 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2017-04-12 20:38 - 2017-03-28 01:15 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2017-04-12 20:38 - 2017-03-28 01:15 - 00945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-04-12 20:38 - 2017-03-28 01:15 - 00937984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-04-12 20:38 - 2017-03-28 01:15 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2017-04-12 20:38 - 2017-03-28 01:15 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Geolocation.dll
2017-04-12 20:38 - 2017-03-28 01:15 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2017-04-12 20:38 - 2017-03-28 01:15 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2017-04-12 20:38 - 2017-03-28 01:14 - 08126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-04-12 20:38 - 2017-03-28 01:14 - 07468544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-04-12 20:38 - 2017-03-28 01:14 - 03520512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2017-04-12 20:38 - 2017-03-28 01:14 - 01692160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-04-12 20:38 - 2017-03-28 01:14 - 01643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2017-04-12 20:38 - 2017-03-28 01:14 - 01080320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Ocr.dll
2017-04-12 20:38 - 2017-03-28 01:14 - 00975872 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-04-12 20:38 - 2017-03-28 01:14 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-04-12 20:38 - 2017-03-28 01:14 - 00913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2017-04-12 20:38 - 2017-03-28 01:14 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-04-12 20:38 - 2017-03-28 01:14 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2017-04-12 20:38 - 2017-03-28 01:14 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-04-12 20:38 - 2017-03-28 01:14 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-04-12 20:38 - 2017-03-28 01:14 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Geolocation.dll
2017-04-12 20:38 - 2017-03-28 01:14 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2017-04-12 20:38 - 2017-03-28 01:14 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-04-12 20:38 - 2017-03-28 01:13 - 06045184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-04-12 20:38 - 2017-03-28 01:13 - 04596224 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2017-04-12 20:38 - 2017-03-28 01:13 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-04-12 20:38 - 2017-03-28 01:13 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-04-12 20:38 - 2017-03-28 01:13 - 02095616 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-04-12 20:38 - 2017-03-28 01:13 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Perception.dll
2017-04-12 20:38 - 2017-03-28 01:13 - 01359872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-04-12 20:38 - 2017-03-28 01:13 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2017-04-12 20:38 - 2017-03-28 01:13 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2017-04-12 20:38 - 2017-03-28 01:13 - 01040896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalLanguage6.dll
2017-04-12 20:38 - 2017-03-28 01:13 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-04-12 20:38 - 2017-03-28 01:13 - 00759296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-04-12 20:38 - 2017-03-28 01:13 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-04-12 20:38 - 2017-03-28 01:13 - 00611328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.dll
2017-04-12 20:38 - 2017-03-28 01:13 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
2017-04-12 20:38 - 2017-03-28 01:13 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-04-12 20:38 - 2017-03-28 01:12 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-04-12 20:38 - 2017-03-28 01:12 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2017-04-12 20:38 - 2017-03-28 01:12 - 02208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll
2017-04-12 20:38 - 2017-03-28 01:12 - 02026496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-04-12 20:38 - 2017-03-28 01:12 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-04-12 20:38 - 2017-03-28 01:12 - 01013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2017-04-12 20:38 - 2017-03-28 01:12 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2017-04-12 20:38 - 2017-03-28 01:12 - 00862208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-04-12 20:38 - 2017-03-28 01:12 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2017-04-12 20:38 - 2017-03-28 01:12 - 00827904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-04-12 20:38 - 2017-03-28 01:12 - 00691200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-04-12 20:38 - 2017-03-28 01:12 - 00654336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2017-04-12 20:38 - 2017-03-28 01:12 - 00620544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-04-12 20:38 - 2017-03-28 01:12 - 00598528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2017-04-12 20:38 - 2017-03-28 01:12 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-04-12 20:38 - 2017-03-28 01:12 - 00542208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2017-04-12 20:38 - 2017-03-28 01:12 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2017-04-12 20:38 - 2017-03-28 01:12 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
2017-04-12 20:38 - 2017-03-28 01:11 - 02994176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-04-12 20:38 - 2017-03-28 01:11 - 02914816 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-04-12 20:38 - 2017-03-28 01:11 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-04-12 20:38 - 2017-03-28 01:11 - 01981440 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-04-12 20:38 - 2017-03-28 01:11 - 01600000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-04-12 20:38 - 2017-03-28 01:11 - 01576448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2017-04-12 20:38 - 2017-03-28 01:11 - 01275392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2017-04-12 20:38 - 2017-03-28 01:11 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll
2017-04-12 20:38 - 2017-03-28 01:11 - 00765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2017-04-12 20:38 - 2017-03-28 01:11 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2017-04-12 20:38 - 2017-03-28 01:10 - 08076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-04-12 20:38 - 2017-03-28 01:10 - 02483200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-04-12 20:38 - 2017-03-28 01:10 - 02424320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Perception.dll
2017-04-12 20:38 - 2017-03-28 01:10 - 02316288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-04-12 20:38 - 2017-03-28 01:10 - 01783296 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-04-12 20:38 - 2017-03-28 01:10 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-04-12 20:38 - 2017-03-28 01:10 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2017-04-12 20:38 - 2017-03-28 01:10 - 01424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2017-04-12 20:38 - 2017-03-28 01:10 - 01266176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2017-04-12 20:38 - 2017-03-28 01:10 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-04-12 20:38 - 2017-03-28 01:10 - 00875520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-04-12 20:38 - 2017-03-28 01:10 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2017-04-12 20:38 - 2017-03-28 01:10 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-04-12 20:38 - 2017-03-28 01:09 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-04-12 20:38 - 2017-03-28 01:09 - 03106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2017-04-12 20:38 - 2017-03-28 01:09 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-04-12 20:38 - 2017-03-28 01:09 - 01369088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll
2017-04-12 20:38 - 2017-03-28 01:09 - 01328640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2017-04-12 20:38 - 2017-03-28 01:09 - 01131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-04-12 20:38 - 2017-03-28 01:09 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-04-12 20:38 - 2017-03-28 01:09 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-04-12 20:38 - 2017-03-28 01:08 - 03612672 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-04-12 20:38 - 2017-03-28 01:08 - 03542016 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2017-04-12 20:38 - 2017-03-28 01:08 - 02895872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-04-12 20:38 - 2017-03-28 01:08 - 01564160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-04-12 20:38 - 2017-03-28 01:08 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2017-04-12 20:38 - 2017-03-28 01:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RADCUI.dll
2017-04-12 20:38 - 2017-03-28 01:08 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2017-04-12 20:38 - 2017-03-28 01:07 - 00908800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2017-04-12 20:38 - 2017-03-28 01:07 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2017-04-12 20:38 - 2017-03-28 01:07 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2017-04-12 20:38 - 2017-03-28 01:06 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-04-12 20:38 - 2017-03-28 01:06 - 00999424 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-04-12 20:38 - 2017-03-28 01:06 - 00924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2017-04-12 20:38 - 2017-03-28 01:05 - 01633792 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-04-12 20:38 - 2017-03-28 00:48 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-04-12 20:38 - 2017-03-18 12:50 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-04-12 20:38 - 2017-03-18 12:35 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-04-12 20:38 - 2017-03-16 00:47 - 00038768 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompPkgSup.dll
2017-04-12 20:38 - 2017-03-16 00:38 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CompPkgSup.dll
2017-04-09 05:47 - 2017-04-09 05:47 - 00000000 ____D C:\Users\Michael\AppData\Local\TslGame
2017-04-09 05:04 - 2017-04-09 05:04 - 00000202 _____ C:\Users\Michael\Desktop\PLAYERUNKNOWN'S BATTLEGROUNDS.url
2017-04-08 21:22 - 2017-04-08 21:22 - 00000000 ____D C:\Users\Michael\Documents\Paradox Interactive
2017-04-08 21:20 - 2017-04-08 21:20 - 00000740 _____ C:\Users\Michael\Desktop\Stellaris Utopia.lnk
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-07 16:58 - 2016-11-20 03:19 - 00000000 ____D C:\Users\Michael\AppData\LocalLow\Mozilla
2017-05-07 16:45 - 2016-09-26 10:46 - 00000000 ____D C:\ProgramData\NVIDIA
2017-05-07 06:18 - 2016-09-26 10:47 - 00000000 ____D C:\Users\Michael
2017-05-07 06:07 - 2016-09-26 10:46 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-05-07 04:42 - 2015-07-17 14:27 - 02053764 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-05-07 04:35 - 2016-09-26 10:50 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-05-07 04:35 - 2016-07-16 07:45 - 00000000 ____D C:\WINDOWS\INF
2017-05-07 04:27 - 2016-02-21 23:48 - 00000000 ____D C:\Users\Michael\AppData\Local\CrashDumps
2017-05-07 04:26 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2017-05-07 03:18 - 2016-02-19 00:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-05-06 21:31 - 2016-07-16 07:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-06 21:31 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-05-06 21:30 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-05-06 21:30 - 2016-07-16 07:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-05-03 17:18 - 2016-02-19 15:36 - 00000000 ____D C:\Users\Michael\AppData\Local\Packages
2017-04-28 20:48 - 2016-06-22 22:39 - 00000000 ____D C:\Users\Michael\AppData\Roaming\RenPy
2017-04-28 11:16 - 2016-02-19 12:56 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Origin
2017-04-28 11:16 - 2016-02-19 12:46 - 00000000 ____D C:\ProgramData\Origin
2017-04-28 02:26 - 2016-12-18 03:43 - 00003710 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3037864898-947855696-3704173322-1002UA1d2590276127909
2017-04-28 02:26 - 2016-12-18 03:43 - 00003442 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3037864898-947855696-3704173322-1002Core1d25902760b51af
2017-04-23 03:11 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\rescache
2017-04-18 15:29 - 2016-04-18 00:05 - 00000000 ____D C:\Users\Michael\AppData\Roaming\BitTorrent
2017-04-17 22:08 - 2016-02-19 01:56 - 00000925 _____ C:\Users\Michael\Desktop\BitTorrent.lnk
2017-04-14 19:04 - 2016-09-26 10:46 - 00203224 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-04-14 19:04 - 2015-07-17 14:23 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-04-14 06:42 - 2016-07-16 02:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-04-14 06:41 - 2016-07-16 07:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-04-14 06:41 - 2016-07-16 07:47 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-04-14 06:41 - 2016-07-16 07:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-04-14 06:41 - 2016-07-16 07:47 - 00000000 ___RD C:\Program Files\Windows Defender
2017-04-14 06:41 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2017-04-14 06:41 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\setup
2017-04-14 06:41 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-04-14 06:41 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-04-14 06:41 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-04-14 06:41 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-04-14 06:41 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-04-14 06:41 - 2016-07-16 02:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-04-14 01:39 - 2016-05-17 23:57 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-04-14 00:59 - 2016-02-19 02:17 - 148601744 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-04-14 00:59 - 2016-02-19 02:17 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-04-12 20:17 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-04-12 20:17 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-04-09 05:47 - 2017-02-16 22:19 - 00000000 ____D C:\Users\Michael\AppData\Local\UnrealEngine
2017-04-09 05:47 - 2016-10-07 23:35 - 00000000 ____D C:\ProgramData\Package Cache
2017-04-08 21:12 - 2016-12-07 21:16 - 00532136 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
 
==================== Files in the root of some directories =======
 
2017-05-07 04:26 - 2017-05-07 04:26 - 0011568 _____ () C:\Users\Michael\AppData\Local\InstallationConfiguration.xml
2017-05-07 04:26 - 2017-05-07 04:26 - 0140800 _____ () C:\Users\Michael\AppData\Local\installer.dat
2017-05-07 04:27 - 2017-05-07 04:27 - 0320000 _____ (t ) C:\ProgramData\smp2.exe
 
Files to move or delete:
====================
C:\Program Files (x86)\Itibiti Soft Phone\ItibitiLauncher.exe
C:\ProgramData\smp2.exe
 
 
Some files in TEMP:
====================
2017-05-07 04:26 - 2017-05-07 04:26 - 0501318 _____ (Leading2Apps                                                ) C:\Users\Michael\AppData\Local\Temp\1MVXZXK.exe
2017-05-07 04:32 - 2017-05-07 04:32 - 5984770 _____ () C:\Users\Michael\AppData\Local\Temp\65072C46746E3C1E69EBB5236C243F1F.exe
2017-05-07 04:26 - 2017-05-07 04:26 - 0931704 _____ () C:\Users\Michael\AppData\Local\Temp\AnonymizerGadgetSetup.1.000.1680.exe
2017-02-16 15:41 - 2017-02-16 15:41 - 0694720 _____ (Disc Soft Ltd.) C:\Users\Michael\AppData\Local\Temp\dt_743B.tmp.exe
2017-05-07 04:26 - 2017-05-07 04:26 - 0601557 _____ (                                                            ) C:\Users\Michael\AppData\Local\Temp\global_installer (1).exe
2017-05-07 04:26 - 2017-05-07 04:26 - 0601557 _____ (                                                            ) C:\Users\Michael\AppData\Local\Temp\global_installer.exe
2017-05-07 04:26 - 2017-05-07 04:26 - 0425674 _____ (WeMonetize                                                  ) C:\Users\Michael\AppData\Local\Temp\HDVND8X.exe
2017-05-07 04:26 - 2017-05-07 04:26 - 0922904 _____ (Star Line                                                   ) C:\Users\Michael\AppData\Local\Temp\mktus.exe
2017-02-12 03:49 - 2016-12-29 08:43 - 0860776 _____ (NVIDIA Corporation) C:\Users\Michael\AppData\Local\Temp\nvSCPAPI64.dll
2017-03-20 16:58 - 2016-12-29 08:43 - 0351680 _____ (NVIDIA Corporation) C:\Users\Michael\AppData\Local\Temp\nvStInst.exe
2017-05-05 10:33 - 2017-05-05 10:33 - 2988888 _____ (IT Genius) C:\Users\Michael\AppData\Local\Temp\Qzs7zE4N-prog.exe
2017-05-05 10:33 - 2017-05-05 10:33 - 3190104 _____ (Lead IT) C:\Users\Michael\AppData\Local\Temp\RcWQlI5g-prog.exe
2017-05-05 10:33 - 2017-05-05 10:33 - 0140872 _____ () C:\Users\Michael\AppData\Local\Temp\RcWQlI5g-upd.exe
2017-05-07 04:26 - 2017-05-07 04:26 - 3941934 _____ (ussupport.club                                              ) C:\Users\Michael\AppData\Local\Temp\setup.exe
2017-05-07 04:26 - 2017-05-07 04:26 - 1636266 _____ () C:\Users\Michael\AppData\Local\Temp\vk_ok_adblock.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-05-03 19:32
 
==================== End of FRST.txt ============================
 
Again thank you for the future help anyone can provide, it will be much appreciated!!!!

Attached Files



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:13 PM

Posted 08 May 2017 - 07:24 PM

Welcome :)

  • Please download Malwarebytes Anti-Rootkit and save the file to your Desktop.
  • Right-Click MBAR.exe and select AVOiBNU.jpgRun as administrator to run the installer.
  • Select your Desktop as the location to extract the contents and click OK. The programme should open upon completion.
  • Click Next, followed by Update. Upon update completion, click Next.
  • Ensure Drivers, Sectors & System are checked and click Scan.
  • Note: Do not use your computer during the scan.
  • Upon completion:
    • If no infection is found, close the MBAR window.
    • If an infection is found, ensure Create Restore Point is checked and click Cleanup. Reboot when prompted.
  • Two logs (mbar-log.txt and system-log.txt) will be created. Copy the contents of both logs and paste in your next reply. Both logs can be found in the MBAR folder.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 halosldr

halosldr
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:13 PM

Posted 08 May 2017 - 09:17 PM

Thank you for you response, I am at work right now and when I get done at 7AM EST I will go home and run these tests.



#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:13 PM

Posted 08 May 2017 - 11:56 PM

Ok. :)


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 halosldr

halosldr
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:13 PM

Posted 09 May 2017 - 06:23 PM

Hello again, I have ran Malwarebytes (started it before I left work and it was still scanning).  It has had multiple hits so far for malware.  When I get home I will run the cleanup and then post the logs you requested.  Thanks for your help so far!



#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:13 PM

Posted 09 May 2017 - 06:29 PM

Will be waiting. :thumbup2:


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 halosldr

halosldr
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:13 PM

Posted 10 May 2017 - 06:19 PM

Ran MBAR with no issues.  I can tell it has gotten rid of a lot of the malware (computer is actually usable now) that was installed but theres still several programs that are on here that are not supposed to be here.  Also I was able to find the system log (which is attached here) but I looked everywhere in the mbar folder and could not find the mbar log. 

 

Attached Files



#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:13 PM

Posted 10 May 2017 - 07:46 PM

Remove Itibiti RTC from your programs.

 

 

  • Highlight the entire content of the quote box below.

 

Start::  
HKU\S-1-5-21-3037864898-947855696-3704173322-1002\...\MountPoints2: {0e2679d7-d73f-11e5-9bcc-f832e4be051c} - "F:\setup.exe"
HKU\S-1-5-21-3037864898-947855696-3704173322-1002\...\MountPoints2: {9f554524-f0f7-11e6-9c05-f832e4be051c} - "E:\setup.exe"
HKU\S-1-5-21-3037864898-947855696-3704173322-1002\...\Run: [8KQDUQEFT9E1FV2] => C:\Program Files\Z2IVQFBHBY\Z2IVQFBHB.exe [1208320 2017-05-07] (MDJ)
HKU\S-1-5-21-3037864898-947855696-3704173322-1002\...\Run: [KGCKT1V3I9T89XY] => C:\Program Files\BI6MLDKOL0\BI6MLDKOL.exe [1208320 2017-05-07] (MDJ)
HKU\S-1-5-21-3037864898-947855696-3704173322-1002\...\Run: [659320] => C:\Users\Michael\AppData\Roaming\854118\78245.exe [7680 2017-05-07] (Mitch)
HKU\S-1-5-21-3037864898-947855696-3704173322-1002\...\Run: [C001N2XBQ421F6A] => C:\Program Files\X1X0AI23FB\X1X0AI23F.exe [1208320 2017-05-07] (MDJ)
HKU\S-1-5-21-3037864898-947855696-3704173322-1002\...\Run: [196272] => C:\Users\Michael\AppData\Roaming\128623\721805.exe [7680 2017-05-07] (Mitch)
HKU\S-1-5-21-3037864898-947855696-3704173322-1002\...\Run: [B8CLIUFECBNF4B7] => C:\Program Files\5Q003SABGP\5Q003SABG.exe [1208320 2017-05-07] (MDJ)
HKU\S-1-5-21-3037864898-947855696-3704173322-1002\...\Run: [DT8W58D8G67XOXA] => C:\Program Files\JXC93Z2E4K\JXC93Z2E4.exe [1208320 2017-05-07] (MDJ)
HKU\S-1-5-21-3037864898-947855696-3704173322-1002\...\Run: [851100] => C:\Users\Michael\AppData\Roaming\361866\352032.exe [7680 2017-05-07] (Mitch)
HKU\S-1-5-21-3037864898-947855696-3704173322-1002\...\Run: [294384] => C:\Users\Michael\AppData\Roaming\314273\27705.exe [7680 2017-05-07] (Mitch)
HKU\S-1-5-21-3037864898-947855696-3704173322-1002\...\Run: [12SB4ARB0B8BWOL] => C:\Program Files (x86)\BeCleaner\8FYLH.exe [1208320 2017-05-07] (MDJ)
HKU\S-1-5-21-3037864898-947855696-3704173322-1002\...\Run: [980460] => C:\Users\Michael\AppData\Roaming\301798\516728.exe [7680 2017-05-07] (Mitch)
HKU\S-1-5-21-3037864898-947855696-3704173322-1002\...\Run: [5IHPV93TR5M1TZ0] => C:\Program Files\L7YTQ62C6R\L7YTQ62C6.exe [1208320 2017-05-07] (MDJ)
HKU\S-1-5-21-3037864898-947855696-3704173322-1002\...\Run: [158866] => C:\Users\Michael\AppData\Roaming\687187\625762.exe [7680 2017-05-07] (Mitch)
HKU\S-1-5-21-3037864898-947855696-3704173322-1002\...\Run: [9GI8O8GFPXWV6X6] => C:\Program Files\CGTXB68X5M\CGTXB68X5.exe [1208320 2017-05-07] (MDJ)
HKU\S-1-5-21-3037864898-947855696-3704173322-1002\...\Run: [FB3X9Y8ROHY2Q35] => C:\Program Files\KR4QTZE11X\KR4QTZE11.exe [1208320 2017-05-07] (MDJ)
HKU\S-1-5-21-3037864898-947855696-3704173322-1002\...\Run: [528300] => C:\Users\Michael\AppData\Roaming\509172\101424.exe [7680 2017-05-07] (Mitch)
HKU\S-1-5-21-3037864898-947855696-3704173322-1002\...\Run: [UEU8L5M6C96MGQL] => C:\Program Files (x86)\PubHotspot\R2NUI.exe [1208320 2017-05-07] (MDJ)
HKU\S-1-5-21-3037864898-947855696-3704173322-1002\...\Run: [193507] => C:\Users\Michael\AppData\Roaming\470829\544915.exe [7680 2017-05-07] (Mitch)
HKU\S-1-5-21-3037864898-947855696-3704173322-1002\...\Run: [4WJ2N61NQR98RXO] => C:\Program Files\FLCH12VZ1U\FLCH12VZ1.exe [1208320 2017-05-07] (MDJ)
HKU\S-1-5-21-3037864898-947855696-3704173322-1002\...\Run: [7O3MTAA2WIV15JC] => C:\Program Files\HFTS9MAV3O\HFTS9MAV3.exe [1208320 2017-05-07] (MDJ)
C:\Users\Michael\AppData\Roaming\687187
C:\Program Files\FLCH12VZ1U
C:\Program Files\HFTS9MAV3O
C:\Program Files\L7YTQ62C6R
C:\Users\Michael\AppData\Roaming\470829
C:\Program Files (x86)\PubHotspot
C:\Users\Michael\AppData\Roaming\509172
C:\Program Files\KR4QTZE11X
C:\Program Files\CGTXB68X5M
C:\Users\Michael\AppData\Roaming\687187
C:\Program Files\KR4QTZE11X
C:\Users\Michael\AppData\Roaming\301798
C:\Program Files (x86)\BeCleaner
C:\Program Files\X1X0AI23FB
C:\Program Files\BI6MLDKOL0
C:\Users\Michael\AppData\Roaming\854118
C:\Program Files\X1X0AI23FB
C:\Users\Michael\AppData\Roaming\128623
C:\Program Files\5Q003SABGP
C:\Program Files\JXC93Z2E4K
C:\Users\Michael\AppData\Roaming\361866
C:\Users\Michael\AppData\Roaming\314273
C:\Program Files\Z2IVQFBHBY
C:\Users\Michael\AppData\Roaming\gplyra
HKLM\...\Run: [gplyra] => C:\Users\Michael\AppData\Roaming\gplyra\gplyra\start.cmd [216 2017-01-10] ()
HKU\S-1-5-21-3037864898-947855696-3704173322-1002\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\ItibitiLauncher.exe [2637824 2016-09-08] () <===== ATTENTION
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WeatherBuddy.lnk [2017-05-07] <===== ATTENTION
ShortcutTarget: WeatherBuddy.lnk -> C:\Users\Michael\AppData\Local\WeatherBuddy\WeatherBuddy.exe (ELLS LLC) <===== ATTENTION
GroupPolicy: Restriction - Windows Defender <======= ATTENTION
S2 CORE Software Updater; C:\WINDOWS\SysWOW64\msblsn.exe [2679858 2017-04-24] () [File not signed] <==== ATTENTION
R2 Dataup; C:\Users\Michael\AppData\Local\ntuserlitelist\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
R2 SMUpd; C:\Program Files\Common Files\Noobzo\GNUpdate\smu.exe [2989056 2017-05-07] (Search Module Ltd.) [File not signed] <==== ATTENTION
R2 windowsmanagementservice; C:\Users\Michael\AppData\Local\wedooqr\ct.exe [651776 2017-05-04] (ct Corp.) [File not signed] <==== ATTENTION
R1 NetUtils2016; C:\WINDOWS\system32\drivers\NetUtils2016.sys [907160 2017-05-07] () <==== ATTENTION
R5 drmkpro64;  <===== ATTENTION: Locked Service
AnonymizerGadget (HKU\S-1-5-21-3037864898-947855696-3704173322-1002\...\AnonymizerGadget) (Version: 1 - Jetico lim) <==== ATTENTION
HDWallPaper 1.0 (HKLM-x32\...\HDWallPaper_is1) (Version: 1.0.0.90 - HDWallPaper) <==== ATTENTION
InterStat (HKU\S-1-5-21-3037864898-947855696-3704173322-1002\...\InterStat) (Version: 1.0 - InterStat) <==== ATTENTION
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden <==== ATTENTION
KNCTR (HKLM-x32\...\Itibiti_is1) (Version:  - Itibiti Inc.) <==== ATTENTION
PubHotspot version 1.0 (HKLM-x32\...\PubHotspot_is1) (Version: 1.0 - Leading2Apps) <==== ATTENTION
s5m (HKLM-x32\...\s5m) (Version: 2.0.2 - s5m) <==== ATTENTION
Search module (HKLM-x32\...\Search module) (Version:  - Goobzo) <==== ATTENTION
System Healer (HKLM-x32\...\SystemHealer) (Version: 4.4.0.3 - SystemHealer) <==== ATTENTION
VAB Downloader (HKLM-x32\...\VAB) (Version: 1.5 - DST/RBL Tech) <==== ATTENTION
VKOKAdBlock (HKLM-x32\...\FF20459C-DA6E-41A7-80BC-8F4FEFD9C575) (Version: 2.0.0.202 - Company Inc.) <==== ATTENTION
Task: {23A639FE-FC59-4D07-BEC3-CCA9A01BF0C8} - System32\Tasks\System Healer Task => C:\Program Files (x86)\SystemHealer\RescueMonitor.exe [2016-12-26] () <==== ATTENTION
Task: {413B94E9-6DB6-4DBE-A527-02EE1C919EDD} - System32\Tasks\System HealerPeriod => C:\Program Files (x86)\SystemHealer\SystemHealer.exe [2016-12-26] () <==== ATTENTION
Task: {4905ABDE-E090-44D4-ADD2-B7483C63B65A} - System32\Tasks\HDWallPaper => C:\Program Files (x86)\HDWallPaper\HDWallPaper.exe [2017-04-10] (HDWallPaper) <==== ATTENTION
Task: {50E48559-2EFC-48CD-854C-2A314167BBCB} - System32\Tasks\SMW_UpdateTask_Time_3834323432373730352d4a4a5b415a34782a456c375a => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {5D67080B-C9FD-4FE7-BB1A-C64589F0D73D} - System32\Tasks\SMW_P => C:\ProgramData\smp2.exe [2017-05-07] (t ) <==== ATTENTION
Task: {5E753376-BCB0-40EB-82EF-3E2D6AD75596} - System32\Tasks\SystemHealer Run Delay => C:\Program Files (x86)\SystemHealer\SystemHealer.exe [2016-12-26] () <==== ATTENTION
Task: {63A06BDC-F472-4BED-B7DC-14AE2FE92701} - \Norton 360\Norton Error Processor -> No File <==== ATTENTION
Task: {72300999-4C25-4DE7-8C09-440C6103070F} - \Norton 360\Norton Error Analyzer -> No File <==== ATTENTION
Task: {748AE305-EF4E-4A34-A826-D710E42F3D56} - System32\Tasks\SoftUpgrade => C:\Program Files (x86)\SoftUpgrade\softup.exe [2017-05-05] () <==== ATTENTION
Task: {7AE76384-DD9F-46C5-BB15-CBB42FCEE8AE} - System32\Tasks\Update Service for FF20459C-DA6E-41A7-80BC-8F4FEFD9C5752 => Rundll32.exe "C:\Program Files (x86)\VKOKAdBlockU\ez06LEC.dll",#1 <==== ATTENTION
Task: {9414BFBA-194D-4DCC-B4D9-68DD2CE3FD7A} - System32\Tasks\{7A0A0A47-0D0C-7F0F-0E11-797E0F091109} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand IAAgACAAIAA7ACAAIAA7ACAAOwAgADsAOwA7ADsAIAA7ADsAIAAgACAAOwA7ADsAOwA7ACAAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQA (the data entry has 10008 more characters). <==== ATTENTION
Task: {C48BE41A-CAB5-447B-BA7F-3CD7718C929A} - System32\Tasks\System HealerStartUp => C:\Program Files (x86)\SystemHealer\SystemHealer.exe [2016-12-26] () <==== ATTENTION
Task: {C5EC80A8-6EFA-41C2-A460-B71218E17B63} - System32\Tasks\SystemHealer Monitor => C:\Program Files (x86)\SystemHealer\HealerConsole.exe [2016-12-26] () <==== ATTENTION
Task: {D972D6D3-C66B-4B19-9883-9EE7CE467D96} - \Norton 360\Norton Autofix -> No File <==== ATTENTION
Task: {E4F9572C-A962-4313-9AA6-4838AA474D96} - System32\Tasks\Update Service for FF20459C-DA6E-41A7-80BC-8F4FEFD9C575 => Rundll32.exe "C:\Program Files (x86)\VKOKAdBlockU\ez06LEC.dll",#1 <==== ATTENTION
Task: C:\WINDOWS\Tasks\System HealerPeriod.job =>  <==== ATTENTION
Task: C:\WINDOWS\Tasks\System HealerStartUp.job => C:\Program Files (x86)\SystemHealer\SystemHealer.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Update Service for FF20459C-DA6E-41A7-80BC-8F4FEFD9C575.job => C:\Program Files (x86)\VKOKAdBlockU\ez06LEC.dll <==== ATTENTION
Task: C:\WINDOWS\Tasks\Update Service for FF20459C-DA6E-41A7-80BC-8F4FEFD9C5752.job => C:\Program Files (x86)\VKOKAdBlockU\ez06LEC.dll <==== ATTENTION
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.8.0.50\buShell.dll -> No File
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.8.0.50\buShell.dll -> No File
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.8.0.50\buShell.dll -> No File
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.8.0.50\coIEPlg.dll => No File
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.8.0.50\coIEPlg.dll => No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.8.0.50\coIEPlg.dll No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.8.0.50\coIEPlg.dll No File
CustomCLSID: HKU\S-1-5-21-3037864898-947855696-3704173322-1002_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3037864898-947855696-3704173322-1002_Classes\CLSID\{8A589AFF-8DA8-49C5-B89B-20C9DF31F2B7}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.30.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3037864898-947855696-3704173322-1002_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3037864898-947855696-3704173322-1002_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.32.8\psuser_64.dll => No File
Task: {63A06BDC-F472-4BED-B7DC-14AE2FE92701} - \Norton 360\Norton Error Processor -> No File <==== ATTENTION
Task: {72300999-4C25-4DE7-8C09-440C6103070F} - \Norton 360\Norton Error Analyzer -> No File <==== ATTENTION
Task: {D972D6D3-C66B-4B19-9883-9EE7CE467D96} - \Norton 360\Norton Autofix -> No File <==== ATTENTION
C:\Users\Michael\AppData\Roaming\854118
C:\Users\Michael\AppData\Roaming\128623
C:\Users\Michael\AppData\Roaming\361866
C:\Users\Michael\AppData\Roaming\314273
C:\Users\Michael\AppData\Roaming\301798
C:\Users\Michael\AppData\Roaming\687187
C:\Users\Michael\AppData\Roaming\509172
C:\Users\Michael\AppData\Roaming\470829
2017-05-07 04:26 - 2017-05-07 04:26 - 0011568 _____ () C:\Users\Michael\AppData\Local\InstallationConfiguration.xml
2017-05-07 04:26 - 2017-05-07 04:26 - 0140800 _____ () C:\Users\Michael\AppData\Local\installer.dat
2017-05-07 04:27 - 2017-05-07 04:27 - 0320000 _____ (t ) C:\ProgramData\smp2.exe
C:\Program Files (x86)\Itibiti Soft Phone
C:\ProgramData\smp2.exe
2017-05-07 04:26 - 2017-05-07 04:26 - 0501318 _____ (Leading2Apps                                                ) C:\Users\Michael\AppData\Local\Temp\1MVXZXK.exe
2017-05-07 04:32 - 2017-05-07 04:32 - 5984770 _____ () C:\Users\Michael\AppData\Local\Temp\65072C46746E3C1E69EBB5236C243F1F.exe
2017-05-07 04:26 - 2017-05-07 04:26 - 0931704 _____ () C:\Users\Michael\AppData\Local\Temp\AnonymizerGadgetSetup.1.000.1680.exe
2017-02-16 15:41 - 2017-02-16 15:41 - 0694720 _____ (Disc Soft Ltd.) C:\Users\Michael\AppData\Local\Temp\dt_743B.tmp.exe
2017-05-07 04:26 - 2017-05-07 04:26 - 0601557 _____ (                                                            ) C:\Users\Michael\AppData\Local\Temp\global_installer (1).exe
2017-05-07 04:26 - 2017-05-07 04:26 - 0601557 _____ (                                                            ) C:\Users\Michael\AppData\Local\Temp\global_installer.exe
2017-05-07 04:26 - 2017-05-07 04:26 - 0425674 _____ (WeMonetize                                                  ) C:\Users\Michael\AppData\Local\Temp\HDVND8X.exe
2017-05-07 04:26 - 2017-05-07 04:26 - 0922904 _____ (Star Line                                                   ) C:\Users\Michael\AppData\Local\Temp\mktus.exe
2017-02-12 03:49 - 2016-12-29 08:43 - 0860776 _____ (NVIDIA Corporation) C:\Users\Michael\AppData\Local\Temp\nvSCPAPI64.dll
2017-03-20 16:58 - 2016-12-29 08:43 - 0351680 _____ (NVIDIA Corporation) C:\Users\Michael\AppData\Local\Temp\nvStInst.exe
2017-05-05 10:33 - 2017-05-05 10:33 - 2988888 _____ (IT Genius) C:\Users\Michael\AppData\Local\Temp\Qzs7zE4N-prog.exe
2017-05-05 10:33 - 2017-05-05 10:33 - 3190104 _____ (Lead IT) C:\Users\Michael\AppData\Local\Temp\RcWQlI5g-prog.exe
2017-05-05 10:33 - 2017-05-05 10:33 - 0140872 _____ () C:\Users\Michael\AppData\Local\Temp\RcWQlI5g-upd.exe
2017-05-07 04:26 - 2017-05-07 04:26 - 3941934 _____ (ussupport.club                                              ) C:\Users\Michael\AppData\Local\Temp\setup.exe
2017-05-07 04:26 - 2017-05-07 04:26 - 1636266 _____ () C:\Users\Michael\AppData\Local\Temp\vk_ok_adblock.exe
2017-05-07 17:13 - 2017-05-07 17:13 - 00055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xuicnmxu.sys
2017-05-07 04:41 - 2017-05-07 16:54 - 00000000 ____D C:\Users\Michael\AppData\Local\llssoft
2017-05-07 04:40 - 2017-05-07 16:54 - 00000000 ____D C:\Users\Michael\AppData\Local\ntuserlitelist
2017-05-07 04:40 - 2017-05-07 16:42 - 00006610 _____ C:\WINDOWS\TEMPcoral.vbs
2017-05-07 04:35 - 2017-05-07 04:35 - 1500119368 _____ C:\WINDOWS\MEMORY.DMP
2017-05-07 04:35 - 2017-05-07 04:35 - 00545860 _____ C:\WINDOWS\Minidump\050717-8328-01.dmp
2017-05-07 04:35 - 2017-05-07 04:35 - 00000258 __RSH C:\Users\Michael\ntuser.pol
2017-05-07 04:35 - 2017-05-07 04:35 - 00000000 ____D C:\WINDOWS\Minidump
2017-05-07 04:33 - 2017-05-07 04:33 - 00002210 _____ C:\Users\Michael\Desktop\WeatherBuddy.lnk
2017-05-07 04:33 - 2017-05-07 04:33 - 00000062 _____ C:\WINDOWS\WeatherBuddy.INI
2017-05-07 04:33 - 2017-05-07 04:33 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WeatherBuddy
2017-05-07 04:33 - 2017-05-07 04:33 - 00000000 ____D C:\Users\Michael\AppData\Local\WeatherBuddy
2017-05-07 04:32 - 2017-05-07 04:41 - 00000269 _____ C:\WINDOWS\SysWOW64\lastupd.dat
2017-05-07 04:32 - 2017-05-07 04:32 - 07735337 _____ C:\WINDOWS\youtube-dl.exe
2017-05-07 04:31 - 2017-05-07 04:40 - 00000000 ____D C:\WINDOWS\SysWOW64\tmp
2017-05-07 04:31 - 2017-05-07 04:31 - 00000000 ____D C:\ProgramData\chocolatey
2017-05-07 04:30 - 2017-05-07 17:03 - 00001053 _____ C:\WINDOWS\SysWOW64\splsrv.exe
2017-05-07 04:30 - 2017-05-07 04:30 - 00003788 _____ C:\WINDOWS\System32\Tasks\SoftUpgrade
2017-05-07 04:30 - 2017-05-07 04:30 - 00001094 _____ C:\Users\Michael\Desktop\VA Downloader.lnk
2017-05-07 04:30 - 2017-05-07 04:30 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Itibiti
2017-05-07 04:30 - 2017-05-07 04:30 - 00000000 ____D C:\Users\Michael\AppData\Roaming\InterStat
2017-05-07 04:30 - 2017-05-07 04:30 - 00000000 ____D C:\Users\Michael\AppData\Local\wedooqr
2017-05-07 04:30 - 2017-05-07 04:30 - 00000000 ____D C:\Users\Michael\AppData\Local\VAB
2017-05-07 04:30 - 2017-05-07 04:30 - 00000000 ____D C:\Users\Michael\AppData\Local\CrashRpt
2017-05-07 04:30 - 2017-05-07 04:30 - 00000000 ____D C:\Program Files (x86)\SoftUpgrade
2017-05-07 04:30 - 2017-04-24 15:46 - 02679858 _____ C:\WINDOWS\SysWOW64\msblsn.exe
2017-05-07 04:30 - 2017-02-20 20:38 - 41569792 _____ C:\WINDOWS\ffmpeg.exe
2017-05-07 04:30 - 2017-02-20 20:38 - 00000003 _____ C:\WINDOWS\SysWOW64\delay.dat
2017-05-07 04:29 - 2017-05-07 04:29 - 00001188 _____ C:\Users\Public\Desktop\KNCTR.lnk
2017-05-07 04:29 - 2017-05-07 04:29 - 00000946 _____ C:\Users\Michael\Desktop\s5.lnk
2017-05-07 04:29 - 2017-05-07 04:29 - 00000000 ____D C:\Users\Michael\AppData\Roaming\c
2017-05-07 04:29 - 2017-05-07 04:29 - 00000000 ____D C:\Users\Michael\AppData\Local\woibe
2017-05-07 04:29 - 2017-05-07 04:29 - 00000000 ____D C:\Users\Michael\AppData\Local\AnonymizerLauncher
2017-05-07 04:29 - 2017-05-07 04:29 - 00000000 ____D C:\Users\Michael\.proxycheck
2017-05-07 04:29 - 2017-05-07 04:29 - 00000000 ____D C:\Users\Michael\.AnonymizerLauncher
2017-05-07 04:29 - 2017-05-07 04:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KNCTR
2017-05-07 04:29 - 2017-05-07 04:29 - 00000000 ____D C:\Program Files (x86)\s5
2017-05-07 04:29 - 2017-05-07 04:29 - 00000000 ____D C:\Program Files (x86)\Itibiti Soft Phone
2017-05-07 04:27 - 2017-05-07 04:35 - 00000308 _____ C:\WINDOWS\Tasks\System HealerStartUp.job
2017-05-07 04:27 - 2017-05-07 04:35 - 00000308 _____ C:\WINDOWS\Tasks\System HealerPeriod.job
2017-05-07 04:27 - 2017-05-07 04:35 - 00000000 ____D C:\Users\Michael\AppData\Roaming\System Healer
2017-05-07 04:27 - 2017-05-07 04:28 - 00000000 ____D C:\Program Files\HFTS9MAV3O
2017-05-07 04:27 - 2017-05-07 04:28 - 00000000 ____D C:\Program Files\FLCH12VZ1U
2017-05-07 04:27 - 2017-05-07 04:27 - 00320000 _____ (t ) C:\ProgramData\smp2.exe
2017-05-07 04:27 - 2017-05-07 04:27 - 00187904 _____ C:\WINDOWS\rsrcs.dll
2017-05-07 04:27 - 2017-05-07 04:27 - 00024494 _____ C:\WINDOWS\System32\Tasks\{7A0A0A47-0D0C-7F0F-0E11-797E0F091109}
2017-05-07 04:27 - 2017-05-07 04:27 - 00004426 _____ C:\WINDOWS\System32\Tasks\SMW_UpdateTask_Time_3834323432373730352d4a4a5b415a34782a456c375a
2017-05-07 04:27 - 2017-05-07 04:27 - 00004264 _____ C:\WINDOWS\System32\Tasks\SMW_P
2017-05-07 04:27 - 2017-05-07 04:27 - 00003686 _____ C:\WINDOWS\System32\Tasks\System Healer Task
2017-05-07 04:27 - 2017-05-07 04:27 - 00003440 _____ C:\WINDOWS\System32\Tasks\SystemHealer Run Delay
2017-05-07 04:27 - 2017-05-07 04:27 - 00003422 _____ C:\WINDOWS\System32\Tasks\AGProxyCheck
2017-05-07 04:27 - 2017-05-07 04:27 - 00003370 _____ C:\WINDOWS\System32\Tasks\SystemHealer Monitor
2017-05-07 04:27 - 2017-05-07 04:27 - 00002936 _____ C:\WINDOWS\System32\Tasks\System HealerPeriod
2017-05-07 04:27 - 2017-05-07 04:27 - 00002642 _____ C:\WINDOWS\System32\Tasks\System HealerStartUp
2017-05-07 04:27 - 2017-05-07 04:27 - 00001131 _____ C:\Users\Public\Desktop\Launch System Healer.lnk
2017-05-07 04:27 - 2017-05-07 04:27 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget
2017-05-07 04:27 - 2017-05-07 04:27 - 00000000 ____D C:\Users\Michael\AppData\Roaming\509172
2017-05-07 04:27 - 2017-05-07 04:27 - 00000000 ____D C:\Users\Michael\AppData\Roaming\470829
2017-05-07 04:27 - 2017-05-07 04:27 - 00000000 ____D C:\ProgramData\SearchModule
2017-05-07 04:27 - 2017-05-07 04:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer
2017-05-07 04:27 - 2017-05-07 04:27 - 00000000 ____D C:\ProgramData\dc2ef4c3-3a77-1
2017-05-07 04:27 - 2017-05-07 04:27 - 00000000 ____D C:\ProgramData\dc2ef4c3-25a5-0
2017-05-07 04:27 - 2017-05-07 04:27 - 00000000 ____D C:\Program Files\Common Files\Noobzo
2017-05-07 04:27 - 2017-05-07 04:27 - 00000000 ____D C:\Program Files (x86)\SystemHealer
2017-05-07 04:27 - 2017-05-07 04:27 - 00000000 ____D C:\Program Files (x86)\AnonymizerGadget
2017-05-07 04:26 - 2017-05-07 05:54 - 00000000 ____D C:\Program Files (x86)\Maskit
2017-05-07 04:26 - 2017-05-07 04:35 - 00624640 _____ C:\WINDOWS\system32\NetUtils2016.dll
2017-05-07 04:26 - 2017-05-07 04:35 - 00000332 _____ C:\WINDOWS\Tasks\Update Service for FF20459C-DA6E-41A7-80BC-8F4FEFD9C5752.job
2017-05-07 04:26 - 2017-05-07 04:35 - 00000332 _____ C:\WINDOWS\Tasks\Update Service for FF20459C-DA6E-41A7-80BC-8F4FEFD9C575.job
2017-05-07 04:26 - 2017-05-07 04:29 - 00000000 ____D C:\Program Files (x86)\PubHotspot
2017-05-07 04:26 - 2017-05-07 04:28 - 00000000 ____D C:\Program Files\X1X0AI23FB
2017-05-07 04:26 - 2017-05-07 04:28 - 00000000 ____D C:\Program Files\L7YTQ62C6R
2017-05-07 04:26 - 2017-05-07 04:28 - 00000000 ____D C:\Program Files\KR4QTZE11X
2017-05-07 04:26 - 2017-05-07 04:28 - 00000000 ____D C:\Program Files\JXC93Z2E4K
2017-05-07 04:26 - 2017-05-07 04:28 - 00000000 ____D C:\Program Files\CGTXB68X5M
2017-05-07 04:26 - 2017-05-07 04:28 - 00000000 ____D C:\Program Files\5Q003SABGP
2017-05-07 04:26 - 2017-05-07 04:28 - 00000000 ____D C:\Program Files (x86)\BeCleaner
2017-05-07 04:26 - 2017-05-07 04:27 - 00000000 ____D C:\WINDOWS\ainet
2017-05-07 04:26 - 2017-05-07 04:27 - 00000000 ____D C:\Users\Michael\AppData\Roaming\gplyra
2017-05-07 04:26 - 2017-05-07 04:27 - 00000000 ____D C:\Users\Michael\AppData\Roaming\AGData
2017-05-07 04:26 - 2017-05-07 04:27 - 00000000 ____D C:\Program Files\Z2IVQFBHBY
2017-05-07 04:26 - 2017-05-07 04:27 - 00000000 ____D C:\Program Files\BI6MLDKOL0
2017-05-07 04:26 - 2017-05-07 04:26 - 00907160 _____ C:\WINDOWS\system32\Drivers\NetUtils2016.sys
2017-05-07 04:26 - 2017-05-07 04:26 - 00140800 _____ C:\Users\Michael\AppData\Local\installer.dat
2017-05-07 04:26 - 2017-05-07 04:26 - 00042496 _____ (icaredigitalsolutions) C:\WINDOWS\act_win_2509.exe
2017-05-07 04:26 - 2017-05-07 04:26 - 00011568 _____ C:\Users\Michael\AppData\Local\InstallationConfiguration.xml
2017-05-07 04:26 - 2017-05-07 04:26 - 00003284 _____ C:\WINDOWS\System32\Tasks\HDWallPaper
2017-05-07 04:26 - 2017-05-07 04:26 - 00003036 _____ C:\WINDOWS\System32\Tasks\Update Service for FF20459C-DA6E-41A7-80BC-8F4FEFD9C5752
2017-05-07 04:26 - 2017-05-07 04:26 - 00002950 _____ C:\WINDOWS\System32\Tasks\MaskitAutorun
2017-05-07 04:26 - 2017-05-07 04:26 - 00002732 _____ C:\WINDOWS\System32\Tasks\Update Service for FF20459C-DA6E-41A7-80BC-8F4FEFD9C575
2017-05-07 04:26 - 2017-05-07 04:26 - 00001122 _____ C:\Users\Michael\Desktop\PubHotspot.lnk
2017-05-07 04:26 - 2017-05-07 04:26 - 00001119 _____ C:\Users\Public\Desktop\HDWallPaper.lnk
2017-05-07 04:26 - 2017-05-07 04:26 - 00001050 _____ C:\Users\Michael\Desktop\Play Warframe.lnk
2017-05-07 04:26 - 2017-05-07 04:26 - 00001044 _____ C:\Users\Michael\Desktop\Play WarThunder.lnk
2017-05-07 04:26 - 2017-05-07 04:26 - 00000258 __RSH C:\ProgramData\ntuser.pol
2017-05-07 04:26 - 2017-05-07 04:26 - 00000000 ____H C:\WINDOWS\system32\BIT91A1.tmp
2017-05-07 04:26 - 2017-05-07 04:26 - 00000000 ____D C:\WINDOWS\system32\sstmp
2017-05-07 04:26 - 2017-05-07 04:26 - 00000000 ____D C:\WINDOWS\net
2017-05-07 04:26 - 2017-05-07 04:26 - 00000000 ____D C:\Users\Michael\AppData\Roaming\HDWallPaper
2017-05-07 04:26 - 2017-05-07 04:26 - 00000000 ____D C:\Users\Michael\AppData\Roaming\854118
2017-05-07 04:26 - 2017-05-07 04:26 - 00000000 ____D C:\Users\Michael\AppData\Roaming\687187
2017-05-07 04:26 - 2017-05-07 04:26 - 00000000 ____D C:\Users\Michael\AppData\Roaming\361866
2017-05-07 04:26 - 2017-05-07 04:26 - 00000000 ____D C:\Users\Michael\AppData\Roaming\314273
2017-05-07 04:26 - 2017-05-07 04:26 - 00000000 ____D C:\Users\Michael\AppData\Roaming\301798
2017-05-07 04:26 - 2017-05-07 04:26 - 00000000 ____D C:\Users\Michael\AppData\Roaming\128623
2017-05-07 04:26 - 2017-05-07 04:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDWallPaper
2017-05-07 04:26 - 2017-05-07 04:26 - 00000000 ____D C:\Program Files (x86)\VKOKAdBlockUn
2017-05-07 04:26 - 2017-05-07 04:26 - 00000000 ____D C:\Program Files (x86)\VKOKAdBlockU
2017-05-07 04:26 - 2017-05-07 04:26 - 00000000 ____D C:\Program Files (x86)\HDWallPaper
2017-05-03 17:41 - 2017-05-04 03:26 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Factorio
2017-05-03 17:21 - 2017-05-03 17:21 - 00001041 _____ C:\Users\Public\Desktop\Factorio.lnk
2017-05-03 17:21 - 2017-05-03 17:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Factorio [GOG.com]
2017-05-03 17:11 - 2017-05-03 17:11 - 00619008 ____N C:\WINDOWS\system32\tprdpw64.exe
HKU\S-1-5-21-3037864898-947855696-3704173322-1002\...\Run: [659320] => C:\Users\Michael\AppData\Roaming\854118\78245.exe [7680 2017-05-07] (Mitch)
HKU\S-1-5-21-3037864898-947855696-3704173322-1002\...\Run: [196272] => C:\Users\Michael\AppData\Roaming\128623\721805.exe [7680 2017-05-07] (Mitch)
HKU\S-1-5-21-3037864898-947855696-3704173322-1002\...\Run: [851100] => C:\Users\Michael\AppData\Roaming\361866\352032.exe [7680 2017-05-07] (Mitch)
HKU\S-1-5-21-3037864898-947855696-3704173322-1002\...\Run: [294384] => C:\Users\Michael\AppData\Roaming\314273\27705.exe [7680 2017-05-07] (Mitch)
HKU\S-1-5-21-3037864898-947855696-3704173322-1002\...\Run: [980460] => C:\Users\Michael\AppData\Roaming\301798\516728.exe [7680 2017-05-07] (Mitch)
HKU\S-1-5-21-3037864898-947855696-3704173322-1002\...\Run: [158866] => C:\Users\Michael\AppData\Roaming\687187\625762.exe [7680 2017-05-07] (Mitch)
HKU\S-1-5-21-3037864898-947855696-3704173322-1002\...\Run: [528300] => C:\Users\Michael\AppData\Roaming\509172\101424.exe [7680 2017-05-07] (Mitch)
HKU\S-1-5-21-3037864898-947855696-3704173322-1002\...\Run: [193507] => C:\Users\Michael\AppData\Roaming\470829\544915.exe [7680 2017-05-07] (Mitch)
2017-05-07 04:26 - 2017-05-07 04:26 - 0501318 _____ (Leading2Apps                                                ) C:\Users\Michael\AppData\Local\Temp\1MVXZXK.exe
2017-05-07 04:32 - 2017-05-07 04:32 - 5984770 _____ () C:\Users\Michael\AppData\Local\Temp\65072C46746E3C1E69EBB5236C243F1F.exe
2017-05-07 04:26 - 2017-05-07 04:26 - 0931704 _____ () C:\Users\Michael\AppData\Local\Temp\AnonymizerGadgetSetup.1.000.1680.exe
2017-02-16 15:41 - 2017-02-16 15:41 - 0694720 _____ (Disc Soft Ltd.) C:\Users\Michael\AppData\Local\Temp\dt_743B.tmp.exe
2017-05-07 04:26 - 2017-05-07 04:26 - 0601557 _____ (                                                            ) C:\Users\Michael\AppData\Local\Temp\global_installer (1).exe
2017-05-07 04:26 - 2017-05-07 04:26 - 0601557 _____ (                                                            ) C:\Users\Michael\AppData\Local\Temp\global_installer.exe
2017-05-07 04:26 - 2017-05-07 04:26 - 0425674 _____ (WeMonetize                                                  ) C:\Users\Michael\AppData\Local\Temp\HDVND8X.exe
2017-05-07 04:26 - 2017-05-07 04:26 - 0922904 _____ (Star Line                                                   ) C:\Users\Michael\AppData\Local\Temp\mktus.exe
2017-02-12 03:49 - 2016-12-29 08:43 - 0860776 _____ (NVIDIA Corporation) C:\Users\Michael\AppData\Local\Temp\nvSCPAPI64.dll
2017-03-20 16:58 - 2016-12-29 08:43 - 0351680 _____ (NVIDIA Corporation) C:\Users\Michael\AppData\Local\Temp\nvStInst.exe
2017-05-05 10:33 - 2017-05-05 10:33 - 2988888 _____ (IT Genius) C:\Users\Michael\AppData\Local\Temp\Qzs7zE4N-prog.exe
2017-05-05 10:33 - 2017-05-05 10:33 - 3190104 _____ (Lead IT) C:\Users\Michael\AppData\Local\Temp\RcWQlI5g-prog.exe
2017-05-05 10:33 - 2017-05-05 10:33 - 0140872 _____ () C:\Users\Michael\AppData\Local\Temp\RcWQlI5g-upd.exe
2017-05-07 04:26 - 2017-05-07 04:26 - 3941934 _____ (ussupport.club                                              ) C:\Users\Michael\AppData\Local\Temp\setup.exe
2017-05-07 04:26 - 2017-05-07 04:26 - 1636266 _____ () C:\Users\Michael\AppData\Local\Temp\vk_ok_adblock.exe
C:\Windows\SysWOW64\tmp\xf32.exe
2017-05-07 04:31 - 2017-05-07 04:40 - 00000000 ____D C:\WINDOWS\SysWOW64\tmp
2017-05-07 04:26 - 2017-05-07 04:26 - 00000000 ____H C:\WINDOWS\system32\BIT91A1.tmp
2017-05-07 04:26 - 2017-05-07 04:26 - 00000000 ____D C:\WINDOWS\system32\sstmp
2017-02-16 15:41 - 2017-02-16 15:41 - 0694720 _____ (Disc Soft Ltd.) C:\Users\Michael\AppData\Local\Temp\dt_743B.tmp.exe
2017-05-07 04:40 - 2017-05-07 04:59 - 03482367 _____ () C:\Windows\SysWOW64\tmp\xf32.exe
2017-05-07 04:40 - 2017-05-07 04:40 - 00471040 _____ () C:\WINDOWS\TEMP\mrt1E9B.tmp\mmfs2.dll
2017-05-07 04:40 - 2017-05-07 04:40 - 00122880 _____ () C:\WINDOWS\TEMP\mrt1E9B.tmp\Instance Communicator.mfx
2017-05-07 04:40 - 2017-05-07 04:40 - 01128960 _____ () C:\WINDOWS\TEMP\mrt1E9B.tmp\mmf2d3d9.dll
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden <==== ATTENTION
RemoveProxy:
HOSTS:
R5 drmkpro64;  <===== ATTENTION: Locked Service
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
End::
 

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

Please download Junkware Removal Tool to your Desktop.

  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.

Download AdwCleaner from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

iO5EZayK.png


  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this

adwcleaner_delete_restart.jpg


  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 halosldr

halosldr
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:13 PM

Posted 11 May 2017 - 04:40 PM

Everything done as requested and logs attached, thanks man!  Will be standing by for what is next.

Attached Files



#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:13 PM

Posted 11 May 2017 - 07:17 PM

That was a great fix.
 
 One more scan:

favicon-32x32.png Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • Once the program has fully updated, Proceed with the Scan options and select "Threat Scan".
  • The Scan Pane is the introduction to scan-related options in the program. When you click Scan in the Menu Pane, you will see the screen shown below.
02-malwarebytes-premium-scan-methods.jpg
  • After a scan has been executed, scan results are displayed.
  • Put a checkmark on all detected and click on "Quarantine Selected"
  • Selected reports may be viewed on screen, or exported to a text file for later viewing. Please note that only manual (on demand) scans are available for users of the free version of Malwarebytes.
You may export to your clipboard or to a text (TXT) file. Export to a .txt file and post its contents.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 halosldr

halosldr
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:13 PM

Posted 11 May 2017 - 07:19 PM

Ok I am going to jump on the infected computer now and do as requested.



#12 halosldr

halosldr
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:13 PM

Posted 11 May 2017 - 07:29 PM

Report as requested

Attached Files



#13 halosldr

halosldr
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:13 PM

Posted 11 May 2017 - 07:37 PM

FYI I did another Malwarebytes scan after the initial one found threats and quarantined them.  Report came back zero threats found and so far computer is acting normal.  I am going to wait for your all clear before i use it like normal again though.



#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:13 PM

Posted 11 May 2017 - 09:08 PM

Congratulations. :)

I believe is all clear.

Lets remove the diagnostics tools we have used. Some of them will remain as Malwarebytes Antimalware. It will be up to you to keep. The rest are updated on a daily basis, so there is no need to keep.

Please download DelFix by Xplode and save to your Desktop.

  • Double-click on delfix.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator.
  • Put a check mark next to these items:
    - Remove disinfection tools
    - Create registry backup
    delfix.jpg
    .
  • Click the "Run" button.
  • When the tool has finished, it will create and open a log report (DelFix.txt)

Always keep an antivirus active and updated.

Best regards.    :hello:


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:13 PM

Posted 15 May 2017 - 02:31 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users