Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.PWS.Panda.5661 found in RAM by Dr.Web CureIt!


  • This topic is locked This topic is locked
17 replies to this topic

#1 real_sm

real_sm

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 26 May 2017 - 06:18 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2017
Ran by User (administrator) on TACIS (26-05-2017 14:15:19)
Running from D:\Desktop
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 10 Enterprise Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
Failed to access process -> Secure System
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(HP) C:\Windows\System32\HPSIsvc.exe
() C:\Program Files\ShrewSoft\VPN Client\iked.exe
() C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
() C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\vmms.exe
(Microsoft Corporation) C:\Windows\System32\vmcompute.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files\MagicTune Premium\GammaTray.exe
(Creative Technology Ltd.) C:\Windows\V0420Mon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
() C:\Program Files (x86)\NumLock Calculator 3_2\NLCalc.exe
(Telegram Messenger LLP) C:\Users\User\AppData\Roaming\Telegram Desktop\Telegram.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Eugene Roshal & FAR Group) C:\Program Files\Far Manager\Far.exe
(Eugene Roshal & FAR Group) C:\Program Files\Far Manager\Far.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Jing\Jing.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8844032 2016-01-27] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [323056 2015-11-04] (Intel Corporation)
HKLM-x32\...\Run: [V0420Mon.exe] => C:\WINDOWS\V0420Mon.exe [32768 2007-04-30] (Creative Technology Ltd.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [318128 2016-11-16] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKU\S-1-5-21-2393594200-3507703851-1312250281-1001\...\Run: [OPENVPN-GUI] => C:\Program Files\OpenVPN\bin\openvpn-gui.exe [615040 2017-03-22] ()
HKU\S-1-5-21-2393594200-3507703851-1312250281-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27716568 2017-05-04] (Skype Technologies S.A.)
HKU\S-1-5-21-2393594200-3507703851-1312250281-1001\...\MountPoints2: {d249f666-1eed-11e7-9ed6-74d435e82cab} - "G:\timeUpdater.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GammaTray.exe.lnk [2017-02-08]
ShortcutTarget: GammaTray.exe.lnk -> C:\Program Files\MagicTune Premium\GammaTray.exe ()
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk [2015-09-06]
ShortcutTarget: Mozilla Thunderbird.lnk -> C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NumLock Calculator 3.2.lnk [2015-09-09]
ShortcutTarget: NumLock Calculator 3.2.lnk -> C:\Program Files (x86)\NumLock Calculator 3_2\NLCalc.exe ()
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telegram.lnk [2017-05-15]
ShortcutTarget: Telegram.lnk -> C:\Users\User\AppData\Roaming\Telegram Desktop\Telegram.exe (Telegram Messenger LLP)
GroupPolicy: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{018f05b5-bc41-4fd8-bd0a-02a0ea606878}: [DhcpNameServer] 192.168.14.1
Tcpip\..\Interfaces\{48aa02f7-2b48-4f81-abe8-d16807651f86}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{5a46cebd-2557-43a0-8745-1c0f8cedc91b}: [DhcpNameServer] 77.120.80.99 77.120.80.100
Tcpip\..\Interfaces\{903a873a-bde4-40cf-be11-4e312200346c}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{d50c821d-b50b-4772-bd2d-95dcbb12434b}: [DhcpNameServer] 192.168.14.1
 
Internet Explorer:
==================
HKU\S-1-5-21-2393594200-3507703851-1312250281-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-2393594200-3507703851-1312250281-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-2393594200-3507703851-1312250281-1001 -> DefaultScope {8C3078A0-9AAB-4371-85D1-656CA8E46EE8} URL = hxxps://yandex.ua/search/?text={searchTerms}&clid=2233627
SearchScopes: HKU\S-1-5-21-2393594200-3507703851-1312250281-1001 -> {8C3078A0-9AAB-4371-85D1-656CA8E46EE8} URL = hxxps://yandex.ua/search/?text={searchTerms}&clid=2233627
SearchScopes: HKU\S-1-5-21-2393594200-3507703851-1312250281-1001 -> {FB6E4667-A9BA-4AEA-8C7A-8A94B4D304C3} URL = hxxp://yandex.ru/yandsearch?clid=1867357&text={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-05-26] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-04-24] (Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-05-26] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-24] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-05-26] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-05-26] (Microsoft Corporation)
DPF: HKLM-x32 {03EBA73D-329C-45D1-A2E4-9D7719BAD366} hxxps://cb.privatbank.ua/p24/cryptoplugin/cryptoplugin.cab
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1452638110711
DPF: HKLM-x32 {748E146C-5842-4AD4-8A01-ACA7E61C6FCE} hxxp://10.200.29.61:8888/DvrOcx.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-26] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-26] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-26] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-26] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: gvlxnqhy.default
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gvlxnqhy.default [2017-05-24]
FF Extension: (Adblock Plus) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gvlxnqhy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-12-04]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: (SmartPrintButton) - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-10] ()
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-24] (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-10] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-05-26] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-26] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin HKU\S-1-5-21-2393594200-3507703851-1312250281-1001: @bankid.ua/cryptoplugin,version=1.2.1 -> C:\Users\User\AppData\Local\cryptoplugin\npcryptoplugin.dll [2016-09-22] ()
FF Plugin HKU\S-1-5-21-2393594200-3507703851-1312250281-1001: hangzhoutaobleepechnologycoltd.com/DevWebClient -> C:\Program Files\WebClientNoIE\npDevWebClient.dll [2015-05-19] (Hangzhou Taoshi Technology Co., Ltd.)
FF Plugin HKU\S-1-5-21-2393594200-3507703851-1312250281-1001: SkypeForBusinessPlugin-16.2 -> C:\Users\User\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.5\npGatewayNpapi.dll [2016-02-05] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-2393594200-3507703851-1312250281-1001: SkypeForBusinessPlugin64-16.2 -> C:\Users\User\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.5\npGatewayNpapi-x64.dll [2016-02-05] (Microsoft Corporation)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR DefaultSearchKeyword: Default -> MusicSig - скачать музыку Вконтакте (Vkontakte)
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2017-05-26]
CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-06]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-06]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (VK Customizer) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfkpjieodkhhnhdllmkddpdnjjmlhdjo [2017-02-08]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Awesome Screenshot Minus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnophbnknjcjnbadhhkciahanapffepm [2017-04-25]
CHR Extension: (uBlock Origin) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-05-19]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-06]
CHR Extension: (HTTPS Everywhere) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2017-05-24]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (MusicSig для Вконтакте (Vkontakte)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hanjiajgnonaobdlklncdjdmpbomlhoa [2017-05-15]
CHR Extension: (Crypto-Plugin) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\idfiabaafjemgcecklpgnebaebonghka [2016-11-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-06]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-12]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
Opera: 
=======
OPR Extension: (BankID CryptoPlugin) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\aiikngbhbnkcahmaelhdfeaeenccfkej [2016-07-05]
OPR Extension: (HTTPS Everywhere) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\edaplhobcmdaneconioghljnnopmkhgm [2017-05-25]
OPR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\foobgjfmnkeainefnnoeghobcdcidhme [2016-11-16]
OPR Extension: (LastPass: Free Password Manager) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\hnjalnkldgigidggphhmacmimbdlafdo [2017-04-01]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
R2 Bonjour Service; C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe [390504 2017-04-19] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3971264 2017-05-14] (Microsoft Corporation)
S3 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [19440 2015-11-04] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [354936 2016-01-14] (Intel Corporation)
R2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe [1127736 2013-07-01] ()
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
R2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [810808 2013-07-01] ()
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-09-04] (Intel Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-13] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-13] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-12-13] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2016-12-13] (NVIDIA Corporation)
S4 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv2.exe [15872 2016-11-25] ( ) [File not signed]
S4 OpenVPNServiceInteractive; C:\Program Files\OpenVPN\bin\openvpnserv.exe [72320 2017-03-22] (The OpenVPN Project)
S4 OpenVPNServiceLegacy; C:\Program Files\OpenVPN\bin\openvpnserv.exe [72320 2017-03-22] (The OpenVPN Project)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-19] (Microsoft Corporation)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.)
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [157456 2017-03-07] ()
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
R3 vmcompute; C:\WINDOWS\system32\vmcompute.exe [2231296 2017-04-15] (Microsoft Corporation)
R2 vmms; C:\WINDOWS\system32\vmms.exe [14414336 2017-04-15] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [31376 2015-03-10] ()
S3 EWC641024; C:\WINDOWS\system32\DRIVERS\ExtraWebcam_x64_1024.sys [25472 2010-04-12] (Somee int)
S3 EWC64320; C:\WINDOWS\system32\DRIVERS\ExtraWebcam_x64_320.sys [25472 2010-04-12] (Somee int)
S3 EWC64640; C:\WINDOWS\system32\DRIVERS\ExtraWebcam_x64_640.sys [25472 2010-04-12] (Somee int)
R3 hvsocketcontrol; C:\WINDOWS\system32\drivers\hvsocketcontrol.sys [22016 2017-04-15] (Microsoft Corporation)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.)
S3 kmloop; C:\WINDOWS\System32\drivers\loop.sys [16896 2017-03-18] (Microsoft Corporation)
S3 kz1avs; C:\WINDOWS\System32\Drivers\kz1avs.sys [359120 2013-05-17] (Native Instruments GmbH)
S3 kz1usb_svc; C:\WINDOWS\System32\Drivers\kz1usb.sys [83152 2013-05-17] (Native Instruments GmbH)
S3 lunparser; C:\WINDOWS\System32\drivers\lunparser.sys [23552 2017-04-15] (Microsoft Corporation)
R1 MagicTune; C:\WINDOWS\system32\drivers\MTiCtwl.sys [23096 2008-11-04] (Samsung Electronics, Inc. )
R1 MpKsld233394d; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6CDE842D-F7F7-43F2-8F36-8070CCA72735}\MpKsld233394d.sys [44928 2017-05-26] (Microsoft Corporation)
S3 mvusbews; C:\WINDOWS\System32\Drivers\mvusbews.sys [20480 2012-09-26] (Marvell Semiconductor, Inc.)
S3 netr28ux; C:\WINDOWS\System32\drivers\netr28ux.sys [2224128 2017-03-18] (MediaTek Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [46016 2016-12-13] (NVIDIA Corporation)
S3 passthruparser; C:\WINDOWS\System32\drivers\passthruparser.sys [25088 2017-04-15] (Microsoft Corporation)
S3 pcip; C:\WINDOWS\System32\drivers\pcip.sys [47616 2017-04-15] (Microsoft Corporation)
S3 pvhdparser; C:\WINDOWS\System32\drivers\pvhdparser.sys [51712 2017-04-15] (Microsoft Corporation)
S3 ramparser; C:\WINDOWS\System32\drivers\ramparser.sys [31232 2017-04-15] (Microsoft Corporation)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
S3 Ser2pl; C:\WINDOWS\system32\DRIVERS\ser2pl64.sys [92160 2008-10-27] (Prolific Technology Inc.) [File not signed]
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 Synth3dVsp; C:\WINDOWS\System32\drivers\synth3dvsp.sys [104448 2017-04-15] (Microsoft Corporation)
R3 V0420VID; C:\WINDOWS\system32\DRIVERS\V0420Vid.sys [107072 2007-05-31] (Creative Technology Ltd.)
S3 vhdparser; C:\WINDOWS\System32\drivers\vhdparser.sys [31232 2017-04-15] (Microsoft Corporation)
R3 vmsmp; C:\WINDOWS\System32\drivers\vmswitch.sys [1652736 2017-04-15] (Microsoft Corporation)
R2 VMSP; C:\WINDOWS\System32\drivers\vmswitch.sys [1652736 2017-04-15] (Microsoft Corporation)
R0 vmsproxy; C:\WINDOWS\System32\drivers\vmsproxy.sys [33696 2017-04-15] (Microsoft Corporation)
S3 VMSVSF; C:\WINDOWS\System32\drivers\vmswitch.sys [1652736 2017-04-15] (Microsoft Corporation)
S3 VMSVSP; C:\WINDOWS\System32\drivers\vmswitch.sys [1652736 2017-04-15] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
U4 npcap_wifi; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-26 14:15 - 2017-05-26 14:15 - 00000000 ____D C:\FRST
2017-05-26 08:34 - 2017-05-26 08:46 - 00000000 ____D C:\Users\User\Doctor Web
2017-05-15 14:50 - 2017-05-15 14:50 - 00000000 ____D C:\Users\User\AppData\Roaming\TightVNC
2017-05-15 14:50 - 2017-05-15 14:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TightVNC
2017-05-15 14:50 - 2017-05-15 14:50 - 00000000 ____D C:\Program Files\TightVNC
2017-05-10 08:45 - 2017-04-28 04:38 - 01411128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-05-10 08:45 - 2017-04-28 04:12 - 01604312 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-05-10 08:45 - 2017-04-28 04:12 - 00543640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-05-10 08:45 - 2017-04-28 04:08 - 08320920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-05-10 08:45 - 2017-04-28 04:07 - 06759512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-05-10 08:45 - 2017-04-28 04:00 - 02444192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-05-10 08:45 - 2017-04-28 03:59 - 05477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-05-10 08:45 - 2017-04-28 03:59 - 00388000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-05-10 08:45 - 2017-04-28 03:56 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-05-10 08:45 - 2017-04-28 03:52 - 02957824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-05-10 08:45 - 2017-04-28 03:51 - 20505600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-05-10 08:45 - 2017-04-28 03:46 - 19335168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-05-10 08:45 - 2017-04-28 03:40 - 11870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-05-10 08:45 - 2017-04-28 03:40 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-05-10 08:45 - 2017-04-28 03:26 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-05-10 08:45 - 2017-04-28 03:15 - 03672064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-05-10 08:45 - 2017-04-28 03:11 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-05-10 08:45 - 2017-04-28 03:04 - 23681024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-05-10 08:45 - 2017-04-28 03:00 - 08244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-05-10 08:45 - 2017-04-28 02:58 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-05-10 08:45 - 2017-04-19 09:12 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-05-10 08:45 - 2017-04-19 09:04 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-05-10 08:45 - 2017-04-19 09:04 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-05-10 08:45 - 2017-04-19 08:34 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-05-10 08:45 - 2017-04-14 03:33 - 02085280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-05-10 08:45 - 2017-04-14 02:39 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-05-10 08:45 - 2017-04-14 02:21 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-05-10 08:44 - 2017-04-28 04:19 - 01839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-05-10 08:44 - 2017-04-28 04:19 - 00605936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-05-10 08:44 - 2017-04-28 04:18 - 02259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-05-10 08:44 - 2017-04-28 04:16 - 00599576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2017-05-10 08:44 - 2017-04-28 04:11 - 02158544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-05-10 08:44 - 2017-04-28 04:09 - 01557288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2017-05-10 08:44 - 2017-04-28 04:08 - 02399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-05-10 08:44 - 2017-04-28 04:08 - 02330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-05-10 08:44 - 2017-04-28 04:08 - 00775824 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-05-10 08:44 - 2017-04-28 04:07 - 00988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-05-10 08:44 - 2017-04-28 04:06 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-05-10 08:44 - 2017-04-28 04:06 - 00708712 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2017-05-10 08:44 - 2017-04-28 04:05 - 00923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-05-10 08:44 - 2017-04-28 04:04 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-05-10 08:44 - 2017-04-28 04:03 - 00667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-05-10 08:44 - 2017-04-28 03:59 - 02635336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-05-10 08:44 - 2017-04-28 03:59 - 00207264 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-05-10 08:44 - 2017-04-28 03:59 - 00027040 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2017-05-10 08:44 - 2017-04-28 03:58 - 01852776 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2017-05-10 08:44 - 2017-04-28 03:58 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-05-10 08:44 - 2017-04-28 03:57 - 03116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-05-10 08:44 - 2017-04-28 03:55 - 21353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-05-10 08:44 - 2017-04-28 03:55 - 01325456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-05-10 08:44 - 2017-04-28 03:53 - 00387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-05-10 08:44 - 2017-04-28 03:52 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-05-10 08:44 - 2017-04-28 03:52 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-05-10 08:44 - 2017-04-28 03:49 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2017-05-10 08:44 - 2017-04-28 03:49 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-05-10 08:44 - 2017-04-28 03:46 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-05-10 08:44 - 2017-04-28 03:46 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-05-10 08:44 - 2017-04-28 03:45 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-05-10 08:44 - 2017-04-28 03:44 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-05-10 08:44 - 2017-04-28 03:44 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-05-10 08:44 - 2017-04-28 03:42 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-05-10 08:44 - 2017-04-28 03:42 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-05-10 08:44 - 2017-04-28 03:42 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-05-10 08:44 - 2017-04-28 03:42 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-05-10 08:44 - 2017-04-28 03:41 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-05-10 08:44 - 2017-04-28 03:40 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-05-10 08:44 - 2017-04-28 03:40 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-05-10 08:44 - 2017-04-28 03:40 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-05-10 08:44 - 2017-04-28 03:40 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-05-10 08:44 - 2017-04-28 03:39 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-05-10 08:44 - 2017-04-28 03:39 - 03655680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-05-10 08:44 - 2017-04-28 03:39 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-05-10 08:44 - 2017-04-28 03:38 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-05-10 08:44 - 2017-04-28 03:38 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-05-10 08:44 - 2017-04-28 03:37 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-05-10 08:44 - 2017-04-28 03:37 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-05-10 08:44 - 2017-04-28 03:34 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-05-10 08:44 - 2017-04-28 03:33 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-05-10 08:44 - 2017-04-28 03:15 - 01051648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-05-10 08:44 - 2017-04-28 03:14 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-05-10 08:44 - 2017-04-28 03:11 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2017-05-10 08:44 - 2017-04-28 03:11 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-05-10 08:44 - 2017-04-28 03:09 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-05-10 08:44 - 2017-04-28 03:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-05-10 08:44 - 2017-04-28 03:08 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-05-10 08:44 - 2017-04-28 03:08 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-05-10 08:44 - 2017-04-28 03:08 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-05-10 08:44 - 2017-04-28 03:07 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-05-10 08:44 - 2017-04-28 03:06 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-05-10 08:44 - 2017-04-28 03:06 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-05-10 08:44 - 2017-04-28 03:06 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-05-10 08:44 - 2017-04-28 03:06 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-05-10 08:44 - 2017-04-28 03:05 - 01075712 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-05-10 08:44 - 2017-04-28 03:05 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-05-10 08:44 - 2017-04-28 03:04 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-05-10 08:44 - 2017-04-28 03:04 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-05-10 08:44 - 2017-04-28 03:04 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-05-10 08:44 - 2017-04-28 03:03 - 01085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-05-10 08:44 - 2017-04-28 03:03 - 01027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-05-10 08:44 - 2017-04-28 03:03 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-05-10 08:44 - 2017-04-28 03:03 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-05-10 08:44 - 2017-04-28 03:03 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-05-10 08:44 - 2017-04-28 03:02 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-05-10 08:44 - 2017-04-28 03:01 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-05-10 08:44 - 2017-04-28 03:01 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-05-10 08:44 - 2017-04-28 02:59 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-05-10 08:44 - 2017-04-28 02:59 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-05-10 08:44 - 2017-04-28 02:59 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-05-10 08:44 - 2017-04-28 02:59 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-05-10 08:44 - 2017-04-28 02:59 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-05-10 08:44 - 2017-04-28 02:58 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-05-10 08:44 - 2017-04-28 02:57 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-05-10 08:44 - 2017-04-28 02:57 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-05-10 08:44 - 2017-04-28 02:57 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-05-10 08:44 - 2017-04-28 02:57 - 01803264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-05-10 08:44 - 2017-04-28 02:54 - 00985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-05-10 08:44 - 2017-04-28 02:54 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-05-10 08:44 - 2017-04-28 02:54 - 00722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-05-10 08:44 - 2017-04-28 02:54 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-05-10 08:44 - 2017-04-28 02:52 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll
2017-05-10 08:44 - 2017-04-19 10:07 - 00712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-05-10 08:44 - 2017-04-19 10:06 - 00651680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-05-10 08:44 - 2017-04-19 10:04 - 00142240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-05-10 08:44 - 2017-04-19 10:02 - 00716440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2017-05-10 08:44 - 2017-04-19 09:19 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-05-10 08:44 - 2017-04-19 09:18 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2017-05-10 08:44 - 2017-04-19 09:16 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2017-05-10 08:44 - 2017-04-19 09:15 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2017-05-10 08:44 - 2017-04-19 09:14 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-05-10 08:44 - 2017-04-19 09:13 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-05-10 08:44 - 2017-04-19 09:13 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-05-10 08:44 - 2017-04-19 09:12 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-05-10 08:44 - 2017-04-19 09:12 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2017-05-10 08:44 - 2017-04-19 09:11 - 04446208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-05-10 08:44 - 2017-04-19 09:11 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-05-10 08:44 - 2017-04-19 09:10 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-05-10 08:44 - 2017-04-19 09:10 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-05-10 08:44 - 2017-04-19 09:10 - 01600512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2017-05-10 08:44 - 2017-04-19 09:08 - 01103872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-05-10 08:44 - 2017-04-19 09:08 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-05-10 08:44 - 2017-04-19 09:07 - 01242624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-05-10 08:44 - 2017-04-19 09:07 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-05-10 08:44 - 2017-04-19 09:06 - 02651648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-05-10 08:44 - 2017-04-19 09:02 - 00559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-05-10 08:44 - 2017-04-19 09:01 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvps.dll
2017-05-10 08:44 - 2017-04-19 08:59 - 02435584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-05-10 08:44 - 2017-04-19 08:59 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-05-10 08:44 - 2017-04-19 08:58 - 20374424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-05-10 08:44 - 2017-04-19 08:37 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2017-05-10 08:44 - 2017-04-19 08:36 - 01291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-05-10 08:44 - 2017-04-19 08:35 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-05-10 08:44 - 2017-04-19 08:34 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-05-10 08:44 - 2017-04-19 08:34 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2017-05-10 08:44 - 2017-04-19 08:32 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-05-10 08:44 - 2017-04-19 08:30 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-05-10 08:44 - 2017-04-19 08:29 - 02298880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-05-10 08:44 - 2017-04-14 03:35 - 04848440 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-05-10 08:44 - 2017-04-14 03:35 - 00741784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-05-10 08:44 - 2017-04-14 03:35 - 00673112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2017-05-10 08:44 - 2017-04-14 03:32 - 01320352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-05-10 08:44 - 2017-04-14 03:30 - 00105456 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2017-05-10 08:44 - 2017-04-14 03:25 - 01854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-05-10 08:44 - 2017-04-14 03:25 - 01452960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-05-10 08:44 - 2017-04-14 02:43 - 04469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-05-10 08:44 - 2017-04-14 02:43 - 00523296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2017-05-10 08:44 - 2017-04-14 02:41 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2017-05-10 08:44 - 2017-04-14 02:41 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-05-10 08:44 - 2017-04-14 02:40 - 00095584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2017-05-10 08:44 - 2017-04-14 02:39 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe
2017-05-10 08:44 - 2017-04-14 02:39 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-05-10 08:44 - 2017-04-14 02:39 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-05-10 08:44 - 2017-04-14 02:39 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2017-05-10 08:44 - 2017-04-14 02:38 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Preview.dll
2017-05-10 08:44 - 2017-04-14 02:38 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2017-05-10 08:44 - 2017-04-14 02:37 - 00450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-05-10 08:44 - 2017-04-14 02:37 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2017-05-10 08:44 - 2017-04-14 02:37 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2017-05-10 08:44 - 2017-04-14 02:37 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-05-10 08:44 - 2017-04-14 02:36 - 00524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-05-10 08:44 - 2017-04-14 02:36 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-05-10 08:44 - 2017-04-14 02:35 - 01433600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-05-10 08:44 - 2017-04-14 02:35 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-05-10 08:44 - 2017-04-14 02:35 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-05-10 08:44 - 2017-04-14 02:34 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-05-10 08:44 - 2017-04-14 02:34 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-05-10 08:44 - 2017-04-14 02:33 - 01269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-05-10 08:44 - 2017-04-14 02:33 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-05-10 08:44 - 2017-04-14 02:31 - 01611776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2017-05-10 08:44 - 2017-04-14 02:31 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-05-10 08:44 - 2017-04-14 02:29 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-05-10 08:44 - 2017-04-14 02:29 - 01583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-05-10 08:44 - 2017-04-14 02:29 - 01295872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-05-10 08:44 - 2017-04-14 02:29 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-05-10 08:44 - 2017-04-14 02:29 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-05-10 08:44 - 2017-04-14 02:28 - 02443776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-05-10 08:44 - 2017-04-14 02:26 - 01257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-05-10 08:44 - 2017-04-14 02:25 - 00750080 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2017-05-10 08:44 - 2017-04-14 02:24 - 01628160 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2017-05-10 08:44 - 2017-04-14 02:21 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-05-10 08:44 - 2017-04-14 02:18 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaserver.exe
2017-05-10 08:44 - 2017-04-14 02:18 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-05-10 08:44 - 2017-04-14 02:15 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2017-05-10 08:44 - 2017-04-14 02:15 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-05-10 08:44 - 2017-04-14 02:13 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2017-05-10 08:44 - 2017-04-14 02:13 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-05-10 08:44 - 2017-04-14 02:08 - 01463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-05-10 08:44 - 2017-04-14 02:06 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-05-10 08:44 - 2017-04-14 02:04 - 00392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-05-10 08:44 - 2017-04-14 02:01 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-05-08 10:46 - 2017-05-08 10:46 - 00000000 ____D C:\Users\User\AppData\Local\NFSClient
2017-05-08 10:42 - 2017-05-08 10:42 - 00000000 ____D C:\Users\User\AppData\Local\NekoDrive
2017-05-03 00:30 - 2017-05-03 00:30 - 00000080 _____ C:\Users\User\.imb_d
2017-05-03 00:28 - 2017-05-03 09:57 - 00000000 ____D C:\Users\User\.imibrowser
2017-05-03 00:24 - 2017-05-03 09:57 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iReasoning
2017-05-03 00:24 - 2017-05-03 00:24 - 00000000 ____D C:\Program Files (x86)\ireasoning
2017-05-02 23:00 - 2017-05-02 23:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2017-05-02 23:00 - 2017-05-02 23:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2017-04-27 23:34 - 2017-04-27 23:34 - 00000000 ____D C:\Users\User\AppData\Local\Deployment
2017-04-26 23:36 - 2017-04-26 23:41 - 00000000 ____D C:\Users\User\.zenmap
2017-04-26 23:35 - 2017-04-27 23:35 - 00000000 ____D C:\Program Files\Npcap
2017-04-26 23:35 - 2017-04-27 23:35 - 00000000 ____D C:\Program Files (x86)\Nmap
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-26 14:05 - 2015-09-06 01:18 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2017-05-26 13:58 - 2017-04-15 10:27 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-05-26 08:31 - 2017-03-19 00:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-05-26 08:30 - 2015-10-30 18:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-05-26 08:28 - 2017-04-15 10:34 - 01333126 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-05-26 08:27 - 2017-03-19 00:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-26 08:27 - 2017-03-19 00:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-05-26 08:23 - 2017-04-15 10:27 - 00000000 ____D C:\ProgramData\NVIDIA
2017-05-26 08:22 - 2016-11-20 17:52 - 00000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
2017-05-26 08:22 - 2015-09-06 16:02 - 00000000 ____D C:\Users\User\AppData\Roaming\Telegram Desktop
2017-05-26 08:21 - 2017-04-15 10:33 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-05-26 08:21 - 2017-03-18 01:29 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-05-26 01:09 - 2017-03-18 14:40 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-05-26 01:09 - 2016-12-15 13:30 - 00005110 _____ C:\ProgramData\NvTelemetryContainer.log_backup1
2017-05-26 00:57 - 2015-10-03 11:05 - 00000600 _____ C:\Users\User\AppData\Local\PUTTY.RND
2017-05-25 22:53 - 2015-12-22 15:43 - 00000516 __RSH C:\ProgramData\ntuser.pol
2017-05-25 09:27 - 2015-09-07 13:00 - 00000000 ____D C:\Program Files\Common Files\Adobe
2017-05-25 09:24 - 2015-09-07 12:58 - 00000000 ____D C:\Users\User\AppData\Local\Adobe
2017-05-24 09:03 - 2015-12-27 18:14 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-05-24 09:03 - 2015-09-06 01:18 - 00000000 ____D C:\ProgramData\Skype
2017-05-24 02:33 - 2015-09-06 02:42 - 00000000 ____D C:\Users\User\AppData\Roaming\Azureus
2017-05-24 01:02 - 2015-09-14 17:09 - 00000000 ____D C:\Users\User\AppData\Roaming\spek
2017-05-24 00:35 - 2015-09-11 17:10 - 00000000 ____D C:\ProgramData\Soulseek
2017-05-23 11:34 - 2016-12-05 00:28 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-05-23 09:33 - 2015-09-06 00:49 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-05-23 09:31 - 2015-09-06 00:49 - 132223576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-05-22 09:17 - 2016-11-22 12:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-05-22 09:17 - 2015-09-06 01:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-20 06:51 - 2016-01-29 14:55 - 00000000 ____D C:\ProgramData\SupremoRemoteDesktop
2017-05-19 17:02 - 2017-04-15 10:33 - 00003950 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1442862033
2017-05-19 17:02 - 2015-09-21 22:00 - 00001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2017-05-19 17:02 - 2015-09-21 22:00 - 00000000 ____D C:\Program Files (x86)\Opera
2017-05-19 16:51 - 2017-03-19 00:03 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-05-18 17:49 - 2017-03-19 00:03 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-05-16 16:36 - 2015-09-06 01:48 - 00000000 ____D C:\Users\User\AppData\Roaming\Mozilla
2017-05-15 09:57 - 2017-03-19 00:01 - 00000000 ____D C:\WINDOWS\INF
2017-05-13 23:17 - 2015-09-13 20:58 - 00000600 _____ C:\Users\User\AppData\Roaming\winscp.rnd
2017-05-12 09:42 - 2017-03-18 23:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-05-12 09:42 - 2016-10-22 13:42 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-11 21:02 - 2017-03-19 00:03 - 00000000 ____D C:\WINDOWS\rescache
2017-05-11 09:10 - 2017-04-15 10:27 - 00546432 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-05-11 09:10 - 2015-09-06 00:38 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-05-11 01:10 - 2017-04-15 21:22 - 00000000 ____D C:\Program Files\Hyper-V
2017-05-11 01:10 - 2017-03-19 00:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-05-11 01:10 - 2017-03-19 00:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-05-11 01:10 - 2017-03-19 00:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-05-11 01:10 - 2017-03-19 00:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-05-11 01:10 - 2017-03-19 00:03 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-05-11 01:10 - 2017-03-19 00:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-05-11 01:10 - 2017-03-19 00:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-05-11 01:10 - 2017-03-19 00:03 - 00000000 ____D C:\WINDOWS\Provisioning
2017-05-11 01:10 - 2017-03-19 00:03 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-05-11 01:10 - 2017-03-19 00:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-05-11 01:10 - 2017-03-19 00:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-05-11 01:10 - 2017-03-18 14:40 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-05-10 08:41 - 2015-09-06 00:38 - 00000000 ____D C:\Users\User\AppData\Local\Packages
2017-05-10 00:04 - 2017-04-15 10:33 - 00004530 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-05-10 00:04 - 2017-04-15 10:33 - 00004386 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-05-10 00:04 - 2017-03-19 00:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-05-10 00:04 - 2017-03-19 00:03 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-05-08 10:51 - 2015-09-06 01:01 - 00000000 ____D C:\ProgramData\Package Cache
2017-05-05 10:25 - 2017-04-15 10:33 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-05-01 12:29 - 2015-09-22 19:05 - 00001104 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2017-05-01 12:29 - 2015-09-22 19:05 - 00000000 ____D C:\Program Files\paint.net
2017-04-30 00:50 - 2015-09-06 01:07 - 00000000 ____D C:\Program Files (x86)\Intel
2017-04-29 04:05 - 2017-03-19 00:06 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-04-29 04:05 - 2017-03-19 00:06 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-04-28 00:19 - 2017-04-15 10:33 - 00003562 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-28 00:19 - 2017-04-15 10:33 - 00003438 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
 
==================== Files in the root of some directories =======
 
2015-09-13 20:58 - 2017-05-13 23:17 - 0000600 _____ () C:\Users\User\AppData\Roaming\winscp.rnd
2015-10-03 11:05 - 2017-05-26 00:57 - 0000600 _____ () C:\Users\User\AppData\Local\PUTTY.RND
2016-09-18 14:27 - 2016-09-18 14:27 - 0000737 _____ () C:\Users\User\AppData\Local\recently-used.xbel
2015-09-14 20:25 - 2016-02-26 03:26 - 0007612 _____ () C:\Users\User\AppData\Local\resmon.resmoncfg
2017-04-26 23:36 - 2017-04-26 23:41 - 0000177 _____ () C:\Users\User\AppData\Local\zenmap.exe.log
2017-04-15 10:27 - 2017-04-15 10:27 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-12-15 13:30 - 2017-05-26 08:21 - 0002938 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-15 13:30 - 2017-05-26 01:09 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1
2017-01-03 00:18 - 2017-01-03 00:18 - 0000036 ___SH () C:\ProgramData\Shrew Soft VPN.dat
 
Files to move or delete:
====================
C:\ProgramData\Shrew Soft VPN.dat
 
 
Some files in TEMP:
====================
2017-04-16 21:19 - 2017-05-16 00:20 - 0079904 _____ () C:\Users\User\AppData\Local\Temp\i4jdel0.exe
2017-04-24 15:26 - 2017-04-24 15:26 - 0739904 _____ (Oracle Corporation) C:\Users\User\AppData\Local\Temp\jre-8u131-windows-au.exe
2017-04-17 20:38 - 2017-04-17 20:38 - 57886168 _____ (Skype Technologies S.A.) C:\Users\User\AppData\Local\Temp\SkypeSetup.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-05-20 23:33
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 real_sm

real_sm
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 29 May 2017 - 01:43 PM

Can anyone help, please?



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:43 PM

Posted 31 May 2017 - 06:20 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> https://www.bleepingcomputer.com/logreply/647698 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 real_sm

real_sm
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 31 May 2017 - 08:55 AM

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.

     

    I saw some cmd.exe black windows popping up. Then I ran DrWeb CureIt!, which showed me that I'm infected with Trojan.PWS.Panda.5661 (jusched.exe). After 3 runs it said that it had cured it, but it still showed up in CureIt! results.
     

    new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-05-2017
Ran by User (administrator) on TACIS (31-05-2017 16:47:23)
Running from D:\Desktop
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 10 Enterprise Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> Secure System
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(HP) C:\Windows\System32\HPSIsvc.exe
() C:\Program Files\ShrewSoft\VPN Client\iked.exe
() C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
() C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\vmms.exe
(Microsoft Corporation) C:\Windows\System32\vmcompute.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Creative Technology Ltd.) C:\Windows\V0420Mon.exe
() C:\Program Files\MagicTune Premium\GammaTray.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\NumLock Calculator 3_2\NLCalc.exe
(Telegram Messenger LLP) C:\Users\User\AppData\Roaming\Telegram Desktop\Telegram.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11703.1001.45.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\OpenVPN\bin\openvpn-gui.exe
(The OpenVPN Project) C:\Program Files\OpenVPN\bin\openvpn.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.881\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.881\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.881\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.881\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.881\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.881\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.881\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.881\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.881\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.881\opera.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.881\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.881\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.881\opera.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.881\opera.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8844032 2016-01-27] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [323056 2015-11-04] (Intel Corporation)
HKLM-x32\...\Run: [V0420Mon.exe] => C:\WINDOWS\V0420Mon.exe [32768 2007-04-30] (Creative Technology Ltd.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [318128 2016-11-16] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKU\S-1-5-21-2393594200-3507703851-1312250281-1001\...\Run: [OPENVPN-GUI] => C:\Program Files\OpenVPN\bin\openvpn-gui.exe [615040 2017-03-22] ()
HKU\S-1-5-21-2393594200-3507703851-1312250281-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27716568 2017-05-04] (Skype Technologies S.A.)
HKU\S-1-5-21-2393594200-3507703851-1312250281-1001\...\MountPoints2: {d249f666-1eed-11e7-9ed6-74d435e82cab} - "G:\timeUpdater.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GammaTray.exe.lnk [2017-02-08]
ShortcutTarget: GammaTray.exe.lnk -> C:\Program Files\MagicTune Premium\GammaTray.exe ()
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk [2015-09-06]
ShortcutTarget: Mozilla Thunderbird.lnk -> C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NumLock Calculator 3.2.lnk [2015-09-09]
ShortcutTarget: NumLock Calculator 3.2.lnk -> C:\Program Files (x86)\NumLock Calculator 3_2\NLCalc.exe ()
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telegram.lnk [2017-05-15]
ShortcutTarget: Telegram.lnk -> C:\Users\User\AppData\Roaming\Telegram Desktop\Telegram.exe (Telegram Messenger LLP)
GroupPolicy: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{018f05b5-bc41-4fd8-bd0a-02a0ea606878}: [DhcpNameServer] 192.168.14.1
Tcpip\..\Interfaces\{48aa02f7-2b48-4f81-abe8-d16807651f86}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{5a46cebd-2557-43a0-8745-1c0f8cedc91b}: [DhcpNameServer] 77.120.80.99 77.120.80.100
Tcpip\..\Interfaces\{903a873a-bde4-40cf-be11-4e312200346c}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{d50c821d-b50b-4772-bd2d-95dcbb12434b}: [DhcpNameServer] 192.168.14.1

Internet Explorer:
==================
HKU\S-1-5-21-2393594200-3507703851-1312250281-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-2393594200-3507703851-1312250281-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-2393594200-3507703851-1312250281-1001 -> DefaultScope {8C3078A0-9AAB-4371-85D1-656CA8E46EE8} URL = hxxps://yandex.ua/search/?text={searchTerms}&clid=2233627
SearchScopes: HKU\S-1-5-21-2393594200-3507703851-1312250281-1001 -> {8C3078A0-9AAB-4371-85D1-656CA8E46EE8} URL = hxxps://yandex.ua/search/?text={searchTerms}&clid=2233627
SearchScopes: HKU\S-1-5-21-2393594200-3507703851-1312250281-1001 -> {FB6E4667-A9BA-4AEA-8C7A-8A94B4D304C3} URL = hxxp://yandex.ru/yandsearch?clid=1867357&text={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-05-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-04-24] (Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-05-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-24] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-05-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-05-26] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-05-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-26] (Oracle Corporation)
DPF: HKLM-x32 {03EBA73D-329C-45D1-A2E4-9D7719BAD366} hxxps://cb.privatbank.ua/p24/cryptoplugin/cryptoplugin.cab
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1452638110711
DPF: HKLM-x32 {748E146C-5842-4AD4-8A01-ACA7E61C6FCE} hxxp://10.200.29.61:8888/DvrOcx.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-26] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-26] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-26] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-26] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: gvlxnqhy.default
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gvlxnqhy.default [2017-05-30]
FF Extension: (Adblock Plus) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gvlxnqhy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-05-27]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: (SmartPrintButton) - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-10] ()
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-24] (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-10] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-05-26] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-26] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin HKU\S-1-5-21-2393594200-3507703851-1312250281-1001: @bankid.ua/cryptoplugin,version=1.2.1 -> C:\Users\User\AppData\Local\cryptoplugin\npcryptoplugin.dll [2016-09-22] ()
FF Plugin HKU\S-1-5-21-2393594200-3507703851-1312250281-1001: hangzhoutaobleepechnologycoltd.com/DevWebClient -> C:\Program Files\WebClientNoIE\npDevWebClient.dll [2015-05-19] (Hangzhou Taoshi Technology Co., Ltd.)
FF Plugin HKU\S-1-5-21-2393594200-3507703851-1312250281-1001: SkypeForBusinessPlugin-16.2 -> C:\Users\User\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.5\npGatewayNpapi.dll [2016-02-05] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-2393594200-3507703851-1312250281-1001: SkypeForBusinessPlugin64-16.2 -> C:\Users\User\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.5\npGatewayNpapi-x64.dll [2016-02-05] (Microsoft Corporation)

Chrome: 
=======
CHR DefaultProfile: Default
CHR DefaultSearchKeyword: Default -> MusicSig - скачать музыку Вконтакте (Vkontakte)
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2017-05-31]
CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-06]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-06]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (VK Customizer) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfkpjieodkhhnhdllmkddpdnjjmlhdjo [2017-02-08]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Awesome Screenshot Minus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnophbnknjcjnbadhhkciahanapffepm [2017-04-25]
CHR Extension: (uBlock Origin) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-05-19]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-06]
CHR Extension: (HTTPS Everywhere) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2017-05-24]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (MusicSig для Вконтакте (Vkontakte)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hanjiajgnonaobdlklncdjdmpbomlhoa [2017-05-15]
CHR Extension: (Crypto-Plugin) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\idfiabaafjemgcecklpgnebaebonghka [2016-11-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-06]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-12]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

Opera: 
=======
OPR Extension: (BankID CryptoPlugin) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\aiikngbhbnkcahmaelhdfeaeenccfkej [2016-07-05]
OPR Extension: (HTTPS Everywhere) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\edaplhobcmdaneconioghljnnopmkhgm [2017-05-25]
OPR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\foobgjfmnkeainefnnoeghobcdcidhme [2016-11-16]
OPR Extension: (LastPass: Free Password Manager) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\hnjalnkldgigidggphhmacmimbdlafdo [2017-04-01]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
R2 Bonjour Service; C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe [390504 2017-04-19] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3971264 2017-05-14] (Microsoft Corporation)
S3 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [19440 2015-11-04] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [354936 2016-01-14] (Intel Corporation)
R2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe [1127736 2013-07-01] ()
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
R2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [810808 2013-07-01] ()
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-09-04] (Intel Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-13] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-13] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-12-13] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2016-12-13] (NVIDIA Corporation)
S4 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv2.exe [15872 2016-11-25] ( ) [File not signed]
S4 OpenVPNServiceInteractive; C:\Program Files\OpenVPN\bin\openvpnserv.exe [72320 2017-03-22] (The OpenVPN Project)
S4 OpenVPNServiceLegacy; C:\Program Files\OpenVPN\bin\openvpnserv.exe [72320 2017-03-22] (The OpenVPN Project)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-19] (Microsoft Corporation)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.)
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [157456 2017-03-07] ()
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
R3 vmcompute; C:\WINDOWS\system32\vmcompute.exe [2231296 2017-04-15] (Microsoft Corporation)
R2 vmms; C:\WINDOWS\system32\vmms.exe [14414336 2017-04-15] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [31376 2015-03-10] ()
S3 EWC641024; C:\WINDOWS\system32\DRIVERS\ExtraWebcam_x64_1024.sys [25472 2010-04-12] (Somee int)
S3 EWC64320; C:\WINDOWS\system32\DRIVERS\ExtraWebcam_x64_320.sys [25472 2010-04-12] (Somee int)
S3 EWC64640; C:\WINDOWS\system32\DRIVERS\ExtraWebcam_x64_640.sys [25472 2010-04-12] (Somee int)
R3 hvsocketcontrol; C:\WINDOWS\system32\drivers\hvsocketcontrol.sys [22016 2017-04-15] (Microsoft Corporation)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.)
S3 kmloop; C:\WINDOWS\System32\drivers\loop.sys [16896 2017-03-18] (Microsoft Corporation)
S3 kz1avs; C:\WINDOWS\System32\Drivers\kz1avs.sys [359120 2013-05-17] (Native Instruments GmbH)
S3 kz1usb_svc; C:\WINDOWS\System32\Drivers\kz1usb.sys [83152 2013-05-17] (Native Instruments GmbH)
S3 lunparser; C:\WINDOWS\System32\drivers\lunparser.sys [23552 2017-04-15] (Microsoft Corporation)
R1 MagicTune; C:\WINDOWS\system32\drivers\MTiCtwl.sys [23096 2008-11-04] (Samsung Electronics, Inc. )
R1 MpKsldffe9a73; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F4F975B8-18AE-460C-8F55-8A24FFB03AF7}\MpKsldffe9a73.sys [44928 2017-05-31] (Microsoft Corporation)
S3 mvusbews; C:\WINDOWS\System32\Drivers\mvusbews.sys [20480 2012-09-26] (Marvell Semiconductor, Inc.)
S3 netr28ux; C:\WINDOWS\System32\drivers\netr28ux.sys [2224128 2017-03-18] (MediaTek Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [46016 2016-12-13] (NVIDIA Corporation)
S3 passthruparser; C:\WINDOWS\System32\drivers\passthruparser.sys [25088 2017-04-15] (Microsoft Corporation)
S3 pcip; C:\WINDOWS\System32\drivers\pcip.sys [47616 2017-04-15] (Microsoft Corporation)
S3 pvhdparser; C:\WINDOWS\System32\drivers\pvhdparser.sys [51712 2017-04-15] (Microsoft Corporation)
S3 ramparser; C:\WINDOWS\System32\drivers\ramparser.sys [31232 2017-04-15] (Microsoft Corporation)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
S3 Ser2pl; C:\WINDOWS\system32\DRIVERS\ser2pl64.sys [92160 2008-10-27] (Prolific Technology Inc.) [File not signed]
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 Synth3dVsp; C:\WINDOWS\System32\drivers\synth3dvsp.sys [104448 2017-04-15] (Microsoft Corporation)
R3 V0420VID; C:\WINDOWS\system32\DRIVERS\V0420Vid.sys [107072 2007-05-31] (Creative Technology Ltd.)
S3 vhdparser; C:\WINDOWS\System32\drivers\vhdparser.sys [31232 2017-04-15] (Microsoft Corporation)
R3 vmsmp; C:\WINDOWS\System32\drivers\vmswitch.sys [1652736 2017-04-15] (Microsoft Corporation)
R2 VMSP; C:\WINDOWS\System32\drivers\vmswitch.sys [1652736 2017-04-15] (Microsoft Corporation)
R0 vmsproxy; C:\WINDOWS\System32\drivers\vmsproxy.sys [33696 2017-04-15] (Microsoft Corporation)
S3 VMSVSF; C:\WINDOWS\System32\drivers\vmswitch.sys [1652736 2017-04-15] (Microsoft Corporation)
S3 VMSVSP; C:\WINDOWS\System32\drivers\vmswitch.sys [1652736 2017-04-15] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
U4 npcap_wifi; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-26 14:36 - 2017-05-26 14:36 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-05-26 14:36 - 2017-05-26 14:36 - 00000000 ____D C:\Program Files (x86)\Java
2017-05-26 14:36 - 2017-04-24 15:26 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-64.dll
2017-05-26 14:15 - 2017-05-31 16:47 - 00000000 ____D C:\FRST
2017-05-26 08:34 - 2017-05-26 08:46 - 00000000 ____D C:\Users\User\Doctor Web
2017-05-15 14:50 - 2017-05-15 14:50 - 00000000 ____D C:\Users\User\AppData\Roaming\TightVNC
2017-05-15 14:50 - 2017-05-15 14:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TightVNC
2017-05-15 14:50 - 2017-05-15 14:50 - 00000000 ____D C:\Program Files\TightVNC
2017-05-10 08:45 - 2017-04-28 04:38 - 01411128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-05-10 08:45 - 2017-04-28 04:12 - 01604312 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-05-10 08:45 - 2017-04-28 04:12 - 00543640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-05-10 08:45 - 2017-04-28 04:08 - 08320920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-05-10 08:45 - 2017-04-28 04:07 - 06759512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-05-10 08:45 - 2017-04-28 04:00 - 02444192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-05-10 08:45 - 2017-04-28 03:59 - 05477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-05-10 08:45 - 2017-04-28 03:59 - 00388000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-05-10 08:45 - 2017-04-28 03:56 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-05-10 08:45 - 2017-04-28 03:52 - 02957824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-05-10 08:45 - 2017-04-28 03:51 - 20505600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-05-10 08:45 - 2017-04-28 03:46 - 19335168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-05-10 08:45 - 2017-04-28 03:40 - 11870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-05-10 08:45 - 2017-04-28 03:40 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-05-10 08:45 - 2017-04-28 03:26 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-05-10 08:45 - 2017-04-28 03:15 - 03672064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-05-10 08:45 - 2017-04-28 03:11 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-05-10 08:45 - 2017-04-28 03:04 - 23681024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-05-10 08:45 - 2017-04-28 03:00 - 08244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-05-10 08:45 - 2017-04-28 02:58 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-05-10 08:45 - 2017-04-19 09:12 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-05-10 08:45 - 2017-04-19 09:04 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-05-10 08:45 - 2017-04-19 09:04 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-05-10 08:45 - 2017-04-19 08:34 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-05-10 08:45 - 2017-04-14 03:33 - 02085280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-05-10 08:45 - 2017-04-14 02:39 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-05-10 08:45 - 2017-04-14 02:21 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-05-10 08:44 - 2017-04-28 04:19 - 01839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-05-10 08:44 - 2017-04-28 04:19 - 00605936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-05-10 08:44 - 2017-04-28 04:18 - 02259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-05-10 08:44 - 2017-04-28 04:16 - 00599576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2017-05-10 08:44 - 2017-04-28 04:11 - 02158544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-05-10 08:44 - 2017-04-28 04:09 - 01557288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2017-05-10 08:44 - 2017-04-28 04:08 - 02399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-05-10 08:44 - 2017-04-28 04:08 - 02330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-05-10 08:44 - 2017-04-28 04:08 - 00775824 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-05-10 08:44 - 2017-04-28 04:07 - 00988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-05-10 08:44 - 2017-04-28 04:06 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-05-10 08:44 - 2017-04-28 04:06 - 00708712 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2017-05-10 08:44 - 2017-04-28 04:05 - 00923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-05-10 08:44 - 2017-04-28 04:04 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-05-10 08:44 - 2017-04-28 04:03 - 00667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-05-10 08:44 - 2017-04-28 03:59 - 02635336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-05-10 08:44 - 2017-04-28 03:59 - 00207264 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-05-10 08:44 - 2017-04-28 03:59 - 00027040 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2017-05-10 08:44 - 2017-04-28 03:58 - 01852776 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2017-05-10 08:44 - 2017-04-28 03:58 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-05-10 08:44 - 2017-04-28 03:57 - 03116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-05-10 08:44 - 2017-04-28 03:55 - 21353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-05-10 08:44 - 2017-04-28 03:55 - 01325456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-05-10 08:44 - 2017-04-28 03:53 - 00387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-05-10 08:44 - 2017-04-28 03:52 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-05-10 08:44 - 2017-04-28 03:52 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-05-10 08:44 - 2017-04-28 03:49 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2017-05-10 08:44 - 2017-04-28 03:49 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-05-10 08:44 - 2017-04-28 03:46 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-05-10 08:44 - 2017-04-28 03:46 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-05-10 08:44 - 2017-04-28 03:45 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-05-10 08:44 - 2017-04-28 03:44 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-05-10 08:44 - 2017-04-28 03:44 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-05-10 08:44 - 2017-04-28 03:42 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-05-10 08:44 - 2017-04-28 03:42 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-05-10 08:44 - 2017-04-28 03:42 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-05-10 08:44 - 2017-04-28 03:42 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-05-10 08:44 - 2017-04-28 03:41 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-05-10 08:44 - 2017-04-28 03:40 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-05-10 08:44 - 2017-04-28 03:40 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-05-10 08:44 - 2017-04-28 03:40 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-05-10 08:44 - 2017-04-28 03:40 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-05-10 08:44 - 2017-04-28 03:39 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-05-10 08:44 - 2017-04-28 03:39 - 03655680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-05-10 08:44 - 2017-04-28 03:39 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-05-10 08:44 - 2017-04-28 03:38 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-05-10 08:44 - 2017-04-28 03:38 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-05-10 08:44 - 2017-04-28 03:37 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-05-10 08:44 - 2017-04-28 03:37 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-05-10 08:44 - 2017-04-28 03:34 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-05-10 08:44 - 2017-04-28 03:33 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-05-10 08:44 - 2017-04-28 03:15 - 01051648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-05-10 08:44 - 2017-04-28 03:14 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-05-10 08:44 - 2017-04-28 03:11 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2017-05-10 08:44 - 2017-04-28 03:11 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-05-10 08:44 - 2017-04-28 03:09 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-05-10 08:44 - 2017-04-28 03:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-05-10 08:44 - 2017-04-28 03:08 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-05-10 08:44 - 2017-04-28 03:08 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-05-10 08:44 - 2017-04-28 03:08 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-05-10 08:44 - 2017-04-28 03:07 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-05-10 08:44 - 2017-04-28 03:06 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-05-10 08:44 - 2017-04-28 03:06 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-05-10 08:44 - 2017-04-28 03:06 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-05-10 08:44 - 2017-04-28 03:06 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-05-10 08:44 - 2017-04-28 03:05 - 01075712 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-05-10 08:44 - 2017-04-28 03:05 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-05-10 08:44 - 2017-04-28 03:04 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-05-10 08:44 - 2017-04-28 03:04 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-05-10 08:44 - 2017-04-28 03:04 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-05-10 08:44 - 2017-04-28 03:03 - 01085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-05-10 08:44 - 2017-04-28 03:03 - 01027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-05-10 08:44 - 2017-04-28 03:03 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-05-10 08:44 - 2017-04-28 03:03 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-05-10 08:44 - 2017-04-28 03:03 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-05-10 08:44 - 2017-04-28 03:02 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-05-10 08:44 - 2017-04-28 03:01 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-05-10 08:44 - 2017-04-28 03:01 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-05-10 08:44 - 2017-04-28 02:59 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-05-10 08:44 - 2017-04-28 02:59 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-05-10 08:44 - 2017-04-28 02:59 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-05-10 08:44 - 2017-04-28 02:59 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-05-10 08:44 - 2017-04-28 02:59 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-05-10 08:44 - 2017-04-28 02:58 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-05-10 08:44 - 2017-04-28 02:57 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-05-10 08:44 - 2017-04-28 02:57 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-05-10 08:44 - 2017-04-28 02:57 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-05-10 08:44 - 2017-04-28 02:57 - 01803264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-05-10 08:44 - 2017-04-28 02:54 - 00985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-05-10 08:44 - 2017-04-28 02:54 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-05-10 08:44 - 2017-04-28 02:54 - 00722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-05-10 08:44 - 2017-04-28 02:54 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-05-10 08:44 - 2017-04-28 02:52 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll
2017-05-10 08:44 - 2017-04-19 10:07 - 00712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-05-10 08:44 - 2017-04-19 10:06 - 00651680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-05-10 08:44 - 2017-04-19 10:04 - 00142240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-05-10 08:44 - 2017-04-19 10:02 - 00716440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2017-05-10 08:44 - 2017-04-19 09:19 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-05-10 08:44 - 2017-04-19 09:18 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2017-05-10 08:44 - 2017-04-19 09:16 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2017-05-10 08:44 - 2017-04-19 09:15 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2017-05-10 08:44 - 2017-04-19 09:14 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-05-10 08:44 - 2017-04-19 09:13 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-05-10 08:44 - 2017-04-19 09:13 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-05-10 08:44 - 2017-04-19 09:12 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-05-10 08:44 - 2017-04-19 09:12 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2017-05-10 08:44 - 2017-04-19 09:11 - 04446208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-05-10 08:44 - 2017-04-19 09:11 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-05-10 08:44 - 2017-04-19 09:10 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-05-10 08:44 - 2017-04-19 09:10 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-05-10 08:44 - 2017-04-19 09:10 - 01600512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2017-05-10 08:44 - 2017-04-19 09:08 - 01103872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-05-10 08:44 - 2017-04-19 09:08 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-05-10 08:44 - 2017-04-19 09:07 - 01242624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-05-10 08:44 - 2017-04-19 09:07 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-05-10 08:44 - 2017-04-19 09:06 - 02651648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-05-10 08:44 - 2017-04-19 09:02 - 00559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-05-10 08:44 - 2017-04-19 09:01 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvps.dll
2017-05-10 08:44 - 2017-04-19 08:59 - 02435584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-05-10 08:44 - 2017-04-19 08:59 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-05-10 08:44 - 2017-04-19 08:58 - 20374424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-05-10 08:44 - 2017-04-19 08:37 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2017-05-10 08:44 - 2017-04-19 08:36 - 01291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-05-10 08:44 - 2017-04-19 08:35 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-05-10 08:44 - 2017-04-19 08:34 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-05-10 08:44 - 2017-04-19 08:34 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2017-05-10 08:44 - 2017-04-19 08:32 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-05-10 08:44 - 2017-04-19 08:30 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-05-10 08:44 - 2017-04-19 08:29 - 02298880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-05-10 08:44 - 2017-04-14 03:35 - 04848440 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-05-10 08:44 - 2017-04-14 03:35 - 00741784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-05-10 08:44 - 2017-04-14 03:35 - 00673112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2017-05-10 08:44 - 2017-04-14 03:32 - 01320352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-05-10 08:44 - 2017-04-14 03:30 - 00105456 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2017-05-10 08:44 - 2017-04-14 03:25 - 01854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-05-10 08:44 - 2017-04-14 03:25 - 01452960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-05-10 08:44 - 2017-04-14 02:43 - 04469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-05-10 08:44 - 2017-04-14 02:43 - 00523296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2017-05-10 08:44 - 2017-04-14 02:41 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2017-05-10 08:44 - 2017-04-14 02:41 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-05-10 08:44 - 2017-04-14 02:40 - 00095584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2017-05-10 08:44 - 2017-04-14 02:39 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe
2017-05-10 08:44 - 2017-04-14 02:39 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-05-10 08:44 - 2017-04-14 02:39 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-05-10 08:44 - 2017-04-14 02:39 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2017-05-10 08:44 - 2017-04-14 02:38 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Preview.dll
2017-05-10 08:44 - 2017-04-14 02:38 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2017-05-10 08:44 - 2017-04-14 02:37 - 00450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-05-10 08:44 - 2017-04-14 02:37 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2017-05-10 08:44 - 2017-04-14 02:37 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2017-05-10 08:44 - 2017-04-14 02:37 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-05-10 08:44 - 2017-04-14 02:36 - 00524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-05-10 08:44 - 2017-04-14 02:36 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-05-10 08:44 - 2017-04-14 02:35 - 01433600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-05-10 08:44 - 2017-04-14 02:35 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-05-10 08:44 - 2017-04-14 02:35 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-05-10 08:44 - 2017-04-14 02:34 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-05-10 08:44 - 2017-04-14 02:34 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-05-10 08:44 - 2017-04-14 02:33 - 01269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-05-10 08:44 - 2017-04-14 02:33 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-05-10 08:44 - 2017-04-14 02:31 - 01611776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2017-05-10 08:44 - 2017-04-14 02:31 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-05-10 08:44 - 2017-04-14 02:29 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-05-10 08:44 - 2017-04-14 02:29 - 01583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-05-10 08:44 - 2017-04-14 02:29 - 01295872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-05-10 08:44 - 2017-04-14 02:29 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-05-10 08:44 - 2017-04-14 02:29 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-05-10 08:44 - 2017-04-14 02:28 - 02443776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-05-10 08:44 - 2017-04-14 02:26 - 01257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-05-10 08:44 - 2017-04-14 02:25 - 00750080 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2017-05-10 08:44 - 2017-04-14 02:24 - 01628160 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2017-05-10 08:44 - 2017-04-14 02:21 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-05-10 08:44 - 2017-04-14 02:18 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaserver.exe
2017-05-10 08:44 - 2017-04-14 02:18 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-05-10 08:44 - 2017-04-14 02:15 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2017-05-10 08:44 - 2017-04-14 02:15 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-05-10 08:44 - 2017-04-14 02:13 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2017-05-10 08:44 - 2017-04-14 02:13 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-05-10 08:44 - 2017-04-14 02:08 - 01463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-05-10 08:44 - 2017-04-14 02:06 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-05-10 08:44 - 2017-04-14 02:04 - 00392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-05-10 08:44 - 2017-04-14 02:01 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-05-08 10:46 - 2017-05-08 10:46 - 00000000 ____D C:\Users\User\AppData\Local\NFSClient
2017-05-08 10:42 - 2017-05-08 10:42 - 00000000 ____D C:\Users\User\AppData\Local\NekoDrive
2017-05-03 00:30 - 2017-05-03 00:30 - 00000080 _____ C:\Users\User\.imb_d
2017-05-03 00:28 - 2017-05-03 09:57 - 00000000 ____D C:\Users\User\.imibrowser
2017-05-03 00:24 - 2017-05-03 09:57 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iReasoning
2017-05-03 00:24 - 2017-05-03 00:24 - 00000000 ____D C:\Program Files (x86)\ireasoning
2017-05-02 23:00 - 2017-05-02 23:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2017-05-02 23:00 - 2017-05-02 23:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-31 16:35 - 2015-09-06 01:18 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2017-05-31 16:12 - 2017-04-15 10:27 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-05-31 09:42 - 2017-04-15 10:34 - 01402310 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-05-31 09:41 - 2015-09-06 00:50 - 00565416 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-05-31 09:40 - 2017-03-19 00:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-31 09:40 - 2017-03-19 00:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-05-31 09:37 - 2017-04-15 10:27 - 00000000 ____D C:\ProgramData\NVIDIA
2017-05-31 09:35 - 2017-04-15 10:33 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-05-31 09:35 - 2017-03-18 01:29 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-05-31 09:35 - 2016-11-20 17:52 - 00000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
2017-05-31 09:35 - 2015-09-07 12:58 - 00000000 ____D C:\Users\User\AppData\Local\Adobe
2017-05-31 09:35 - 2015-09-06 16:02 - 00000000 ____D C:\Users\User\AppData\Roaming\Telegram Desktop
2017-05-31 02:51 - 2017-03-18 14:40 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-05-31 02:51 - 2016-12-15 13:30 - 00005110 _____ C:\ProgramData\NvTelemetryContainer.log_backup1
2017-05-30 17:03 - 2017-04-15 10:33 - 00003950 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1442862033
2017-05-30 17:03 - 2015-09-21 22:00 - 00001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2017-05-30 17:03 - 2015-09-21 22:00 - 00000000 ____D C:\Program Files (x86)\Opera
2017-05-30 12:06 - 2015-10-03 11:05 - 00000600 _____ C:\Users\User\AppData\Local\PUTTY.RND
2017-05-29 13:37 - 2015-09-11 17:10 - 00000000 ____D C:\ProgramData\Soulseek
2017-05-29 00:41 - 2015-09-06 02:42 - 00000000 ____D C:\Users\User\AppData\Roaming\Azureus
2017-05-27 08:59 - 2016-12-05 00:28 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-05-27 08:59 - 2015-09-06 01:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-26 14:36 - 2015-09-06 02:40 - 00000000 ____D C:\ProgramData\Oracle
2017-05-26 14:36 - 2015-09-06 02:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-05-26 08:31 - 2017-03-19 00:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-05-26 08:30 - 2015-10-30 18:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-05-25 22:53 - 2015-12-22 15:43 - 00000516 __RSH C:\ProgramData\ntuser.pol
2017-05-25 09:27 - 2015-09-07 13:00 - 00000000 ____D C:\Program Files\Common Files\Adobe
2017-05-24 09:03 - 2015-12-27 18:14 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-05-24 09:03 - 2015-09-06 01:18 - 00000000 ____D C:\ProgramData\Skype
2017-05-24 01:02 - 2015-09-14 17:09 - 00000000 ____D C:\Users\User\AppData\Roaming\spek
2017-05-23 09:33 - 2015-09-06 00:49 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-05-23 09:31 - 2015-09-06 00:49 - 132223576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-05-22 09:17 - 2016-11-22 12:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-05-20 06:51 - 2016-01-29 14:55 - 00000000 ____D C:\ProgramData\SupremoRemoteDesktop
2017-05-19 16:51 - 2017-03-19 00:03 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-05-18 17:49 - 2017-03-19 00:03 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-05-16 16:36 - 2015-09-06 01:48 - 00000000 ____D C:\Users\User\AppData\Roaming\Mozilla
2017-05-15 09:57 - 2017-03-19 00:01 - 00000000 ____D C:\WINDOWS\INF
2017-05-13 23:17 - 2015-09-13 20:58 - 00000600 _____ C:\Users\User\AppData\Roaming\winscp.rnd
2017-05-12 09:42 - 2017-03-18 23:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-05-12 09:42 - 2016-10-22 13:42 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-11 21:02 - 2017-03-19 00:03 - 00000000 ____D C:\WINDOWS\rescache
2017-05-11 09:10 - 2017-04-15 10:27 - 00546432 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-05-11 09:10 - 2015-09-06 00:38 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-05-11 01:10 - 2017-04-15 21:22 - 00000000 ____D C:\Program Files\Hyper-V
2017-05-11 01:10 - 2017-03-19 00:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-05-11 01:10 - 2017-03-19 00:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-05-11 01:10 - 2017-03-19 00:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-05-11 01:10 - 2017-03-19 00:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-05-11 01:10 - 2017-03-19 00:03 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-05-11 01:10 - 2017-03-19 00:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-05-11 01:10 - 2017-03-19 00:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-05-11 01:10 - 2017-03-19 00:03 - 00000000 ____D C:\WINDOWS\Provisioning
2017-05-11 01:10 - 2017-03-19 00:03 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-05-11 01:10 - 2017-03-19 00:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-05-11 01:10 - 2017-03-19 00:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-05-11 01:10 - 2017-03-18 14:40 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-05-10 08:41 - 2015-09-06 00:38 - 00000000 ____D C:\Users\User\AppData\Local\Packages
2017-05-10 00:04 - 2017-04-15 10:33 - 00004530 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-05-10 00:04 - 2017-04-15 10:33 - 00004386 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-05-10 00:04 - 2017-03-19 00:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-05-10 00:04 - 2017-03-19 00:03 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-05-08 10:51 - 2015-09-06 01:01 - 00000000 ____D C:\ProgramData\Package Cache
2017-05-05 10:25 - 2017-04-15 10:33 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-05-01 12:29 - 2015-09-22 19:05 - 00001104 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2017-05-01 12:29 - 2015-09-22 19:05 - 00000000 ____D C:\Program Files\paint.net

==================== Files in the root of some directories =======

2015-09-13 20:58 - 2017-05-13 23:17 - 0000600 _____ () C:\Users\User\AppData\Roaming\winscp.rnd
2015-10-03 11:05 - 2017-05-30 12:06 - 0000600 _____ () C:\Users\User\AppData\Local\PUTTY.RND
2016-09-18 14:27 - 2016-09-18 14:27 - 0000737 _____ () C:\Users\User\AppData\Local\recently-used.xbel
2015-09-14 20:25 - 2016-02-26 03:26 - 0007612 _____ () C:\Users\User\AppData\Local\resmon.resmoncfg
2017-04-26 23:36 - 2017-04-26 23:41 - 0000177 _____ () C:\Users\User\AppData\Local\zenmap.exe.log
2017-04-15 10:27 - 2017-04-15 10:27 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-12-15 13:30 - 2017-05-31 09:35 - 0002938 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-15 13:30 - 2017-05-31 02:51 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1
2017-01-03 00:18 - 2017-01-03 00:18 - 0000036 ___SH () C:\ProgramData\Shrew Soft VPN.dat

Files to move or delete:
====================
C:\ProgramData\Shrew Soft VPN.dat


Some files in TEMP:
====================
2017-04-16 21:19 - 2017-05-28 20:11 - 0079904 _____ () C:\Users\User\AppData\Local\Temp\i4jdel0.exe
2017-04-24 15:26 - 2017-04-24 15:26 - 0739904 _____ (Oracle Corporation) C:\Users\User\AppData\Local\Temp\jre-8u131-windows-au.exe
2017-04-17 20:38 - 2017-04-17 20:38 - 57886168 _____ (Skype Technologies S.A.) C:\Users\User\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-05-30 13:48

==================== End of FRST.txt ============================
Please tell us if you have your original Windows CD/DVD available. 

 

 

Yes.

Attached Files



#5 polskamachina

polskamachina

  • Malware Response Team
  • 3,995 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:43 PM

Posted 31 May 2017 - 11:17 PM

Hi real_sm :)

 

My name is polskamachina and I would like to welcome you to the Malware Removal Forum. I will be helping you with your malware issues.

What follows below are some ground rules for this forum.
 
I will reply as soon as possible (typically within 24-48 hours). In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, please let me know. I am in California at GMT-7 hours (Pacific Standard Time). If I do not respond to you within 48 hours, feel free to send me a private message.

Some points for you to keep in mind:

  • Do NOT run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine. Running any additional tools may detect false positives, interfere with our tools, cause unforeseen damage, or system instability.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • I cannot see your computer. Periodically update me on the condition of your computer, and provide as much detail as you can in every post.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end.
  • NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a flash drive, anywhere except on the computer.
  • NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. Please remember to copy the entire post so you do not miss any instructions.

Please give me some time to review your situation and I will get back to you with further instructions.

 

polskamachina



#6 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,233 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:06:43 AM

Posted 01 June 2017 - 12:16 AM

Hi Polska.

 

I already did an analysis on the users logs... I will forward what I found.

 

John


Edited by TsVk!, 01 June 2017 - 12:18 AM.


#7 polskamachina

polskamachina

  • Malware Response Team
  • 3,995 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:43 PM

Posted 01 June 2017 - 06:41 PM

Hi real_sm :)

 

I'm still working on your case. I might need another 24 hours to get back to you. Thanks for your patience. :busy:

 

polskamachina



#8 polskamachina

polskamachina

  • Malware Response Team
  • 3,995 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:43 PM

Posted 02 June 2017 - 08:51 PM

Hi real_sm :)

 

I have some followup questions. Other than the command window that pops up, have you noticed any performance issues with your system? Are you able to navigate the web efficiently?

 

polskamachina



#9 real_sm

real_sm
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 03 June 2017 - 01:05 AM

Hi real_sm :)

 

I have some followup questions. Other than the command window that pops up, have you noticed any performance issues with your system? Are you able to navigate the web efficiently?

 

polskamachina

I can't say that performance changed drastically. Maybe a tiny little bit slower, but barely noticeable.



#10 polskamachina

polskamachina

  • Malware Response Team
  • 3,995 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:43 PM

Posted 04 June 2017 - 10:29 AM

Hi real_sm :)

I noticed you have an internet connection to a server in the Ukraine. Is that where your computer resides?

Please proceed with the following tasks:

  • Open Notepad
  • Copy and paste the following text into the empty Notepad window
    CreateRestorePoint:
    CloseProcesses:
    C:\Users\User\AppData\Local\Temp\i4jdel0.exe
    C:\Users\User\AppData\Local\Temp\jre-8u131-windows-au.exe
    C:\Users\User\AppData\Local\Temp\SkypeSetup.exe
  • Save the file to your Desktop as fixlist.txt Note: FRST64 and fixlist.txt must be in the same folder in order for the fix to work.
  • Run FRST64 again
  • Click on Fix
  • It should only take a few moments for the fix to complete
  • If you are asked to restart your computer, please do so
  • When the fix has completed, a new file will be created named Fixlog.txt, and it will be saved to your Downloads folder
  • Please copy and paste that log into your next reply to me

Next:

Please download AdwCleaner by Xplode and save to your Desktop.

  • Right-click and select Run As Administrator
  • The tool will start to update the database if one is required
  • Click on the Scan button
  • AdwCleaner will begin...be patient as the scan may take some time to complete
  • After the scan has finished, click on the Logfile button
  • A window will open which lists the logs of your scans
  • Click on the Scan tab
  • Double-click the most recent scan which will be at the top of the list....the log will appear
  • Review the results...see note below
  • After reviewing the log, click on the Clean button
  • Press OK when asked to close all programs and follow the onscreen prompts
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report)
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list
  • Please copy and paste the contents of AdwCleaner[CX].txt in your next reply to me
  • A copy of all logfiles are saved to C:\AdwCleaner.
  • -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

Next:

  • Please click on this link which will take you to the download page for Malwarebytes Anti-Malware photo.jpg?sz=48 From there, click on the download button for Version 2.2 and save it to your desktop.
    • Double-click on the setup file, mbam-setup-bc.1878-2.2.1.1043.exe, then click on Run to install.
    • Malwarebytes will automatically open to its Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"

      malwarebytes-anti-malware-fix-now.jpg
      .
    • Click on Update Now to download the current database definitions, then click the Scan Now >> button.
      .
    • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
    • You will be prompted to update Malwarebytes...click on the Update Now button.

      malwarebytes-anti-malware-2-0-update-now
      .
    • The THREAT SCAN will automatically begin.

      malwarebytes-anti-malware-scan.jpg
      .
    • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.

      malwarebytes-anti-malware-potential-thre
      .
    • To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware..
    • After rebooting the computer, copy and paste the mbam.log in your next reply.
    • .To retrieve the Malwarebytes Anti-Malware scan log information:
      • Open Malwarebytes Anti-Malware.
      • Click the History Tab at the top and select Application Logs.
      • Select (check) the box next to Scan Log. Choose the most current scan.
      • Click the View button.
      • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
      • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
      • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system

In summary I will need from you:

  • Fixlog
  • AdwCleaner log
  • Malwarebytes log
  • Is your location in the vicinity of Ukraine?
  • Does Dr. Web CureIt still show the infected file?
  • How is your computer performing now?

Let me know if you have any questions.

polskamachina



#11 real_sm

real_sm
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 04 June 2017 - 02:43 PM

In summary I will need from you:

  • Fixlog

Attaching.

  • AdwCleaner log


Attaching.

  • Malwarebytes log


Attaching.

  • Is your location in the vicinity of Ukraine?


Yes.

  • Does Dr. Web CureIt still show the infected file?


No, thank you!

  • How is your computer performing now?


Somewhat faster, no cmd.exe windows popping up. Thank you!

Attached Files



#12 polskamachina

polskamachina

  • Malware Response Team
  • 3,995 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:43 PM

Posted 05 June 2017 - 10:42 AM

Hi real_sm,
 
Good job with the scans. :thumbup2: Glad to see that your malware was removed. Please proceed with the following security check:

  • Please download screen317's Security Check to your desktop
  • Double-click it to run the program
  • When the scan has completed, it will create a log named, checkup.txt
  • Note: The log isn't automatically saved anywhere so don't close Notepad Please copy and paste that log into your next reply to me

Next:

ESET Online Scanner:

Note: You will need to disable your currently installed Anti-Virus, how to do so can be read here.

  • Please go here, download the ESET Smart Installer, and save it to your desktop.
  • Double-click on the esetimage.png you just downloaded.
  • Place a checkmark next to "YES, I accept the Terms of Use" and click the shieldstart.png button.
  • Click "Yes" to the UAC (User Account Control) warning, then ESET will download its components, register itself, and start itself.
  • In the new window that opens, tick the radio button next to Enable detection of potentially unwanted applications.
  • Then click "Advanced settings", and make sure there is a checkmark next to only the following items (uncheck everything else):
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Now click on: start.png
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. ...The scan may appear to be finished sometimes...if there is a progress bar visible, it is still scanning!
  • When the scan completes, click List Found Threats (only if anything is found).
  • Then click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the back button, then click finish.png to exit ESET Online Scanner.

Don't forget to re-enable your antivirus when finished!
 
In summary I will need from you the following logs copied and pasted into your next reply to me. Note: It is much easier for me to analyze your logs if they are copied and pasted rather than attached as individual files.

  • checkup.txt
  • ESET log of found threats if applicable
  • How is your computer performing now?

Let me know if you have any questions.
 
polskamachina



#13 real_sm

real_sm
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 05 June 2017 - 04:37 PM

OK, done.

My PC seems to work fine, thank you!

Attached Files



#14 polskamachina

polskamachina

  • Malware Response Team
  • 3,995 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:43 PM

Posted 06 June 2017 - 05:45 PM

Hi real_sm :)

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
- Kaspersky Lab report: Evaluating the threat level of software vulnerabilities
- Microsoft: Unprecedented Wave of Java Exploitation
- Ghosts of Java Haunt Users

Note the Java website is customized to detect which browser you're using so my instructions may vary slightly to what you'll see on the Java website. Consider the directions below to be general guidelines when updating Java.

5teD1PQ.png

  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select (click on) the download link for your operating system (Windows x86 Offline: jre-8u131-windows-i586.exe or Windows x64: jre-8u131-windows-x64.exe) and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Note: The most recent Java installer will automatically uninstall all older versions for you.
  • From your desktop double-click on jre-8u131-windows-i586.exe (or jre-8u131-windows-x64.exe for 64-bit) to install the newest version.
  • If the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered any unwanted software or toolbars during installation, just uncheck the box before continuing unless you want it. The McAfee Security Scan Plus may be installed unless you uncheck the McAfee installation box when updating Java.
  • To test that Java is installed and working properly on your computer, run this test applet.
    NOTE: You may need to restart (close and re-open) your browser to enable the Java installation in your browser.

-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version. However, be aware that the Java updater prompts you to make Yahoo Search your browser's default search engine and home page...the option is pre-checked.

In summary:

  • Please let me know if you're Java installation was successful.
  • How is your computer performing now?

Let me know if you have any questions.

polskamachina



#15 real_sm

real_sm
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 07 June 2017 - 03:06 AM

Important Note: Your version of Java is out of date.


My 64 bit Java is up to date. I don't have 32 bit Java at all. :)

Anyway, I installed 64 bit Java again using your link.

  • Please let me know if you're Java installation was successful.


Yes.

  • How is your computer performing now?


Seems to work fine. I retried running CureIt, it found nothing. Thanks again. :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users