Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ntuserlitelist: svcvmx.exe, vmxclient.exe, dataup.exe, winscr.exe


  • This topic is locked This topic is locked
10 replies to this topic

#1 Elocity

Elocity

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 18 May 2017 - 01:56 AM

My friend downloaded an exe file he thought was a game online, and now he has installed this virus. vmxclient.exe and svcvmx.exe run on startup and slow down his computer tremendously. I have tried running RKill, iExplore, MBAR, Hitman Pro, and other antiviruses, but it says that "The requested resource is in use." I can't delete the files in the ntuserlitelist folder, because it says I need permission from my own computer (the virus probably changed this?). I have also tried using FRST to scan and fix using a Fixlist.txt file, but FRST says it cannot delete the specified files. If anyone could help I will be very grateful, if I fix this for him i get some cash hehe

 

Regards,

 

Elocity



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:43 PM

Posted 18 May 2017 - 09:03 AM

Hi Elocity :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules;
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Follow the instructions in the thread below. Make sure to download the MBAR linked in it. Let me know if you're not able to launch it and run a scan.

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

If you manage to run a scan, delete everything it finds, and then copy/paste the content of the "mbar-log-TODAY'S-DATE.txt" log that is located in the MBAR folder here after.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 Elocity

Elocity
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 19 May 2017 - 02:39 AM

Hello Aura, thank you for helping me with this issue :)

 

I downloaded the MBAR .exe file and started a scan, and it showed that my computer had one infected driver (ndistpr64.sys), as well as several instances of the Yelloader adware and many traces of a Trojan virus. The Yelloader adware was located inside the ntuserlitelist folder that I was having issues with. I did not get to see where the Trojan was, as the scan stopped responding and I was forced to quit. I started another scan and I'll post the results once it's done.

 

One thing I noticed was that a CMD window pops up sometimes, something about installing a driver? I suspect this is part of the virus's doing as well, any idea as to what this is?

UPDATE: The command window says it is installutil.exe from C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\installutil.exe. Is this part of the virus?

 

Thank you again for your help, I will post the scan results when it finishes.

 

Elocity


Edited by Elocity, 19 May 2017 - 02:47 AM.


#4 Elocity

Elocity
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 21 May 2017 - 02:56 AM

I ran the scan again, and it stopped responding again when scanning the trojan virus. It looks like the scan will never finish completely. Any other ideas?



#5 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:43 PM

Posted 21 May 2017 - 03:07 AM

In that case, follow the instructions in the thread below and provide me the FRST.txt and Addition.txt logs.

https://www.bleepingcomputer.com/forums/topic34773.html

I'll then list you two folders you should delete content from, and this should allow MBAR to go through with its scan.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#6 Elocity

Elocity
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 24 May 2017 - 01:34 AM

Here are the results from the FRST scan (Addition.txt is in the next post below)

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-05-2017
Ran by Alex (administrator) on ALEX-PC (23-05-2017 23:18:27)
Running from C:\Users\Alex\Desktop\FRST
Loaded Profiles: Alex (Available Profiles: Alex)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Microleaves LTD) C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microleaves LTD) C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
(Microleaves LTD) C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Validity Sensors, Inc.) C:\Windows\System32\valWBFPolicyService.exe
() C:\Users\Alex\AppData\Local\ntuserlitelist\dataup\dataup.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel Corporation\Intel® Technology Access\IntelTechnologyAccessService.exe
(Intel® Corporation) C:\Program Files\Intel Corporation\Intel® Technology Access\LegacyCsLoaderService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
() C:\Program Files\Prio\prio_svc.exe
(Intel Corporation) C:\ProgramData\Package Cache\{810dff4d-564d-47da-b8bc-a3729815aab7}\SetupITA.exe
(Intel Corporation) C:\ProgramData\Package Cache\{810dff4d-564d-47da-b8bc-a3729815aab7}\SetupITA.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Windows\System32\tprdpw64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Pokki) C:\Users\Alex\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Spotify Ltd) C:\Users\Alex\AppData\Roaming\Spotify\SpotifyWebHelper.exe
() C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
() C:\Users\Alex\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\Overwolf.exe
(Microsoft Corporation) C:\Windows\System32\DeviceCensus.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe
(Microsoft Corporation) C:\Windows\System32\AppHostRegistrationVerifier.exe
(Microsoft Corporation) C:\Windows\System32\UNP\UNPCampaignManager.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Intel Corporation) C:\Program Files\Intel\Telemetry 2.0\lrio.exe
(Microsoft Corporation) C:\Users\Alex\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\MusNotification.exe
() C:\Users\Alex\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\SkypeHost.exe
() C:\Users\Alex\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8506112 2015-07-09] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-01-21] (Microsoft Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15818872 2016-04-28] (Logitech Inc.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-02-13] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [653576 2015-06-29] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5883912 2017-03-02] (LogMeIn Inc.)
HKLM-x32\...\Run: [cpx] => "C:\Users\Alex\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <===== ATTENTION
HKLM-x32\...\Run: [svcvmx] => C:\Users\Alex\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe [884224 2017-04-21] ()
HKU\S-1-5-21-753096544-3181654907-2206310399-1001\...\Run: [Spotify Web Helper] => C:\Users\Alex\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1449584 2017-05-12] (Spotify Ltd)
HKU\S-1-5-21-753096544-3181654907-2206310399-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1058360 2017-04-27] ()
HKU\S-1-5-21-753096544-3181654907-2206310399-1001\...\RunOnce: [Application Restart #7] => C:\Users\Alex\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [7874024 2016-09-18] (Pokki)
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [391040 2017-03-18] (Microsoft Corporation)
GroupPolicy: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => 127.0.0.1:8003
ProxyEnable: [S-1-5-19] => Proxy is enabled.
ProxyServer: [S-1-5-19] => 127.0.0.1:8003
ProxyEnable: [S-1-5-20] => Proxy is enabled.
ProxyServer: [S-1-5-20] => 127.0.0.1:8003
ProxyServer: [S-1-5-21-753096544-3181654907-2206310399-1001] => 127.0.0.1:8003
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{26bfd25e-ef26-4283-abc0-b1b7b0132fd3}: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{5cafef86-7a32-44c5-8d38-23ef72efefb2}: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{848163bd-1be3-47d7-b109-87dcf0a14dfb}: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT14/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-753096544-3181654907-2206310399-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-753096544-3181654907-2206310399-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://js.redirect.hp.com/jumpstation?bd=all&c=143&locale=ww_ww&pf=cnnb&s=ieHPtab&tp=iehome
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = 
SearchScopes: HKLM -> {B7C616EE-786D-4730-8C4D-523412D12B5C} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {B7C616EE-786D-4730-8C4D-523412D12B5C} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-753096544-3181654907-2206310399-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=hp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-753096544-3181654907-2206310399-1001 -> {83F80E8E-D31E-11E4-827B-6CC21778C533} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_15_44&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyC0C0CtBtCyByBzz0CyDtAtAzyyE0B0AtN0D0Tzu0StCyEtDtDtN1L2XzutAtFtCyEtFtDtFtCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyBtA0C0ByDtD0B0BtGyE0A0AtCtGyC0A0ByEtGtD0E0EzztG0CyEtCyDtC0CyDtB0E0AyC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzztDzyyCzy0AyDtG0A0EtC0CtGyEyCyD0DtG0BzztDtCtGtAtC0EzytD0Bzy0EtDzy0AyD2QtN0A0LzuyE%26cr%3D1386171040%26a%3Dwncy_ir_15_44%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKU\S-1-5-21-753096544-3181654907-2206310399-1001 -> {B7C616EE-786D-4730-8C4D-523412D12B5C} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-03-06] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-03-04] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-03-06] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
 
FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-03-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-03-06] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://homepage-web.com/?s=hp&m=home
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR NewTab: Default ->  Active:"chrome-extension://laookkfknpbbblfpciffpaejjkokdgca/dashboard.html"
CHR Profile: C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default [2017-05-18]
CHR Extension: (Google Docs) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-07]
CHR Extension: (Google Drive) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Google Docs Offline) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-19]
CHR Extension: (AdBlock) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-04-14]
CHR Extension: (Grammarly for Chrome) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-05-17]
CHR Extension: (Momentum) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\laookkfknpbbblfpciffpaejjkokdgca [2017-05-02]
CHR Extension: (Skype) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-03-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (Gmail) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-13]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
"drmkpro64" => service could not be unlocked. <===== ATTENTION
 
R2 Dataup; C:\Users\Alex\AppData\Local\ntuserlitelist\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [392480 2017-01-28] (EasyAntiCheat Ltd)
S2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3416584 2017-03-02] (LogMeIn Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [602888 2015-06-29] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-08] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-01] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-10] (Intel Corporation)
S3 Intel® TA SAM; C:\Program Files (x86)\Intel Corporation\Intel® Technology Access\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [18152 2016-08-12] (Intel Corporation)
R2 Intel® TechnologyAccessLegacyCSLoader; C:\Program Files\Intel Corporation\Intel® Technology Access\LegacyCsLoaderService.exe [153296 2016-04-26] (Intel® Corporation)
R2 Intel® TechnologyAccessService; C:\Program Files\Intel Corporation\Intel® Technology Access\IntelTechnologyAccessService.exe [478416 2016-04-26] (Intel® Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2017-02-27] (LogMeIn, Inc.)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-04-28] (Logitech Inc.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1326408 2017-04-27] (Overwolf LTD)
R2 prio_svc; C:\Program Files\Prio\prio_svc.exe [12704 2017-01-15] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [303360 2015-07-09] (Realtek Semiconductor)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2017-03-20] (SolidWorks) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [260704 2016-09-02] (Synaptics Incorporated)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [32768 2013-08-01] (Validity Sensors, Inc.) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
R2 windowsmanagementservice; C:\Users\Alex\AppData\Local\fcyvp\ct.exe [651776 2017-05-04] (ct Corp.) [File not signed] <==== ATTENTION
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2016-06-07] (LogMeIn Inc.)
R3 ikbevent; C:\WINDOWS\system32\DRIVERS\ikbevent.sys [21408 2013-08-13] ()
R3 imsevent; C:\WINDOWS\system32\DRIVERS\imsevent.sys [21920 2013-08-13] ()
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [46568 2013-08-13] ()
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [85160 2016-04-18] (Logitech Inc.)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [194776 2017-05-19] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R1 ndisrd; C:\WINDOWS\system32\DRIVERS\ndisrfl.sys [50448 2015-07-28] (Intel Corporation)
R3 NetTap630; C:\WINDOWS\system32\DRIVERS\nettap630.sys [76560 2015-07-29] (Intel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek                                            )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [30448 2014-03-13] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [71264 2016-09-02] (Synaptics Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
R5 drmkpro64;  <===== ATTENTION: Locked Service
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-19 00:29 - 2017-05-19 00:30 - 00000000 ____D C:\Users\Alex\Desktop\mbar
2017-05-19 00:29 - 2017-05-19 00:29 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Process Hacker 2
2017-05-18 22:25 - 2017-05-18 22:25 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-05-18 22:24 - 2017-05-19 00:35 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-05-18 22:24 - 2017-05-19 00:31 - 00194776 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-05-18 22:20 - 2017-05-18 22:20 - 16564750 _____ (Malwarebytes Corp.) C:\Users\Alex\Downloads\mbar-1.09.4.1001.exe
2017-05-18 22:15 - 2017-05-18 22:15 - 00000000 ____D C:\ProgramData\Razer
2017-05-18 00:25 - 2017-05-18 22:17 - 00000000 ____D C:\Program Files (x86)\Razer
2017-05-18 00:08 - 2017-05-18 00:03 - 00001695 _____ C:\Users\Alex\Desktop\Fixlist.txt
2017-05-17 23:41 - 2017-05-23 23:18 - 00000000 ____D C:\Users\Alex\Desktop\FRST
2017-05-17 23:16 - 2017-05-23 23:18 - 00000000 ____D C:\FRST
2017-05-17 22:51 - 2017-05-17 22:51 - 00001972 _____ C:\Users\Alex\Desktop\Process Hacker 2.lnk
2017-05-17 22:51 - 2017-05-17 22:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
2017-05-17 22:50 - 2017-05-17 22:51 - 00000000 ____D C:\Program Files\Process Hacker 2
2017-05-17 22:48 - 2017-05-17 22:49 - 02267848 _____ (wj32 ) C:\Users\Alex\Downloads\processhacker-2.39-setup.exe
2017-05-16 16:42 - 2017-05-16 16:42 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Alex\Downloads\rkill.com
2017-05-16 16:40 - 2017-05-16 16:40 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Alex\Downloads\iExplore.exe
2017-05-16 16:39 - 2017-05-16 16:39 - 00000000 ____D C:\Program Files\Prio
2017-05-16 16:38 - 2017-05-16 16:38 - 00794272 _____ (O&K Software) C:\Users\Alex\Downloads\prio_x64_210_4391.exe
2017-05-16 16:37 - 2017-05-16 16:38 - 00636208 _____ (O&K Software) C:\Users\Alex\Downloads\prio_win32_210_4391.exe
2017-05-16 16:31 - 2017-05-16 16:32 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Alex\Downloads\mbar-1.09.3.1001 (1).exe
2017-05-16 15:42 - 2017-05-16 15:42 - 00001131 _____ C:\Users\Public\Desktop\FileASSASSIN.lnk
2017-05-16 15:42 - 2017-05-16 15:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN
2017-05-16 15:42 - 2017-05-16 15:42 - 00000000 ____D C:\Program Files (x86)\FileASSASSIN
2017-05-15 22:13 - 2017-05-19 00:14 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-05-15 22:09 - 2017-05-15 22:09 - 00000000 ____D C:\WINDOWS\pss
2017-05-15 21:31 - 2017-05-15 21:31 - 00037805 _____ C:\Users\Alex\Downloads\FRST.txt
2017-05-15 20:39 - 2017-05-15 20:40 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Alex\Downloads\mbar-1.09.3.1001.exe
2017-05-15 20:39 - 2017-05-15 20:40 - 00000000 ____D C:\Users\Alex\Desktop\New folder
2017-05-15 20:27 - 2017-05-15 20:28 - 63035592 _____ (Malwarebytes ) C:\Users\Alex\Downloads\mb3-setup-consumer-3.1.2.1733 (1).exe
2017-05-15 20:23 - 2017-05-15 20:24 - 63035592 _____ (Malwarebytes ) C:\Users\Alex\Downloads\mb3-setup-consumer-3.1.2.1733.exe
2017-05-13 17:09 - 2017-05-13 18:39 - 00000000 ____D C:\Users\Alex\AppData\Local\llssoft
2017-05-13 17:07 - 2017-05-23 23:20 - 00000000 ____D C:\Users\Alex\AppData\Local\ntuserlitelist
2017-05-13 17:07 - 2017-05-13 17:08 - 00006610 _____ C:\WINDOWS\TEMPcoral.vbs
2017-05-13 17:00 - 2017-05-13 17:01 - 00611212 _____ C:\WINDOWS\Minidump\051317-50859-01.dmp
2017-05-13 17:00 - 2017-05-13 17:00 - 1218399356 _____ C:\WINDOWS\MEMORY.DMP
2017-05-13 17:00 - 2017-05-13 17:00 - 00000000 ____D C:\WINDOWS\Minidump
2017-05-13 16:57 - 2017-05-23 23:22 - 00001053 _____ C:\WINDOWS\SysWOW64\splsrv.exe
2017-05-13 16:57 - 2017-05-13 16:57 - 00000000 ____D C:\Users\Alex\AppData\Local\fcyvp
2017-05-13 16:56 - 2017-05-15 21:03 - 00000000 ____D C:\Program Files (x86)\s5
2017-05-13 16:56 - 2017-05-13 17:00 - 00000398 _____ C:\WINDOWS\Tasks\Updater_Online_Application.job
2017-05-13 16:56 - 2017-05-13 17:00 - 00000366 _____ C:\WINDOWS\Tasks\Online Application V2G3.job
2017-05-13 16:56 - 2017-05-13 17:00 - 00000366 _____ C:\WINDOWS\Tasks\Online Application V2G2.job
2017-05-13 16:56 - 2017-05-13 17:00 - 00000366 _____ C:\WINDOWS\Tasks\Online Application V2G1.job
2017-05-13 16:56 - 2017-05-13 16:56 - 00003292 _____ C:\WINDOWS\System32\Tasks\Updater_Online_Application
2017-05-13 16:56 - 2017-05-13 16:56 - 00003256 _____ C:\WINDOWS\System32\Tasks\Online Application V2G3
2017-05-13 16:56 - 2017-05-13 16:56 - 00003256 _____ C:\WINDOWS\System32\Tasks\Online Application V2G2
2017-05-13 16:56 - 2017-05-13 16:56 - 00003256 _____ C:\WINDOWS\System32\Tasks\Online Application V2G1
2017-05-13 16:56 - 2017-05-13 16:56 - 00000000 ____D C:\Users\Alex\AppData\Local\dudpegz
2017-05-13 16:56 - 2017-05-13 16:56 - 00000000 ____D C:\Users\Alex\AppData\Local\AnonymizerLauncher
2017-05-13 16:56 - 2017-05-13 16:56 - 00000000 ____D C:\Users\Alex\.proxycheck
2017-05-13 16:56 - 2017-05-13 16:56 - 00000000 ____D C:\Program Files (x86)\Microleaves
2017-05-13 16:55 - 2017-05-13 16:55 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget
2017-05-13 16:55 - 2017-05-13 16:55 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Microleaves
2017-05-13 16:55 - 2017-05-13 16:55 - 00000000 ____D C:\Users\Alex\AppData\Local\AdvinstAnalytics
2017-05-13 16:55 - 2017-05-13 16:55 - 00000000 ____D C:\Users\Alex\.AnonymizerLauncher
2017-05-13 16:52 - 2017-05-13 16:55 - 00000000 ____D C:\Users\Alex\AppData\Roaming\AGData
2017-05-13 16:52 - 2017-05-13 16:52 - 00003378 _____ C:\WINDOWS\System32\Tasks\AGProxyCheck
2017-05-13 16:52 - 2017-05-13 16:52 - 00000000 ____D C:\WINDOWS\src_srv
2017-05-13 16:52 - 2017-05-13 16:52 - 00000000 ____D C:\Program Files (x86)\AnonymizerGadget
2017-05-12 22:38 - 2017-05-12 22:38 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Google
2017-05-10 18:54 - 2017-04-27 18:38 - 01411128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-05-10 18:54 - 2017-04-27 18:12 - 01604312 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-05-10 18:54 - 2017-04-27 18:12 - 00543640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-05-10 18:54 - 2017-04-27 18:08 - 08320920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-05-10 18:54 - 2017-04-27 18:07 - 06759512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-05-10 18:54 - 2017-04-27 18:00 - 02444192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-05-10 18:54 - 2017-04-27 17:59 - 05477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-05-10 18:54 - 2017-04-27 17:59 - 00388000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-05-10 18:54 - 2017-04-27 17:59 - 00207264 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-05-10 18:54 - 2017-04-27 17:56 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-05-10 18:54 - 2017-04-27 17:52 - 02957824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-05-10 18:54 - 2017-04-27 17:51 - 20505600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-05-10 18:54 - 2017-04-27 17:46 - 19335168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-05-10 18:54 - 2017-04-27 17:40 - 11870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-05-10 18:54 - 2017-04-27 17:40 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-05-10 18:54 - 2017-04-27 17:26 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-05-10 18:54 - 2017-04-27 17:15 - 03672064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-05-10 18:54 - 2017-04-27 17:11 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-05-10 18:54 - 2017-04-27 17:04 - 23681024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-05-10 18:54 - 2017-04-27 17:00 - 08244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-05-10 18:54 - 2017-04-27 16:58 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-05-10 18:54 - 2017-04-18 23:12 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-05-10 18:54 - 2017-04-18 23:04 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-05-10 18:54 - 2017-04-18 23:04 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-05-10 18:54 - 2017-04-18 22:34 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-05-10 18:54 - 2017-04-13 17:33 - 02085280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-05-10 18:54 - 2017-04-13 16:39 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-05-10 18:54 - 2017-04-13 16:21 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-05-10 18:53 - 2017-04-27 18:19 - 01839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-05-10 18:53 - 2017-04-27 18:19 - 00605936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-05-10 18:53 - 2017-04-27 18:18 - 02259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-05-10 18:53 - 2017-04-27 18:16 - 00599576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2017-05-10 18:53 - 2017-04-27 18:11 - 02158544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-05-10 18:53 - 2017-04-27 18:09 - 01557288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2017-05-10 18:53 - 2017-04-27 18:08 - 02399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-05-10 18:53 - 2017-04-27 18:08 - 02330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-05-10 18:53 - 2017-04-27 18:08 - 00775824 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-05-10 18:53 - 2017-04-27 18:07 - 00988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-05-10 18:53 - 2017-04-27 18:06 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-05-10 18:53 - 2017-04-27 18:06 - 00708712 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2017-05-10 18:53 - 2017-04-27 18:05 - 00923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-05-10 18:53 - 2017-04-27 18:04 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-05-10 18:53 - 2017-04-27 18:03 - 00667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-05-10 18:53 - 2017-04-27 17:59 - 02635336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-05-10 18:53 - 2017-04-27 17:59 - 00027040 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2017-05-10 18:53 - 2017-04-27 17:58 - 01852776 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2017-05-10 18:53 - 2017-04-27 17:58 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-05-10 18:53 - 2017-04-27 17:57 - 03116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-05-10 18:53 - 2017-04-27 17:55 - 21353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-05-10 18:53 - 2017-04-27 17:55 - 01325456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-05-10 18:53 - 2017-04-27 17:53 - 00387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-05-10 18:53 - 2017-04-27 17:52 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-05-10 18:53 - 2017-04-27 17:52 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-05-10 18:53 - 2017-04-27 17:49 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2017-05-10 18:53 - 2017-04-27 17:49 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-05-10 18:53 - 2017-04-27 17:46 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-05-10 18:53 - 2017-04-27 17:46 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-05-10 18:53 - 2017-04-27 17:45 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-05-10 18:53 - 2017-04-27 17:44 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-05-10 18:53 - 2017-04-27 17:44 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-05-10 18:53 - 2017-04-27 17:42 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-05-10 18:53 - 2017-04-27 17:42 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-05-10 18:53 - 2017-04-27 17:42 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-05-10 18:53 - 2017-04-27 17:42 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-05-10 18:53 - 2017-04-27 17:41 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-05-10 18:53 - 2017-04-27 17:40 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-05-10 18:53 - 2017-04-27 17:40 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-05-10 18:53 - 2017-04-27 17:40 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-05-10 18:53 - 2017-04-27 17:40 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-05-10 18:53 - 2017-04-27 17:39 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-05-10 18:53 - 2017-04-27 17:39 - 03655680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-05-10 18:53 - 2017-04-27 17:39 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-05-10 18:53 - 2017-04-27 17:38 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-05-10 18:53 - 2017-04-27 17:38 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-05-10 18:53 - 2017-04-27 17:37 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-05-10 18:53 - 2017-04-27 17:37 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-05-10 18:53 - 2017-04-27 17:34 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-05-10 18:53 - 2017-04-27 17:33 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-05-10 18:53 - 2017-04-27 17:15 - 01051648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-05-10 18:53 - 2017-04-27 17:14 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-05-10 18:53 - 2017-04-27 17:11 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2017-05-10 18:53 - 2017-04-27 17:11 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-05-10 18:53 - 2017-04-27 17:09 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-05-10 18:53 - 2017-04-27 17:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-05-10 18:53 - 2017-04-27 17:08 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-05-10 18:53 - 2017-04-27 17:08 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-05-10 18:53 - 2017-04-27 17:08 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-05-10 18:53 - 2017-04-27 17:07 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-05-10 18:53 - 2017-04-27 17:06 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-05-10 18:53 - 2017-04-27 17:06 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-05-10 18:53 - 2017-04-27 17:06 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-05-10 18:53 - 2017-04-27 17:06 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-05-10 18:53 - 2017-04-27 17:05 - 01075712 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-05-10 18:53 - 2017-04-27 17:05 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-05-10 18:53 - 2017-04-27 17:04 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-05-10 18:53 - 2017-04-27 17:04 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-05-10 18:53 - 2017-04-27 17:04 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-05-10 18:53 - 2017-04-27 17:03 - 01085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-05-10 18:53 - 2017-04-27 17:03 - 01027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-05-10 18:53 - 2017-04-27 17:03 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-05-10 18:53 - 2017-04-27 17:03 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-05-10 18:53 - 2017-04-27 17:03 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-05-10 18:53 - 2017-04-27 17:02 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-05-10 18:53 - 2017-04-27 17:01 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-05-10 18:53 - 2017-04-27 17:01 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-05-10 18:53 - 2017-04-27 16:59 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-05-10 18:53 - 2017-04-27 16:59 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-05-10 18:53 - 2017-04-27 16:59 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-05-10 18:53 - 2017-04-27 16:59 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-05-10 18:53 - 2017-04-27 16:59 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-05-10 18:53 - 2017-04-27 16:58 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-05-10 18:53 - 2017-04-27 16:57 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-05-10 18:53 - 2017-04-27 16:57 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-05-10 18:53 - 2017-04-27 16:57 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-05-10 18:53 - 2017-04-27 16:57 - 01803264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-05-10 18:53 - 2017-04-27 16:54 - 00985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-05-10 18:53 - 2017-04-27 16:54 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-05-10 18:53 - 2017-04-27 16:54 - 00722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-05-10 18:53 - 2017-04-27 16:54 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-05-10 18:53 - 2017-04-27 16:52 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll
2017-05-10 18:53 - 2017-04-19 00:07 - 00712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-05-10 18:53 - 2017-04-19 00:06 - 00651680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-05-10 18:53 - 2017-04-19 00:04 - 00142240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-05-10 18:53 - 2017-04-19 00:02 - 00716440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2017-05-10 18:53 - 2017-04-18 23:19 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-05-10 18:53 - 2017-04-18 23:18 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2017-05-10 18:53 - 2017-04-18 23:16 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2017-05-10 18:53 - 2017-04-18 23:15 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2017-05-10 18:53 - 2017-04-18 23:14 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-05-10 18:53 - 2017-04-18 23:13 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-05-10 18:53 - 2017-04-18 23:13 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-05-10 18:53 - 2017-04-18 23:12 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-05-10 18:53 - 2017-04-18 23:12 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2017-05-10 18:53 - 2017-04-18 23:11 - 04446208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-05-10 18:53 - 2017-04-18 23:11 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-05-10 18:53 - 2017-04-18 23:10 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-05-10 18:53 - 2017-04-18 23:10 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-05-10 18:53 - 2017-04-18 23:10 - 01600512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2017-05-10 18:53 - 2017-04-18 23:08 - 01103872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-05-10 18:53 - 2017-04-18 23:08 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-05-10 18:53 - 2017-04-18 23:07 - 01242624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-05-10 18:53 - 2017-04-18 23:07 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-05-10 18:53 - 2017-04-18 23:06 - 02651648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-05-10 18:53 - 2017-04-18 23:02 - 00559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-05-10 18:53 - 2017-04-18 23:01 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvps.dll
2017-05-10 18:53 - 2017-04-18 22:59 - 02435584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-05-10 18:53 - 2017-04-18 22:59 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-05-10 18:53 - 2017-04-18 22:58 - 20374424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-05-10 18:53 - 2017-04-18 22:37 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2017-05-10 18:53 - 2017-04-18 22:36 - 01291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-05-10 18:53 - 2017-04-18 22:35 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-05-10 18:53 - 2017-04-18 22:34 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-05-10 18:53 - 2017-04-18 22:34 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2017-05-10 18:53 - 2017-04-18 22:32 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-05-10 18:53 - 2017-04-18 22:30 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-05-10 18:53 - 2017-04-18 22:29 - 02298880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-05-10 18:53 - 2017-04-13 17:35 - 04848440 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-05-10 18:53 - 2017-04-13 17:35 - 00741784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-05-10 18:53 - 2017-04-13 17:35 - 00673112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2017-05-10 18:53 - 2017-04-13 17:32 - 01320352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-05-10 18:53 - 2017-04-13 17:30 - 00105456 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2017-05-10 18:53 - 2017-04-13 16:43 - 04469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-05-10 18:53 - 2017-04-13 16:43 - 00523296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2017-05-10 18:53 - 2017-04-13 16:41 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2017-05-10 18:53 - 2017-04-13 16:41 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-05-10 18:53 - 2017-04-13 16:40 - 00095584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2017-05-10 18:53 - 2017-04-13 16:39 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe
2017-05-10 18:53 - 2017-04-13 16:39 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-05-10 18:53 - 2017-04-13 16:39 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-05-10 18:53 - 2017-04-13 16:39 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2017-05-10 18:53 - 2017-04-13 16:38 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Preview.dll
2017-05-10 18:53 - 2017-04-13 16:38 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2017-05-10 18:53 - 2017-04-13 16:37 - 00450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-05-10 18:53 - 2017-04-13 16:37 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2017-05-10 18:53 - 2017-04-13 16:37 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2017-05-10 18:53 - 2017-04-13 16:37 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-05-10 18:53 - 2017-04-13 16:36 - 00524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-05-10 18:53 - 2017-04-13 16:36 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-05-10 18:53 - 2017-04-13 16:35 - 01433600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-05-10 18:53 - 2017-04-13 16:35 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-05-10 18:53 - 2017-04-13 16:35 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-05-10 18:53 - 2017-04-13 16:34 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-05-10 18:53 - 2017-04-13 16:34 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-05-10 18:53 - 2017-04-13 16:33 - 01269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-05-10 18:53 - 2017-04-13 16:33 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-05-10 18:53 - 2017-04-13 16:31 - 01611776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2017-05-10 18:53 - 2017-04-13 16:31 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-05-10 18:53 - 2017-04-13 16:29 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-05-10 18:53 - 2017-04-13 16:29 - 01583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-05-10 18:53 - 2017-04-13 16:29 - 01295872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-05-10 18:53 - 2017-04-13 16:29 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-05-10 18:53 - 2017-04-13 16:29 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-05-10 18:53 - 2017-04-13 16:28 - 02443776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-05-10 18:53 - 2017-04-13 16:26 - 01257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-05-10 18:53 - 2017-04-13 16:25 - 00750080 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2017-05-10 18:53 - 2017-04-13 16:24 - 01628160 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2017-05-10 18:53 - 2017-04-13 16:21 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-05-10 18:53 - 2017-04-13 16:18 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaserver.exe
2017-05-10 18:53 - 2017-04-13 16:18 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-05-10 18:53 - 2017-04-13 16:15 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2017-05-10 18:53 - 2017-04-13 16:15 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-05-10 18:53 - 2017-04-13 16:13 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2017-05-10 18:53 - 2017-04-13 16:13 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-05-10 18:53 - 2017-04-13 16:08 - 01463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-05-10 18:53 - 2017-04-13 16:06 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-05-10 18:53 - 2017-04-13 16:04 - 00392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-05-10 18:53 - 2017-04-13 16:01 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-05-03 17:11 - 2017-05-03 17:11 - 00619008 ____N C:\WINDOWS\system32\tprdpw64.exe
2017-04-30 01:35 - 2017-04-30 01:35 - 00000000 ____D C:\Users\Alex\AppData\Local\DBG
2017-04-29 23:08 - 2017-04-29 23:08 - 00000000 ____D C:\Users\Alex\.cache
2017-04-29 23:00 - 2017-04-29 23:00 - 00000000 ____D C:\Users\Alex\AppData\Local\pip
2017-04-29 22:59 - 2017-04-29 22:59 - 30261960 _____ (Python Software Foundation) C:\Users\Alex\Downloads\python-3.5.3-amd64.exe
2017-04-29 22:59 - 2017-04-29 22:59 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.5
2017-04-29 22:57 - 2017-04-29 22:58 - 06913264 _____ C:\Users\Alex\Downloads\python-3.5.3-embed-amd64.zip
2017-04-29 22:52 - 2017-04-29 22:59 - 00000000 ____D C:\Users\Alex\AppData\Local\Package Cache
2017-04-29 22:52 - 2017-04-29 22:53 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.6
2017-04-29 22:51 - 2017-04-29 22:52 - 30453192 _____ (Python Software Foundation) C:\Users\Alex\Downloads\python-3.6.1.exe
2017-04-29 22:45 - 2017-04-29 22:45 - 00000000 ____D C:\Users\Alex\Desktop\MusicBot-master
2017-04-29 22:43 - 2017-04-29 22:44 - 29520935 _____ C:\Users\Alex\Downloads\MusicBot-master.zip
2017-04-25 00:01 - 2017-04-25 00:01 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2017-04-24 23:58 - 2017-04-24 23:58 - 00000020 ___SH C:\Users\Alex\ntuser.ini
2017-04-24 22:06 - 2017-04-24 22:06 - 01760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-04-24 22:06 - 2017-04-24 22:06 - 01657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-04-24 22:06 - 2017-04-24 22:06 - 01605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-04-24 22:06 - 2017-04-24 22:06 - 01518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-04-24 22:06 - 2017-04-24 22:06 - 01506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-04-24 22:06 - 2017-04-24 22:06 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-04-24 22:06 - 2017-04-24 22:06 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-04-24 22:06 - 2017-04-24 22:06 - 01024416 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-04-24 22:06 - 2017-04-24 22:06 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-04-24 22:06 - 2017-04-24 22:06 - 00626520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-04-24 22:06 - 2017-04-24 22:06 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-04-24 22:06 - 2017-04-24 22:06 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-04-24 22:06 - 2017-04-24 22:06 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-04-24 22:06 - 2017-04-24 22:06 - 00409504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-04-24 22:06 - 2017-04-24 22:06 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-04-24 22:06 - 2017-04-24 22:06 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-04-24 22:06 - 2017-04-24 22:06 - 00354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-04-24 22:06 - 2017-04-24 22:06 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2017-04-24 22:06 - 2017-04-24 22:06 - 00311192 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-04-24 22:06 - 2017-04-24 22:06 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll
2017-04-24 22:06 - 2017-04-24 22:06 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-04-24 22:06 - 2017-04-24 22:06 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-04-24 22:06 - 2017-04-24 22:06 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-04-24 22:06 - 2017-04-24 22:06 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-04-24 22:06 - 2017-04-24 22:06 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-04-24 22:06 - 2017-04-24 22:06 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-04-24 22:06 - 2017-04-24 22:06 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-04-24 22:06 - 2017-04-24 22:06 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-04-24 22:06 - 2017-04-24 22:06 - 00032004 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-04-24 22:03 - 2017-04-24 22:03 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2017-04-24 22:03 - 2017-04-24 21:14 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2017-04-24 22:00 - 2017-04-24 22:00 - 00000000 _SHDL C:\Users\Default\My Documents
2017-04-24 22:00 - 2017-04-24 22:00 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-04-24 22:00 - 2017-04-24 22:00 - 00000000 ____D C:\Program Files\MSBuild
2017-04-24 22:00 - 2017-04-24 22:00 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-04-24 22:00 - 2017-04-24 22:00 - 00000000 ____D C:\inetpub
2017-04-24 22:00 - 2017-04-24 21:34 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-04-24 21:59 - 2017-02-10 12:26 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-04-24 21:59 - 2017-02-10 12:26 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-04-24 21:59 - 2017-02-10 12:21 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-04-24 21:59 - 2017-02-10 12:21 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-04-24 21:59 - 2017-02-10 12:21 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-04-24 21:58 - 2017-02-10 12:26 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-04-24 21:54 - 2017-04-24 21:58 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2017-04-24 21:54 - 2017-04-24 21:58 - 00007623 _____ C:\WINDOWS\diagerr.xml
2017-04-24 21:46 - 2017-05-23 23:24 - 00004148 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{803A9A29-CAF1-4A9D-805D-0FB15496C4FC}
2017-04-24 21:46 - 2017-05-23 23:13 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-24 21:46 - 2017-05-17 23:53 - 00003232 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForAlex
2017-04-24 21:46 - 2017-05-03 20:08 - 00003284 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForALEX-PC$
2017-04-24 21:46 - 2017-04-27 18:43 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-24 21:46 - 2017-04-27 18:43 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-24 21:46 - 2017-04-25 00:09 - 00003272 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-04-24 21:46 - 2017-04-24 21:47 - 00003094 _____ C:\WINDOWS\System32\Tasks\IntelTA-Upgrade-56460984-97c2-4bc7-a632-d776cf817f5d
2017-04-24 21:46 - 2017-04-24 21:47 - 00002810 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-753096544-3181654907-2206310399-1001
2017-04-24 21:46 - 2017-04-24 21:47 - 00002318 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-753096544-3181654907-2206310399-500
2017-04-24 21:46 - 2017-04-24 21:47 - 00002288 _____ C:\WINDOWS\System32\Tasks\{71545E5F-C622-4503-946D-971D3E627703}
2017-04-24 21:46 - 2017-04-24 21:47 - 00002122 _____ C:\WINDOWS\System32\Tasks\{7830DE20-A1E7-4486-B38A-8C892A61E5E2}
2017-04-24 21:46 - 2017-04-24 21:46 - 00003042 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2017-04-24 21:46 - 2017-04-24 21:46 - 00002728 _____ C:\WINDOWS\System32\Tasks\IntelTA-Upgrade-56460984-97c2-4bc7-a632-d776cf817f5d-Logon
2017-04-24 21:46 - 2017-04-24 21:46 - 00002680 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon
2017-04-24 21:46 - 2017-04-24 21:46 - 00002668 _____ C:\WINDOWS\System32\Tasks\Overwolf Updater Task
2017-04-24 21:46 - 2017-04-24 21:46 - 00002636 _____ C:\WINDOWS\System32\Tasks\SweetLabs App Platform
2017-04-24 21:46 - 2017-04-24 21:46 - 00002486 _____ C:\WINDOWS\System32\Tasks\ProfessionalPCCleaner_Popup
2017-04-24 21:46 - 2017-04-24 21:46 - 00002348 _____ C:\WINDOWS\System32\Tasks\YCMServiceAgent
2017-04-24 21:46 - 2017-04-24 21:46 - 00002300 _____ C:\WINDOWS\System32\Tasks\ProfessionalPCCleaner_Start
2017-04-24 21:46 - 2017-04-24 21:46 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2017-04-24 21:46 - 2017-04-24 21:46 - 00000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2017-04-24 21:46 - 2017-04-24 21:46 - 00000000 ____D C:\WINDOWS\System32\Tasks\Intel
2017-04-24 21:46 - 2017-04-24 21:46 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2017-04-24 21:46 - 2014-06-15 23:02 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1287101312-1544738956-2766687172-500
2017-04-24 21:46 - 2014-05-06 16:11 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3464877610-2060477012-3622483962-500
2017-04-24 21:46 - 2014-04-02 02:35 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1725350855-1927001909-1276192757-500
2017-04-24 21:30 - 2017-04-24 21:30 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-04-24 21:25 - 2017-04-24 21:25 - 00000000 ____D C:\ProgramData\USOShared
2017-04-24 21:24 - 2017-04-24 21:34 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-04-24 21:20 - 2017-05-23 23:14 - 00000000 ____D C:\Users\Alex
2017-04-24 21:20 - 2017-04-24 21:20 - 00000000 _SHDL C:\Users\Alex\My Documents
2017-04-24 21:20 - 2017-04-24 21:20 - 00000000 _SHDL C:\Users\Alex\Documents\My Videos
2017-04-24 21:20 - 2017-04-24 21:20 - 00000000 _SHDL C:\Users\Alex\Documents\My Pictures
2017-04-24 21:20 - 2017-04-24 21:20 - 00000000 _SHDL C:\Users\Alex\Documents\My Music
2017-04-24 21:19 - 2017-05-15 21:56 - 01140106 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-04-24 21:19 - 2017-04-24 21:40 - 01002010 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2017-04-24 21:18 - 2017-05-23 23:15 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-04-24 21:18 - 2017-04-24 21:34 - 00000000 ____D C:\ProgramData\Validity
2017-04-24 21:18 - 2017-04-24 21:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2017-04-24 21:18 - 2017-04-24 21:25 - 00000000 ____D C:\Program Files\Intel
2017-04-24 21:18 - 2017-04-24 21:18 - 00006567 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2017-04-24 21:18 - 2017-04-24 21:18 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2017-04-24 21:18 - 2017-04-24 21:18 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-04-24 21:18 - 2017-04-24 21:18 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2017-04-24 21:18 - 2017-04-24 21:18 - 00000000 ____D C:\Program Files\Realtek
2017-04-24 21:18 - 2017-04-24 21:18 - 00000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2017-04-24 21:18 - 2016-11-01 23:05 - 00103952 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2017-04-24 21:18 - 2016-11-01 23:05 - 00099848 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2017-04-24 21:17 - 2017-04-24 21:17 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2017-04-24 21:17 - 2017-04-24 21:17 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2017-04-24 21:17 - 2017-04-24 21:17 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2017-04-24 21:17 - 2017-03-18 13:56 - 02233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-04-24 21:16 - 2017-04-24 21:16 - 00000000 ____D C:\Program Files\Synaptics
2017-04-24 21:14 - 2017-05-19 01:26 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-04-24 21:14 - 2017-05-11 02:17 - 00409008 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-04-23 15:14 - 2017-04-24 23:59 - 00000000 ___DC C:\WINDOWS\Panther
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-23 23:25 - 2014-08-13 23:22 - 00000000 ____D C:\Users\Alex\AppData\Local\SweetLabs App Platform
2017-05-23 23:20 - 2016-03-05 22:51 - 00000000 ____D C:\Users\Alex\AppData\Local\LogMeIn Hamachi
2017-05-23 23:18 - 2016-09-22 18:22 - 00000000 ____D C:\Users\Alex\AppData\Local\Overwolf
2017-05-23 23:15 - 2014-08-13 23:23 - 00000000 __SHD C:\Users\Alex\IntelGraphicsProfiles
2017-05-19 01:36 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-05-19 00:30 - 2014-09-13 18:31 - 00000000 ____D C:\Users\Alex\Documents\Youcam
2017-05-19 00:22 - 2017-03-18 04:40 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-05-18 23:42 - 2017-03-18 14:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-18 22:15 - 2016-05-27 12:22 - 00000344 _____ C:\WINDOWS\Tasks\HPCeeScheduleForAlex.job
2017-05-18 00:24 - 2017-03-18 14:01 - 00000000 ____D C:\WINDOWS\INF
2017-05-17 23:20 - 2017-03-26 00:16 - 00000000 ____D C:\Users\Alex\AppData\LocalLow\Temp
2017-05-16 15:19 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-05-15 22:23 - 2014-08-13 23:26 - 00000000 __RDO C:\Users\Alex\OneDrive
2017-05-15 21:45 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-05-15 21:36 - 2014-08-13 23:39 - 00000000 ____D C:\Users\Alex\AppData\Local\Spotify
2017-05-15 21:03 - 2014-08-13 23:38 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Spotify
2017-05-15 20:21 - 2014-08-13 23:23 - 00000000 ____D C:\Users\Alex\AppData\Local\Packages
2017-05-14 21:24 - 2016-05-29 15:52 - 00000000 ____D C:\Users\Alex\AppData\Local\Battle.net
2017-05-14 20:44 - 2016-05-29 15:52 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-05-14 19:55 - 2014-08-13 23:28 - 00000000 ____D C:\Program Files (x86)\Steam
2017-05-13 19:06 - 2017-02-01 23:39 - 00002294 _____ C:\Users\Alex\Desktop\Discord.lnk
2017-05-13 19:06 - 2017-02-01 23:39 - 00000000 ____D C:\Users\Alex\AppData\Local\Discord
2017-05-13 17:15 - 2017-03-18 13:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-05-13 15:24 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\rescache
2017-05-12 19:48 - 2014-08-13 23:31 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-12 19:48 - 2014-08-13 23:31 - 00002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-05-12 19:44 - 2016-11-11 18:39 - 00000000 ____D C:\Program Files (x86)\Overwatch Test
2017-05-12 19:43 - 2016-05-29 15:54 - 00000000 ____D C:\Program Files (x86)\Overwatch
2017-05-11 06:20 - 2014-08-13 23:13 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-05-11 02:15 - 2017-03-18 14:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-05-11 02:15 - 2017-03-18 14:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-05-11 02:15 - 2017-03-18 14:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-05-11 02:15 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-05-11 02:15 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-05-11 02:15 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-05-11 02:15 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-05-11 02:15 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\Provisioning
2017-05-11 02:15 - 2017-03-18 14:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-05-11 02:15 - 2017-03-18 14:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-05-11 02:15 - 2017-03-18 04:40 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-05-10 18:59 - 2014-08-15 23:38 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-05-10 18:56 - 2014-08-15 23:38 - 156335152 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-05-10 18:35 - 2016-09-22 18:23 - 00000000 ____D C:\Program Files (x86)\Overwolf
2017-05-09 19:39 - 2014-11-29 23:43 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Skype
2017-05-06 20:50 - 2015-08-14 20:55 - 00000364 _____ C:\WINDOWS\Tasks\HPCeeScheduleForALEX-PC$.job
2017-05-02 22:25 - 2015-10-31 22:26 - 00000000 ____D C:\Users\Alex\AppData\Local\ElevatedDiagnostics
2017-04-29 22:52 - 2014-06-15 21:53 - 00000000 ____D C:\ProgramData\Package Cache
2017-04-29 15:41 - 2015-10-31 22:11 - 00000258 __RSH C:\ProgramData\ntuser.pol
2017-04-28 18:05 - 2017-03-18 14:06 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-04-28 18:05 - 2017-03-18 14:06 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-04-25 21:43 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\appcompat
2017-04-25 00:09 - 2016-03-25 22:56 - 00002405 _____ C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-04-25 00:00 - 2016-08-21 16:47 - 00000000 ____D C:\Users\Alex\AppData\Local\ConnectedDevicesPlatform
2017-04-24 22:13 - 2017-03-18 14:03 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-04-24 22:07 - 2017-03-18 14:06 - 00000000 ____D C:\WINDOWS\Setup
2017-04-24 22:00 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2017-04-24 22:00 - 2017-03-18 13:59 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2017-04-24 22:00 - 2017-03-18 13:59 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2017-04-24 22:00 - 2017-03-18 13:59 - 00054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2017-04-24 22:00 - 2017-03-18 13:59 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2017-04-24 22:00 - 2017-03-18 13:59 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2017-04-24 22:00 - 2017-03-18 13:59 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2017-04-24 22:00 - 2017-03-18 13:59 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2017-04-24 22:00 - 2017-03-18 13:59 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2017-04-24 22:00 - 2017-03-18 13:59 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2017-04-24 22:00 - 2017-03-18 13:59 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\cngkeyhelper.dll
2017-04-24 22:00 - 2017-03-18 13:59 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2017-04-24 22:00 - 2017-03-18 13:59 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2017-04-24 22:00 - 2017-03-18 13:59 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cngkeyhelper.dll
2017-04-24 22:00 - 2017-03-18 13:59 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2017-04-24 21:59 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-04-24 21:59 - 2017-03-18 04:40 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-04-24 21:54 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\Registration
2017-04-24 21:54 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-04-24 21:47 - 2017-03-18 19:31 - 00000000 ____D C:\WINDOWS\HoloShell
2017-04-24 21:47 - 2016-03-25 19:31 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-04-24 21:45 - 2017-03-18 14:03 - 00000000 __RHD C:\Users\Public\Libraries
2017-04-24 21:34 - 2017-04-13 17:32 - 00000000 ____D C:\WINDOWS\system32\UNP
2017-04-24 21:34 - 2017-03-20 21:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SOLIDWORKS Installation Manager
2017-04-24 21:34 - 2017-03-20 21:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SOLIDWORKS 2015
2017-04-24 21:34 - 2017-03-10 19:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2017-04-24 21:34 - 2016-11-11 19:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch Test
2017-04-24 21:34 - 2016-09-22 18:23 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
2017-04-24 21:34 - 2016-08-04 19:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolphin
2017-04-24 21:34 - 2016-07-19 21:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2017-04-24 21:34 - 2016-05-29 19:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2017-04-24 21:34 - 2016-05-29 16:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch
2017-04-24 21:34 - 2016-05-29 15:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2017-04-24 21:34 - 2016-03-06 18:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-04-24 21:34 - 2016-03-05 21:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2017-04-24 21:34 - 2015-10-31 21:59 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-04-24 21:34 - 2015-10-31 21:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-04-24 21:34 - 2015-10-30 02:07 - 00000000 ____D C:\WINDOWS\ShellNew
2017-04-24 21:34 - 2015-04-28 19:44 - 00000000 ____D C:\WINDOWS\en
2017-04-24 21:34 - 2014-11-11 18:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2017-04-24 21:34 - 2014-11-11 18:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2017-04-24 21:34 - 2014-08-13 23:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-04-24 21:34 - 2014-08-13 17:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2017-04-24 21:34 - 2014-05-06 15:54 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2017-04-24 21:34 - 2014-05-06 15:50 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2017-04-24 21:34 - 2014-05-06 15:49 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2017-04-24 21:34 - 2014-05-06 15:48 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2017-04-24 21:27 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2017-04-24 21:27 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2017-04-24 21:27 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-04-24 21:27 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\SysWOW64\et-EE
2017-04-24 21:27 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2017-04-24 21:27 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\system32\spool
2017-04-24 21:27 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-04-24 21:27 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2017-04-24 21:27 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2017-04-24 21:27 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2017-04-24 21:27 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\system32\et-EE
2017-04-24 21:27 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\system32\en-GB
2017-04-24 21:27 - 2014-08-13 17:04 - 00000000 __SHD C:\WINDOWS\SysWOW64\AI_RecycleBin
2017-04-24 21:27 - 2014-06-15 21:48 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2017-04-24 21:27 - 2014-05-06 15:51 - 00000000 ____D C:\WINDOWS\SysWOW64\Adobe
2017-04-24 21:27 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2017-04-24 21:27 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2017-04-24 21:26 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\InputMethod
2017-04-24 21:25 - 2017-03-18 14:03 - 00000000 ____D C:\ProgramData\USOPrivate
2017-04-24 21:25 - 2017-03-18 14:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-04-24 21:25 - 2017-03-18 14:03 - 00000000 ____D C:\Program Files\Common Files\System
2017-04-24 21:25 - 2017-03-18 14:03 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-04-24 21:25 - 2015-12-30 01:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-04-24 21:25 - 2015-08-08 01:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon
2017-04-24 21:25 - 2014-11-11 18:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2005
2017-04-24 21:25 - 2014-06-15 22:05 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-04-24 21:25 - 2014-06-15 21:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2017-04-24 21:24 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2017-04-24 21:24 - 2013-08-22 08:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-04-24 21:23 - 2017-02-01 23:39 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2017-04-24 21:23 - 2015-01-18 02:57 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-04-24 21:18 - 2017-03-18 04:40 - 00000000 ____D C:\WINDOWS\system32\Sysprep
 
==================== Files in the root of some directories =======
 
2016-06-11 20:54 - 2016-06-11 20:54 - 0000016 _____ () C:\ProgramData\mntemp
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-05-13 15:18
 
==================== End of FRST.txt ============================


#7 Elocity

Elocity
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 24 May 2017 - 01:37 AM

Addition.txt file contents:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-05-2017

Ran by Alex (23-05-2017 23:27:26)
Running from C:\Users\Alex\Desktop\FRST
Windows 10 Home Version 1703 (X64) (2017-04-25 05:02:30)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-753096544-3181654907-2206310399-500 - Administrator - Disabled)
Alex (S-1-5-21-753096544-3181654907-2206310399-1001 - Administrator - Enabled) => C:\Users\Alex
DefaultAccount (S-1-5-21-753096544-3181654907-2206310399-503 - Limited - Disabled)
Guest (S-1-5-21-753096544-3181654907-2206310399-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-753096544-3181654907-2206310399-1003 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
AnonymizerGadget (HKU\S-1-5-21-753096544-3181654907-2206310399-1001\...\AnonymizerGadget) (Version: 1 - Jetico lim) <==== ATTENTION
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version:  - Irrational Games)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Brawlhalla (HKLM-x32\...\Steam App 291550) (Version:  - Blue Mammoth Games)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.)
CyberLink MediaEspresso 6.7 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.7.1.5112 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.6.3821 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.6.3604 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.3709 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.3.3907 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Discord (HKU\S-1-5-21-753096544-3181654907-2206310399-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Dolphin (HKLM-x32\...\Dolphin) (Version: 5.0 - Dolphin Team)
Don't Starve Together (HKLM\...\Steam App 322330) (Version:  - Klei Entertainment)
eDrawings 2017 x64 (HKLM\...\{061157FB-631D-480A-B8AB-529E455BA74D}) (Version: 17.2.0029 - Dassault Systèmes SolidWorks Corp)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Enter the Gungeon (HKLM\...\Steam App 311690) (Version:  - Dodge Roll)
Evernote v. 5.2 (HKLM-x32\...\{412F6426-A3C7-11E3-8A71-00163E98E7D6}) (Version: 5.2.0.2951 - Evernote Corp.)
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{F90A86C9-7779-47DD-AC06-8EE832C55F55}) (Version: 6.0.18.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{E2C8D0C2-1C97-4C05-939A-5B13A0FE655C}) (Version: 2.20.31 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{4BBA238C-9E5D-40F9-8AC6-FACB736752B9}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7493.4758 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.4.14.41 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.6.14.19 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{8B4EE87E-6D40-4C91-B5E8-0DC77DC412F1}) (Version: 1.4.1 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{36F80C5F-DC0D-4DF4-AF09-DC1867F0EB0A}) (Version: 2.4.4 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inst5675 (Version: 8.01.11 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.11 - Softex Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.9.1000 - Intel Corporation)
Intel® Smart Connect Technology (HKLM\...\{51AC86D3-C431-48AD-9195-0D6C930D07CD}) (Version: 4.2.41.2710 - Intel Corporation)
Intel® Technology Access (HKLM-x32\...\{810dff4d-564d-47da-b8bc-a3729815aab7}) (Version: 1.9.1.1008 - Intel Corporation)
Intel® Technology Access Software Asset Manager (x32 Version: 3.4.1942 - Intel Corporation) Hidden
Intel® Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version:  - Squad)
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Logitech Gaming Software 8.83 (HKLM\...\Logitech Gaming Software) (Version: 8.83.85 - Logitech Inc.)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.558 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.558 - LogMeIn, Inc.) Hidden
MapleStory (HKLM-x32\...\Steam App 216150) (Version:  - Nexon)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-753096544-3181654907-2206310399-1001\...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Online Application (x32 Version: 2.6.0 - Microleaves) Hidden <==== ATTENTION
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Overwatch Test (HKLM-x32\...\Overwatch Test) (Version:  - Blizzard Entertainment)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.104.19.0 - Overwolf Ltd.)
PAYDAY 2 (HKLM\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
Photoview 360 Network Render Client 2015 SP05 x64 Edition (Version: 23.50.81 - Dassault Systemes SolidWorks Corp) Hidden
Pinger (HKLM-x32\...\Pinger 1.4.0.1) (Version: 1.4.0.1 - Pinger Inc.)
Pinger (x32 Version: 1.4.0.1 - Pinger Inc.) Hidden
Pokki (HKU\S-1-5-21-753096544-3181654907-2206310399-1001\...\SweetLabs_AP) (Version: 0.269.7.983 - Pokki)
Prio (HKLM\...\Prio) (Version: 2.1.0.4391 - )
Process Hacker 2.39 (r124) (HKLM\...\Process_Hacker2_is1) (Version: 2.39.0.124 - wj32)
Python 3.5.3 (64-bit) (HKU\S-1-5-21-753096544-3181654907-2206310399-1001\...\{b94f45d6-8461-440c-aa4d-bf197b2c2499}) (Version: 3.5.3150.0 - Python Software Foundation)
Python 3.5.3 Core Interpreter (64-bit) (Version: 3.5.3150.0 - Python Software Foundation) Hidden
Python 3.5.3 Development Libraries (64-bit) (Version: 3.5.3150.0 - Python Software Foundation) Hidden
Python 3.5.3 Documentation (64-bit) (Version: 3.5.3150.0 - Python Software Foundation) Hidden
Python 3.5.3 Executables (64-bit) (Version: 3.5.3150.0 - Python Software Foundation) Hidden
Python 3.5.3 pip Bootstrap (64-bit) (Version: 3.5.3150.0 - Python Software Foundation) Hidden
Python 3.5.3 Standard Library (64-bit) (Version: 3.5.3150.0 - Python Software Foundation) Hidden
Python 3.5.3 Tcl/Tk Support (64-bit) (Version: 3.5.3150.0 - Python Software Foundation) Hidden
Python 3.5.3 Test Suite (64-bit) (Version: 3.5.3150.0 - Python Software Foundation) Hidden
Python 3.5.3 Utility Scripts (64-bit) (Version: 3.5.3150.0 - Python Software Foundation) Hidden
Python 3.6.1 (32-bit) (HKU\S-1-5-21-753096544-3181654907-2206310399-1001\...\{1babc3bc-6a32-44f7-bf4d-60eec36c9ad1}) (Version: 3.6.1150.0 - Python Software Foundation)
Python 3.6.1 Core Interpreter (32-bit) (x32 Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Development Libraries (32-bit) (x32 Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Documentation (32-bit) (x32 Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Executables (32-bit) (x32 Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 pip Bootstrap (32-bit) (x32 Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Standard Library (32-bit) (x32 Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Tcl/Tk Support (32-bit) (x32 Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Test Suite (32-bit) (x32 Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python 3.6.1 Utility Scripts (32-bit) (x32 Version: 3.6.1150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{323AC113-C6CE-4F99-842F-4936332D055A}) (Version: 3.6.5923.0 - Python Software Foundation)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.40 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)
Rust (HKLM\...\Steam App 252490) (Version:  - Facepunch Studios)
Sid Meier's Civilization V (HKLM\...\Steam App 8930) (Version:  - Firaxis Games)
Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version:  - 2K Games, Inc.)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
SOLIDWORKS 2015 x64 Edition SP05 (HKLM-x32\...\SolidWorks Installation Manager 20150-40500-1100-100) (Version: 23.5.0.81 - SolidWorks Corporation)
SOLIDWORKS 2017 Document Manager API (HKLM\...\{8262A7BF-6CFA-4B3B-8721-B063C05FA7CD}) (Version: 25.00.5021 - Dassault Systemes SolidWorks Corp)
SOLIDWORKS Composer Player 2015 SP05 x64 Edition (Version: 23.50.81 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS eDrawings 2015 x64 Edition SP05 (Version: 15.5.0009 - Dassault Systèmes SolidWorks Corp) Hidden
SOLIDWORKS Explorer 2015 SP05 x64 Edition (Version: 23.50.81 - Dassault Systemes SolidWorks Corp) Hidden
Spotify (HKU\S-1-5-21-753096544-3181654907-2206310399-1001\...\Spotify) (Version: 1.0.54.1079.g3809528e - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.2.4.10 - Synaptics Incorporated)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Elder Scrolls V: Skyrim Special Edition (HKLM\...\Steam App 489830) (Version:  - Bethesda Game Studios)
Validity WBF DDK (HKLM\...\{21498212-1146-4540-8A81-6A1328BA19F2}) (Version: 4.5.228.0 - Validity Sensors, Inc.)
Warframe (HKLM\...\Steam App 230410) (Version:  - Digital Extremes)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.30 beta 6 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.6 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {08BC3DD2-7A54-441B-BDA2-0007FDA94AFA} - System32\Tasks\ProfessionalPCCleaner_Popup => C:\Program Files (x86)\Professional PC Cleaner\Splash.exe 
Task: {128D8305-4E89-406E-8A6A-0649D13430F3} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-11-01] (Hewlett-Packard Development Company, L.P.)
Task: {13476351-17EA-405E-9BA3-6551C48F0CA0} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2017-04-27] (Overwolf LTD)
Task: {147EA743-158A-4BC3-A661-2C55F29159D6} - System32\Tasks\HPCeeScheduleForAlex => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {1F36EA50-5550-4E13-9464-3A5259EFC68D} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {21C6CDE4-2A1C-494C-BD45-BBB50FCA190A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {23813A4B-DE2D-4DA1-ACDD-A6B995F00136} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {279945A3-3DEE-4741-BD7F-3CF2A2ACC255} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {2F7F95C3-280B-4B44-9F77-35D814E173DA} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => %SystemRoot%\System32\AutoWorkplace.exe 
Task: {3A679973-27A9-40A4-B826-64FAC942C336} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {3BE41DE5-AD4A-41BD-8F82-E53F486A2E95} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {3D0F7ECB-0EE5-490C-BD23-1A3FE83A50CE} - System32\Tasks\Online Application V2G3 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD) <==== ATTENTION
Task: {53A1C238-726D-42CC-BD97-81A0342B791C} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {573D7AF6-0894-473A-8001-70CCFF5CAEC4} - System32\Tasks\IntelTA-Upgrade-56460984-97c2-4bc7-a632-d776cf817f5d-Logon => C:\Program Files (x86)\Intel Corporation\Intel® Technology Access\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2016-08-12] (Intel Corporation)
Task: {5B76228E-67E9-4D3E-9F77-3494146D71B2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {5B8CB7A0-FB4E-47BC-B124-3E67869A00EC} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {5BD81432-27D0-4859-8A21-AEB3ACA4A295} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {5DB1C7CD-6B01-4E1E-A792-9B5C2FB9F2FD} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2015-09-04] (Intel Corporation)
Task: {5F1A38FC-AEF1-4815-8063-D929C6CAE8B7} - System32\Tasks\AGProxyCheck => C:\Program 
Task: {6B2AC835-FBF4-42FC-ABB2-9280DE7CF85E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {83993D7D-B538-495A-9B53-C11CD80AA7E7} - System32\Tasks\IntelTA-Upgrade-56460984-97c2-4bc7-a632-d776cf817f5d => C:\Program Files (x86)\Intel Corporation\Intel® Technology Access\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2016-08-12] (Intel Corporation)
Task: {87939169-26D1-4C81-A101-D603C8A9992B} - \WPD\SqmUpload_S-1-5-21-753096544-3181654907-2206310399-1001 -> No File <==== ATTENTION
Task: {8CF79729-43B2-48CF-A934-A6CA57BFB252} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {8E0DCB83-F88A-4029-86FD-FCF3FE486558} - System32\Tasks\ProfessionalPCCleaner_Start => C:\Program Files (x86)\Professional PC Cleaner\ProfessionalPCCleaner.exe 
Task: {90241059-6F51-4C70-9E9E-CB4578F364AA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2017-05-10] (Microsoft Corporation)
Task: {9032D2CC-1B0F-42FB-9A91-CF2718AB0516} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {9F004F71-5DB5-40CE-A248-24141A4C31DE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {A779F17E-706A-40EF-A69C-33EB63F36DFC} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [2017-04-18] (Microleaves) <==== ATTENTION
Task: {A82D37B6-EFA4-4C73-9C8E-8959B452BFC3} - System32\Tasks\SweetLabs App Platform => C:\Users\Alex\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe [2016-09-18] (Pokki)
Task: {A9269314-46B4-4986-8E3C-A4358D0B48AD} - System32\Tasks\Online Application V2G1 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD) <==== ATTENTION
Task: {A9B34C7E-4C55-4C41-808B-3A43325D4EDD} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {B85DA6C6-B1A7-43F3-BAD6-32FA52524945} - System32\Tasks\Online Application V2G2 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD) <==== ATTENTION
Task: {CC3AAE91-4BAF-4656-9FDC-74C8DBBC8A3E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-03-10] (HP Inc.)
Task: {D7934CE3-A3D7-4DEC-83D9-F24C24F82691} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {DCEEB7C6-8EE3-4F56-B4DC-C99EFE180C76} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-03-07] (CyberLink Corp.)
Task: {E05C34AD-138D-4A67-A498-C0B340846F2C} - System32\Tasks\HPCeeScheduleForALEX-PC$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {E1D3B912-F191-458C-BB05-BC110E98A0AA} - System32\Tasks\{7830DE20-A1E7-4486-B38A-8C892A61E5E2} => pcalua.exe -a "C:\Users\Alex\Desktop\GameBoy\VisualBoyAdvance_Setup [1].exe" -d C:\Users\Alex\Desktop\GameBoy
Task: {E2E80F42-D610-4214-8882-84AC13037742} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {E5B88142-0C18-48FB-9D09-AC0FEE72B4E4} - System32\Tasks\{71545E5F-C622-4503-946D-971D3E627703} => pcalua.exe -a C:\Users\Alex\Downloads\installroot_v3.15a.exe -d C:\Users\Alex\Downloads
Task: {EC41F826-5F8A-4C79-9CBB-E543EA83D35A} - \AutoKMS -> No File <==== ATTENTION
Task: {F4064393-945A-4465-8754-EB87DBD64B7F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {F59DF3F6-BD0F-4CF8-B26A-3F6F74A1386B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {FA91481C-107D-49E0-AA30-BE6E6102A14A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {FE4AF07B-B91F-44D5-B291-55535C00FEA7} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {FEC33BE6-A3B2-4AE9-A28F-BB13EA97D292} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForALEX-PC$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForAlex.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-03-28 13:31 - 2014-03-28 13:31 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2014-03-28 13:27 - 2014-03-28 13:27 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2014-03-28 13:27 - 2014-03-28 13:27 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2014-03-28 13:27 - 2014-03-28 13:27 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2014-03-28 13:48 - 2014-03-28 13:48 - 00367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2014-03-28 13:48 - 2014-03-28 13:48 - 00712080 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2017-01-05 17:36 - 2017-01-05 17:36 - 00077824 _____ () C:\Users\Alex\AppData\Local\ntuserlitelist\dataup\dataup.exe
2015-07-07 11:44 - 2015-07-07 11:44 - 00088064 _____ () C:\Program Files\Intel Corporation\Intel® Technology Access\libglog.dll
2016-04-26 14:30 - 2016-04-26 14:30 - 00367824 _____ () C:\Program Files\Intel Corporation\Intel® Technology Access\JsonCpp.dll
2017-01-15 14:31 - 2017-01-15 14:31 - 00012704 _____ () C:\Program Files\Prio\prio_svc.exe
2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2017-05-03 17:11 - 2017-05-03 17:11 - 00619008 ____N () C:\windows\system32\tprdpw64.exe
2017-03-18 13:58 - 2017-03-18 13:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 13:59 - 2017-03-18 19:31 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2014-03-28 13:36 - 2014-03-28 13:36 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2017-05-10 18:53 - 2017-04-27 18:01 - 04124576 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
2017-03-18 13:59 - 2017-03-18 19:31 - 02487712 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll
2015-03-06 17:07 - 2015-03-06 17:07 - 00908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2016-04-28 15:49 - 2016-04-28 15:49 - 01095448 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-06 17:07 - 2015-03-06 17:07 - 00060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2016-04-28 15:49 - 2016-04-28 15:49 - 00240408 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2017-04-27 04:10 - 2017-04-27 04:10 - 01058360 _____ () C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe
2017-04-21 15:37 - 2017-04-21 15:37 - 00884224 _____ () C:\Users\Alex\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
2017-04-21 16:28 - 2017-04-21 16:28 - 01080832 _____ () C:\Users\Alex\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
2017-05-08 20:38 - 2017-05-08 20:39 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-05-08 20:38 - 2017-05-08 20:39 - 00201728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-05-04 11:13 - 2017-05-04 11:13 - 00235520 _____ () C:\Users\Alex\AppData\Local\ntuserlitelist\dataup\help_dll.dll
2017-04-27 04:10 - 2017-04-27 04:10 - 68886856 _____ () C:\Program Files (x86)\Overwolf\0.104.19.0\libcef.DLL
2014-06-15 21:42 - 2013-12-10 08:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2017-01-14 19:40 - 2017-01-14 19:40 - 53460992 _____ () C:\Users\Alex\AppData\Local\ntuserlitelist\svcvmx\libcef.dll
2016-05-31 11:43 - 2016-05-31 11:43 - 01976832 _____ () C:\Users\Alex\AppData\Local\ntuserlitelist\svcvmx\libglesv2.dll
2016-05-31 11:44 - 2016-05-31 11:44 - 00075264 _____ () C:\Users\Alex\AppData\Local\ntuserlitelist\svcvmx\libegl.dll
2016-08-12 18:38 - 2016-08-12 18:38 - 00042720 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\win32api.pyd
2016-08-12 18:38 - 2016-08-12 18:38 - 00060640 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\pywintypes27.dll
2016-08-12 18:38 - 2016-08-12 18:38 - 00126688 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\pythoncom27.dll
2016-08-12 18:38 - 2016-08-12 18:38 - 00023264 _____ () C:\Program Files (x86)\Intel\Intel® Update Manager\bin\_multiprocessing.pyd
2016-06-15 17:15 - 2016-06-15 17:15 - 17599640 _____ () C:\Users\Alex\AppData\Local\ntuserlitelist\svcvmx\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-753096544-3181654907-2206310399-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Alex\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\car background.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "BCSSync"
HKU\S-1-5-21-753096544-3181654907-2206310399-1001\...\StartupApproved\Run: => "OneDrive"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{F5D72B5A-F9E6-4426-91A7-8D2BF6585857}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{7AF5CBA8-F465-4B20-BC5E-68941AB754E5}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{00EF61A9-2D67-4555-83B7-3315F1D56CDD}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{980FDE06-6D90-45BB-B1D6-10B2726429F1}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
 
==================== Restore Points =========================
 
13-05-2017 16:56:20 Installed WeatherBuddy
17-05-2017 23:03:37 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: LogMeIn Hamachi Virtual Ethernet Adapter #2
Description: LogMeIn Hamachi Virtual Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: LogMeIn Inc.
Service: Hamachi
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/23/2017 11:21:19 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (05/23/2017 11:15:43 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {95CABCC9-BC57-4C12-B8DF-BA193232AA01} was rejected
 
Error: (05/23/2017 11:15:39 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {95CABCC9-BC57-4C12-B8DF-BA193232AA01} was rejected
 
Error: (05/23/2017 11:15:39 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {95CABCC9-BC57-4C12-B8DF-BA193232AA01} was rejected
 
Error: (05/23/2017 11:15:37 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {95CABCC9-BC57-4C12-B8DF-BA193232AA01} was rejected
 
Error: (05/23/2017 11:15:28 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {95CABCC9-BC57-4C12-B8DF-BA193232AA01} was rejected
 
Error: (05/23/2017 11:15:13 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {95CABCC9-BC57-4C12-B8DF-BA193232AA01} was rejected
 
Error: (05/19/2017 01:40:28 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program rundll32.exe version 10.0.15063.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 2210
 
Start Time: 01d2d071bb15d60e
 
Termination Time: 3
 
Application Path: C:\Windows\SysWOW64\rundll32.exe
 
Report Id: a66b998f-d925-4132-8106-bc3154341400
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (05/19/2017 12:56:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vmxclient.exe, version: 1.0.1.5, time stamp: 0x58f9c2ba
Faulting module name: libcef.dll, version: 3.2526.1373.0, time stamp: 0x587a0d9a
Exception code: 0xc0000005
Fault offset: 0x01eed9f0
Faulting process id: 0x13e8
Faulting application start time: 0x01d2d0756176e916
Faulting application path: C:\Users\Alex\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
Faulting module path: C:\Users\Alex\AppData\Local\ntuserlitelist\svcvmx\libcef.dll
Report Id: a2771ab0-5072-415e-a9fe-a46a6d2239a2
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (05/19/2017 12:18:02 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Professional Plus 2010; Error = 0x8007043c).
 
 
System errors:
=============
Error: (05/23/2017 11:26:28 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80248007: HP All-in-One Printer Remote.
 
Error: (05/23/2017 11:20:04 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel® Management and Security Application Local Management Service service hung on starting.
 
Error: (05/23/2017 11:17:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
The requested resource is in use.
 
Error: (05/23/2017 11:13:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Hamachi2Svc service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (05/23/2017 11:13:56 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Hamachi2Svc service to connect.
 
Error: (05/23/2017 11:13:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error: 
The request is not supported.
 
Error: (05/23/2017 11:13:19 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:23:02 AM on ‎5/‎19/‎2017 was unexpected.
 
Error: (05/19/2017 12:28:25 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dataup Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/19/2017 12:25:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
The requested resource is in use.
 
Error: (05/19/2017 12:23:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error: 
The request is not supported.
 
 
CodeIntegrity:
===================================
  Date: 2017-05-23 23:17:04.141
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-05-23 23:17:04.139
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-05-19 01:40:39.410
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Overwolf\0.104.19.0\x64\OWExplorer.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-05-19 01:40:39.400
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Overwolf\0.104.19.0\x64\OWExplorer.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-05-19 01:40:39.391
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Overwolf\0.104.19.0\x64\OWExplorer.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-05-19 01:40:39.382
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Overwolf\0.104.19.0\x64\OWExplorer.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-05-19 01:40:39.373
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Overwolf\0.104.19.0\x64\OWExplorer.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-05-19 01:40:39.364
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Overwolf\0.104.19.0\x64\OWExplorer.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-05-19 01:40:34.346
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Overwolf\0.104.19.0\x64\OWExplorer.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-05-19 01:40:34.338
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Overwolf\0.104.19.0\x64\OWExplorer.dll that did not meet the Microsoft signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4710HQ CPU @ 2.50GHz
Percentage of memory in use: 22%
Total physical RAM: 16314.15 MB
Available physical RAM: 12692.38 MB
Total Virtual: 18746.15 MB
Available Virtual: 15173.09 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:907.04 GB) (Free:581.77 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:22.56 GB) (Free:2.26 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 77E61ABE)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#8 Elocity

Elocity
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 24 May 2017 - 01:40 AM

I also got a screenshot of the CMD window that opens randomly sometimes, does this give any more information on the virus?

 

Evw0yNt.png



#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:43 PM

Posted 24 May 2017 - 06:37 AM

Not really, as I already know what you're infected with (SmartService). Alright, go in the two folders below, and delete everything you can. If needed, go in their subfolders and try to delete everything as well. You'll hit files that you can't delete because they're in use or else, but you should be able to delete a lot of stuff.
C:\Users\Alex\AppData\Local\llssoft
C:\Users\Alex\AppData\Local\ntuserlitelist
Once done, try to run MBAR again, and the scan should go through this time.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:43 PM

Posted 29 May 2017 - 10:55 AM

Hi Elocity,

Are you still with me?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:43 PM

Posted 01 June 2017 - 01:19 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users