Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Decided to fix up old computer, and this happens


  • Please log in to reply
16 replies to this topic

#1 DJstubborncomputer

DJstubborncomputer

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:47 AM

Posted 25 June 2017 - 09:54 AM

(SORRY FOR THE MULTIPLE POSTINGS, phone glitched as I sent this. Please reply to this one)
So this computer was an old one I received a couple years back.
It is a Windows 7 Home Premuim (64-bit). I haven't used it for several years as I had gotten a new one which unfortunately broke down. The computer in question was a used computer purchased for me as a teenager so I do not have the full history of it. However, I began cleaning it out with Rkill, Hitmanpro, malwarebytws, JRT and adwcleaner. There was some adware on the computer but nothing too serious going by their definitions. I immediately allowed the programs to do their work and eventually the computer read as clean. I did have to use these codes in cmd after adwcleaner scrubbed my laptop as my internet was shut off. (netsh interface ipv4 reset, netsh interface ipv6 reset, ipconfig /flushdns)


As I was cleaning it, I allowed the computer to run updates (there was a lot, considering I have not used this device in 3-4 years). And quickly removed the old antiviruse softwares and replaced them with newer ones. I currently am utilizing windows firewall, Microsoft security essentials and malwarebytes with hitmanpro as a second opinion.

However, this morning after the updates installed apparently it found a remanant of malware in my tablet folders (I am a digital artist). Considering this tablet isn't a mainstream brand and nothing seems shifty about it and assumed it was a false positive due to hitmanpro not recognizing the software (it was only an uninstall file that was flagged, but I allowed hitmanpro to quarantine it anyway). Even more frustrating, a lot of the new drivers in my laptop have been flagged by Hitmanpropro as unknown. The one that startled me however was explorer.exe.

I don't believe there is any pirated or illegal software on this computer as I have not downloaded anything like that. If anything ever shows up it was done without my knowledge.

Am I infected or is hitmanpro extremely sensitive to the updates? All of the flagged softwares and drivers only appeared after I updated. I hope I can use this computer as I have a lot of important software on it. Should I disconnect from the internet or is it okay to use it? I haven't quarantined anything yet as I don't want to destabilize the computer in case the files are legitimate and hitmanpro is sensitive. I have noticed a bit of slower performance from my computer but I assumed that was from all of the updates and the computer adjusting.

Here is the the first log in question with the tablet file:

HitmanPro 3.7.20.286www.hitmanpro.comComputer name . . . . : DEEJAY-PCWindows . . . . . . . : 6.1.1.7601.X64/4User name . . . . . . : Deejay-PC\DeejayUAC . . . . . . . . . : EnabledLicense . . . . . . . : Trial (31 days left)Scan date . . . . . . : 2017-06-25 07:18:43Scan mode . . . . . . : EWSScan duration . . . . : 14m 30sDisk access mode . . : Direct disk access (SRB)Cloud . . . . . . . . : InternetReboot . . . . . . . : NoThreats . . . . . . . : 0Traces . . . . . . . : 366Objects scanned . . . : 1,612,684Files scanned . . . . : 78,906Remnants scanned . . : 505,892 files / 1,027,886 keysSuspicious files ____________________________________________________________C:\windows\SetupX32.EXE -> QuarantinedSize . . . . . . . : 344,472 bytesAge . . . . . . . : 1560.1 days (2013-03-18 03:48:04)Entropy . . . . . : 5.8SHA-256 . . . . . : 973D1301C75686C5EBA990B2F84199C7740EEFCBA7FD01A79D73BBC186B0EC7EProduct . . . . . : Windows Application Installer ProgramPublisherDescription . . . : Setupx32: Application Installer ProgramVersion . . . . . : 7.8.2010.1RSA Key Size . . . : 2048LanguageID . . . . : 1028Authenticode . . . : InvalidFuzzy . . . . . . : 25.0Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.Authors name is missing in version info. This is not common to most programs.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.ReferencesC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet Software\Uninstall.LNKC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet\Uninstall.LNKEarly Warning Scoring _______________________________________________________C:\windows\Explorer.EXESize . . . . . . . : 3,229,696 bytesAge . . . . . . . : 0.4 days (2017-06-24 20:55:01)Entropy . . . . . : 5.6SHA-256 . . . . . : D5BC504277172BE5C54B60AD5C13209DC1F729131DEF084DE3EC8C72E54C58EFProduct . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Windows ExplorerVersion . . . . . : 6.1.7601.23537Copyright . . . . : © Microsoft Corporation. All rights reserved.Desktop . . . . . : DefaultLanguageID . . . . : 1033Running processes : 4036Fuzzy . . . . . . : 11.0Substitutes Explorer.exe as the default shell. Malware tends to start this way.Program starts automatically without user intervention.Time indicates that the file appeared recently on this computer.The file is in use by one or more active processes.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.Program has a human-computer interface (GUI). This is typical for most programs.StartupHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ShellHKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\ShellReferencesC:\Users\Deejay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnkC:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnkC:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnkC:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnkC:\windows\System32\aelupsvc.dllSize . . . . . . . : 72,192 bytesAge . . . . . . . : 0.4 days (2017-06-24 20:56:42)Entropy . . . . . : 6.2SHA-256 . . . . . : 54F7E5A5F8991C5525500C1ECCF3D3135D13F48866C366E52DF1D052DB2EE15BProduct . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Application Experience ServiceVersion . . . . . : 6.1.7601.19050Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : AeLookupSvcLanguageID . . . . : 1033Fuzzy . . . . . . : 9.0Starts automatically as a service during system bootup.Time indicates that the file appeared recently on this computer.The file is in use by one or more active processes.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\AeLookupSvc\C:\windows\system32\appidcertstorecheck.exeSize . . . . . . . : 17,920 bytesAge . . . . . . . : 0.4 days (2017-06-24 21:00:31)Entropy . . . . . : 5.4SHA-256 . . . . . : BFDA3016B9A7D9D8BC3FCD0CB16685E2D42C055564257C64D0DA2F6A4CB72DE4Product . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : AppID Certificate Store Verification TaskVersion . . . . . : 6.1.7601.23807Copyright . . . . : © Microsoft Corporation. All rights reserved.LanguageID . . . . : 1033Fuzzy . . . . . . : 6.0Program starts automatically without user intervention.Time indicates that the file appeared recently on this computer.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupC:\windows\system32\Tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheckC:\windows\system32\appidpolicyconverter.exeSize . . . . . . . : 148,480 bytesAge . . . . . . . : 0.4 days (2017-06-24 21:00:41)Entropy . . . . . : 5.7SHA-256 . . . . . : 8B98731CF28749232EE8963A8429B9C0E10C36B146F3F649BEF91FC6C16AD79AProduct . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : AppID Policy Converter TaskVersion . . . . . : 6.1.7601.23807Copyright . . . . : © Microsoft Corporation. All rights reserved.LanguageID . . . . : 1033Fuzzy . . . . . . : 6.0Program starts automatically without user intervention.Time indicates that the file appeared recently on this computer.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupC:\windows\system32\Tasks\Microsoft\Windows\AppID\PolicyConverterC:\windows\System32\appidsvc.dllSize . . . . . . . : 34,816 bytesAge . . . . . . . : 0.4 days (2017-06-24 21:00:36)Entropy . . . . . : 5.7SHA-256 . . . . . : B9B0FCBCF53D6739329C93350DB0DB4A0FE8C347F7922ABFEA452CF6EF33DE91Product . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Application Identity ServiceVersion . . . . . : 6.1.7601.23807Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : AppIDSvcLanguageID . . . . : 1033Fuzzy . . . . . . : 7.0Starts automatically as a service during system bootup.Time indicates that the file appeared recently on this computer.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\AppIDSvc\C:\windows\System32\appinfo.dllSize . . . . . . . : 70,144 bytesAge . . . . . . . : 0.4 days (2017-06-24 21:00:37)Entropy . . . . . : 5.4SHA-256 . . . . . : A955ADC6CC7D816BA7CE1065F911E7A3295A1908C22BE0A3C506C38CFEE8DE0DProduct . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Application Information ServiceVersion . . . . . : 6.1.7601.23593Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : AppinfoLanguageID . . . . : 1033Fuzzy . . . . . . : 9.0Starts automatically as a service during system bootup.Time indicates that the file appeared recently on this computer.The file is in use by one or more active processes.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\Appinfo\C:\windows\System32\Audiosrv.dllSize . . . . . . . : 680,448 bytesAge . . . . . . . : 0.4 days (2017-06-24 21:01:00)Entropy . . . . . : 6.4SHA-256 . . . . . : F08550E4FCEC2899FACEF2A18CEE3D068D5911FFD2FF5534E4921E56FB0AEF59Product . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Windows Audio ServiceVersion . . . . . : 6.1.7601.23471Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : AudioSrvLanguageID . . . . : 1033Fuzzy . . . . . . : 11.0Starts automatically as a service during system bootup.Program starts automatically without user intervention.Time indicates that the file appeared recently on this computer.The file is in use by one or more active processes.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\AudioEndpointBuilder\HKLM\SYSTEM\CurrentControlSet\Services\AudioSrv\C:\Windows\System32\basesrv.dllSize . . . . . . . : 52,736 bytesAge . . . . . . . : 0.4 days (2017-06-24 21:03:50)Entropy . . . . . : 6.0SHA-256 . . . . . : 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6FProduct . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Windows NT BASE API Server DLLVersion . . . . . : 6.1.7601.18923Copyright . . . . : © Microsoft Corporation. All rights reserved.LanguageID . . . . : 1033Fuzzy . . . . . . : 12.0Program is running but currently exposes no human-computer interface (GUI).Program starts automatically without user intervention.Time indicates that the file appeared recently on this computer.The file is in use by one or more active processes.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\WindowsC:\Windows\System32\credssp.dllSize . . . . . . . : 22,016 bytesAge . . . . . . . : 0.4 days (2017-06-24 21:00:27)Entropy . . . . . : 5.5SHA-256 . . . . . : 56AE72C53B78EDDBC7EC9DE907B743B5E3594C99602499DF56AC843B32371C80Product . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Credential Delegation Security PackageVersion . . . . . : 6.1.7601.23816Copyright . . . . : © Microsoft Corporation. All rights reserved.LanguageID . . . . : 1033Fuzzy . . . . . . : 15.0Loads as a custom security support provider (SSP). Malware tends to start this way.Program starts automatically without user intervention.Time indicates that the file appeared recently on this computer.The file is in use by one or more active processes.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProvidersC:\windows\system32\cryptsvc.dllSize . . . . . . . : 190,976 bytesAge . . . . . . . : 0.4 days (2017-06-24 21:00:53)Entropy . . . . . : 6.2SHA-256 . . . . . : 2C3D84F0842237A3BF2838DDB4126807977EB36588FA669B1E6671077584EF18Product . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Cryptographic ServicesVersion . . . . . : 6.1.7601.23769Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : CryptSvcLanguageID . . . . : 1033Fuzzy . . . . . . : 11.0Starts automatically as a service during system bootup.Program starts automatically without user intervention.Time indicates that the file appeared recently on this computer.The file is in use by one or more active processes.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\CryptSvc\C:\windows\system32\diagtrack.dllSize . . . . . . . : 1,386,496 bytesAge . . . . . . . : 0.4 days (2017-06-24 21:01:38)Entropy . . . . . : 6.2SHA-256 . . . . . : F295C9BAF20F0E669B673AFCC16B4969EE31B6A3808980DAB93D9B0F167DA3C0Product . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Microsoft Windows Diagnostics TrackingVersion . . . . . : 10.0.10586.3Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : DiagTrackLanguageID . . . . : 1033Fuzzy . . . . . . : 11.0Starts automatically as a service during system bootup.Program starts automatically without user intervention.Time indicates that the file appeared recently on this computer.The file is in use by one or more active processes.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\DiagTrack\C:\windows\system32\drivers\afd.sysSize . . . . . . . : 496,128 bytesAge . . . . . . . : 0.4 days (2017-06-24 21:00:57)Entropy . . . . . : 6.2SHA-256 . . . . . : 69B15724B0034F9915AACE109A6C596D6AF2DA350FC18C9A0CD98C81CB7EDEE3Product . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Ancillary Function Driver for WinSockVersion . . . . . : 6.1.7601.23761Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : AFDLanguageID . . . . : 1033Fuzzy . . . . . . : 9.0Starts automatically as a service during system bootup.Program starts automatically without user intervention.Time indicates that the file appeared recently on this computer.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is a device driver. Device drivers run as trusted (highly privileged) code.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\AFD\C:\windows\system32\drivers\appid.sysSize . . . . . . . : 62,464 bytesAge . . . . . . . : 0.4 days (2017-06-24 21:00:32)Entropy . . . . . : 6.0SHA-256 . . . . . : 2724A3D0B7F979AF5F485000F555495FA21A443159F29BC1B042C4800D7A368AProduct . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : AppID DriverVersion . . . . . : 6.1.7601.23807Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : AppIDLanguageID . . . . : 1033Fuzzy . . . . . . : 7.0Starts automatically as a service during system bootup.Time indicates that the file appeared recently on this computer.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is a device driver. Device drivers run as trusted (highly privileged) code.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\AppID\C:\windows\system32\DRIVERS\bowser.sysSize . . . . . . . : 90,112 bytesAge . . . . . . . : 0.4 days (2017-06-24 21:00:41)Entropy . . . . . : 6.2SHA-256 . . . . . : 2251FA135CC290DA13DAE4743F393C7CC9E6A737C054707CB8D72C369D1FFACBProduct . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : NT Lan Manager Datagram Receiver DriverVersion . . . . . : 6.1.7601.23567Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : bowserLanguageID . . . . : 1033Fuzzy . . . . . . : 7.0Starts automatically as a service during system bootup.Time indicates that the file appeared recently on this computer.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is a device driver. Device drivers run as trusted (highly privileged) code.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\bowser\C:\windows\system32\Drivers\dfsc.sysSize . . . . . . . : 106,496 bytesAge . . . . . . . : 0.4 days (2017-06-24 21:00:46)Entropy . . . . . : 6.3SHA-256 . . . . . : D91676B0E0A8E2A090E3E5DD340ABCFC20AE0F55B4C82869D6CFB34239BD27DAProduct . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : DFS Namespace Client DriverVersion . . . . . : 6.1.7601.23542Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : DfsCLanguageID . . . . : 1033Fuzzy . . . . . . : 9.0Starts automatically as a service during system bootup.Program starts automatically without user intervention.Time indicates that the file appeared recently on this computer.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is a device driver. Device drivers run as trusted (highly privileged) code.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\DfsC\C:\windows\system32\drivers\drmkaud.sysSize . . . . . . . : 5,632 bytesAge . . . . . . . : 0.4 days (2017-06-24 20:55:13)Entropy . . . . . : 2.2SHA-256 . . . . . : A6B16ED498BAFE300E1F0E0A241E3D62F7A1C5973EE775904ED14F33A2BC08A6Product . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Microsoft Trusted Audio DriversVersion . . . . . : 6.1.7601.19091Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : drmkaudLanguageID . . . . : 1033Fuzzy . . . . . . : 7.0Starts automatically as a service during system bootup.Time indicates that the file appeared recently on this computer.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is a device driver. Device drivers run as trusted (highly privileged) code.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\drmkaud\C:\windows\system32\drivers\HTTP.sysSize . . . . . . . : 754,688 bytesAge . . . . . . . : 0.4 days (2017-06-24 20:55:06)Entropy . . . . . : 6.2SHA-256 . . . . . : BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1Product . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : HTTP Protocol StackVersion . . . . . : 6.1.7601.18772Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : HTTPLanguageID . . . . : 1033Fuzzy . . . . . . : 9.0Starts automatically as a service during system bootup.Time indicates that the file appeared recently on this computer.The file is in use by one or more active processes.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is a device driver. Device drivers run as trusted (highly privileged) code.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\HTTP\C:\windows\system32\drivers\mrxdav.sysSize . . . . . . . : 142,336 bytesAge . . . . . . . : 0.4 days (2017-06-24 21:00:48)Entropy . . . . . : 6.3SHA-256 . . . . . : 9AA04CA73AFE599810CD233B9CEC212E16D44DCEDF5C7D0181C7257F498068B5Product . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Windows NT WebDav MinirdrVersion . . . . . : 6.1.7601.23542Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : MRxDAVLanguageID . . . . : 1033Fuzzy . . . . . . : 7.0Starts automatically as a service during system bootup.Time indicates that the file appeared recently on this computer.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is a device driver. Device drivers run as trusted (highly privileged) code.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\MRxDAV\C:\windows\system32\DRIVERS\mrxsmb.sysSize . . . . . . . : 159,744 bytesAge . . . . . . . : 0.4 days (2017-06-24 21:00:44)Entropy . . . . . : 6.3SHA-256 . . . . . : 685002901EAD1D08560D3C7F3BEA737BCFC44CA00D463D7D7FFA50D7730DA7A5Product . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Windows NT SMB MinirdrVersion . . . . . : 6.1.7601.23816Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : mrxsmbLanguageID . . . . : 1033Fuzzy . . . . . . : 7.0Starts automatically as a service during system bootup.Time indicates that the file appeared recently on this computer.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is a device driver. Device drivers run as trusted (highly privileged) code.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\mrxsmb\C:\windows\system32\DRIVERS\mrxsmb10.sysSize . . . . . . . : 291,328 bytesAge . . . . . . . : 0.4 days (2017-06-24 21:00:47)Entropy . . . . . : 6.4SHA-256 . . . . . : 375659FF15B9639A09F09274DBA99EABBC27AD5F3271C731B65956C9384C47A5Product . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Longhorn SMB Downlevel SubRdrVersion . . . . . : 6.1.7601.23816Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : mrxsmb10LanguageID . . . . : 1033Fuzzy . . . . . . : 7.0Starts automatically as a service during system bootup.Time indicates that the file appeared recently on this computer.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is a device driver. Device drivers run as trusted (highly privileged) code.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\mrxsmb10\C:\windows\system32\DRIVERS\mrxsmb20.sysSize . . . . . . . : 129,536 bytesAge . . . . . . . : 0.4 days (2017-06-24 21:00:42)Entropy . . . . . : 6.2SHA-256 . . . . . : 618F6399A7B0B7A8606CA1DCC45450840F6FD40D93B586BCA9DFE60D48DC5BB9Product . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Longhorn SMB 2.0 RedirectorVersion . . . . . : 6.1.7601.23816Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : mrxsmb20LanguageID . . . . : 1033Fuzzy . . . . . . : 7.0Starts automatically as a service during system bootup.Time indicates that the file appeared recently on this computer.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is a device driver. Device drivers run as trusted (highly privileged) code.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\mrxsmb20\C:\windows\system32\DRIVERS\netbt.sysSize . . . . . . . : 262,144 bytesAge . . . . . . . : 0.4 days (2017-06-24 20:54:45)Entropy . . . . . : 6.3SHA-256 . . . . . : F349D25890B6F476B106FD75BFB081DB737CA9B224D95E44927942FFF2DF82CDProduct . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : MBT Transport driverVersion . . . . . : 6.1.7601.23451Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : NetBTLanguageID . . . . : 1033Fuzzy . . . . . . : 9.0Starts automatically as a service during system bootup.Program starts automatically without user intervention.Time indicates that the file appeared recently on this computer.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is a device driver. Device drivers run as trusted (highly privileged) code.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\NetBT\C:\windows\system32\drivers\peauth.sysSize . . . . . . . : 663,552 bytesAge . . . . . . . : 0.4 days (2017-06-24 21:00:53)Entropy . . . . . : 6.7SHA-256 . . . . . : 24717C5E41B7CA522F3330EF2228B6685E710A5259396E9887A1C1E7A413F8CAProduct . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Protected Environment Authentication and Authorization Export DriverVersion . . . . . : 6.1.7601.23471Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : PEAUTHLanguageID . . . . : 1033Fuzzy . . . . . . : 9.0Starts automatically as a service during system bootup.Program starts automatically without user intervention.Time indicates that the file appeared recently on this computer.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is a device driver. Device drivers run as trusted (highly privileged) code.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\PEAUTH\C:\windows\system32\DRIVERS\srv.sysSize . . . . . . . : 460,800 bytesAge . . . . . . . : 0.4 days (2017-06-24 21:01:00)Entropy . . . . . : 6.4SHA-256 . . . . . : AA223A2A8E8503CBDB0CE6A70620B372E0591070F9FF7D8532A93B54EF7B7E51Product . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Server driverVersion . . . . . : 6.1.7601.23762Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : srvLanguageID . . . . : 1033Fuzzy . . . . . . : 7.0Starts automatically as a service during system bootup.Time indicates that the file appeared recently on this computer.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is a device driver. Device drivers run as trusted (highly privileged) code.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\srv\C:\windows\system32\DRIVERS\srv2.sysSize . . . . . . . : 405,504 bytesAge . . . . . . . : 0.4 days (2017-06-24 21:00:58)Entropy . . . . . : 5.9SHA-256 . . . . . : 4CB94D250E9D2646FCE7284D4D3CED1BB02E4D79AD33A414D16EF794195868CAProduct . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Smb 2.0 Server driverVersion . . . . . : 6.1.7601.23762Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : srv2LanguageID . . . . : 1033Fuzzy . . . . . . : 7.0Starts automatically as a service during system bootup.Time indicates that the file appeared recently on this computer.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is a device driver. Device drivers run as trusted (highly privileged) code.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\srv2\C:\windows\system32\DRIVERS\srvnet.sysSize . . . . . . . : 168,960 bytesAge . . . . . . . : 0.4 days (2017-06-24 21:00:47)Entropy . . . . . : 6.2SHA-256 . . . . . : B2D5E006B748F24F0FF2CEFFC3D056F3D50E8A818BDFF4231C87C022A25F44EDProduct . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Server Network driverVersion . . . . . : 6.1.7601.23762Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : srvnetLanguageID . . . . : 1033Fuzzy . . . . . . : 7.0Starts automatically as a service during system bootup.Time indicates that the file appeared recently on this computer.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is a device driver. Device drivers run as trusted (highly privileged) code.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\srvnet\C:\windows\system32\drivers\tcpipreg.sysSize . . . . . . . : 46,080 bytesAge . . . . . . . : 0.4 days (2017-06-24 20:56:54)Entropy . . . . . : 5.5SHA-256 . . . . . : 4E3EA68713A45C22F1B9A1AA125E15D06D0C5E637B815537431ADFB6D7563879Product . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : TCP/IP Registry Compatibility DriverVersion . . . . . : 6.1.7601.23496Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : tcpipregLanguageID . . . . : 1033Fuzzy . . . . . . : 9.0Starts automatically as a service during system bootup.Program starts automatically without user intervention.Time indicates that the file appeared recently on this computer.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is a device driver. Device drivers run as trusted (highly privileged) code.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\tcpipreg\C:\windows\system32\DRIVERS\tdx.sysSize . . . . . . . : 117,248 bytesAge . . . . . . . : 0.4 days (2017-06-24 21:00:39)Entropy . . . . . : 6.2SHA-256 . . . . . : 344448F41EB93AF01FF624665C0D582C0ABB19AFDA1DA18EE5141E26407F58BEProduct . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : TDI Translation DriverVersion . . . . . : 6.1.7601.23806Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : tdxLanguageID . . . . : 1033Fuzzy . . . . . . : 9.0Starts automatically as a service during system bootup.Program starts automatically without user intervention.Time indicates that the file appeared recently on this computer.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is a device driver. Device drivers run as trusted (highly privileged) code.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\tdx\C:\windows\system32\drivers\USBSTOR.SYSSize . . . . . . . : 91,648 bytesAge . . . . . . . : 0.4 days (2017-06-24 21:02:22)Entropy . . . . . : 6.3SHA-256 . . . . . : C95805E8BF75ECB939520AE86420B16467B0771C161C51C9F1A37649ADFADCD0Product . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : USB Mass Storage Class DriverVersion . . . . . : 6.1.7601.19144Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : USBSTORLanguageID . . . . : 1033Fuzzy . . . . . . : 7.0Starts automatically as a service during system bootup.Time indicates that the file appeared recently on this computer.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is a device driver. Device drivers run as trusted (highly privileged) code.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\USBSTOR\C:\windows\system32\FntCache.dllSize . . . . . . . : 1,180,160 bytesAge . . . . . . . : 0.4 days (2017-06-24 21:01:18)Entropy . . . . . : 6.2SHA-256 . . . . . : 911697D580CBF508A6F4A52D4F95A6976CF9A0EC3549076A8D0B5C8BD947C989Product . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Windows Font Cache ServiceVersion . . . . . : 6.2.9200.22164Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : FontCacheLanguageID . . . . : 1033Fuzzy . . . . . . : 11.0Starts automatically as a service during system bootup.Program starts automatically without user intervention.Time indicates that the file appeared recently on this computer.The file is in use by one or more active processes.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\FontCache\C:\windows\System32\gpsvc.dllSize . . . . . . . : 794,624 bytesAge . . . . . . . : 0.4 days (2017-06-24 20:54:39)Entropy . . . . . : 5.7SHA-256 . . . . . : 262ADD713B1FBF6200550967D1F8635B55D01BBD8FA2E753536E71A4EC87867BProduct . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Group Policy ClientVersion . . . . . : 6.1.7601.23452Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : gpsvcLanguageID . . . . : 1033Fuzzy . . . . . . : 11.0Starts automatically as a service during system bootup.Program starts automatically without user intervention.Time indicates that the file appeared recently on this computer.The file is in use by one or more active processes.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\gpsvc\C:\windows\system32\ie4uinit.exeSize . . . . . . . : 725,504 bytesAge . . . . . . . : 0.4 days (2017-06-24 21:01:41)Entropy . . . . . : 6.0SHA-256 . . . . . : 89BB1B24CC7E29618A58539CEE2234D46787C2A2AAF2C91AAE6336D6E66E9EEEProduct . . . . . : Internet ExplorerPublisher . . . . : Microsoft CorporationDescription . . . : IE Per-User Initialization UtilityVersion . . . . . : 11.00.9600.18698Copyright . . . . : © Microsoft Corporation. All rights reserved.LanguageID . . . . : 1033Fuzzy . . . . . . : 6.0Program starts automatically without user intervention.Time indicates that the file appeared recently on this computer.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{2D46B6DC-2207-486B-B523-A557E6D54B47}\HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{66C64F22-FC60-4E6C-A6B5-F0D580E680CE}\HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{7D715857-A67C-4C2F-A929-038448584D63}\HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\C:\windows\system32\IEEtwCollector.exeSize . . . . . . . : 116,224 bytesAge . . . . . . . : 0.4 days (2017-06-24 21:01:41)Entropy . . . . . : 6.0SHA-256 . . . . . : 82F887BB8416B9270D628968B0FA6ADA918A95CB5121964B7A4FD9D190EC4AE4Product . . . . . : Internet ExplorerPublisher . . . . : Microsoft CorporationDescription . . . : IE ETW Collector ServiceVersion . . . . . : 11.00.9600.18698Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : IEEtwCollectorServiceLanguageID . . . . : 1033Fuzzy . . . . . . : 7.0Starts automatically as a service during system bootup.Time indicates that the file appeared recently on this computer.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\IEEtwCollectorService\C:\Windows\System32\ieframe.dllSize . . . . . . . : 15,252,992 bytesAge . . . . . . . : 0.4 days (2017-06-24 21:01:31)Entropy . . . . . : 6.4SHA-256 . . . . . : E8DC838426FB0ED1B6A784C20851263BF3A6B182445C327D3B6D381F71B37A9AProduct . . . . . : Internet ExplorerPublisher . . . . : Microsoft CorporationDescription . . . : Internet BrowserVersion . . . . . : 11.00.9600.18698Copyright . . . . : © Microsoft Corporation. All rights reserved.LanguageID . . . . : 1033Fuzzy . . . . . . : 11.0This file contains a Thread Local Storage (TLS) data directory. This is not common for most programs.Program starts automatically without user intervention.Time indicates that the file appeared recently on this computer.The file is in use by one or more active processes.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}HKU\S-1-5-21-1148774451-3867332700-2556772270-1000\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}HKU\S-1-5-21-1148774451-3867332700-2556772270-501\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}ReferencesHKLM\SOFTWARE\Classes\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\C:\windows\System32\ipsecsvc.dllSize . . . . . . . : 502,272 bytesAge . . . . . . . : 0.4 days (2017-06-24 20:54:39)Entropy . . . . . : 6.1SHA-256 . . . . . : B7E6B5E1148B7EE537E8D5C3A65450876B61CD45A395267D08699746E98AD574Product . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Windows IPsec SPD Server DLLVersion . . . . . : 6.1.7601.23452Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : PolicyAgentLanguageID . . . . : 1033Fuzzy . . . . . . : 9.0Starts automatically as a service during system bootup.Time indicates that the file appeared recently on this computer.The file is in use by one or more active processes.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent\C:\windows\System32\lsass.exeSize . . . . . . . : 30,720 bytesAge . . . . . . . : 0.4 days (2017-06-24 21:00:29)Entropy . . . . . : 5.0SHA-256 . . . . . : B210C542A1CF930B69E5BB018464E49FA96FA08B2FB06DB4EE2924C3B86034CCProduct . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Local Security Authority ProcessVersion . . . . . : 6.1.7601.23816Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : VaultSvcParent Name . . . : C:\windows\system32\wininit.exeLanguageID . . . . : 1033Running processes : 608Fuzzy . . . . . . : 13.0This program is actively listening for inbound network connections.Starts automatically as a service during system bootup.Time indicates that the file appeared recently on this computer.The file is in use by one or more active processes.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\EFS\HKLM\SYSTEM\CurrentControlSet\Services\KeyIso\HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\HKLM\SYSTEM\CurrentControlSet\Services\ProtectedStorage\HKLM\SYSTEM\CurrentControlSet\Services\SamSs\HKLM\SYSTEM\CurrentControlSet\Services\VaultSvc\Network Ports0.0.0.0:49154	C:\windows\system32\msiexec.exeSize . . . . . . . : 128,512 bytesAge . . . . . . . : 0.4 days (2017-06-24 21:00:46)Entropy . . . . . : 5.9SHA-256 . . . . . : 1A899BEF4F64D5CDD23911A6EA09F69483E4DBA8E76CDA38A37DAB6FA24406E8Product . . . . . : Windows Installer - UnicodePublisher . . . . : Microsoft CorporationDescription . . . : Windows® installerVersion . . . . . : 5.0.7601.23593Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : msiserverLanguageID . . . . : 1033Fuzzy . . . . . . : 7.0Starts automatically as a service during system bootup.Time indicates that the file appeared recently on this computer.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupC:\windows\system32\Tasks\{1E428B2C-B149-4465-A0BF-AEEEE13771D0}HKLM\SYSTEM\CurrentControlSet\Services\msiserver\C:\Windows\System32\mswsock.dllSize . . . . . . . : 327,168 bytesAge . . . . . . . : 0.4 days (2017-06-24 20:54:45)Entropy . . . . . : 6.2SHA-256 . . . . . : 5FE5AE6EFB5D47EF867A6E4F635EF707122FF3A5B34C7CDFE8F019D321B9971DProduct . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Microsoft Windows Sockets 2.0 Service ProviderVersion . . . . . : 6.1.7601.23451Copyright . . . . : © Microsoft Corporation. All rights reserved.LanguageID . . . . : 1033Fuzzy . . . . . . : 8.0Program starts automatically without user intervention.Time indicates that the file appeared recently on this computer.The file is in use by one or more active processes.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003\HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004\HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005\HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006\HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007\HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008\HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009\HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010\C:\windows\system32\pcalua.exeSize . . . . . . . : 9,728 bytesAge . . . . . . . : 0.4 days (2017-06-24 21:00:26)Entropy . . . . . : 4.6SHA-256 . . . . . : 436C94F3ABB047C5BE9791766DDA3FE5742AC35572D26676BEAD5E9B6AA7C0B0Product . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Program Compatibility AssistantVersion . . . . . : 6.1.7601.23471Copyright . . . . : © Microsoft Corporation. All rights reserved.LanguageID . . . . : 1033Fuzzy . . . . . . : 6.0Program starts automatically without user intervention.Time indicates that the file appeared recently on this computer.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupC:\windows\system32\Tasks\{17EB23DD-5768-494E-B3DE-40C197A001A3}C:\windows\system32\Tasks\{4C65DB7C-279F-45F1-B10A-213A3D69387D}C:\windows\system32\Tasks\{91872EAA-A2E2-4EF5-B428-3770F1EF3F4D}C:\windows\system32\Tasks\{C0F68F42-1DA8-42C7-9906-66903FF468F5}C:\windows\system32\Tasks\{D70FF91D-009B-4060-B781-6D372A1291EB}C:\windows\system32\Tasks\{F4847E14-6A44-411D-8D4A-77439A50B8AB}C:\windows\System32\pcasvc.dllSize . . . . . . . : 187,904 bytesAge . . . . . . . : 0.4 days (2017-06-24 21:00:48)Entropy . . . . . : 6.3SHA-256 . . . . . : 9E812535E8FBA045FDA30F68E9EB2031132C37721D542A2DC9D4C33E2B137FCFProduct . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Program Compatibility Assistant ServiceVersion . . . . . : 6.1.7601.23471Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : PcaSvcLanguageID . . . . : 1033Fuzzy . . . . . . : 11.0Starts automatically as a service during system bootup.Program starts automatically without user intervention.Time indicates that the file appeared recently on this computer.The file is in use by one or more active processes.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\PcaSvc\C:\windows\system32\pla.dllSize . . . . . . . : 1,389,056 bytesAge . . . . . . . : 0.4 days (2017-06-24 21:00:53)Entropy . . . . . : 6.1SHA-256 . . . . . : 5C99E9D7E7095CED52B1F5F4A569E54F124602C573DD2B25731E0D57FDA22A27Product . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Performance Logs & AlertsVersion . . . . . : 6.1.7601.23717Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : plaLanguageID . . . . : 1033Fuzzy . . . . . . : 7.0Starts automatically as a service during system bootup.Time indicates that the file appeared recently on this computer.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\pla\C:\windows\system32\rpcss.dllSize . . . . . . . : 512,000 bytesAge . . . . . . . : 0.4 days (2017-06-24 21:01:00)Entropy . . . . . : 6.3SHA-256 . . . . . : 038FDF99C643C8102026BA26A75899A56E91AD0C239DF71AA5443FD35C718C78Product . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Distributed COM ServicesVersion . . . . . : 6.1.7601.23775Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : RpcSsLanguageID . . . . : 1033Fuzzy . . . . . . : 11.0Starts automatically as a service during system bootup.Program starts automatically without user intervention.Time indicates that the file appeared recently on this computer.The file is in use by one or more active processes.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\DcomLaunch\HKLM\SYSTEM\CurrentControlSet\Services\RpcSs\C:\windows\system32\RunDLL32.exeSize . . . . . . . : 46,080 bytesAge . . . . . . . : 0.4 days (2017-06-24 21:00:31)Entropy . . . . . : 6.0SHA-256 . . . . . : 405F03534BE8B45185695F68DEB47D4DAF04DCD6DF9D351CA6831D3721B1EFC4Product . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Windows host process (Rundll32)Version . . . . . : 6.1.7601.23755Copyright . . . . : © Microsoft Corporation. All rights reserved.LanguageID . . . . : 1033Fuzzy . . . . . . : 6.0Program starts automatically without user intervention.Time indicates that the file appeared recently on this computer.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupC:\windows\system32\Tasks\Microsoft\Windows\Autochk\ProxyC:\windows\system32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollectorC:\windows\system32\Tasks\Microsoft\Windows\SystemRestore\SRC:\windows\system32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict1C:\windows\system32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict2C:\windows\system32\Tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChangeHKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\>{F871DB00-5C93-4B4D-9F0B-A4FAEC8D6BD6}\HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}\ReferencesC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnkHKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\windows\system32\rundll32.exeHKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\windows\system32\rundll32.exeC:\windows\system32\schedsvc.dllSize . . . . . . . : 1,110,016 bytesAge . . . . . . . : 0.4 days (2017-06-24 22:33:03)Entropy . . . . . : 6.0SHA-256 . . . . . : B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CFProduct . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Task Scheduler ServiceVersion . . . . . : 6.1.7601.18951Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : ScheduleLanguageID . . . . : 1033Fuzzy . . . . . . : 11.0Starts automatically as a service during system bootup.Program starts automatically without user intervention.Time indicates that the file appeared recently on this computer.The file is in use by one or more active processes.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\Schedule\C:\windows\system32\SearchIndexer.exeSize . . . . . . . : 591,872 bytesAge . . . . . . . : 0.4 days (2017-06-24 21:00:44)Entropy . . . . . : 5.8SHA-256 . . . . . : AAD5BE845F7650A68082F91C579BD4FE1BD48DF6B311356A26574E90D372BF4AProduct . . . . . : Windows® SearchPublisher . . . . : Microsoft CorporationDescription . . . : Microsoft Windows Search IndexerVersion . . . . . : 7.00.7601.23834Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : WSearchParent Name . . . : C:\windows\system32\services.exeLanguageID . . . . : 1033Running processes : 3788Fuzzy . . . . . . : 11.0Starts automatically as a service during system bootup.Program starts automatically without user intervention.Time indicates that the file appeared recently on this computer.The file is in use by one or more active processes.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\WSearch\C:\windows\system32\seclogon.dllSize . . . . . . . : 30,720 bytesAge . . . . . . . : 0.4 days (2017-06-24 20:55:08)Entropy . . . . . : 5.2SHA-256 . . . . . : E351CEEC086084A417BA3BD0EEF46114D3147EC38E3EF8BE49B724F9D028CC56Product . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Secondary Logon Service DLLVersion . . . . . : 6.1.7601.19148Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : seclogonLanguageID . . . . : 1033Fuzzy . . . . . . : 7.0Starts automatically as a service during system bootup.Time indicates that the file appeared recently on this computer.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\seclogon\C:\Windows\System32\shell32.dllSize . . . . . . . : 14,183,936 bytesAge . . . . . . . : 0.4 days (2017-06-24 21:01:07)Entropy . . . . . : 6.2SHA-256 . . . . . : 079360E0C1234730F508A658F1AA99C892839F81A03EB5A74901C0041367C256Product . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Windows Shell Common DllVersion . . . . . : 6.1.7601.23806Copyright . . . . : © Microsoft Corporation. All rights reserved.LanguageID . . . . : 1033Fuzzy . . . . . . : 8.0Program starts automatically without user intervention.Time indicates that the file appeared recently on this computer.The file is in use by one or more active processes.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SOFTWARE\Classes\Directory\Shellex\CopyHookHandlers\FileSystem\HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}\ReferencesHKLM\SOFTWARE\Classes\CLSID\{0DF44EAA-FF21-4412-828E-260A8728E7F1}\HKLM\SOFTWARE\Classes\CLSID\{217FC9C0-3AEA-1069-A2DB-08002B30309D}\HKLM\SOFTWARE\Classes\CLSID\{40419485-C444-4567-851A-2DD7BFA1684D}\HKLM\SOFTWARE\Classes\CLSID\{62D8ED13-C9D0-4CE8-A914-47DD628FB1B0}\HKLM\SOFTWARE\Classes\CLSID\{6C8EEC18-8D75-41B2-A177-8831D59D2D50}\HKLM\SOFTWARE\Classes\CLSID\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}\HKLM\SOFTWARE\Classes\CLSID\{725BE8F7-668E-4C7B-8F90-46BDB0936430}\HKLM\SOFTWARE\Classes\CLSID\{80F3F1D5-FECA-45F3-BC32-752C152E456E}\HKLM\SOFTWARE\Classes\CLSID\{87D66A43-7B11-4A28-9811-C86EE395ACF7}\HKLM\SOFTWARE\Classes\CLSID\{A0275511-0E86-4ECA-97C2-ECD8F1221D08}\HKLM\SOFTWARE\Classes\CLSID\{A3DD4F92-658A-410F-84FD-6FBBBEF2FFFE}\HKLM\SOFTWARE\Classes\CLSID\{D17D1D6D-CC3F-4815-8FE3-607E7D5D10B3}\HKLM\SOFTWARE\Classes\CLSID\{E2E7934B-DCE5-43C4-9576-7FE4F75E7480}\HKLM\SOFTWARE\Classes\CLSID\{F2DDFC82-8F12-4CDD-B7DC-D4FE1425AA4D}\HKLM\SOFTWARE\Classes\CLSID\{F82DF8F7-8B9F-442E-A48C-818EA735FF9B}\HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{0DF44EAA-FF21-4412-828E-260A8728E7F1}\HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{40419485-C444-4567-851A-2DD7BFA1684D}\HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{62D8ED13-C9D0-4CE8-A914-47DD628FB1B0}\HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{6C8EEC18-8D75-41B2-A177-8831D59D2D50}\HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}\HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{725BE8F7-668E-4C7B-8F90-46BDB0936430}\HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{80F3F1D5-FECA-45F3-BC32-752C152E456E}\HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{87D66A43-7B11-4A28-9811-C86EE395ACF7}\HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{A0275511-0E86-4ECA-97C2-ECD8F1221D08}\HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{A3DD4F92-658A-410F-84FD-6FBBBEF2FFFE}\HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{D17D1D6D-CC3F-4815-8FE3-607E7D5D10B3}\HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{E2E7934B-DCE5-43C4-9576-7FE4F75E7480}\HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{F2DDFC82-8F12-4CDD-B7DC-D4FE1425AA4D}\HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{F82DF8F7-8B9F-442E-A48C-818EA735FF9B}\HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{217FC9C0-3AEA-1069-A2DB-08002B30309D}\C:\windows\system32\sysmain.dllSize . . . . . . . : 1,743,360 bytesAge . . . . . . . : 0.4 days (2017-06-24 22:32:22)Entropy . . . . . : 5.7SHA-256 . . . . . : 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2Product . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Superfetch Service HostVersion . . . . . : 6.1.7601.18933Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : SysMainLanguageID . . . . : 1033Fuzzy . . . . . . : 11.0Starts automatically as a service during system bootup.Program starts automatically without user intervention.Time indicates that the file appeared recently on this computer.The file is in use by one or more active processes.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\SysMain\C:\windows\System32\WcsPlugInService.dllSize . . . . . . . : 40,960 bytesAge . . . . . . . : 0.4 days (2017-06-24 21:00:28)Entropy . . . . . : 5.6SHA-256 . . . . . : 3E412DEC5F172B4C5FD5C227CD790EE56B90A00A8B538704E8F973D230BE2289Product . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : WcsPlugInService DLLVersion . . . . . : 6.1.7601.23677Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : WcsPlugInServiceLanguageID . . . . : 1033Fuzzy . . . . . . : 7.0Starts automatically as a service during system bootup.Time indicates that the file appeared recently on this computer.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\WcsPlugInService\C:\windows\System32\webclnt.dllSize . . . . . . . : 263,680 bytesAge . . . . . . . : 0.4 days (2017-06-24 21:00:55)Entropy . . . . . : 5.8SHA-256 . . . . . : F1AE981FCDBFC4672A4EABABD41382E93762EFC2EDAD96E75530E7ACA5AF1FD8Product . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Web DAV Service DLLVersion . . . . . : 6.1.7601.23542Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : WebClientLanguageID . . . . : 1033Fuzzy . . . . . . : 7.0Starts automatically as a service during system bootup.Time indicates that the file appeared recently on this computer.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\WebClient\C:\Windows\System32\winsrv.dllSize . . . . . . . : 215,552 bytesAge . . . . . . . : 0.4 days (2017-06-24 21:00:39)Entropy . . . . . : 6.0SHA-256 . . . . . : DEE04A0BCCFEC5F126C5FBF91D23790628AE79FAF4B61D7960F1592D0B432613Product . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Multi-User Windows Server DLLVersion . . . . . : 6.1.7601.23807Copyright . . . . : © Microsoft Corporation. All rights reserved.LanguageID . . . . : 1033Fuzzy . . . . . . : 12.0Program is running but currently exposes no human-computer interface (GUI).Program starts automatically without user intervention.Time indicates that the file appeared recently on this computer.The file is in use by one or more active processes.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\WindowsC:\windows\system32\WsmSvc.dllSize . . . . . . . : 2,023,424 bytesAge . . . . . . . : 0.4 days (2017-06-24 21:01:13)Entropy . . . . . : 5.8SHA-256 . . . . . : C51314F7D611E4903DA00EFA8EB99365414436324D256083CE0B5A8E055E8E06Product . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : WSMan ServiceVersion . . . . . : 6.1.7601.23512Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : WinRMLanguageID . . . . : 1033Fuzzy . . . . . . : 7.0Starts automatically as a service during system bootup.Time indicates that the file appeared recently on this computer.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\WinRM\C:\windows\system32\wuaueng.dllSize . . . . . . . : 2,651,136 bytesAge . . . . . . . : 0.4 days (2017-06-24 21:01:32)Entropy . . . . . : 6.0SHA-256 . . . . . : CBF4C63D3C5D14AF3C3F0D9C48E5AC9E7A4323BFB0363E9948FD801963BE1467Product . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Windows Update AgentVersion . . . . . : 7.6.7601.23806Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : wuauservLanguageID . . . . : 1033Fuzzy . . . . . . : 11.0Starts automatically as a service during system bootup.Program starts automatically without user intervention.Time indicates that the file appeared recently on this computer.The file is in use by one or more active processes.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\wuauserv\C:\Windows\SysWOW64\ieframe.dllSize . . . . . . . : 13,664,768 bytesAge . . . . . . . : 0.4 days (2017-06-24 21:01:37)Entropy . . . . . : 6.5SHA-256 . . . . . : E85324F9552FAAF6D5627E8F95609585FA2ACA3B69B10B59BBD07691379E7B53Product . . . . . : Internet ExplorerPublisher . . . . : Microsoft CorporationDescription . . . : Internet BrowserVersion . . . . . : 11.00.9600.18698Copyright . . . . : © Microsoft Corporation. All rights reserved.LanguageID . . . . : 1033Fuzzy . . . . . . : 9.0This file contains a Thread Local Storage (TLS) data directory. This is not common for most programs.Program starts automatically without user intervention.Time indicates that the file appeared recently on this computer.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}HKU\S-1-5-21-1148774451-3867332700-2556772270-1000\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}HKU\S-1-5-21-1148774451-3867332700-2556772270-501\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}ReferencesHKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\Cookies _____________________________________________________________________C:\Users\Deejay\AppData\Roaming\Microsoft\Windows\Cookies\Low\02ETVKRH.txtC:\Users\Deejay\AppData\Roaming\Microsoft\Windows\Cookies\Low\09BO4H8O.txtC:\Users\Deejay\AppData\Roaming\Microsoft\Windows\Cookies\Low\0A7D8OND.txtC:\Users\Deejay\AppData\Roaming\Microsoft\Windows\Cookies\Low\0HD54ARQ.txtC:\Users\Deejay\AppData\Roaming\Microsoft\Windows\Cookies\Low\146L9IQM.txtC:\Users\Deejay\AppData\Roaming\Microsoft\Windows\Cookies\Low\1RAL3KO9.txtC:\Users\Deejay\AppData\Roaming\Microsoft\Windows\Cookies\Low\23IZNQCX.txtC:\Users\Deejay\AppData\Roaming\Microsoft\Windows\Cookies\Low\2HS09JUA.txtC:\Users\Deejay\AppData\Roaming\Microsoft\Windows\Cookies\Low\3JMUVB9J.txtC:\Users\Deejay\AppData\Roaming\Microsoft\Windows\Cookies\Low\3L83SVR9.txtC:\Users\Deejay\AppData\Roaming\Microsoft\Windows\Cookies\Low\4LBCIKHS.txtC:\Users\Deejay\AppData\Roaming\Microsoft\Windows\Cookies\Low\4XMLVI15.txtC:\Users\Deejay\AppData\Roaming\Microsoft\Windows\Cookies\Low\5T0Z0JQ7.txtC:\Users\Deejay\AppData\Roaming\Microsoft\Windows\Cookies\Low\61UX04WY.txtC:\Users\Deejay\AppData\Roaming\Microsoft\Windows\Cookies\Low\63R36JLL.txtC:\Users\Deejay\AppData\Roaming\Microsoft\Windows\Cookies\Low\686IV907.txtC:\Users\Deejay\AppData\Roaming\Microsoft\Windows\Cookies\Low\6N024ISG.txtC:\Users\Deejay\AppData\Roaming\Microsoft\Windows\Cookies\Low\78V0LTAA.txtC:\Users\Deejay\AppData\Roaming\Microsoft\Windows\Cookies\Low\7OW5X5XP.txtC:\Users\Deejay\AppData\Roaming\Microsoft\Windows\Cookies\Low\86G4O4ON.txtC:\Users\Deejay\AppData\Roaming\Microsoft\Windows\Cookies\Low\8EWAOH6F.txtC:\Users\Deejay\AppData\Roaming\Microsoft\Windows\Cookies\Low\8JHI3DC3.txtC:\Users\Deejay\AppData\Roaming\Microsoft\Windows\Cookies\Low\9KBYFDUL.txtC:\Users\Deejay\AppData\Roaming\Microsoft\Windows\Cookies\Low\AU9NCBUS.txtC:\Users\Deejay\AppData\Roaming\Microsoft\Windows\Cookies\Low\B4EW3HV4.txtC:\Users\Deejay\AppData\Roaming\Microsoft\Windows\Cookies\Low\BPMQ14MT.txtC:\Users\Deejay\AppData\Roaming\Microsoft\Windows\Cookies\Low\C11CK2NL.txtC:\Users\Deejay\AppData\Roaming\Microsoft\Windows\Cookies\Low\C2K10Y1Y.txtC:\Users\Deejay\AppData\Roaming\Microsoft\Windows\Cookies\Low\CJ8S9BPT.txtC:\Users\Deejay\AppData\Roaming\Microsoft\Windows\Cookies\Low\DOIEJDN1.txtC:\Users\Deejay\AppData\Roaming\Microsoft\Windows\Cookies\Low\ETW5KCPU.txtC:\Users\Deejay\AppData\Roaming\Microsoft\Windows\Cookies\Low\EWDUUL1H.txtC:\Users\Deejay\AppData\Roaming\Microsoft\Windows\Cookies\Low\F46LIQQ6.txtC:\Users\Deejay\AppData\Roaming\Microsoft\Windows\Cookies\Low\FQY3L0X1.txtC:\Users\Deejay\AppData\Roaming\Microsoft\Windows\Cookies\Low\GU263KMD.txtC:\Users\Deejay\AppData\Roaming\Microsoft\Windows\Cookies\Low\GWELOU10.txtC:\Users\Deejay\AppData\Roaming\Microsoft\Windows\Cookies\Low\HHTETKCK.txtC:\Users\Deejay\AppData\Roaming\Microsoft\Windows\Cookies\Low\HQJL5Z4L.txtC:\Users\Deejay\AppData\Roaming\Microsoft\Windows\Cookies\Low\IMIS9CO0.txtC:\Users\Deejay\AppData\Roaming\Microsoft\Windows\Cookies\Low\JB31GN59.txtC:\Users\Deejay\AppData\Roaming\Microsoft\Windows\Cookies\Low\JVFTBG4V.txtC:\Users\Deejay\AppData\Roaming\Microsoft\Windows\Cookies\Low\MNEVZIJ4.txtC:\Users\Deejay\AppData\Roaming\Microsoft\Windows\Cookies\Low\OG8BZ0JZ.txtC:\Users\Deejay\AppData\Roaming\Microsoft\Windows\Cookies\Low\PQC5K6VT.txtC:\Users\Deejay\AppData\Roaming\Microsoft\Windows\Cookies\Low\RSKPLL41.txtC:\Users\Deejay\AppData\Roaming\Microsoft\Windows\Cookies\Low\RTOISZC4.txtC:\Users\Deejay\AppData\Roaming\Microsoft\Windows\Cookies\Low\RXSWQNHU.txtC:\Users\Deejay\AppData\Roaming\Microsoft\Windows\Cookies\Low\U32CLAMP.txtC:\Users\Deejay\AppData\Roaming\Microsoft\Windows\Cookies\Low\UINOV6Q4.txtC:\Users\Deejay\AppData\Roaming\Microsoft\Windows\Cookies\Low\UJX9R24Z.txtC:\Users\Deejay\AppData\Roaming\Microsoft\Windows\Cookies\Low\V4JO9T23.txtC:\Users\Deejay\AppData\Roaming\Microsoft\Windows\Cookies\Low\VH0JRUHQ.txtC:\Users\Deejay\AppData\Roaming\Microsoft\Windows\Cookies\Low\VHVOYPWS.txtC:\Users\Deejay\AppData\Roaming\Microsoft\Windows\Cookies\Low\VIREQ6JL.txtC:\Users\Deejay\AppData\Roaming\Microsoft\Windows\Cookies\Low\W5J9XI6H.txtC:\Users\Deejay\AppData\Roaming\Microsoft\Windows\Cookies\Low\WL1MXHET.txtC:\Users\Deejay\AppData\Roaming\Microsoft\Windows\Cookies\Low\X4S0PRY9.txtC:\Users\Deejay\AppData\Roaming\Microsoft\Windows\Cookies\Low\XMGBQU98.txtC:\Users\Deejay\AppData\Roaming\Microsoft\Windows\Cookies\Low\XSHPOYTM.txtC:\Users\Deejay\AppData\Roaming\Microsoft\Windows\Cookies\Low\YGN654A1.txtC:\Users\Deejay\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZGFNICNH.txtC:\Users\Deejay\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZY2DR1VE.txt
Here is the second log after the tablet file was quarantined:

HitmanPro 3.7.20.286www.hitmanpro.comComputer name . . . . : DEEJAY-PCWindows . . . . . . . : 6.1.1.7601.X64/4User name . . . . . . : Deejay-PC\DeejayUAC . . . . . . . . . : EnabledLicense . . . . . . . : Trial (31 days left)Scan date . . . . . . : 2017-06-25 09:12:35Scan mode . . . . . . : EWSScan duration . . . . : 9m 13sDisk access mode . . : Direct disk access (SRB)Cloud . . . . . . . . : InternetReboot . . . . . . . : NoThreats . . . . . . . : 0Traces . . . . . . . : 313Objects scanned . . . : 1,617,831Files scanned . . . . : 78,883Remnants scanned . . : 505,838 files / 1,033,110 keysEarly Warning Scoring _______________________________________________________C:\windows\Explorer.EXESize . . . . . . . : 3,229,696 bytesAge . . . . . . . : 0.5 days (2017-06-24 20:55:01)Entropy . . . . . : 5.6SHA-256 . . . . . : D5BC504277172BE5C54B60AD5C13209DC1F729131DEF084DE3EC8C72E54C58EFProduct . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Windows ExplorerVersion . . . . . : 6.1.7601.23537Copyright . . . . : © Microsoft Corporation. All rights reserved.Desktop . . . . . : DefaultParent Name . . . : C:\windows\system32\svchost.exeLanguageID . . . . : 1033Running processes : 5984, 4036Fuzzy . . . . . . : 11.0Substitutes Explorer.exe as the default shell. Malware tends to start this way.Program starts automatically without user intervention.Time indicates that the file appeared recently on this computer.The file is in use by one or more active processes.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.Program has a human-computer interface (GUI). This is typical for most programs.StartupHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ShellHKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\ShellReferencesC:\Users\Deejay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnkC:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnkC:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnkC:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnkC:\windows\System32\aelupsvc.dllSize . . . . . . . : 72,192 bytesAge . . . . . . . : 0.5 days (2017-06-24 20:56:42)Entropy . . . . . : 6.2SHA-256 . . . . . : 54F7E5A5F8991C5525500C1ECCF3D3135D13F48866C366E52DF1D052DB2EE15BProduct . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Application Experience ServiceVersion . . . . . : 6.1.7601.19050Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : AeLookupSvcLanguageID . . . . : 1033Fuzzy . . . . . . : 9.0Starts automatically as a service during system bootup.Time indicates that the file appeared recently on this computer.The file is in use by one or more active processes.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\AeLookupSvc\C:\windows\system32\appidcertstorecheck.exeSize . . . . . . . : 17,920 bytesAge . . . . . . . : 0.5 days (2017-06-24 21:00:31)Entropy . . . . . : 5.4SHA-256 . . . . . : BFDA3016B9A7D9D8BC3FCD0CB16685E2D42C055564257C64D0DA2F6A4CB72DE4Product . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : AppID Certificate Store Verification TaskVersion . . . . . : 6.1.7601.23807Copyright . . . . : © Microsoft Corporation. All rights reserved.LanguageID . . . . : 1033Fuzzy . . . . . . : 6.0Program starts automatically without user intervention.Time indicates that the file appeared recently on this computer.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupC:\windows\system32\Tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheckC:\windows\system32\appidpolicyconverter.exeSize . . . . . . . : 148,480 bytesAge . . . . . . . : 0.5 days (2017-06-24 21:00:41)Entropy . . . . . : 5.7SHA-256 . . . . . : 8B98731CF28749232EE8963A8429B9C0E10C36B146F3F649BEF91FC6C16AD79AProduct . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : AppID Policy Converter TaskVersion . . . . . : 6.1.7601.23807Copyright . . . . : © Microsoft Corporation. All rights reserved.LanguageID . . . . : 1033Fuzzy . . . . . . : 6.0Program starts automatically without user intervention.Time indicates that the file appeared recently on this computer.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupC:\windows\system32\Tasks\Microsoft\Windows\AppID\PolicyConverterC:\windows\System32\appidsvc.dllSize . . . . . . . : 34,816 bytesAge . . . . . . . : 0.5 days (2017-06-24 21:00:36)Entropy . . . . . : 5.7SHA-256 . . . . . : B9B0FCBCF53D6739329C93350DB0DB4A0FE8C347F7922ABFEA452CF6EF33DE91Product . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Application Identity ServiceVersion . . . . . : 6.1.7601.23807Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : AppIDSvcLanguageID . . . . : 1033Fuzzy . . . . . . : 7.0Starts automatically as a service during system bootup.Time indicates that the file appeared recently on this computer.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\AppIDSvc\C:\windows\System32\appinfo.dllSize . . . . . . . : 70,144 bytesAge . . . . . . . : 0.5 days (2017-06-24 21:00:37)Entropy . . . . . : 5.4SHA-256 . . . . . : A955ADC6CC7D816BA7CE1065F911E7A3295A1908C22BE0A3C506C38CFEE8DE0DProduct . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Application Information ServiceVersion . . . . . : 6.1.7601.23593Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : AppinfoLanguageID . . . . : 1033Fuzzy . . . . . . : 9.0Starts automatically as a service during system bootup.Time indicates that the file appeared recently on this computer.The file is in use by one or more active processes.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\Appinfo\C:\windows\System32\Audiosrv.dllSize . . . . . . . : 680,448 bytesAge . . . . . . . : 0.5 days (2017-06-24 21:01:00)Entropy . . . . . : 6.4SHA-256 . . . . . : F08550E4FCEC2899FACEF2A18CEE3D068D5911FFD2FF5534E4921E56FB0AEF59Product . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Windows Audio ServiceVersion . . . . . : 6.1.7601.23471Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : AudioSrvLanguageID . . . . : 1033Fuzzy . . . . . . : 11.0Starts automatically as a service during system bootup.Program starts automatically without user intervention.Time indicates that the file appeared recently on this computer.The file is in use by one or more active processes.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\AudioEndpointBuilder\HKLM\SYSTEM\CurrentControlSet\Services\AudioSrv\C:\Windows\System32\basesrv.dllSize . . . . . . . : 52,736 bytesAge . . . . . . . : 0.5 days (2017-06-24 21:03:50)Entropy . . . . . : 6.0SHA-256 . . . . . : 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6FProduct . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Windows NT BASE API Server DLLVersion . . . . . : 6.1.7601.18923Copyright . . . . : © Microsoft Corporation. All rights reserved.LanguageID . . . . : 1033Fuzzy . . . . . . : 12.0Program is running but currently exposes no human-computer interface (GUI).Program starts automatically without user intervention.Time indicates that the file appeared recently on this computer.The file is in use by one or more active processes.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\WindowsC:\Windows\System32\credssp.dllSize . . . . . . . : 22,016 bytesAge . . . . . . . : 0.5 days (2017-06-24 21:00:27)Entropy . . . . . : 5.5SHA-256 . . . . . : 56AE72C53B78EDDBC7EC9DE907B743B5E3594C99602499DF56AC843B32371C80Product . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Credential Delegation Security PackageVersion . . . . . : 6.1.7601.23816Copyright . . . . : © Microsoft Corporation. All rights reserved.LanguageID . . . . : 1033Fuzzy . . . . . . : 15.0Loads as a custom security support provider (SSP). Malware tends to start this way.Program starts automatically without user intervention.Time indicates that the file appeared recently on this computer.The file is in use by one or more active processes.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProvidersC:\windows\system32\cryptsvc.dllSize . . . . . . . : 190,976 bytesAge . . . . . . . : 0.5 days (2017-06-24 21:00:53)Entropy . . . . . : 6.2SHA-256 . . . . . : 2C3D84F0842237A3BF2838DDB4126807977EB36588FA669B1E6671077584EF18Product . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Cryptographic ServicesVersion . . . . . : 6.1.7601.23769Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : CryptSvcLanguageID . . . . : 1033Fuzzy . . . . . . : 11.0Starts automatically as a service during system bootup.Program starts automatically without user intervention.Time indicates that the file appeared recently on this computer.The file is in use by one or more active processes.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\CryptSvc\C:\windows\system32\diagtrack.dllSize . . . . . . . : 1,386,496 bytesAge . . . . . . . : 0.5 days (2017-06-24 21:01:38)Entropy . . . . . : 6.2SHA-256 . . . . . : F295C9BAF20F0E669B673AFCC16B4969EE31B6A3808980DAB93D9B0F167DA3C0Product . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Microsoft Windows Diagnostics TrackingVersion . . . . . : 10.0.10586.3Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : DiagTrackLanguageID . . . . : 1033Fuzzy . . . . . . : 11.0Starts automatically as a service during system bootup.Program starts automatically without user intervention.Time indicates that the file appeared recently on this computer.The file is in use by one or more active processes.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\DiagTrack\C:\windows\system32\drivers\afd.sysSize . . . . . . . : 496,128 bytesAge . . . . . . . : 0.5 days (2017-06-24 21:00:57)Entropy . . . . . : 6.2SHA-256 . . . . . : 69B15724B0034F9915AACE109A6C596D6AF2DA350FC18C9A0CD98C81CB7EDEE3Product . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Ancillary Function Driver for WinSockVersion . . . . . : 6.1.7601.23761Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : AFDLanguageID . . . . : 1033Fuzzy . . . . . . : 9.0Starts automatically as a service during system bootup.Program starts automatically without user intervention.Time indicates that the file appeared recently on this computer.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is a device driver. Device drivers run as trusted (highly privileged) code.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\AFD\C:\windows\system32\drivers\appid.sysSize . . . . . . . : 62,464 bytesAge . . . . . . . : 0.5 days (2017-06-24 21:00:32)Entropy . . . . . : 6.0SHA-256 . . . . . : 2724A3D0B7F979AF5F485000F555495FA21A443159F29BC1B042C4800D7A368AProduct . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : AppID DriverVersion . . . . . : 6.1.7601.23807Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : AppIDLanguageID . . . . : 1033Fuzzy . . . . . . : 7.0Starts automatically as a service during system bootup.Time indicates that the file appeared recently on this computer.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is a device driver. Device drivers run as trusted (highly privileged) code.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\AppID\C:\windows\system32\DRIVERS\bowser.sysSize . . . . . . . : 90,112 bytesAge . . . . . . . : 0.5 days (2017-06-24 21:00:41)Entropy . . . . . : 6.2SHA-256 . . . . . : 2251FA135CC290DA13DAE4743F393C7CC9E6A737C054707CB8D72C369D1FFACBProduct . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : NT Lan Manager Datagram Receiver DriverVersion . . . . . : 6.1.7601.23567Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : bowserLanguageID . . . . : 1033Fuzzy . . . . . . : 7.0Starts automatically as a service during system bootup.Time indicates that the file appeared recently on this computer.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is a device driver. Device drivers run as trusted (highly privileged) code.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\bowser\C:\windows\system32\Drivers\dfsc.sysSize . . . . . . . : 106,496 bytesAge . . . . . . . : 0.5 days (2017-06-24 21:00:46)Entropy . . . . . : 6.3SHA-256 . . . . . : D91676B0E0A8E2A090E3E5DD340ABCFC20AE0F55B4C82869D6CFB34239BD27DAProduct . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : DFS Namespace Client DriverVersion . . . . . : 6.1.7601.23542Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : DfsCLanguageID . . . . : 1033Fuzzy . . . . . . : 9.0Starts automatically as a service during system bootup.Program starts automatically without user intervention.Time indicates that the file appeared recently on this computer.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is a device driver. Device drivers run as trusted (highly privileged) code.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\DfsC\C:\windows\system32\drivers\drmkaud.sysSize . . . . . . . : 5,632 bytesAge . . . . . . . : 0.5 days (2017-06-24 20:55:13)Entropy . . . . . : 2.2SHA-256 . . . . . : A6B16ED498BAFE300E1F0E0A241E3D62F7A1C5973EE775904ED14F33A2BC08A6Product . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Microsoft Trusted Audio DriversVersion . . . . . : 6.1.7601.19091Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : drmkaudLanguageID . . . . : 1033Fuzzy . . . . . . : 7.0Starts automatically as a service during system bootup.Time indicates that the file appeared recently on this computer.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is a device driver. Device drivers run as trusted (highly privileged) code.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\drmkaud\C:\windows\system32\drivers\HTTP.sysSize . . . . . . . : 754,688 bytesAge . . . . . . . : 0.5 days (2017-06-24 20:55:06)Entropy . . . . . : 6.2SHA-256 . . . . . : BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1Product . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : HTTP Protocol StackVersion . . . . . : 6.1.7601.18772Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : HTTPLanguageID . . . . : 1033Fuzzy . . . . . . : 7.0Starts automatically as a service during system bootup.Time indicates that the file appeared recently on this computer.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is a device driver. Device drivers run as trusted (highly privileged) code.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\HTTP\C:\windows\system32\drivers\mbae64.sysSize . . . . . . . : 77,376 bytesAge . . . . . . . : 0.8 days (2017-06-24 14:40:40)Entropy . . . . . : 6.4SHA-256 . . . . . : 0C2E6C874F4B19CA4A603B7767077378ABBDA325D9D73DB971D5DDF52C827745RSA Key Size . . . : 2048Service . . . . . : ESProtectionDriverAuthenticode . . . : ValidFuzzy . . . . . . : 6.0Authors name is missing in version info. This is not common to most programs.Version control is missing. This file is probably created by an individual. This is not typical for most programs.Program starts automatically without user intervention.Time indicates that the file appeared recently on this computer.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.Starts automatically as a service during system bootup.The file is a device driver. Device drivers run as trusted (highly privileged) code.Program is code signed with a valid Authenticode certificate.StartupHKLM\SYSTEM\CurrentControlSet\Services\ESProtectionDriver\Forensic Cluster-7.7s C:\Program Files\Malwarebytes\-7.6s C:\ProgramData\Malwarebytes\MBAMService\logs\-7.6s C:\Program Files\Malwarebytes\Anti-Malware\-7.6s C:\Program Files\Malwarebytes\Anti-Malware\unins000.dat-7.6s C:\ProgramData\Malwarebytes\MBAMService\config\-7.6s C:\ProgramData\Malwarebytes\MBAMService\-7.6s C:\ProgramData\Malwarebytes\-7.5s C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe-7.5s C:\Program Files\Malwarebytes\Anti-Malware\suhlpr.dll-7.3s C:\Program Files\Malwarebytes\Anti-Malware\changes.txt-7.3s C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe-6.8s C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe-6.7s C:\Program Files\Malwarebytes\Anti-Malware\assistant.exe-6.7s C:\Program Files\Malwarebytes\Anti-Malware\malwarebytes_assistant.exe-6.7s C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll-6.4s C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll-6.1s C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll-5.8s C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll-5.7s C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll-5.6s C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll-5.4s C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll-5.4s C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll-5.1s C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll-5.1s C:\Program Files\Malwarebytes\Anti-Malware\QtWinExtras\-5.0s C:\Program Files\Malwarebytes\Anti-Malware\QtWinExtras\JumpListDestination.qml-5.0s C:\Program Files\Malwarebytes\Anti-Malware\QtWinExtras\JumpListLink.qml-5.0s C:\Program Files\Malwarebytes\Anti-Malware\QtWinExtras\JumpListSeparator.qml-5.0s C:\Program Files\Malwarebytes\Anti-Malware\msvcp120.dll-5.0s C:\Program Files\Malwarebytes\Anti-Malware\QtWinExtras\plugins.qmltypes-5.0s C:\Program Files\Malwarebytes\Anti-Malware\QtWinExtras\qmldir-5.0s C:\Program Files\Malwarebytes\Anti-Malware\QtWinExtras\qml_winextras.dll-5.0s C:\Program Files\Malwarebytes\Anti-Malware\msvcr120.dll-4.9s C:\Program Files\Malwarebytes\Anti-Malware\iconengines\-4.9s C:\Program Files\Malwarebytes\Anti-Malware\iconengines\qsvgicon.dll-4.9s C:\Program Files\Malwarebytes\Anti-Malware\imageformats\-4.9s C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qdds.dll-4.9s C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qgif.dll-4.9s C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qicns.dll-4.9s C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll-4.9s C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qjpeg.dll-4.9s C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll-4.8s C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qtga.dll-4.8s C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qtiff.dll-4.8s C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qwbmp.dll-4.8s C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qwebp.dll-4.7s C:\Program Files\Malwarebytes\Anti-Malware\platforms\-4.7s C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll-4.6s C:\Program Files\Malwarebytes\Anti-Malware\scenegraph\-4.6s C:\Program Files\Malwarebytes\Anti-Malware\scenegraph\softwarecontext.dll-4.6s C:\Program Files\Malwarebytes\Anti-Malware\Qt\labs\folderlistmodel\-4.6s C:\Program Files\Malwarebytes\Anti-Malware\Qt\labs\folderlistmodel\plugins.qmltypes-4.6s C:\Program Files\Malwarebytes\Anti-Malware\Qt\labs\-4.6s C:\Program Files\Malwarebytes\Anti-Malware\Qt\-4.6s C:\Program Files\Malwarebytes\Anti-Malware\Qt\labs\folderlistmodel\qmldir-4.6s C:\Program Files\Malwarebytes\Anti-Malware\Qt\labs\folderlistmodel\qmlfolderlistmodelplugin.dll-4.6s C:\Program Files\Malwarebytes\Anti-Malware\QtQml\-4.6s C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\-4.6s C:\Program Files\Malwarebytes\Anti-Malware\Qt\labs\settings\-4.6s C:\Program Files\Malwarebytes\Anti-Malware\Qt\labs\settings\plugins.qmltypes-4.6s C:\Program Files\Malwarebytes\Anti-Malware\Qt\labs\settings\qmldir-4.6s C:\Program Files\Malwarebytes\Anti-Malware\Qt\labs\settings\qmlsettingsplugin.dll-4.6s C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll-4.6s C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\plugins.qmltypes-4.6s C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\qmldir-4.6s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\-4.6s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\plugins.qmltypes-4.6s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qmldir-4.6s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll-4.6s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\-4.5s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Flat\-4.5s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Flat\qmldir-4.5s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\-4.5s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\qmldir-4.5s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Flat\qtquickextrasflatplugin.dll-4.5s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\-4.5s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll-4.4s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\Private\-4.4s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\Private\dialogsprivateplugin.dll-4.4s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\plugins.qmltypes-4.4s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\qmldir-4.4s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Extras\-4.4s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Extras\plugins.qmltypes-4.4s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Extras\qmldir-4.4s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Extras\qtquickextrasplugin.dll-4.4s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\Private\plugins.qmltypes-4.4s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\Private\qmldir-4.4s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\-4.4s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\plugins.qmltypes-4.4s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qmldir-4.4s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll-4.4s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\-4.4s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\plugins.qmltypes-4.4s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\qmldir-4.4s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll-4.4s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\-4.4s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\plugins.qmltypes-4.4s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\qmldir-4.4s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll-4.4s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\-4.4s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\plugins.qmltypes-4.3s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qmldir-4.3s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll-4.3s C:\Program Files\Malwarebytes\Anti-Malware\Languages\-4.3s C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_en_GB.qm-4.3s C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_en_US.qm-4.3s C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_de.qm-4.3s C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_fr.qm-4.3s C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_it.qm-4.3s C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_nl.qm-4.3s C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_pl.qm-4.3s C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_pt_BR.qm-4.3s C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_pt_PT.qm-4.3s C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_ru.qm-4.2s C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_sv.qm-4.2s C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_es.qm-4.2s C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_da.qm-4.2s C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_no.qm-4.2s C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_fi.qm-4.2s C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_ja.qm-4.1s C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_hu.qm-4.1s C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_cs.qm-4.1s C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_zh_TW.qm-4.1s C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_ko.qm-4.1s C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_ro.qm-4.1s C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_hr.qm-4.1s C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_sl.qm-4.1s C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_sk.qm-4.1s C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe-4.1s C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_bg.qm-3.9s C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe-3.6s C:\Program Files\Malwarebytes\Anti-Malware\ArwControllerImpl.dll-2.9s C:\Program Files\Malwarebytes\Anti-Malware\CleanControllerImpl.dll-2.6s C:\Program Files\Malwarebytes\Anti-Malware\CloudControllerImpl.dll-2.5s C:\Program Files\Malwarebytes\Anti-Malware\LicenseControllerImpl.dll-2.2s C:\Program Files\Malwarebytes\Anti-Malware\MWACControllerImpl.dll-2.1s C:\Program Files\Malwarebytes\Anti-Malware\PoliciesControllerImpl.dll-2.1s C:\Program Files\Malwarebytes\Anti-Malware\RTPControllerImpl.dll-2.0s C:\Program Files\Malwarebytes\Anti-Malware\ScanControllerImpl.dll-1.7s C:\Program Files\Malwarebytes\Anti-Malware\TelemetryControllerImpl.dll-1.6s C:\Program Files\Malwarebytes\Anti-Malware\AEControllerImpl.dll-1.5s C:\Program Files\Malwarebytes\Anti-Malware\UpdateControllerImpl.dll-1.4s C:\Program Files\Malwarebytes\Anti-Malware\SPControllerImpl.dll-1.3s C:\Program Files\Malwarebytes\Anti-Malware\Actions.dll-0.4s C:\Program Files\Malwarebytes\Anti-Malware\ActionsShim.dll-0.4s C:\Program Files\Malwarebytes\Anti-Malware\AeShim.dll-0.3s C:\Program Files\Malwarebytes\Anti-Malware\mbae64.dll0.0s C:\Windows\System32\drivers\mbae64.sys0.0s C:\Program Files\Malwarebytes\Anti-Malware\mbae-api-na.dll0.2s C:\Program Files\Malwarebytes\Anti-Malware\ArwSdkShim.dll0.5s C:\Program Files\Malwarebytes\Anti-Malware\arwlib.dll0.9s C:\Program Files\Malwarebytes\Anti-Malware\MBAMShim.dll1.0s C:\Program Files\Malwarebytes\Anti-Malware\MBAMCore.dll1.3s C:\Program Files\Malwarebytes\Anti-Malware\MwacSdkShim.dll1.4s C:\Program Files\Malwarebytes\Anti-Malware\MwacLib.dll1.6s C:\Program Files\Malwarebytes\Anti-Malware\SwissarmyShim.dll1.7s C:\Program Files\Malwarebytes\Anti-Malware\Swissarmy.dll1.8s C:\Program Files\Malwarebytes\Anti-Malware\RtpShim.dll1.9s C:\Program Files\Malwarebytes\Anti-Malware\rtp.dll2.1s C:\Program Files\Malwarebytes\Anti-Malware\SelfProtectionShim.dll2.2s C:\Program Files\Malwarebytes\Anti-Malware\SelfProtectionSdk.dll2.3s C:\Program Files\Malwarebytes\Anti-Malware\MbamPt.exe2.3s C:\Program Files\Malwarebytes\Anti-Malware\mbae.dll3.4s C:\ProgramData\Malwarebytes\MBAMService\exclusions.txt3.5s C:\ProgramData\Malwarebytes\MBAMService\dynconfig.dat3.7s C:\ProgramData\Malwarebytes\MBAMService\dbmanifest.dat3.7s C:\ProgramData\Malwarebytes\MBAMService\mbdigsig.dat3.7s C:\Program Files\Malwarebytes\Anti-Malware\7z.dll4.1s C:\Program Files\Malwarebytes\Anti-Malware\libeay32.dll4.3s C:\Program Files\Malwarebytes\Anti-Malware\ssleay32.dll4.5s C:\Program Files\Malwarebytes\Anti-Malware\zlib.dll4.5s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\6.5s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Malwarebytes.lnk6.6s C:\Users\Public\Desktop\Malwarebytes.lnk6.6s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Uninstall Malwarebytes.lnk7.8s C:\Program Files\Malwarebytes\Anti-Malware\unins000.msg12.0s C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json12.4s C:\ProgramData\Malwarebytes\MBAMService\logs\MBAMSERVICE.LOG12.5s C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json12.6s C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json12.6s C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json13.1s C:\ProgramData\Malwarebytes\MBAMService\lkg_db\13.2s C:\ProgramData\Malwarebytes\MBAMService\lkg_db\prot.mbdb13.2s C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rdefs.mbdb13.2s C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rules.mbdb13.2s C:\ProgramData\Malwarebytes\MBAMService\lkg_db\scan.mbdb13.2s C:\ProgramData\Malwarebytes\MBAMService\lkg_db\tids.mbdb13.2s C:\ProgramData\Malwarebytes\MBAMService\lkg_db\wprot.mbdb13.2s C:\ProgramData\Malwarebytes\MBAMService\lkg_db\clean.mbdb13.2s C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Actions.dll13.4s C:\ProgramData\Malwarebytes\MBAMService\lkg_db\MBAMCore.dll13.5s C:\ProgramData\Malwarebytes\MBAMService\lkg_db\exclusions.txt13.5s C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dynconfig.dat13.5s C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dbmanifest.dat13.7s C:\ProgramData\Malwarebytes\MBAMService\lkg_db\mbdigsig.dat13.9s C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json14.2s C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json14.2s C:\ProgramData\Malwarebytes\MBAMService\config\telemetry.json14.5s C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json14.5s C:\ProgramData\Malwarebytes\MBAMService\ScanResults\14.6s C:\ProgramData\Malwarebytes\MBAMService\MwacDetections\14.6s C:\ProgramData\Malwarebytes\MBAMService\ArwDetections\14.6s C:\ProgramData\Malwarebytes\MBAMService\RtpDetections\14.6s C:\ProgramData\Malwarebytes\MBAMService\AeDetections\14.9s C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json15.6s C:\Windows\System32\drivers\MBAMSwissArmy.sys16.0s C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json16.1s C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json16.3s C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json17.8s C:\Program Files\HitmanPro\18.0s C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json18.3s C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.jsonC:\windows\system32\drivers\mrxdav.sysSize . . . . . . . : 142,336 bytesAge . . . . . . . : 0.5 days (2017-06-24 21:00:48)Entropy . . . . . : 6.3SHA-256 . . . . . : 9AA04CA73AFE599810CD233B9CEC212E16D44DCEDF5C7D0181C7257F498068B5Product . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Windows NT WebDav MinirdrVersion . . . . . : 6.1.7601.23542Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : MRxDAVLanguageID . . . . : 1033Fuzzy . . . . . . : 7.0Starts automatically as a service during system bootup.Time indicates that the file appeared recently on this computer.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is a device driver. Device drivers run as trusted (highly privileged) code.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\MRxDAV\C:\windows\system32\DRIVERS\mrxsmb.sysSize . . . . . . . : 159,744 bytesAge . . . . . . . : 0.5 days (2017-06-24 21:00:44)Entropy . . . . . : 6.3SHA-256 . . . . . : 685002901EAD1D08560D3C7F3BEA737BCFC44CA00D463D7D7FFA50D7730DA7A5Product . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Windows NT SMB MinirdrVersion . . . . . : 6.1.7601.23816Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : mrxsmbLanguageID . . . . : 1033Fuzzy . . . . . . : 7.0Starts automatically as a service during system bootup.Time indicates that the file appeared recently on this computer.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is a device driver. Device drivers run as trusted (highly privileged) code.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\mrxsmb\C:\windows\system32\DRIVERS\mrxsmb10.sysSize . . . . . . . : 291,328 bytesAge . . . . . . . : 0.5 days (2017-06-24 21:00:47)Entropy . . . . . : 6.4SHA-256 . . . . . : 375659FF15B9639A09F09274DBA99EABBC27AD5F3271C731B65956C9384C47A5Product . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Longhorn SMB Downlevel SubRdrVersion . . . . . : 6.1.7601.23816Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : mrxsmb10LanguageID . . . . : 1033Fuzzy . . . . . . : 7.0Starts automatically as a service during system bootup.Time indicates that the file appeared recently on this computer.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is a device driver. Device drivers run as trusted (highly privileged) code.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\mrxsmb10\C:\windows\system32\DRIVERS\mrxsmb20.sysSize . . . . . . . : 129,536 bytesAge . . . . . . . : 0.5 days (2017-06-24 21:00:42)Entropy . . . . . : 6.2SHA-256 . . . . . : 618F6399A7B0B7A8606CA1DCC45450840F6FD40D93B586BCA9DFE60D48DC5BB9Product . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Longhorn SMB 2.0 RedirectorVersion . . . . . : 6.1.7601.23816Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : mrxsmb20LanguageID . . . . : 1033Fuzzy . . . . . . : 7.0Starts automatically as a service during system bootup.Time indicates that the file appeared recently on this computer.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is a device driver. Device drivers run as trusted (highly privileged) code.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\mrxsmb20\C:\windows\system32\DRIVERS\netbt.sysSize . . . . . . . : 262,144 bytesAge . . . . . . . : 0.5 days (2017-06-24 20:54:45)Entropy . . . . . : 6.3SHA-256 . . . . . : F349D25890B6F476B106FD75BFB081DB737CA9B224D95E44927942FFF2DF82CDProduct . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : MBT Transport driverVersion . . . . . : 6.1.7601.23451Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : NetBTLanguageID . . . . : 1033Fuzzy . . . . . . : 9.0Starts automatically as a service during system bootup.Program starts automatically without user intervention.Time indicates that the file appeared recently on this computer.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is a device driver. Device drivers run as trusted (highly privileged) code.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\NetBT\C:\windows\system32\drivers\peauth.sysSize . . . . . . . : 663,552 bytesAge . . . . . . . : 0.5 days (2017-06-24 21:00:53)Entropy . . . . . : 6.7SHA-256 . . . . . : 24717C5E41B7CA522F3330EF2228B6685E710A5259396E9887A1C1E7A413F8CAProduct . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Protected Environment Authentication and Authorization Export DriverVersion . . . . . : 6.1.7601.23471Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : PEAUTHLanguageID . . . . : 1033Fuzzy . . . . . . : 9.0Starts automatically as a service during system bootup.Program starts automatically without user intervention.Time indicates that the file appeared recently on this computer.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is a device driver. Device drivers run as trusted (highly privileged) code.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\PEAUTH\C:\windows\system32\DRIVERS\srv.sysSize . . . . . . . : 460,800 bytesAge . . . . . . . : 0.5 days (2017-06-24 21:01:00)Entropy . . . . . : 6.4SHA-256 . . . . . : AA223A2A8E8503CBDB0CE6A70620B372E0591070F9FF7D8532A93B54EF7B7E51Product . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Server driverVersion . . . . . : 6.1.7601.23762Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : srvLanguageID . . . . : 1033Fuzzy . . . . . . : 7.0Starts automatically as a service during system bootup.Time indicates that the file appeared recently on this computer.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is a device driver. Device drivers run as trusted (highly privileged) code.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\srv\C:\windows\system32\DRIVERS\srv2.sysSize . . . . . . . : 405,504 bytesAge . . . . . . . : 0.5 days (2017-06-24 21:00:58)Entropy . . . . . : 5.9SHA-256 . . . . . : 4CB94D250E9D2646FCE7284D4D3CED1BB02E4D79AD33A414D16EF794195868CAProduct . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Smb 2.0 Server driverVersion . . . . . : 6.1.7601.23762Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : srv2LanguageID . . . . : 1033Fuzzy . . . . . . : 7.0Starts automatically as a service during system bootup.Time indicates that the file appeared recently on this computer.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is a device driver. Device drivers run as trusted (highly privileged) code.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\srv2\C:\windows\system32\DRIVERS\srvnet.sysSize . . . . . . . : 168,960 bytesAge . . . . . . . : 0.5 days (2017-06-24 21:00:47)Entropy . . . . . : 6.2SHA-256 . . . . . : B2D5E006B748F24F0FF2CEFFC3D056F3D50E8A818BDFF4231C87C022A25F44EDProduct . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Server Network driverVersion . . . . . : 6.1.7601.23762Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : srvnetLanguageID . . . . : 1033Fuzzy . . . . . . : 7.0Starts automatically as a service during system bootup.Time indicates that the file appeared recently on this computer.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is a device driver. Device drivers run as trusted (highly privileged) code.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\srvnet\C:\windows\system32\drivers\tcpipreg.sysSize . . . . . . . : 46,080 bytesAge . . . . . . . : 0.5 days (2017-06-24 20:56:54)Entropy . . . . . : 5.5SHA-256 . . . . . : 4E3EA68713A45C22F1B9A1AA125E15D06D0C5E637B815537431ADFB6D7563879Product . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : TCP/IP Registry Compatibility DriverVersion . . . . . : 6.1.7601.23496Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : tcpipregLanguageID . . . . : 1033Fuzzy . . . . . . : 9.0Starts automatically as a service during system bootup.Program starts automatically without user intervention.Time indicates that the file appeared recently on this computer.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is a device driver. Device drivers run as trusted (highly privileged) code.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\tcpipreg\C:\windows\system32\DRIVERS\tdx.sysSize . . . . . . . : 117,248 bytesAge . . . . . . . : 0.5 days (2017-06-24 21:00:39)Entropy . . . . . : 6.2SHA-256 . . . . . : 344448F41EB93AF01FF624665C0D582C0ABB19AFDA1DA18EE5141E26407F58BEProduct . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : TDI Translation DriverVersion . . . . . : 6.1.7601.23806Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : tdxLanguageID . . . . : 1033Fuzzy . . . . . . : 9.0Starts automatically as a service during system bootup.Program starts automatically without user intervention.Time indicates that the file appeared recently on this computer.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is a device driver. Device drivers run as trusted (highly privileged) code.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\tdx\C:\windows\system32\drivers\USBSTOR.SYSSize . . . . . . . : 91,648 bytesAge . . . . . . . : 0.5 days (2017-06-24 21:02:22)Entropy . . . . . : 6.3SHA-256 . . . . . : C95805E8BF75ECB939520AE86420B16467B0771C161C51C9F1A37649ADFADCD0Product . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : USB Mass Storage Class DriverVersion . . . . . : 6.1.7601.19144Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : USBSTORLanguageID . . . . : 1033Fuzzy . . . . . . : 7.0Starts automatically as a service during system bootup.Time indicates that the file appeared recently on this computer.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is a device driver. Device drivers run as trusted (highly privileged) code.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\USBSTOR\C:\windows\system32\FntCache.dllSize . . . . . . . : 1,180,160 bytesAge . . . . . . . : 0.5 days (2017-06-24 21:01:18)Entropy . . . . . : 6.2SHA-256 . . . . . : 911697D580CBF508A6F4A52D4F95A6976CF9A0EC3549076A8D0B5C8BD947C989Product . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Windows Font Cache ServiceVersion . . . . . : 6.2.9200.22164Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : FontCacheLanguageID . . . . : 1033Fuzzy . . . . . . : 11.0Starts automatically as a service during system bootup.Program starts automatically without user intervention.Time indicates that the file appeared recently on this computer.The file is in use by one or more active processes.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\FontCache\C:\windows\System32\gpsvc.dllSize . . . . . . . : 794,624 bytesAge . . . . . . . : 0.5 days (2017-06-24 20:54:39)Entropy . . . . . : 5.7SHA-256 . . . . . : 262ADD713B1FBF6200550967D1F8635B55D01BBD8FA2E753536E71A4EC87867BProduct . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Group Policy ClientVersion . . . . . : 6.1.7601.23452Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : gpsvcLanguageID . . . . : 1033Fuzzy . . . . . . : 11.0Starts automatically as a service during system bootup.Program starts automatically without user intervention.Time indicates that the file appeared recently on this computer.The file is in use by one or more active processes.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\gpsvc\C:\windows\system32\ie4uinit.exeSize . . . . . . . : 725,504 bytesAge . . . . . . . : 0.5 days (2017-06-24 21:01:41)Entropy . . . . . : 6.0SHA-256 . . . . . : 89BB1B24CC7E29618A58539CEE2234D46787C2A2AAF2C91AAE6336D6E66E9EEEProduct . . . . . : Internet ExplorerPublisher . . . . : Microsoft CorporationDescription . . . : IE Per-User Initialization UtilityVersion . . . . . : 11.00.9600.18698Copyright . . . . : © Microsoft Corporation. All rights reserved.LanguageID . . . . : 1033Fuzzy . . . . . . : 6.0Program starts automatically without user intervention.Time indicates that the file appeared recently on this computer.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{2D46B6DC-2207-486B-B523-A557E6D54B47}\HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{66C64F22-FC60-4E6C-A6B5-F0D580E680CE}\HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{7D715857-A67C-4C2F-A929-038448584D63}\HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\C:\windows\system32\IEEtwCollector.exeSize . . . . . . . : 116,224 bytesAge . . . . . . . : 0.5 days (2017-06-24 21:01:41)Entropy . . . . . : 6.0SHA-256 . . . . . : 82F887BB8416B9270D628968B0FA6ADA918A95CB5121964B7A4FD9D190EC4AE4Product . . . . . : Internet ExplorerPublisher . . . . : Microsoft CorporationDescription . . . : IE ETW Collector ServiceVersion . . . . . : 11.00.9600.18698Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : IEEtwCollectorServiceLanguageID . . . . : 1033Fuzzy . . . . . . : 7.0Starts automatically as a service during system bootup.Time indicates that the file appeared recently on this computer.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\IEEtwCollectorService\C:\Windows\System32\ieframe.dllSize . . . . . . . : 15,252,992 bytesAge . . . . . . . : 0.5 days (2017-06-24 21:01:31)Entropy . . . . . : 6.4SHA-256 . . . . . : E8DC838426FB0ED1B6A784C20851263BF3A6B182445C327D3B6D381F71B37A9AProduct . . . . . : Internet ExplorerPublisher . . . . : Microsoft CorporationDescription . . . : Internet BrowserVersion . . . . . : 11.00.9600.18698Copyright . . . . : © Microsoft Corporation. All rights reserved.LanguageID . . . . : 1033Fuzzy . . . . . . : 11.0This file contains a Thread Local Storage (TLS) data directory. This is not common for most programs.Program starts automatically without user intervention.Time indicates that the file appeared recently on this computer.The file is in use by one or more active processes.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}HKU\S-1-5-21-1148774451-3867332700-2556772270-1000\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}HKU\S-1-5-21-1148774451-3867332700-2556772270-501\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}ReferencesHKLM\SOFTWARE\Classes\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\C:\windows\System32\ipsecsvc.dllSize . . . . . . . : 502,272 bytesAge . . . . . . . : 0.5 days (2017-06-24 20:54:39)Entropy . . . . . : 6.1SHA-256 . . . . . : B7E6B5E1148B7EE537E8D5C3A65450876B61CD45A395267D08699746E98AD574Product . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Windows IPsec SPD Server DLLVersion . . . . . : 6.1.7601.23452Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : PolicyAgentLanguageID . . . . : 1033Fuzzy . . . . . . : 9.0Starts automatically as a service during system bootup.Time indicates that the file appeared recently on this computer.The file is in use by one or more active processes.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent\C:\windows\System32\lsass.exeSize . . . . . . . : 30,720 bytesAge . . . . . . . : 0.5 days (2017-06-24 21:00:29)Entropy . . . . . : 5.0SHA-256 . . . . . : B210C542A1CF930B69E5BB018464E49FA96FA08B2FB06DB4EE2924C3B86034CCProduct . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Local Security Authority ProcessVersion . . . . . : 6.1.7601.23816Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : VaultSvcParent Name . . . : C:\windows\system32\wininit.exeLanguageID . . . . : 1033Running processes : 608Fuzzy . . . . . . : 13.0This program is actively listening for inbound network connections.Starts automatically as a service during system bootup.Time indicates that the file appeared recently on this computer.The file is in use by one or more active processes.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\EFS\HKLM\SYSTEM\CurrentControlSet\Services\KeyIso\HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\HKLM\SYSTEM\CurrentControlSet\Services\ProtectedStorage\HKLM\SYSTEM\CurrentControlSet\Services\SamSs\HKLM\SYSTEM\CurrentControlSet\Services\VaultSvc\Network Ports0.0.0.0:49154	C:\windows\system32\msiexec.exeSize . . . . . . . : 128,512 bytesAge . . . . . . . : 0.5 days (2017-06-24 21:00:46)Entropy . . . . . : 5.9SHA-256 . . . . . : 1A899BEF4F64D5CDD23911A6EA09F69483E4DBA8E76CDA38A37DAB6FA24406E8Product . . . . . : Windows Installer - UnicodePublisher . . . . : Microsoft CorporationDescription . . . : Windows® installerVersion . . . . . : 5.0.7601.23593Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : msiserverLanguageID . . . . : 1033Fuzzy . . . . . . : 7.0Starts automatically as a service during system bootup.Time indicates that the file appeared recently on this computer.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupC:\windows\system32\Tasks\{1E428B2C-B149-4465-A0BF-AEEEE13771D0}HKLM\SYSTEM\CurrentControlSet\Services\msiserver\C:\Windows\System32\mswsock.dllSize . . . . . . . : 327,168 bytesAge . . . . . . . : 0.5 days (2017-06-24 20:54:45)Entropy . . . . . : 6.2SHA-256 . . . . . : 5FE5AE6EFB5D47EF867A6E4F635EF707122FF3A5B34C7CDFE8F019D321B9971DProduct . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Microsoft Windows Sockets 2.0 Service ProviderVersion . . . . . : 6.1.7601.23451Copyright . . . . : © Microsoft Corporation. All rights reserved.LanguageID . . . . : 1033Fuzzy . . . . . . : 8.0Program starts automatically without user intervention.Time indicates that the file appeared recently on this computer.The file is in use by one or more active processes.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003\HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004\HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005\HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006\HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007\HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008\HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009\HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010\C:\windows\system32\pcalua.exeSize . . . . . . . : 9,728 bytesAge . . . . . . . : 0.5 days (2017-06-24 21:00:26)Entropy . . . . . : 4.6SHA-256 . . . . . : 436C94F3ABB047C5BE9791766DDA3FE5742AC35572D26676BEAD5E9B6AA7C0B0Product . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Program Compatibility AssistantVersion . . . . . : 6.1.7601.23471Copyright . . . . : © Microsoft Corporation. All rights reserved.LanguageID . . . . : 1033Fuzzy . . . . . . : 6.0Program starts automatically without user intervention.Time indicates that the file appeared recently on this computer.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupC:\windows\system32\Tasks\{17EB23DD-5768-494E-B3DE-40C197A001A3}C:\windows\system32\Tasks\{4C65DB7C-279F-45F1-B10A-213A3D69387D}C:\windows\system32\Tasks\{91872EAA-A2E2-4EF5-B428-3770F1EF3F4D}C:\windows\system32\Tasks\{C0F68F42-1DA8-42C7-9906-66903FF468F5}C:\windows\system32\Tasks\{D70FF91D-009B-4060-B781-6D372A1291EB}C:\windows\system32\Tasks\{F4847E14-6A44-411D-8D4A-77439A50B8AB}C:\windows\System32\pcasvc.dllSize . . . . . . . : 187,904 bytesAge . . . . . . . : 0.5 days (2017-06-24 21:00:48)Entropy . . . . . : 6.3SHA-256 . . . . . : 9E812535E8FBA045FDA30F68E9EB2031132C37721D542A2DC9D4C33E2B137FCFProduct . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Program Compatibility Assistant ServiceVersion . . . . . : 6.1.7601.23471Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : PcaSvcLanguageID . . . . : 1033Fuzzy . . . . . . : 11.0Starts automatically as a service during system bootup.Program starts automatically without user intervention.Time indicates that the file appeared recently on this computer.The file is in use by one or more active processes.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\PcaSvc\C:\windows\system32\pla.dllSize . . . . . . . : 1,389,056 bytesAge . . . . . . . : 0.5 days (2017-06-24 21:00:53)Entropy . . . . . : 6.1SHA-256 . . . . . : 5C99E9D7E7095CED52B1F5F4A569E54F124602C573DD2B25731E0D57FDA22A27Product . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Performance Logs & AlertsVersion . . . . . : 6.1.7601.23717Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : plaLanguageID . . . . : 1033Fuzzy . . . . . . : 7.0Starts automatically as a service during system bootup.Time indicates that the file appeared recently on this computer.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\pla\C:\windows\system32\rpcss.dllSize . . . . . . . : 512,000 bytesAge . . . . . . . : 0.5 days (2017-06-24 21:01:00)Entropy . . . . . : 6.3SHA-256 . . . . . : 038FDF99C643C8102026BA26A75899A56E91AD0C239DF71AA5443FD35C718C78Product . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Distributed COM ServicesVersion . . . . . : 6.1.7601.23775Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : RpcSsLanguageID . . . . : 1033Fuzzy . . . . . . : 11.0Starts automatically as a service during system bootup.Program starts automatically without user intervention.Time indicates that the file appeared recently on this computer.The file is in use by one or more active processes.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\DcomLaunch\HKLM\SYSTEM\CurrentControlSet\Services\RpcSs\C:\windows\system32\RunDLL32.exeSize . . . . . . . : 46,080 bytesAge . . . . . . . : 0.5 days (2017-06-24 21:00:31)Entropy . . . . . : 6.0SHA-256 . . . . . : 405F03534BE8B45185695F68DEB47D4DAF04DCD6DF9D351CA6831D3721B1EFC4Product . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Windows host process (Rundll32)Version . . . . . : 6.1.7601.23755Copyright . . . . : © Microsoft Corporation. All rights reserved.LanguageID . . . . : 1033Fuzzy . . . . . . : 6.0Program starts automatically without user intervention.Time indicates that the file appeared recently on this computer.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupC:\windows\system32\Tasks\Microsoft\Windows\Autochk\ProxyC:\windows\system32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollectorC:\windows\system32\Tasks\Microsoft\Windows\SystemRestore\SRC:\windows\system32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict1C:\windows\system32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict2C:\windows\system32\Tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChangeHKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\>{F871DB00-5C93-4B4D-9F0B-A4FAEC8D6BD6}\HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}\ReferencesC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnkHKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\windows\system32\rundll32.exeHKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\windows\system32\rundll32.exeC:\windows\system32\schedsvc.dllSize . . . . . . . : 1,110,016 bytesAge . . . . . . . : 0.4 days (2017-06-24 22:33:03)Entropy . . . . . : 6.0SHA-256 . . . . . : B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CFProduct . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Task Scheduler ServiceVersion . . . . . : 6.1.7601.18951Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : ScheduleLanguageID . . . . : 1033Fuzzy . . . . . . : 11.0Starts automatically as a service during system bootup.Program starts automatically without user intervention.Time indicates that the file appeared recently on this computer.The file is in use by one or more active processes.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\Schedule\C:\windows\system32\SearchIndexer.exeSize . . . . . . . : 591,872 bytesAge . . . . . . . : 0.5 days (2017-06-24 21:00:44)Entropy . . . . . : 5.8SHA-256 . . . . . : AAD5BE845F7650A68082F91C579BD4FE1BD48DF6B311356A26574E90D372BF4AProduct . . . . . : Windows® SearchPublisher . . . . : Microsoft CorporationDescription . . . : Microsoft Windows Search IndexerVersion . . . . . : 7.00.7601.23834Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : WSearchParent Name . . . : C:\windows\system32\services.exeLanguageID . . . . : 1033Running processes : 3788Fuzzy . . . . . . : 11.0Starts automatically as a service during system bootup.Program starts automatically without user intervention.Time indicates that the file appeared recently on this computer.The file is in use by one or more active processes.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\WSearch\C:\windows\system32\seclogon.dllSize . . . . . . . : 30,720 bytesAge . . . . . . . : 0.5 days (2017-06-24 20:55:08)Entropy . . . . . : 5.2SHA-256 . . . . . : E351CEEC086084A417BA3BD0EEF46114D3147EC38E3EF8BE49B724F9D028CC56Product . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Secondary Logon Service DLLVersion . . . . . : 6.1.7601.19148Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : seclogonLanguageID . . . . : 1033Fuzzy . . . . . . : 7.0Starts automatically as a service during system bootup.Time indicates that the file appeared recently on this computer.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\seclogon\C:\Windows\System32\shell32.dllSize . . . . . . . : 14,183,936 bytesAge . . . . . . . : 0.5 days (2017-06-24 21:01:07)Entropy . . . . . : 6.2SHA-256 . . . . . : 079360E0C1234730F508A658F1AA99C892839F81A03EB5A74901C0041367C256Product . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Windows Shell Common DllVersion . . . . . : 6.1.7601.23806Copyright . . . . : © Microsoft Corporation. All rights reserved.LanguageID . . . . : 1033Fuzzy . . . . . . : 8.0Program starts automatically without user intervention.Time indicates that the file appeared recently on this computer.The file is in use by one or more active processes.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SOFTWARE\Classes\Directory\Shellex\CopyHookHandlers\FileSystem\HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}\ReferencesHKLM\SOFTWARE\Classes\CLSID\{0DF44EAA-FF21-4412-828E-260A8728E7F1}\HKLM\SOFTWARE\Classes\CLSID\{217FC9C0-3AEA-1069-A2DB-08002B30309D}\HKLM\SOFTWARE\Classes\CLSID\{40419485-C444-4567-851A-2DD7BFA1684D}\HKLM\SOFTWARE\Classes\CLSID\{62D8ED13-C9D0-4CE8-A914-47DD628FB1B0}\HKLM\SOFTWARE\Classes\CLSID\{6C8EEC18-8D75-41B2-A177-8831D59D2D50}\HKLM\SOFTWARE\Classes\CLSID\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}\HKLM\SOFTWARE\Classes\CLSID\{725BE8F7-668E-4C7B-8F90-46BDB0936430}\HKLM\SOFTWARE\Classes\CLSID\{80F3F1D5-FECA-45F3-BC32-752C152E456E}\HKLM\SOFTWARE\Classes\CLSID\{87D66A43-7B11-4A28-9811-C86EE395ACF7}\HKLM\SOFTWARE\Classes\CLSID\{A0275511-0E86-4ECA-97C2-ECD8F1221D08}\HKLM\SOFTWARE\Classes\CLSID\{A3DD4F92-658A-410F-84FD-6FBBBEF2FFFE}\HKLM\SOFTWARE\Classes\CLSID\{D17D1D6D-CC3F-4815-8FE3-607E7D5D10B3}\HKLM\SOFTWARE\Classes\CLSID\{E2E7934B-DCE5-43C4-9576-7FE4F75E7480}\HKLM\SOFTWARE\Classes\CLSID\{F2DDFC82-8F12-4CDD-B7DC-D4FE1425AA4D}\HKLM\SOFTWARE\Classes\CLSID\{F82DF8F7-8B9F-442E-A48C-818EA735FF9B}\HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{0DF44EAA-FF21-4412-828E-260A8728E7F1}\HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{40419485-C444-4567-851A-2DD7BFA1684D}\HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{62D8ED13-C9D0-4CE8-A914-47DD628FB1B0}\HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{6C8EEC18-8D75-41B2-A177-8831D59D2D50}\HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}\HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{725BE8F7-668E-4C7B-8F90-46BDB0936430}\HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{80F3F1D5-FECA-45F3-BC32-752C152E456E}\HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{87D66A43-7B11-4A28-9811-C86EE395ACF7}\HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{A0275511-0E86-4ECA-97C2-ECD8F1221D08}\HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{A3DD4F92-658A-410F-84FD-6FBBBEF2FFFE}\HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{D17D1D6D-CC3F-4815-8FE3-607E7D5D10B3}\HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{E2E7934B-DCE5-43C4-9576-7FE4F75E7480}\HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{F2DDFC82-8F12-4CDD-B7DC-D4FE1425AA4D}\HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{F82DF8F7-8B9F-442E-A48C-818EA735FF9B}\HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{217FC9C0-3AEA-1069-A2DB-08002B30309D}\C:\windows\system32\sysmain.dllSize . . . . . . . : 1,743,360 bytesAge . . . . . . . : 0.4 days (2017-06-24 22:32:22)Entropy . . . . . : 5.7SHA-256 . . . . . : 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2Product . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Superfetch Service HostVersion . . . . . : 6.1.7601.18933Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : SysMainLanguageID . . . . : 1033Fuzzy . . . . . . : 11.0Starts automatically as a service during system bootup.Program starts automatically without user intervention.Time indicates that the file appeared recently on this computer.The file is in use by one or more active processes.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\SysMain\C:\windows\System32\WcsPlugInService.dllSize . . . . . . . : 40,960 bytesAge . . . . . . . : 0.5 days (2017-06-24 21:00:28)Entropy . . . . . : 5.6SHA-256 . . . . . : 3E412DEC5F172B4C5FD5C227CD790EE56B90A00A8B538704E8F973D230BE2289Product . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : WcsPlugInService DLLVersion . . . . . : 6.1.7601.23677Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : WcsPlugInServiceLanguageID . . . . : 1033Fuzzy . . . . . . : 7.0Starts automatically as a service during system bootup.Time indicates that the file appeared recently on this computer.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\WcsPlugInService\C:\windows\System32\webclnt.dllSize . . . . . . . : 263,680 bytesAge . . . . . . . : 0.5 days (2017-06-24 21:00:55)Entropy . . . . . : 5.8SHA-256 . . . . . : F1AE981FCDBFC4672A4EABABD41382E93762EFC2EDAD96E75530E7ACA5AF1FD8Product . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Web DAV Service DLLVersion . . . . . : 6.1.7601.23542Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : WebClientLanguageID . . . . : 1033Fuzzy . . . . . . : 7.0Starts automatically as a service during system bootup.Time indicates that the file appeared recently on this computer.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\WebClient\C:\Windows\System32\winsrv.dllSize . . . . . . . : 215,552 bytesAge . . . . . . . : 0.5 days (2017-06-24 21:00:39)Entropy . . . . . : 6.0SHA-256 . . . . . : DEE04A0BCCFEC5F126C5FBF91D23790628AE79FAF4B61D7960F1592D0B432613Product . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Multi-User Windows Server DLLVersion . . . . . : 6.1.7601.23807Copyright . . . . : © Microsoft Corporation. All rights reserved.LanguageID . . . . : 1033Fuzzy . . . . . . : 12.0Program is running but currently exposes no human-computer interface (GUI).Program starts automatically without user intervention.Time indicates that the file appeared recently on this computer.The file is in use by one or more active processes.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\WindowsC:\windows\system32\WsmSvc.dllSize . . . . . . . : 2,023,424 bytesAge . . . . . . . : 0.5 days (2017-06-24 21:01:13)Entropy . . . . . : 5.8SHA-256 . . . . . : C51314F7D611E4903DA00EFA8EB99365414436324D256083CE0B5A8E055E8E06Product . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : WSMan ServiceVersion . . . . . : 6.1.7601.23512Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : WinRMLanguageID . . . . : 1033Fuzzy . . . . . . : 7.0Starts automatically as a service during system bootup.Time indicates that the file appeared recently on this computer.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\WinRM\C:\windows\system32\wuaueng.dllSize . . . . . . . : 2,651,136 bytesAge . . . . . . . : 0.5 days (2017-06-24 21:01:32)Entropy . . . . . : 6.0SHA-256 . . . . . : CBF4C63D3C5D14AF3C3F0D9C48E5AC9E7A4323BFB0363E9948FD801963BE1467Product . . . . . : Microsoft® Windows® Operating SystemPublisher . . . . : Microsoft CorporationDescription . . . : Windows Update AgentVersion . . . . . : 7.6.7601.23806Copyright . . . . : © Microsoft Corporation. All rights reserved.Service . . . . . : wuauservLanguageID . . . . : 1033Fuzzy . . . . . . : 11.0Starts automatically as a service during system bootup.Program starts automatically without user intervention.Time indicates that the file appeared recently on this computer.The file is in use by one or more active processes.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKLM\SYSTEM\CurrentControlSet\Services\wuauserv\C:\Windows\SysWOW64\ieframe.dllSize . . . . . . . : 13,664,768 bytesAge . . . . . . . : 0.5 days (2017-06-24 21:01:37)Entropy . . . . . : 6.5SHA-256 . . . . . : E85324F9552FAAF6D5627E8F95609585FA2ACA3B69B10B59BBD07691379E7B53Product . . . . . : Internet ExplorerPublisher . . . . : Microsoft CorporationDescription . . . : Internet BrowserVersion . . . . . : 11.00.9600.18698Copyright . . . . : © Microsoft Corporation. All rights reserved.LanguageID . . . . : 1033Fuzzy . . . . . . : 9.0This file contains a Thread Local Storage (TLS) data directory. This is not common for most programs.Program starts automatically without user intervention.Time indicates that the file appeared recently on this computer.The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.StartupHKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}HKU\S-1-5-21-1148774451-3867332700-2556772270-1000\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}HKU\S-1-5-21-1148774451-3867332700-2556772270-501\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}ReferencesHKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\

Edited by DJstubborncomputer, 25 June 2017 - 10:15 AM.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • BC Advisor
  • 12,871 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:47 AM

Posted 25 June 2017 - 10:57 AM

My suggestion...forego using Hitman Pro and uninstall it. Rely on the other programs.

 

Update and run scans using MBAM, AdwCleaner, Junkware Removal Tool. If those programs were installed years ago I suggest you

uninstall them and reinstall.

Uninstall AdwCleaner.....open and choose uninstall.

Uninstall JRT.....right click on it and choose delete.

 

After doing the above...do this:

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download and run the FREE online scanner from Free Virus Scan | Online Virus Scan from ESET | ESET

  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.
  • download Security Check by glax24 and save the file to the Desktop
  • Run the tool by accepting all the Security prompts
  • when complete the tool will produce a log file C:\SecurityCheck\SecurityCheck.txt and also copy the contents to the Clipboard
  • Simply Paste the log to your reply

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 DJstubborncomputer

DJstubborncomputer
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:47 AM

Posted 25 June 2017 - 05:29 PM

Thank you for responding. I am running the scan in MBAM right now, and removing Hitmanpro. I had just recently downloaded the other programs but I will reinstall them just in case.

 

Would you like all of the logs for the scans or just for Security check? 

I will post the log(s) in the next reply. 



#4 buddy215

buddy215

  • BC Advisor
  • 12,871 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:47 AM

Posted 25 June 2017 - 05:45 PM

Please post all the scan results except CCleaner. Especially if they find adware or malware. Thanks for asking.

 

I was assuming all the programs were installed years ago. Those you have installed in the last 6 months don't need to

be reinstalled.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#5 DJstubborncomputer

DJstubborncomputer
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:47 AM

Posted 25 June 2017 - 06:34 PM

Hi, I had to remove the Hitmanpro manually by deleting the application. I never installed it but rather just kept the .exe for use. I will search my computer later for remnants. 

 

Here is the MBAM and JRT logs, I am getting the AdwCleaner ones next

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 6/25/17
Scan Time: 5:25 PM
Log File: beep.txt
Administrator: Yes
 
-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.141
Update Package Version: 1.0.2231
License: Trial
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Deejay-PC\Deejay
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 362418
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 49 min, 26 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)
 
--
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 7 Home Premium x64 
Ran by Deejay (Administrator) on Sun 06/25/2017 at 18:18:57.37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 14 
 
Successfully deleted: C:\Users\Deejay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\99643X0V (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Deejay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLX3NEDS (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Deejay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BTM1U5TG (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Deejay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MUPYQCWN (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Deejay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OS4NAD7I (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Deejay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PQZFH61H (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Deejay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PR4IIPD1 (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\99643X0V (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLX3NEDS (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BTM1U5TG (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MUPYQCWN (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OS4NAD7I (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PQZFH61H (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PR4IIPD1 (Temporary Internet Files Folder) 
 
 
 
Registry: 3 
 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{43F88E04-CADE-45C9-8473-DB5CEF107394} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 06/25/2017 at 18:28:28.56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
I believe I remember seeing JRT mention the ScopeSearch registries, but it seems to have returned? Here is the log part containing the SearchScopes

 

Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\YahooAUService (Registry Key) 
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} (Registry Value) 
 
Is this malware? Or did a software reinstall it? 


#6 DJstubborncomputer

DJstubborncomputer
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:47 AM

Posted 25 June 2017 - 06:51 PM

I am going to flush out the files with CCleaner now.

Question though: Should I allow it to delete things under the system category? 

I know it's usually safe to delete the temporary files and the clipboard. I just don't know about the memory dumps and windows log files. Should I delete those as well? 

I'll clean out the IE/browsers, programs, and Windows Explorer cache in the meantime. If it is safe to do so I will clean out the dump logs as well. 

 

As promised, here is the AdWCleaner log. 

 

--

 

# Mode: Scan
 
 
 
***** [ Services ] *****
 
No malicious services found.
 
 
***** [ Folders ] *****
 
No malicious folders found.
 
 
***** [ Files ] *****
 
No malicious files found.
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
No malicious task found.
 
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
No malicious Chromium based browser items found.
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [12845 Bytes] - [24/06/2017 13:08:30]
C:\AdwCleaner\AdwCleaner[C2].txt - [1375 Bytes] - [24/06/2017 21:06:05]
C:\AdwCleaner\AdwCleaner[S0].txt - [11810 Bytes] - [24/06/2017 13:06:12]
C:\AdwCleaner\AdwCleaner[S1].txt - [1703 Bytes] - [24/06/2017 21:05:31]
C:\AdwCleaner\AdwCleaner[S2].txt - [1461 Bytes] - [24/06/2017 21:26:24]
C:\AdwCleaner\AdwCleaner[S3].txt - [1534 Bytes] - [24/06/2017 21:40:22]
C:\AdwCleaner\AdwCleaner[S4].txt - [1607 Bytes] - [24/06/2017 22:30:45]
C:\AdwCleaner\AdwCleaner[S5].txt - [1680 Bytes] - [24/06/2017 22:50:43]
C:\AdwCleaner\AdwCleaner[S6].txt - [1753 Bytes] - [24/06/2017 22:55:19]
C:\AdwCleaner\AdwCleaner[S7].txt - [1674 Bytes] - [25/06/2017 18:40:20]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [1747 Bytes] ##########


#7 buddy215

buddy215

  • BC Advisor
  • 12,871 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:47 AM

Posted 25 June 2017 - 07:09 PM

Yes...you run those cleaners, too.

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#8 DJstubborncomputer

DJstubborncomputer
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:47 AM

Posted 25 June 2017 - 07:24 PM

So just found out that Microsoft Security Essentials had quarantined three Java exploits in the cache folders. I did not see this until now when I tried disabling MSE for ESET. (I did not disable it as it was not specified when I re-read the directions.) 

Here are there locations and file names. 

 

Exploit:Java/CVE-2013-0422
file:C:\Users\Deejay\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\8a23ab5-43f9d049

 

Exploit:Java/Obfuscator.J

file:C:\Users\Deejay\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\8a23ab5-43f9d049

 
Exploit:Java/CVE-2013-1493
file:C:\Users\Deejay\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\8a23ab5-43f9d049
 
I don't know where these exploits could have came from but the files are currently in quarantine. 
 
Eset is almost done and results will be posted in next reply.
 

I have the logs here for CCleaner: 

 

Start up-

 

Yes HKCU:Run AdobeBridge
Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run Discord Hammer & Chisel, Inc. C:\Users\Deejay\AppData\Local\Discord\app-0.0.297\Discord.exe
No HKCU:Run GarminExpressTrayApp "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
No HKCU:Run Messenger (Yahoo!) "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
No HKCU:Run msnmsgr "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
Yes HKCU:Run SandboxieControl Sandboxie Holdings, LLC "C:\Program Files\Sandboxie\SbieCtrl.exe"
No HKCU:Run Skype Skype Technologies S.A. "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
No HKCU:Run Steam Valve Corporation "C:\Program Files (x86)\Steam\Steam.exe" -silent
No HKCU:Run swg "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
No HKLM:Run AdobeAAMUpdater-1.0 Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
No HKLM:Run AdobeCS6ServiceManager Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
Yes HKLM:Run cctray "C:\Program Files\Total Defense\Internet Security Suite\casc.exe"
Yes HKLM:Run Conime %windir%\system32\conime.exe
No HKLM:Run EKIJ5000StatusMonitor Eastman Kodak Company C:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
No HKLM:Run EKStatusMonitor Eastman Kodak Company C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
Yes HKLM:Run HotKeysCmds Intel Corporation C:\windows\system32\hkcmd.exe
Yes HKLM:Run IgfxTray Intel Corporation C:\windows\system32\igfxtray.exe
Yes HKLM:Run Malwarebytes TrayApp Malwarebytes C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
Yes HKLM:Run MSC Microsoft Corporation "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
No HKLM:Run NortonOnlineBackupReminder "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
Yes HKLM:Run Persistence Intel Corporation C:\windows\system32\igfxpers.exe
Yes HKLM:Run SmartAudio Conexant systems, Inc. C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
No HKLM:Run SunJavaUpdateSched Sun Microsystems, Inc. "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
No HKLM:Run SwitchBoard Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
Yes HKLM:Run SynTPEnh Synaptics Incorporated %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
No HKLM:Run TCrdMain TOSHIBA Corporation %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
No HKLM:Run ToshibaAppPlace "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
No HKLM:Run ToshibaServiceStation TOSHIBA Corporation "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
Yes HKLM:Run TosNC TOSHIBA Corporation %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
No HKLM:Run TosReelTimeMonitor TOSHIBA Corporation %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
Yes HKLM:Run TosSENotify TOSHIBA Corporation C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
Yes HKLM:Run TosVolRegulator TOSHIBA Corporation C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
Yes HKLM:Run TPwrMain TOSHIBA Corporation %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
Yes HKLM:Run WTClient Tablet Driver WTClient.exe
No Startup Common Adobe Gamma Loader.lnk Adobe Systems, Inc. C:\PROGRA~2\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE 
 

 

Scheduled Tasks-

 

Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes Task AdobeAAMUpdater-1.0-Deejay-PC-Deejay Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe -mode=scheduled
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task Opera scheduled Autoupdate 1498366207 Opera Software C:\Program Files\Opera\launcher.exe --scheduledautoupdate $(Arg0)
Yes Task {17EB23DD-5768-494E-B3DE-40C197A001A3} Microsoft Corporation C:\windows\system32\pcalua.exe -a C:\PaintToolSAI\uninst.exe
Yes Task {1E428B2C-B149-4465-A0BF-AEEEE13771D0} Microsoft Corporation msiexec.exe /package "C:\Users\Deejay\Desktop\apploc.msi"
Yes Task {4C65DB7C-279F-45F1-B10A-213A3D69387D} Microsoft Corporation C:\windows\system32\pcalua.exe -a C:\windows\SetupX32.EXE -c  /@SetupExt\Tablet
Yes Task {91872EAA-A2E2-4EF5-B428-3770F1EF3F4D} Microsoft Corporation C:\windows\system32\pcalua.exe -a C:\PROGRA~2\ACOUST~1\UNWISE.EXE -c C:\PROGRA~2\ACOUST~1\INSTALL.LOG
Yes Task {C0F68F42-1DA8-42C7-9906-66903FF468F5} Microsoft Corporation C:\windows\system32\pcalua.exe -a C:\Users\Deejay\Downloads\FirmwareFlashLauncher.exe -d C:\Users\Deejay\Downloads
Yes Task {D70FF91D-009B-4060-B781-6D372A1291EB} Microsoft Corporation C:\windows\system32\pcalua.exe -a "C:\Users\Deejay\Downloads\Driver 5.02 D20131030_D20130918V3\Driver 5.02 D20131030_D20130918V3\SETUP.EXE" -d "C:\Users\Deejay\Downloads\Driver 5.02 D20131030_D20130918V3\Driver 5.02 D20131030_D20130918V3"
Yes Task {F4847E14-6A44-411D-8D4A-77439A50B8AB} Microsoft Corporation C:\windows\system32\pcalua.exe -a C:\Users\Deejay\Desktop\flux-setup.exe -d C:\Users\Deejay\Desktop
 
 
Uninstall -
 
Adobe Flash Player 26 ActiveX Adobe Systems Incorporated 6/25/2017 19.1 MB 26.0.0.131
Adobe Flash Player 26 NPAPI Adobe Systems Incorporated 6/25/2017 19.6 MB 26.0.0.131
Adobe Photoshop CS6 Adobe Systems Incorporated 12/25/2012 2.84 GB 13.0
Adobe Photoshop Elements 2.0 Adobe Systems, Inc. 9/13/2012 2.0
Adobe Reader X MUI Adobe Systems Incorporated 8/7/2011 470 MB 10.0.0
Apple Software Update Apple Inc. 2/16/2014 2.38 MB 2.1.3.127
ASIO4ALL Michael Tippach 12/16/2012 2.10
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver Atheros Communications Inc. 10/24/2011 1.0.1.42
CCleaner Piriform 6/25/2017 5.31
Conexant HD Audio Conexant 10/24/2011 8.54.4.53
Discord Hammer & Chisel, Inc. 1/25/2017 49.1 MB 0.0.297
HyperCam 2 Hyperionics Technology LLC 8/25/2012 2.27.00
Inkscape 0.48.4 11/17/2013 0.48.4
Intel® Management Engine Components Intel Corporation 10/24/2011 7.0.0.1144
Intel® Processor Graphics Intel Corporation 10/24/2011 8.15.10.2353
Intel® Rapid Storage Technology Intel Corporation 6/25/2017 10.1.0.1008
Java™ 6 Update 35 Oracle 9/17/2012 95.7 MB 6.0.350
join.me LogMeIn, Inc. 11/23/2013 1.12.3.173
KODAK AiO Software Eastman Kodak Company 7/26/2013 7.7.6.0
Label@Once 1.0 Corel 10/24/2011 33.0 MB 1.0
m2tools CheeseWare EmoteMovieMaker 7/10/2014
Malwarebytes version 3.1.2.1733 Malwarebytes 6/24/2017 160 MB 3.1.2.1733
Melodyne Runtime 4.1 (x64) Celemony Software GmbH 2/14/2013 49.1 MB 1.0.1
Microsoft .NET Framework 4.5.2 Microsoft Corporation 6/25/2017 38.8 MB 4.5.51209
Microsoft AppLocale MS 7/10/2014 3.61 MB 1.0.0
Microsoft Office 2010 Microsoft Corporation 9/12/2013 8.27 MB 14.0.4763.1000
Microsoft Office Click-to-Run 2010 Microsoft Corporation 8/27/2012 14.0.4763.1000
Microsoft Office Starter 2010 - English Microsoft Corporation 8/27/2012 14.0.4763.1000
Microsoft PowerPoint Viewer Microsoft Corporation 6/25/2017 258 MB 14.0.7015.1000
Microsoft Security Essentials Microsoft Corporation 6/24/2017 4.10.209.0
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 8/27/2012 300 KB 8.0.61001
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 4/2/2013 704 KB 8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 8/7/2011 788 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 10/24/2011 784 KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 8/27/2012 782 KB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 10/29/2012 238 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 10/24/2011 592 KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 8/27/2012 594 KB 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 12/26/2012 13.8 MB 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 12/26/2012 12.2 MB 10.0.40219
Microsoft Windows Application Compatibility Database 7/10/2014
Moonbase Alpha Virtual Heroes 11/27/2013
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 11/4/2012 1.27 MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 11/5/2012 1.33 MB 4.20.9876.0
MyPaint 1.0.0 Martin Renold & MyPaint Development Team 9/28/2013 1.0.0
Mystery Legends: Sleepy Hollow 9/10/2012
Opera Stable 46.0.2597.26 Opera Software 6/24/2017 46.0.2597.26
Paint.NET v3.5.10 dotPDN LLC 8/26/2012 10.7 MB 3.60.0
PaintTool SAI Ver.1 6/25/2017
PlayReady PC Runtime amd64 Microsoft Corporation 8/7/2011 2.05 MB 1.3.0
PlayReady PC Runtime x86 Microsoft Corporation 8/7/2011 1.65 MB 1.3.0
Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 10/24/2011 6.1.7600.30124
Realtek WLAN Driver REALTEK Semiconductor Corp. 10/24/2011 2.00.0016
RPG MAKER VX Ace Lite Enterbrain 1/6/2014 122 MB 1.01b
Sandboxie 4.06 (64-bit) Sandboxie Holdings, LLC 11/16/2013 4.06
Skype Launcher TOSHIBA Corporation 10/24/2011 2.01
Skype™ 7.0 Skype Technologies S.A. 6/25/2017 47.8 MB 7.0.102
Sonic Adventure™ 2 SEGA 7/6/2013
States of Matter- Basics University of Colorado, Department of Physics 9/21/2012
Steam Valve Corporation 7/6/2013 1.77 MB 1.0.0.0
Synaptics Pointing Device Driver Synaptics Incorporated 10/24/2011 15.0.8.1
Tablet Driver V8.01 6/25/2017
TOSHIBA Application Installer TOSHIBA 8/7/2011 9.0.1.2
TOSHIBA Assist TOSHIBA CORPORATION 8/7/2011 4.2.3.0
Toshiba Book Place K-NFB Reading Technology, Inc. 8/7/2011 46.8 MB 2.2.7530
TOSHIBA Bulletin Board TOSHIBA Corporation 10/24/2011 1.6.11.64
TOSHIBA Disc Creator TOSHIBA Corporation 10/24/2011 11.0 MB 2.1.0.11 for x64
TOSHIBA Face Recognition TOSHIBA Corporation 10/24/2011 3.1.17.64
TOSHIBA Hardware Setup TOSHIBA Corporation 10/24/2011 2.1.0.3
TOSHIBA HDD/SSD Alert TOSHIBA Corporation 8/7/2011 55.0 MB 3.1.64.9
TOSHIBA Media Controller TOSHIBA CORPORATION 8/7/2011 1.0.87.4
TOSHIBA Media Controller Plug-in TOSHIBA CORPORATION 8/7/2011 6.65 MB 1.0.7.5
TOSHIBA Quality Application TOSHIBA 8/24/2012 1.0.3
TOSHIBA Recovery Media Creator TOSHIBA CORPORATION 10/24/2011 2.1.5.5109a
TOSHIBA ReelTime TOSHIBA Corporation 10/24/2011 1.7.21.64
TOSHIBA Resolution+ Plug-in for Windows Media Player TOSHIBA Corporation 10/24/2011 1.1.2001
TOSHIBA Service Station TOSHIBA 10/24/2011 2.2.12
TOSHIBA Supervisor Password TOSHIBA Corporation 10/24/2011 2.1.0.2
TOSHIBA Value Added Package TOSHIBA Corporation 10/24/2011 100 MB 1.6.1.64
TOSHIBA Web Camera Application TOSHIBA Corporation 10/24/2011 65.2 MB 2.0.3.3
TOSHIBA Wireless LAN Indicator TOSHIBA CORPORATION 10/24/2011 5.08 MB 1.0.5
TOSHIBARegistration TOSHIBA 8/7/2011 1.0.6
WildTangent Games WildTangent 10/24/2011 1.0.2.5
Windows Live Mesh ActiveX Control for Remote Connections Microsoft Corporation 8/7/2011 5.57 MB 15.4.5722.2
Windows Live Sign-in Assistant Microsoft Corporation 11/5/2012 1.93 MB 5.000.818.5
Windows Live Upload Tool Microsoft Corporation 11/5/2012 224 KB 14.0.8014.1029
Windows Movie Maker 2.6 Microsoft Corporation 8/26/2012 8.81 MB 2.6.4037.0
WinRAR 4.20 (64-bit) win.rar GmbH 3/18/2013 4.20.0
 

Edited by DJstubborncomputer, 25 June 2017 - 07:28 PM.


#9 buddy215

buddy215

  • BC Advisor
  • 12,871 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:47 AM

Posted 25 June 2017 - 07:50 PM

Disable these Tasks: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes Task Opera scheduled Autoupdate 1498366207 Opera Software C:\Program Files\Opera\launcher.exe --scheduledautoupdate $(Arg0)
Yes Task {17EB23DD-5768-494E-B3DE-40C197A001A3} Microsoft Corporation C:\windows\system32\pcalua.exe -a C:\PaintToolSAI\uninst.exe
Yes Task {1E428B2C-B149-4465-A0BF-AEEEE13771D0} Microsoft Corporation msiexec.exe /package "C:\Users\Deejay\Desktop\apploc.msi"
Yes Task {4C65DB7C-279F-45F1-B10A-213A3D69387D} Microsoft Corporation C:\windows\system32\pcalua.exe -a C:\windows\SetupX32.EXE -c  /@SetupExt\Tablet
Yes Task {91872EAA-A2E2-4EF5-B428-3770F1EF3F4D} Microsoft Corporation C:\windows\system32\pcalua.exe -a C:\PROGRA~2\ACOUST~1\UNWISE.EXE -c C:\PROGRA~2\ACOUST~1\INSTALL.LOG
Yes Task {C0F68F42-1DA8-42C7-9906-66903FF468F5} Microsoft Corporation C:\windows\system32\pcalua.exe -a C:\Users\Deejay\Downloads\FirmwareFlashLauncher.exe -d C:\Users\Deejay\Downloads
Yes Task {D70FF91D-009B-4060-B781-6D372A1291EB} Microsoft Corporation C:\windows\system32\pcalua.exe -a "C:\Users\Deejay\Downloads\Driver 5.02 D20131030_D20130918V3\Driver 5.02 D20131030_D20130918V3\SETUP.EXE" -d "C:\Users\Deejay\Downloads\Driver 5.02 D20131030_D20130918V3\Driver 5.02 D20131030_D20130918V3"
Yes Task {F4847E14-6A44-411D-8D4A-77439A50B8AB} Microsoft Corporation C:\windows\system32\pcalua.exe -a C:\Users\Deejay\Desktop\flux-setup.exe -d C:\Users\Deejay\Desktop
 
Uninstall these programs: (You probably won't need to reinstall Java...most users don't need it)
Adobe Reader X MUI Adobe Systems Incorporated 8/7/2011 470 MB 10.0.0
Java™ 6 Update 35 Oracle 9/17/2012 95.7 MB 6.0.350
Windows Live Mesh ActiveX Control for Remote Connections Microsoft Corporation 8/7/2011 5.57 MB 15.4.5722.2

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#10 DJstubborncomputer

DJstubborncomputer
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:47 AM

Posted 25 June 2017 - 08:05 PM

I have disabled all forementioned tasks in Ccleaner and uninstalled the listed programs in the control panel.
So we gave a problem. ESET was scanning for 7+ hours and towards the end the laptop forced itself into an update while I slept. I have no idea what the infections were. Is there A way I can access the log within the programs software? I'm assuming upon detection it quarantined the infections but what should I do? What happened to those files? I have not made changes to the software other than allowing it to update
I have disconntected the internet from the laptop at this point to prevent any updates to possible viruses.

The java exploits look to be from 2013 going by the date. How severe do you think the exploits are? Apparently there were many zero days in 2013 so honestly I couldn't find a lot of information other than that they are considered ambiguous and severe risks. I would hope any of these did not have rootkits.

Edited by DJstubborncomputer, 26 June 2017 - 04:17 AM.


#11 buddy215

buddy215

  • BC Advisor
  • 12,871 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:47 AM

Posted 26 June 2017 - 06:49 AM

The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. To view the log file, Show hidden files and folders must be enabled. New logs are appended to the existing log files when multiple scans are run. 

The path to the log file is the following: C:\users\%userprofile%\appdata\local\temp\log.txt

 

I suggest Disabling these Windows Startups: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes HKCU:Run AdobeBridge
Yes HKLM:Run cctray "C:\Program Files\Total Defense\Internet Security Suite\casc.exe"  (I don't see it being installed...it is a third rate program, too)
Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run Discord Hammer & Chisel, Inc. C:\Users\Deejay\AppData\Local\Discord\app-0.0.297\Discord.exe
Yes HKLM:Run IgfxTray Intel Corporation C:\windows\system32\igfxtray.exe
 
Delete Yes HKLM:Run Conime %windir%\system32\conime.exe from your Windows Startup list in CCleaner.
 
Uninstall WildTangent Games WildTangent 10/24/2011 1.0.2.5
 

 

Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Edited by buddy215, 26 June 2017 - 06:54 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#12 DJstubborncomputer

DJstubborncomputer
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:47 AM

Posted 26 June 2017 - 08:28 AM

So I found the log file but it did not document any of the flagged files. Is this because I ran the program after it was forcefully shut down? I checked it around 4 AM central time this morning to see if it would offer a log or history of the previous scan. I remember it had at least six files mentioned in quarantine but none are noted. You can see the run times though from 6:59pm to 4:00am, and then the second run when I was looking for options of log history.

 

I looked for the quarantine folder but none seemed to exist. 

 

All the startups and programs have been disabled/or removed. Total Defense was a AV offered by our ISP at the time. I have since deviated from using ISP branded AVs. 

 

 

Here is that ESET log: 

 

18:59:39 # product=EOS
# version=8
# flags=0
# esetonlinescanner_enu.exe=2.0.17.0
# EOSSerial=
# end=init
# utc_time=2017-06-25 23:59:38
# local_time=2017-06-25 18:59:38 (-0600, Central Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
18:59:52 # product=EOS
# version=8
# flags=0
# esetonlinescanner_enu.exe=2.0.17.0
# EOSSerial=6c58e0151961a3428ed63f76a772c222
# end=init
# utc_time=2017-06-25 23:59:52
# local_time=2017-06-25 18:59:52 (-0600, Central Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
19:05:33 Updating
19:05:33 Update Init
19:05:36 Update Download
19:13:58 esets_scanner_reload returned 0
19:13:58 g_uiModuleBuild: 33843
19:13:58 Update Finalize
19:13:58 Call m_esets_charon_send
19:13:58 Call m_esets_charon_destroy
19:13:58 Updated modules version: 33843
19:14:17 Call m_esets_charon_setup_create
19:14:17 Call m_esets_charon_create
19:14:17 m_esets_charon_create OK
19:14:17 Call m_esets_charon_start_send_thread
19:14:17 Call m_esets_charon_setup_set
19:14:17 m_esets_charon_setup_set OK
19:14:17 Scanner engine: 33843
03:58:23 # product=EOS
# version=8
# flags=0
# esetonlinescanner_enu.exe=2.0.17.0
# EOSSerial=6c58e0151961a3428ed63f76a772c222
# end=init
# utc_time=2017-06-26 08:58:19
# local_time=2017-06-26 03:58:19 (-0600, Central Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
03:58:32 # product=EOS
# version=8
# flags=0
# esetonlinescanner_enu.exe=2.0.17.0
# EOSSerial=6c58e0151961a3428ed63f76a772c222
# end=init
# utc_time=2017-06-26 08:58:32
# local_time=2017-06-26 03:58:32 (-0600, Central Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
03:59:07 Call m_esets_charon_setup_create
03:59:07 Call m_esets_charon_create
03:59:07 m_esets_charon_create OK
03:59:07 Call m_esets_charon_start_send_thread
03:59:07 Call m_esets_charon_setup_set
03:59:07 m_esets_charon_setup_set OK
03:59:26 Updating
03:59:26 Update Init
03:59:44 Call m_esets_charon_setup_create
03:59:44 Call m_esets_charon_create
03:59:44 m_esets_charon_setup_set ERROR
03:59:44 Update Download
03:59:47 Call m_esets_charon_send
03:59:47 Call m_esets_charon_destroy
03:59:48 RecursiveRemoveDirectoryAndAllFiles: C:\Users\Deejay\AppData\Local\ESET\ESETOnlineScanner\Quarantine\
04:00:08 # product=EOS
# version=8
# flags=0
# esetonlinescanner_enu.exe=2.0.17.0
# EOSSerial=6c58e0151961a3428ed63f76a772c222
# end=init
# utc_time=2017-06-26 09:00:07
# local_time=2017-06-26 04:00:07 (-0600, Central Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
04:00:15 # product=EOS
# version=8
# flags=0
# esetonlinescanner_enu.exe=2.0.17.0
# EOSSerial=6c58e0151961a3428ed63f76a772c222
# end=init
# utc_time=2017-06-26 09:00:15
# local_time=2017-06-26 04:00:15 (-0600, Central Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
04:00:36 Call m_esets_charon_setup_create
04:00:36 Call m_esets_charon_create
04:00:36 m_esets_charon_create OK
04:00:36 Call m_esets_charon_start_send_thread
04:00:36 Call m_esets_charon_setup_set
04:00:36 m_esets_charon_setup_set OK
04:00:37 Updating
04:00:37 Update Init
04:00:51 Call m_esets_charon_setup_create
04:00:52 Call m_esets_charon_create
04:00:52 m_esets_charon_setup_set ERROR
04:00:52 Update Download
04:01:39 esets_scanner_reload returned 0
04:01:39 g_uiModuleBuild: 33847
04:01:39 Update Finalize
04:01:39 Call m_esets_charon_send
04:01:39 Call m_esets_charon_destroy
04:01:39 Updated modules version: 33847
04:01:53 Call m_esets_charon_setup_create
04:01:53 Call m_esets_charon_create
04:01:53 m_esets_charon_setup_set ERROR
04:01:53 Scanner engine: 33847
04:09:56 # product=EOS
# version=8
# flags=0
# esetonlinescanner_enu.exe=2.0.17.0
# EOSSerial=6c58e0151961a3428ed63f76a772c222
# engine=33847
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# sfx_checked=true
# utc_time=2017-06-26 09:09:56
# local_time=2017-06-26 04:09:56 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 0 37104610 0 0
# scanned=0
# found=0
# cleaned=0
# scan_time=495
04:11:51 Call m_esets_charon_send
04:11:51 Call m_esets_charon_destroy
04:11:53 RecursiveRemoveDirectoryAndAllFiles: C:\Users\Deejay\AppData\Local\ESET\ESETOnlineScanner\Quarantine\
 
SecurityCheck log: 

 Results of screen317's Security Check version 1.014 --- 12/23/15  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player 26.0.0.131  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamtray.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 9% 
````````````````````End of Log`````````````````````` 
 

Edited by DJstubborncomputer, 26 June 2017 - 08:29 AM.


#13 buddy215

buddy215

  • BC Advisor
  • 12,871 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:47 AM

Posted 26 June 2017 - 10:06 AM

As you can see the drive needs defragmenting....unless it is a SSD drive and not a disk drive.

 

Other than that...I think you are good to go unless you are seeing some other problem we haven't addressed.

 

If you don't have an ad blocker I would suggest using Adblock Plus. Once installed click on the ABP icon at the top of your browsers and

choose Filter Preferences. Then UNcheck the box next to Allow some non-intrusive advertisements.

Adblock Plus :: Add-ons for Firefox    Adblock Plus - Chrome Web Store

Adblock Plus for IE

 

You can block the install of Third Party cookies...also known as ad/ tracking cookies. Once you have blocked the installing...run CCleaner

to remove the present ones. How to disable third-party cookies in all major web browsers


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#14 DJstubborncomputer

DJstubborncomputer
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:47 AM

Posted 26 June 2017 - 10:15 AM

Alright. Do you think the java exploits were of any concern? Or the searchscopes? Or were they just run if the mill adware payloads?

I have Ublock origin and third party ads blocked on Opera. :)

Thank you for helping me. All of you rock and I'll come back here if I have any further issues.

#15 buddy215

buddy215

  • BC Advisor
  • 12,871 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:47 AM

Posted 26 June 2017 - 10:39 AM

Well...those exploits were dealt with years ago and if you are not seeing browser hijacking, search misdirects and ads then all is well as can be.

 

You're welcome....happy surfin'

 

Ublock and Adblock Plus use the same Easy LIst of ad servers and both function pretty much the same.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users