Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rouguekiller found pum virus but hasn't properly removed


  • This topic is locked This topic is locked
20 replies to this topic

#1 toooons

toooons

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:07 PM

Posted 28 June 2017 - 04:03 AM

Hi, 

 

My ASUS laptop has been running very high CPU for no apparent reason. When checking task manager and resource manager it seems to be DWM but in resource manager total CPU is running at 100% but the individual tasks do not add up to this. I tried a range of anti virus software (including malwarebytes) which found nothing until rougekiller found 6 problems under PUM. These are now removed by rougekiller but the problem remains. Please help! Thanks.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-06-2017 01
Ran by Jamin (administrator) on TOONS (28-06-2017 09:30:53)
Running from C:\Users\Jamin\Desktop
Loaded Profiles: Jamin (Available Profiles: Jamin)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSWinService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
() C:\Windows\System32\GManager.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
() C:\Windows\System32\mlpatch.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Check Device\ASUS_Check.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Corporation) C:\Windows\System32\CastSrv.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Magic Control Technology Corporation) C:\Program Files (x86)\Mct Corp\UVTP100\Driver\TUCCDUTIL\TUCCD.exe
(Akamai Technologies, Inc.) C:\Users\Jamin\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Jamin\AppData\Local\Akamai\netsession_win.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
() C:\Program Files (x86)\Dropbox\Client\QtWebEngineProcess.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Farbar) C:\Users\Jamin\Desktop\FRST64 (1).exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [920280 2015-04-17] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM\...\Run: [TUCCDUtil] => C:\Program Files (x86)\Mct Corp\UVTP100\Driver\TUCCDUTIL\TUCCD.exe [1892560 2015-11-24] (Magic Control Technology Corporation)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\ASUSWSLoader.exe [63296 2014-08-20] ()
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3486520 2017-06-26] (Dropbox, Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [235624 2015-01-09] (CANON INC.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1314432 2016-06-09] (CANON INC.)
HKU\S-1-5-21-1018740086-1649920780-886622785-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Jamin\AppData\Local\Akamai\netsession_win.exe [4490200 2017-01-03] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1018740086-1649920780-886622785-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHLE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1018740086-1649920780-886622785-1001\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHLE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1018740086-1649920780-886622785-1001\...\Run: [EPLTarget\P0000000000000002] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHLE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1018740086-1649920780-886622785-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2017-03-16] (Google)
HKU\S-1-5-21-1018740086-1649920780-886622785-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27774936 2017-04-02] (Skype Technologies S.A.)
HKU\S-1-5-21-1018740086-1649920780-886622785-1001\...\Run: [Kaspersky Software Updater] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe [1565000 2016-11-26] (AO Kaspersky Lab)
HKU\S-1-5-18\...\Run: [KSS] => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.11.399\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.11.399\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.11.399\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{ca5616d6-bbde-4079-ae14-5a2373282edc}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{f12b1266-8c00-46ec-8ced-9ea5f36105d3}: [DhcpNameServer] 194.168.4.100 194.168.8.100
 
Internet Explorer:
==================
HKU\S-1-5-21-1018740086-1649920780-886622785-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-04-11] (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-03-14] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-20] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: elntd35e.default-1498139189440
FF ProfilePath: C:\Users\Jamin\AppData\Roaming\Mozilla\Firefox\Profiles\elntd35e.default-1498139189440 [2017-06-22]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2016-04-14] (CANON INC.)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-09-03] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-05-19] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-06] ()
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Jamin\AppData\Local\Google\Chrome\User Data\Default [2017-06-28]
CHR Extension: (Google Slides) - C:\Users\Jamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-18]
CHR Extension: (Google Docs) - C:\Users\Jamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-18]
CHR Extension: (Google Drive) - C:\Users\Jamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (Rapport) - C:\Users\Jamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2017-06-28]
CHR Extension: (YouTube) - C:\Users\Jamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Google Search) - C:\Users\Jamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02]
CHR Extension: (Google Sheets) - C:\Users\Jamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-18]
CHR Extension: (IBA Opt-out (by Google)) - C:\Users\Jamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb [2015-05-18]
CHR Extension: (Google Docs Offline) - C:\Users\Jamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (AdBlock) - C:\Users\Jamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-06-27]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Jamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-02-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-17]
CHR Extension: (Gmail) - C:\Users\Jamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-18]
CHR Extension: (Chrome Media Router) - C:\Users\Jamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-15]
CHR Extension: (YouTube Video and Mp3 Downloader) - C:\Users\Jamin\Desktop\YouTube Video Downloader [2015-06-13]
CHR HKU\S-1-5-21-1018740086-1649920780-886622785-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1018740086-1649920780-886622785-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSWinService.exe [71168 2014-08-20] (ASUS Cloud Corporation) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042544 2017-03-14] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-08] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-08] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [49992 2017-06-26] (Dropbox, Inc.)
R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1037568 2015-02-03] (Intel Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
R2 GManager; C:\WINDOWS\system32\GManager.exe [313432 2012-08-28] ()
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373728 2016-11-30] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [387144 2016-02-04] ()
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-09-03] (Intel Corporation)
S3 ksu; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe [1565000 2016-11-26] (AO Kaspersky Lab)
R2 MlPatch; C:\WINDOWS\system32\MlPatch.exe [2244912 2014-08-22] ()
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2408432 2017-05-23] (IBM Corp.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [101368 2015-12-18] (ASUS Corporation)
R3 AX88772; C:\WINDOWS\System32\drivers\ax88772.sys [124160 2016-07-01] (ASIX Electronics Corp.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [38720 2015-02-03] (Intel Corporation)
R3 dptf_pch; C:\WINDOWS\System32\drivers\dptf_pch.sys [38208 2015-02-03] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\System32\drivers\esif_lf.sys [216904 2015-02-03] (Intel Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [250624 2016-10-15] (Intel Corporation)
R0 IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [79528 2014-10-16] (Intel Corporation)
R3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( )
R3 mctkmd; C:\WINDOWS\system32\drivers\mctkmd64.sys [166608 2015-11-20] (Magic Control Technology Corporation)
R0 mctkmdldr; C:\WINDOWS\System32\drivers\mctkmdldr64.sys [19584 2011-04-08] (Magic Control Technology Corporation)
R3 MctUsbAudio; C:\WINDOWS\system32\DRIVERS\MctFlt.sys [22320 2015-03-10] (Windows ® Win 7 DDK provider)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R1 MpKslbd27796e; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8443E752-358B-4946-A82B-3D282C667D6B}\MpKslbd27796e.sys [44928 2017-06-27] (Microsoft Corporation)
R3 Netwtw04; C:\WINDOWS\system32\DRIVERS\Netwtw04.sys [7918840 2016-12-19] (Intel Corporation)
R1 RapportAegle64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [384256 2017-05-23] (IBM Corp.)
R1 RapportCerberus_1804058; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1804058.sys [1271232 2017-06-28] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [585376 2017-05-23] (IBM Corp.)
U0 RapportHades64; C:\WINDOWS\System32\Drivers\RapportHades64.sys [253856 2017-05-23] (IBM Corp.)
U0 RapportKE64; C:\WINDOWS\System32\Drivers\RapportKE64.sys [507904 2017-05-23] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [610560 2017-05-23] (IBM Corp.)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 SensorsAlsDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [220672 2017-03-18] (Microsoft Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
R3 t5usb64; C:\WINDOWS\system32\drivers\t5usb64.sys [159520 2015-11-30] (Magic Control Technology Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-06-27] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-06-23] (Zemana Ltd.)
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-28 09:30 - 2017-06-28 09:33 - 00025146 _____ C:\Users\Jamin\Desktop\FRST.txt
2017-06-28 09:27 - 2017-06-28 09:30 - 00000000 ____D C:\FRST
2017-06-28 09:27 - 2017-06-28 09:27 - 02441216 _____ (Farbar) C:\Users\Jamin\Desktop\FRST64 (1).exe
2017-06-28 09:25 - 2017-06-28 09:25 - 02441216 _____ (Farbar) C:\Users\Jamin\Downloads\FRST64.exe
2017-06-28 08:34 - 2017-05-23 15:30 - 00507904 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportKE64.sys
2017-06-28 08:34 - 2017-05-23 15:30 - 00253856 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportHades64.sys
2017-06-28 08:33 - 2017-06-28 08:33 - 00000000 ____D C:\Users\Jamin\AppData\Local\Trusteer
2017-06-28 08:33 - 2017-06-28 08:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2017-06-28 08:33 - 2017-06-28 08:33 - 00000000 ____D C:\Program Files (x86)\Trusteer
2017-06-28 08:32 - 2017-06-28 08:32 - 00483824 _____ (IBM Corp.) C:\Users\Jamin\Downloads\RapportSetup.exe
2017-06-28 08:32 - 2017-06-28 08:32 - 00000000 ____D C:\ProgramData\Trusteer
2017-06-28 08:27 - 2017-06-28 08:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-06-27 17:25 - 2017-06-27 17:25 - 26424392 _____ C:\Users\Jamin\Downloads\RogueKiller_portable64 (1).exe
2017-06-27 15:48 - 2017-06-27 17:25 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-06-27 15:48 - 2017-06-27 16:58 - 00000000 ____D C:\ProgramData\RogueKiller
2017-06-27 15:48 - 2017-06-27 15:48 - 26424392 _____ C:\Users\Jamin\Downloads\RogueKiller_portable64.exe
2017-06-26 11:27 - 2017-06-26 11:27 - 00049992 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-06-26 11:27 - 2017-06-26 11:27 - 00045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-06-26 11:27 - 2017-06-26 11:27 - 00045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-06-26 11:27 - 2017-06-26 11:27 - 00045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-06-26 09:54 - 2017-06-26 09:54 - 00149470 _____ C:\Users\Jamin\Documents\IMG_20170626_0001.pdf
2017-06-23 12:59 - 2017-06-23 12:59 - 00000000 ___HD C:\$SysReset
2017-06-23 12:06 - 2017-06-28 09:30 - 00122448 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-06-23 12:06 - 2017-06-23 12:34 - 00022774 _____ C:\WINDOWS\ZAM.krnl.trace
2017-06-23 12:05 - 2017-06-27 16:59 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-06-23 12:05 - 2017-06-23 12:05 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-06-23 12:05 - 2017-06-23 12:05 - 00000000 ____D C:\Users\Jamin\AppData\Local\Zemana
2017-06-23 12:04 - 2017-06-23 12:04 - 06589840 _____ (Zemana Ltd. ) C:\Users\Jamin\Downloads\Zemana.AntiMalware.Setup.exe
2017-06-23 11:55 - 2017-06-23 12:39 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2017-06-23 11:55 - 2017-06-23 12:39 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2017-06-23 11:55 - 2017-06-23 11:55 - 00001312 _____ C:\Users\Public\Desktop\Kaspersky Software Updater.lnk
2017-06-23 11:55 - 2017-06-23 11:55 - 00000000 ____D C:\Users\Jamin\AppData\Local\CEF
2017-06-23 11:55 - 2017-06-23 11:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Software Updater
2017-06-23 11:53 - 2017-06-23 12:39 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2017-06-23 11:53 - 2017-06-23 11:53 - 02623496 _____ (Kaspersky Lab) C:\Users\Jamin\Downloads\kss16.0.0.1344mlg_10004.exe
2017-06-23 11:53 - 2017-06-23 11:53 - 02623496 _____ (Kaspersky Lab) C:\Users\Jamin\Downloads\kss16.0.0.1344mlg_10004 (1).exe
2017-06-23 11:50 - 2017-06-23 11:54 - 00075354 _____ C:\TDSSKiller.3.1.0.15_23.06.2017_11.50.01_log.txt
2017-06-23 11:49 - 2017-06-23 11:49 - 04922400 _____ (AO Kaspersky Lab) C:\Users\Jamin\Downloads\tdsskiller.exe
2017-06-22 21:00 - 2017-06-22 21:02 - 142958360 _____ (Microsoft Corporation) C:\Users\Jamin\Downloads\msert.exe
2017-06-22 14:48 - 2017-06-22 14:48 - 13164256 _____ (Microsoft Corporation) C:\Users\Jamin\Downloads\Silverlight_x64.exe
2017-06-22 14:46 - 2017-06-22 14:46 - 00000000 ____D C:\Users\Jamin\Desktop\Old Firefox Data
2017-06-21 13:22 - 2017-06-21 13:22 - 00527039 _____ C:\Users\Jamin\Downloads\Ring Valuation.pdf
2017-06-21 13:14 - 2017-06-21 13:14 - 00534343 _____ C:\Users\Jamin\Documents\IMG_20170621_0001.pdf
2017-06-15 16:52 - 2017-06-15 16:52 - 00020525 _____ C:\Users\Jamin\Downloads\HERMES_ShippingLabel_2017_6_15.pdf
2017-06-14 08:49 - 2017-06-03 11:15 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-06-14 08:49 - 2017-06-03 11:15 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-14 08:49 - 2017-06-03 11:09 - 08318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-14 08:49 - 2017-06-03 11:09 - 01003624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-06-14 08:49 - 2017-06-03 11:08 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-14 08:49 - 2017-06-03 11:07 - 00119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-14 08:49 - 2017-06-03 11:00 - 00219040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2017-06-14 08:49 - 2017-06-03 10:59 - 01409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-06-14 08:49 - 2017-06-03 10:59 - 00626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-06-14 08:49 - 2017-06-03 10:59 - 00311200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-14 08:49 - 2017-06-03 10:59 - 00259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-06-14 08:49 - 2017-06-03 10:58 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-06-14 08:49 - 2017-06-03 10:58 - 00254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-06-14 08:49 - 2017-06-03 10:55 - 02681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-06-14 08:49 - 2017-06-03 10:36 - 01150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-06-14 08:49 - 2017-06-03 10:35 - 02259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-06-14 08:49 - 2017-06-03 10:28 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-06-14 08:49 - 2017-06-03 10:26 - 00266640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\capauthz.dll
2017-06-14 08:49 - 2017-06-03 10:23 - 20373920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-14 08:49 - 2017-06-03 10:23 - 06760024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-06-14 08:49 - 2017-06-03 10:23 - 00573856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2017-06-14 08:49 - 2017-06-03 10:20 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-06-14 08:49 - 2017-06-03 10:14 - 03673088 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-06-14 08:49 - 2017-06-03 10:14 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-06-14 08:49 - 2017-06-03 10:12 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-06-14 08:49 - 2017-06-03 10:11 - 02958848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-06-14 08:49 - 2017-06-03 10:11 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-06-14 08:49 - 2017-06-03 10:11 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-06-14 08:49 - 2017-06-03 10:11 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-14 08:49 - 2017-06-03 10:11 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-14 08:49 - 2017-06-03 10:11 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-06-14 08:49 - 2017-06-03 10:10 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-06-14 08:49 - 2017-06-03 10:10 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-06-14 08:49 - 2017-06-03 10:09 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-06-14 08:49 - 2017-06-03 10:09 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\devicengccredprov.dll
2017-06-14 08:49 - 2017-06-03 10:09 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-06-14 08:49 - 2017-06-03 10:07 - 23682048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-14 08:49 - 2017-06-03 10:07 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-06-14 08:49 - 2017-06-03 10:07 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-06-14 08:49 - 2017-06-03 10:05 - 20506624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-06-14 08:49 - 2017-06-03 10:05 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-06-14 08:49 - 2017-06-03 10:05 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devicengccredprov.dll
2017-06-14 08:49 - 2017-06-03 10:04 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-14 08:49 - 2017-06-03 10:04 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-06-14 08:49 - 2017-06-03 10:03 - 19336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-14 08:49 - 2017-06-03 10:03 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-06-14 08:49 - 2017-06-03 10:03 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-06-14 08:49 - 2017-06-03 10:02 - 08245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-06-14 08:49 - 2017-06-03 10:01 - 02804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-06-14 08:49 - 2017-06-03 10:00 - 03379200 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-14 08:49 - 2017-06-03 10:00 - 00933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-14 08:49 - 2017-06-03 10:00 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-06-14 08:49 - 2017-06-03 09:59 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-14 08:49 - 2017-06-03 09:59 - 02672128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-14 08:49 - 2017-06-03 09:59 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-14 08:49 - 2017-06-03 09:59 - 01142784 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-14 08:49 - 2017-06-03 09:59 - 00975360 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-14 08:49 - 2017-06-03 09:59 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-06-14 08:49 - 2017-06-03 09:58 - 05961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-14 08:49 - 2017-06-03 09:58 - 02516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-06-14 08:49 - 2017-06-03 09:58 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-14 08:49 - 2017-06-03 09:58 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-06-14 08:49 - 2017-06-03 09:58 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-14 08:49 - 2017-06-03 09:57 - 11870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-14 08:49 - 2017-06-03 09:57 - 06535168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-06-14 08:49 - 2017-06-03 09:57 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-06-14 08:49 - 2017-06-03 09:57 - 02829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-14 08:49 - 2017-06-03 09:57 - 01675264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-06-14 08:49 - 2017-06-03 09:57 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-06-14 08:49 - 2017-06-03 09:57 - 00797184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-14 08:49 - 2017-06-03 09:56 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-06-14 08:49 - 2017-06-03 09:55 - 03656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-14 08:49 - 2017-06-03 09:55 - 02132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-14 08:49 - 2017-06-03 09:55 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-06-14 08:49 - 2017-06-03 09:54 - 02341376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-14 08:49 - 2017-06-03 09:54 - 02298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-06-14 08:49 - 2017-06-03 09:53 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-06-14 08:48 - 2017-06-03 11:15 - 01596600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-06-14 08:48 - 2017-06-03 11:14 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-06-14 08:48 - 2017-06-03 11:14 - 01024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-06-14 08:48 - 2017-06-03 11:10 - 00130464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-14 08:48 - 2017-06-03 11:07 - 00923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-06-14 08:48 - 2017-06-03 11:02 - 02444192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-14 08:48 - 2017-06-03 11:01 - 05477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-06-14 08:48 - 2017-06-03 11:00 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-06-14 08:48 - 2017-06-03 11:00 - 00321376 _____ (Microsoft Corporation) C:\WINDOWS\system32\capauthz.dll
2017-06-14 08:48 - 2017-06-03 10:58 - 21352696 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-14 08:48 - 2017-06-03 10:58 - 00660384 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2017-06-14 08:48 - 2017-06-03 10:57 - 00371616 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-06-14 08:48 - 2017-06-03 10:14 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-06-14 08:48 - 2017-06-03 10:14 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-06-14 08:48 - 2017-06-03 10:14 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-14 08:48 - 2017-06-03 10:10 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCredentialDeployment.exe
2017-06-14 08:48 - 2017-06-03 10:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-06-14 08:48 - 2017-06-03 10:07 - 00778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-06-14 08:48 - 2017-06-03 10:07 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-06-14 08:48 - 2017-06-03 10:06 - 00551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-06-14 08:48 - 2017-06-03 10:05 - 07336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-14 08:48 - 2017-06-03 10:05 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-06-14 08:48 - 2017-06-03 10:04 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-06-14 08:48 - 2017-06-03 10:01 - 06726656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-06-14 08:48 - 2017-06-03 09:59 - 02625024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-14 08:48 - 2017-06-03 09:59 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-06-14 08:48 - 2017-06-03 09:59 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-06-14 08:48 - 2017-06-03 09:58 - 02650112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-06-14 08:48 - 2017-06-03 09:51 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\bfsvc.exe
2017-06-07 14:40 - 2017-06-07 14:40 - 00123806 _____ C:\Users\Jamin\Documents\IMG_20170607_0002.pdf
2017-06-07 14:37 - 2017-06-07 14:40 - 00000000 ___HD C:\ProgramData\CanonIJMIG
2017-06-07 14:37 - 2017-06-07 14:37 - 00623404 _____ C:\Users\Jamin\Documents\IMG_20170607_0001.pdf
2017-06-07 14:33 - 2017-06-07 14:35 - 00000000 ___HD C:\ProgramData\CanonIJScan
2017-06-06 15:27 - 2017-06-06 15:27 - 00001242 _____ C:\Users\Jamin\Downloads\2_GI3DQMBUGEYTQMBSGY4DANBRGHLAK4V6WQQ7NOBPTHXR3XIJEFTGCSOI25ROH6SZSELKP6V4C75XI.ics
2017-06-04 15:49 - 2017-06-04 15:49 - 00000000 ____D C:\WINDOWS\PCHEALTH
2017-06-04 15:49 - 2017-06-04 15:49 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2017-06-04 15:49 - 2017-06-04 15:49 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2017-06-04 15:23 - 2017-06-04 15:23 - 00000000 ____D C:\Users\Jamin\AppData\Local\DBG
2017-06-04 15:22 - 2017-06-04 15:22 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2017-06-04 15:20 - 2017-06-04 15:20 - 00000020 ___SH C:\Users\Jamin\ntuser.ini
2017-06-03 01:29 - 2017-06-03 01:29 - 17365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 13840384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 08331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 07325584 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 06551856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 05821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 05802968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 05719040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 04847928 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-06-03 01:29 - 2017-06-03 01:29 - 04709528 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 04707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 04672848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 04537344 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 04469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-06-03 01:29 - 2017-06-03 01:29 - 04446208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 04417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 04056576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 03803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 03784704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 03332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 03135488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 03116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 02938880 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 02730496 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-06-03 01:29 - 2017-06-03 01:29 - 02679296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 02635336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 02604256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 02588160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 02443776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 02438656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 02424016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 02399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 02347520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 02330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 02211328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 02158544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 02088960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 02085280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-06-03 01:29 - 2017-06-03 01:29 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-06-03 01:29 - 2017-06-03 01:29 - 01984000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 01911752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 01852776 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 01839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 01818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 01803264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 01760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 01700408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 01670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 01657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 01628160 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 01611776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 01605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 01600512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 01583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 01557288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 01536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 01529384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 01518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 01506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 01506712 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 01474800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 01463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 01459728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 01455592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 01450496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 01433600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 01333136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 01325456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 01320352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 01295872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 01275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 01269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 01266544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 01257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 01242624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 01219560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 01141760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 01120864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 01102848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 01085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 01078272 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 01076736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 01067008 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 01055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 01051648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 01028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00980992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2017-06-03 01:29 - 2017-06-03 01:29 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe
2017-06-03 01:29 - 2017-06-03 01:29 - 00972800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-06-03 01:29 - 2017-06-03 01:29 - 00961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00892416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-06-03 01:29 - 2017-06-03 01:29 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSMDesktopProvider.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00846848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00826368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSMDesktopProvider.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthSSO.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00754080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00750080 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00741784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaserver.exe
2017-06-03 01:29 - 2017-06-03 01:29 - 00730016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-06-03 01:29 - 2017-06-03 01:29 - 00722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-06-03 01:29 - 2017-06-03 01:29 - 00716440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00712608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-06-03 01:29 - 2017-06-03 01:29 - 00708712 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-06-03 01:29 - 2017-06-03 01:29 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00673112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00651680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-06-03 01:29 - 2017-06-03 01:29 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00606960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00599576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-06-03 01:29 - 2017-06-03 01:29 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-06-03 01:29 - 2017-06-03 01:29 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-06-03 01:29 - 2017-06-03 01:29 - 00543648 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-06-03 01:29 - 2017-06-03 01:29 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00523296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-06-03 01:29 - 2017-06-03 01:29 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00439808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-06-03 01:29 - 2017-06-03 01:29 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-06-03 01:29 - 2017-06-03 01:29 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-06-03 01:29 - 2017-06-03 01:29 - 00411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00409504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-06-03 01:29 - 2017-06-03 01:29 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00406064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DictationManager.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00388000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-06-03 01:29 - 2017-06-03 01:29 - 00387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-06-03 01:29 - 2017-06-03 01:29 - 00370928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-06-03 01:29 - 2017-06-03 01:29 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-06-03 01:29 - 2017-06-03 01:29 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00363424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2017-06-03 01:29 - 2017-06-03 01:29 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00354400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00335808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-06-03 01:29 - 2017-06-03 01:29 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-06-03 01:29 - 2017-06-03 01:29 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-06-03 01:29 - 2017-06-03 01:29 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2017-06-03 01:29 - 2017-06-03 01:29 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00255904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Preview.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-06-03 01:29 - 2017-06-03 01:29 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00211872 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00188824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-06-03 01:29 - 2017-06-03 01:29 - 00181664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\embeddedmodesvc.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2017-06-03 01:29 - 2017-06-03 01:29 - 00142240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-06-03 01:29 - 2017-06-03 01:29 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSaveExt.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2017-06-03 01:29 - 2017-06-03 01:29 - 00112544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2017-06-03 01:29 - 2017-06-03 01:29 - 00105456 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00095584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00086016 _____ C:\WINDOWS\system32\xboxgipsynthetic.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2017-06-03 01:29 - 2017-06-03 01:29 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2017-06-03 01:29 - 2017-06-03 01:29 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00059904 _____ C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvps.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00032004 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-06-03 01:29 - 2017-06-03 01:29 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksthunk.sys
2017-06-03 01:29 - 2017-06-03 01:29 - 00027040 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2017-06-03 01:29 - 2017-06-03 01:29 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-06-03 01:29 - 2017-06-03 01:29 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmptrap.exe
2017-06-03 01:29 - 2017-06-03 01:29 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rootmdm.sys
2017-06-03 01:25 - 2017-06-03 01:25 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2017-06-03 01:25 - 2017-06-03 00:33 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2017-06-03 01:24 - 2017-06-03 01:24 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-06-03 01:24 - 2017-06-03 01:24 - 00000000 ____D C:\Program Files\MSBuild
2017-06-03 01:24 - 2017-06-03 01:24 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-06-03 01:24 - 2017-06-03 01:24 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-06-03 01:23 - 2017-06-03 01:23 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-06-03 01:23 - 2017-02-10 12:26 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-06-03 01:23 - 2017-02-10 12:26 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-06-03 01:23 - 2017-02-10 12:26 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-06-03 01:23 - 2017-02-10 12:21 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-06-03 01:23 - 2017-02-10 12:21 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-06-03 01:23 - 2017-02-10 12:21 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-06-03 00:46 - 2017-06-03 00:46 - 00000000 ____D C:\ProgramData\USOShared
2017-06-03 00:44 - 2017-06-27 17:06 - 01042538 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-03 00:43 - 2017-06-03 00:43 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2017-06-03 00:43 - 2017-06-03 00:43 - 00007623 _____ C:\WINDOWS\diagerr.xml
2017-06-03 00:41 - 2017-06-27 16:59 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-03 00:41 - 2017-06-27 12:00 - 00003550 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2017-06-03 00:41 - 2017-06-27 12:00 - 00003540 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2017-06-03 00:41 - 2017-06-22 12:19 - 00003270 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-06-03 00:41 - 2017-06-03 00:41 - 00003432 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2017-06-03 00:41 - 2017-06-03 00:41 - 00003374 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1d09175157d54d7
2017-06-03 00:41 - 2017-06-03 00:41 - 00003286 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-06-03 00:41 - 2017-06-03 00:41 - 00003208 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2017-06-03 00:41 - 2017-06-03 00:41 - 00003150 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1d091751554cddc
2017-06-03 00:41 - 2017-06-03 00:41 - 00003058 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1d0914968019ee0
2017-06-03 00:41 - 2017-06-03 00:41 - 00003048 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-06-03 00:41 - 2017-06-03 00:41 - 00002968 _____ C:\WINDOWS\System32\Tasks\Update Checker
2017-06-03 00:41 - 2017-06-03 00:41 - 00002862 _____ C:\WINDOWS\System32\Tasks\ASUS Smart Gesture Launcher
2017-06-03 00:41 - 2017-06-03 00:41 - 00002782 _____ C:\WINDOWS\System32\Tasks\ATK Package 36D18D69AFC3
2017-06-03 00:41 - 2017-06-03 00:41 - 00002750 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1018740086-1649920780-886622785-1001
2017-06-03 00:41 - 2017-06-03 00:41 - 00002188 _____ C:\WINDOWS\System32\Tasks\ASUS USB Charger Plus
2017-06-03 00:41 - 2017-06-03 00:41 - 00002180 _____ C:\WINDOWS\System32\Tasks\ASUS_Check
2017-06-03 00:41 - 2017-06-03 00:41 - 00002054 _____ C:\WINDOWS\System32\Tasks\ASUS Splendid ACMON
2017-06-03 00:41 - 2017-06-03 00:41 - 00000000 ____D C:\WINDOWS\System32\Tasks\ASUS
2017-06-03 00:38 - 2017-06-03 00:38 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-06-03 00:35 - 2017-06-03 00:38 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-06-03 00:34 - 2017-06-27 20:42 - 00000000 ____D C:\Users\Jamin
2017-06-03 00:34 - 2017-06-03 00:34 - 00000000 ____D C:\Program Files (x86)\Mct Corp
2017-06-03 00:33 - 2017-06-28 08:43 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-06-03 00:33 - 2017-06-28 08:22 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-06-03 00:33 - 2017-06-27 16:59 - 00262560 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-03 00:33 - 2017-06-03 00:35 - 00000000 ____D C:\Program Files\Intel
2017-06-03 00:33 - 2017-06-03 00:33 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2017-06-03 00:33 - 2017-06-03 00:33 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2017-06-03 00:33 - 2017-06-03 00:33 - 00000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2017-06-03 00:33 - 2017-03-18 21:56 - 02233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-06-03 00:33 - 2016-11-30 22:59 - 00099848 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2017-06-03 00:33 - 2016-11-30 22:58 - 00103944 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2017-06-02 14:27 - 2017-06-02 14:27 - 00211195 _____ C:\Users\Jamin\Downloads\Collection Plan Changed.pdf
2017-06-02 08:43 - 2017-06-04 15:20 - 00000000 ___DC C:\WINDOWS\Panther
2017-06-01 08:28 - 2017-06-01 08:28 - 00000000 ____D C:\Users\Jamin\AppData\Local\UNP
2017-06-01 08:09 - 2017-06-03 00:38 - 00000000 ____D C:\WINDOWS\system32\UNP
2017-06-01 08:09 - 2017-06-01 08:10 - 00000000 ____D C:\Program Files\UNP
2017-05-30 17:38 - 2017-05-30 17:38 - 02425344 _____ C:\Users\Jamin\Downloads\Junk Reporting Add-in for Office 2007, 2010, 2013, and 2016 (32-bit).msi
2017-05-30 17:38 - 2017-05-30 17:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Junk E-mail Reporting
2017-05-30 17:37 - 2017-05-30 17:37 - 01881088 _____ C:\Users\Jamin\Downloads\Junk Reporting Add-in for Office 2007, 2010, 2013, and 2016 (64-bit).msi
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-28 08:28 - 2016-03-08 16:07 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-06-28 08:27 - 2017-03-18 22:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-28 08:27 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-06-28 08:23 - 2016-02-23 21:17 - 00000000 ___RD C:\Users\Jamin\Google Drive
2017-06-28 08:22 - 2016-03-14 13:03 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2017-06-28 08:22 - 2015-05-18 09:24 - 00000125 _____ C:\Users\Jamin\AppData\Roaming\sp_data.sys
2017-06-28 08:22 - 2015-05-18 09:24 - 00000000 __SHD C:\Users\Jamin\IntelGraphicsProfiles
2017-06-27 17:04 - 2015-08-13 10:36 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-06-27 16:59 - 2017-03-18 12:40 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-06-27 16:59 - 2016-10-06 09:04 - 00002812 _____ C:\WINDOWS\system32\GManager.ini
2017-06-27 16:52 - 2013-08-22 16:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-06-27 16:03 - 2015-08-12 11:28 - 00007602 _____ C:\Users\Jamin\AppData\Local\Resmon.ResmonCfg
2017-06-27 14:15 - 2015-05-18 09:24 - 00000000 ____D C:\Users\Jamin\AppData\Local\Packages
2017-06-24 09:04 - 2017-03-18 22:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-06-24 09:04 - 2015-05-19 11:25 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-06-23 12:39 - 2015-10-30 07:28 - 00000000 ____D C:\Users\Default.migrated
2017-06-22 22:02 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-06-22 14:52 - 2016-12-27 19:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-06-22 14:52 - 2016-12-27 19:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-06-22 14:50 - 2016-12-27 19:07 - 00000000 ____D C:\Users\Jamin\AppData\LocalLow\Mozilla
2017-06-22 14:39 - 2016-12-27 19:07 - 00000000 ____D C:\Users\Jamin\AppData\Local\Mozilla
2017-06-22 12:19 - 2016-03-14 13:05 - 00002402 _____ C:\Users\Jamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-22 12:19 - 2015-05-19 11:30 - 00000000 ___RD C:\Users\Jamin\OneDrive
2017-06-20 11:30 - 2017-02-04 10:20 - 00000000 ____D C:\ProgramData\CanonIJPLM
2017-06-16 08:42 - 2015-05-27 15:44 - 00000000 ____D C:\Users\Jamin\AppData\Local\CutePDF Writer
2017-06-15 08:37 - 2017-03-18 22:01 - 00000000 ____D C:\WINDOWS\INF
2017-06-15 08:36 - 2016-03-08 16:07 - 00000000 ____D C:\Users\Jamin\AppData\Local\Dropbox
2017-06-15 08:36 - 2015-05-18 17:18 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-14 23:28 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\rescache
2017-06-14 23:12 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2017-06-14 23:12 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-06-14 23:12 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\en-GB
2017-06-14 23:12 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-14 23:11 - 2015-05-23 13:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-06-14 09:00 - 2015-05-22 14:54 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-14 08:56 - 2017-03-18 21:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-14 08:56 - 2015-05-22 14:54 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-14 08:55 - 2015-05-23 13:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-06-14 08:54 - 2015-05-23 13:50 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-06-14 08:53 - 2015-05-19 11:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-06-14 08:53 - 2013-08-22 14:25 - 00000199 _____ C:\WINDOWS\win.ini
2017-06-09 19:43 - 2015-05-27 09:08 - 00000000 ____D C:\Users\Jamin\AppData\Roaming\Skype
2017-06-07 14:37 - 2017-02-05 14:30 - 00000000 ____D C:\Users\Jamin\AppData\Roaming\Canon
2017-06-05 12:45 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\appcompat
2017-06-04 15:56 - 2017-03-18 22:03 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-06-04 15:20 - 2017-03-18 22:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-06-03 07:32 - 2017-03-18 22:06 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-06-03 07:32 - 2017-03-18 22:06 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-03 01:32 - 2017-03-18 22:03 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-06-03 01:30 - 2017-03-18 22:06 - 00000000 ____D C:\WINDOWS\Setup
2017-06-03 01:30 - 2017-03-18 22:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-06-03 01:30 - 2017-03-18 22:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-06-03 01:30 - 2017-03-18 22:03 - 00000000 ___RD C:\Program Files\Windows Defender
2017-06-03 01:30 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-06-03 01:30 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-06-03 01:30 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-06-03 01:30 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\Provisioning
2017-06-03 01:30 - 2017-03-18 22:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-06-03 01:30 - 2017-03-18 22:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-06-03 01:30 - 2017-03-18 12:40 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-06-03 00:46 - 2017-03-18 22:03 - 00000000 ____D C:\ProgramData\USOPrivate
2017-06-03 00:44 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-06-03 00:44 - 2017-03-18 12:40 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-06-03 00:43 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-06-03 00:42 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\Registration
2017-06-03 00:41 - 2017-03-20 04:44 - 00000000 ____D C:\WINDOWS\HoloShell
2017-06-03 00:41 - 2017-03-18 22:03 - 00000000 __RSD C:\WINDOWS\Media
2017-06-03 00:41 - 2017-03-18 22:03 - 00000000 __RHD C:\Users\Public\Libraries
2017-06-03 00:41 - 2016-03-14 10:46 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-06-03 00:41 - 2015-05-18 10:03 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-03 00:41 - 2015-05-18 10:03 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-06-03 00:38 - 2017-03-17 11:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2017-06-03 00:38 - 2017-02-10 11:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG7700 series User Registration
2017-06-03 00:38 - 2017-02-10 11:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG7700 series Manual
2017-06-03 00:38 - 2017-02-10 11:31 - 00000000 ____D C:\WINDOWS\system32\STRING
2017-06-03 00:38 - 2017-02-05 14:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG7500 series User Registration
2017-06-03 00:38 - 2017-02-05 14:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG7500 series Manual
2017-06-03 00:38 - 2016-10-25 15:15 - 00000000 ____D C:\Users\Jamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
2017-06-03 00:38 - 2016-04-04 15:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-06-03 00:38 - 2015-05-27 15:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
2017-06-03 00:38 - 2015-05-26 17:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2017-06-03 00:38 - 2014-10-29 07:26 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-06-03 00:38 - 2014-10-29 07:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2017-06-03 00:36 - 2017-03-20 04:41 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2017-06-03 00:36 - 2017-03-20 04:41 - 00000000 ____D C:\WINDOWS\system32\slmgr
2017-06-03 00:36 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2017-06-03 00:36 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2017-06-03 00:36 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\SysWOW64\et-EE
2017-06-03 00:36 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\spool
2017-06-03 00:36 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-06-03 00:36 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2017-06-03 00:36 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2017-06-03 00:36 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2017-06-03 00:36 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\et-EE
2017-06-03 00:36 - 2015-03-17 23:38 - 00000000 ___HD C:\WINDOWS\system32\WLANProfiles
2017-06-03 00:36 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2017-06-03 00:36 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2017-06-03 00:35 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\InputMethod
2017-06-03 00:35 - 2017-03-07 10:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-06-03 00:35 - 2017-02-04 13:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2017-06-03 00:35 - 2016-10-06 09:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Conexant
2017-06-03 00:35 - 2016-10-06 09:02 - 00000000 ____D C:\Program Files\CONEXANT
2017-06-03 00:35 - 2015-03-17 23:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICEpower
2017-06-03 00:34 - 2017-03-18 12:40 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-06-03 00:33 - 2015-03-17 23:27 - 00000000 ___HD C:\Intel
2017-05-31 08:25 - 2015-05-21 17:10 - 00565416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-05-30 08:47 - 2016-10-06 15:13 - 00000000 ____D C:\Users\Jamin\AppData\Roaming\Audacity
 
==================== Files in the root of some directories =======
 
2015-05-18 09:24 - 2017-06-28 08:22 - 0000125 _____ () C:\Users\Jamin\AppData\Roaming\sp_data.sys
2015-08-12 11:28 - 2017-06-27 16:03 - 0007602 _____ () C:\Users\Jamin\AppData\Local\Resmon.ResmonCfg
2014-10-29 07:25 - 2012-09-07 12:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2014-10-29 07:25 - 2009-07-22 11:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2014-10-29 07:25 - 2012-09-07 12:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
 
Some files in TEMP:
====================
2017-06-27 15:48 - 2017-03-18 21:57 - 1930320 _____ (Microsoft Corporation) C:\Users\Jamin\AppData\Local\Temp\dllnt_dump.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-06-22 20:41
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,662 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:02:07 PM

Posted 28 June 2017 - 05:53 AM

Hello toooons and welcome to Bleeping Computer.

Could you please post the RogueKiller log result and the Addition.txt that was also produced when you ran FRST.

Thanks

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 toooons

toooons
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:07 PM

Posted 28 June 2017 - 06:39 AM

Thanks for your help.

 

I was a bit foolish and did not save the log result from RogueKiller but have managed to pull one of the lines from a google search i did.

 

(X64) HKEY_USERS\S-1-5-21-1018740086-1649920780-886622785-1001\Software\Microsoft\Internet Explorer\Main|Start Page

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-06-2017 01
Ran by Jamin (28-06-2017 09:41:37)
Running from C:\Users\Jamin\Desktop
Windows 10 Home Version 1703 (X64) (2017-06-02 23:45:15)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1018740086-1649920780-886622785-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1018740086-1649920780-886622785-503 - Limited - Disabled)
Guest (S-1-5-21-1018740086-1649920780-886622785-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1018740086-1649920780-886622785-1003 - Limited - Enabled)
Jamin (S-1-5-21-1018740086-1649920780-886622785-1001 - Administrator - Enabled) => C:\Users\Jamin
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Akamai NetSession Interface (HKU\S-1-5-21-1018740086-1649920780-886622785-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 20.2.145.43581 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 20.2.145.43581 - Alcor Micro Corp.) Hidden
ASUS Check Device (HKLM-x32\...\{DAAAD1A8-6798-4685-B9DA-E686D672A4CF}) (Version: 1.0.6 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS)
ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 2.0.8 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.12 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.03.0006 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.0.2 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0037 - ASUS)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.0.31 - ICEpower a/s)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: 4.7.0 - Canon Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.4.4 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.7.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.20.13 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 5.2.0 - Canon Inc.)
Canon MG7500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG7500_series) (Version: 1.01 - Canon Inc.)
Canon MG7500 series On-screen Manual (HKLM-x32\...\Canon MG7500 series On-screen Manual) (Version: 7.7.1 - Canon Inc.)
Canon MG7500 series User Registration (HKLM-x32\...\Canon MG7500 series User Registration) (Version:  - ‭Canon Inc.)
Canon MG7700 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG7700_series) (Version: 1.00 - Canon Inc.)
Canon MG7700 series On-screen Manual (HKLM-x32\...\Canon MG7700 series On-screen Manual) (Version: 7.8.0 - Canon Inc.)
Canon MG7700 series User Registration (HKLM-x32\...\Canon MG7700 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.5.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.5.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.7.1 - Canon Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.12.51 - Conexant)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
Device Setup (HKLM-x32\...\{1F07F2C7-596F-4F34-B805-2C61A3E50E5A}) (Version: 1.0.18 - ASUSTek Computer Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 29.4.20 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
EPSON SX235 Series Printer Uninstall (HKLM\...\EPSON SX235 Series) (Version:  - SEIKO EPSON Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - )
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1018 - Intel Corporation)
Intel® Chipset Device Software (x32 Version: 10.0.22 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.0.10101.101 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.28.1006 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{B2913DAE-3EBC-4C88-8245-0AA34B2E461D}) (Version: 17.1.1450.0402 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{5853172b-5520-4089-9ef4-e26c594382b3}) (Version: 19.30.0 - Intel Corporation)
Kaspersky Software Updater (HKLM-x32\...\InstallWIX_{DEEDA858-A9B4-4212-8873-2F2CE2706E68}) (Version: 2.0.0.623 - Kaspersky Lab)
Kaspersky Software Updater (x32 Version: 2.0.0.623 - Kaspersky Lab) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Junk E-mail Reporting Add-in (HKLM-x32\...\{B72B06E0-0C54-495F-896F-E3ED2905624E}) (Version: 10.2.112.0 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4937.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1018740086-1649920780-886622785-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft Outlook 2013 (HKLM-x32\...\Office15.OUTLOOK) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 54.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0 (x86 en-US)) (Version: 54.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.0.6368 - Mozilla)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4937.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4937.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4937.1000 - Microsoft Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Rapport (x32 Version: 3.5.1804.112 - Trusteer) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-001A-0000-0000-0000000FF1CE}_Office15.OUTLOOK_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
Skype™ 7.34 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.34.103 - Skype Technologies S.A.)
Trigger External Graphics Family 15.05.1124.0179 (HKLM-x32\...\{81C5AD1D-C7C6-48AC-AC85-8F04293B1780}) (Version: 15.05.1124.0179 - MCT Corp)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1804.112 - Trusteer)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.1.11.399 - ASUS Cloud Corporation)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.11.14 - WildTangent)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows Driver Package - ASUS (ATP) Mouse  (10/30/2014 1.0.0.230) (HKLM\...\52EDDD14D2DC9D32A2EA2720C02CBB9E354F8DE2) (Version: 10/30/2014 1.0.0.230 - ASUS)
Windows Driver Package - ASUS (ATP) Mouse  (11/11/2015 1.0.0.262) (HKLM\...\A044C5901003C24E6891688653ABA1068D04A1A0) (Version: 11/11/2015 1.0.0.262 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0319FF73-0B92-47FF-9E40-EB53C1CDCB73} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {0AC22387-D7B4-4B71-B2B9-C3C0894CB907} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {0F4A947D-76C0-4A29-9111-DA63B89DC278} - System32\Tasks\ASUS_Check => C:\Program Files (x86)\ASUS\ASUS Check Device\ASUS_Check.exe [2014-10-28] (ASUSTeK Computer Inc.)
Task: {1782D791-0727-4A29-B147-155FC8515F4A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {1C7A6E0F-02AE-40A9-A05D-406240DE41E1} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {323CEBF2-39C9-4291-827B-8215237C9F33} - System32\Tasks\GoogleUpdateTaskMachineCore1d091751554cddc => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-18] (Google Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {357EAA03-CB79-4667-A881-EDFB1220F481} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {36E27157-D0DB-4D2D-A708-3BCE4417161E} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2014-09-02] (ASUSTek Computer Inc.)
Task: {3ED29328-C188-47B2-A6C3-9821A071FF7A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation)
Task: {4BA89020-06A4-406F-926D-AEF1B57EA592} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {562C5B87-E383-49C3-9A86-FC0237B1CC52} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-12-18] (AsusTek)
Task: {5DE9F438-90D3-49A8-900A-0C43E5554111} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {60793DD3-7F82-420E-AC2D-46BD1AB7DEBF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {6417B5E9-DDDA-4755-8F3F-899C5BC54209} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-18] (Google Inc.)
Task: {646933EF-1230-4A0A-8E2C-362F583D38EB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {68141A31-49F1-4D05-AB00-407DF672B052} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-03-08] (Dropbox, Inc.)
Task: {8AD272A9-154D-49A5-8FD4-74DBBE161668} - System32\Tasks\GoogleUpdateTaskMachineUA1d09175157d54d7 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-18] (Google Inc.)
Task: {8BBAD749-CE63-4E10-AD42-C4B1B665AB4D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {9021310B-0292-462B-B593-381D83DA611E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation)
Task: {938EDE28-E9FC-4141-8095-12EC89B478CE} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {9999B42B-3AE2-41FF-AEC2-9259BAB916A4} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {A13221AB-885F-441B-B023-BB6656847CE2} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {B4B69DAB-569D-4C1B-B239-7F904A036075} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {B514DF2D-021C-40EA-9476-0A1522956980} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {B8EC281C-9330-4E08-A53E-72CE04F32387} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {B9A4D0A0-454B-4EAB-B326-8EBDF966CC06} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-06-11] (ASUSTek Computer Inc.)
Task: {D3A379FF-CA56-439A-80DB-C94CCB862127} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {DC94C8CE-C7CC-49F2-8CA6-5DF6EAA2C2F0} - System32\Tasks\GoogleUpdateTaskMachineCore1d0914968019ee0 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-18] (Google Inc.)
Task: {DCB07323-2042-42D9-946E-92DD4E4DE721} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-18] (Google Inc.)
Task: {E0C8FAE1-2A94-4A02-BB5C-13CA8B9B5973} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-03-08] (Dropbox, Inc.)
Task: {E5F5A613-F8BC-4144-B228-086852DD55DB} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2014-09-11] (ASUS)
Task: {EC2D035B-4C1E-4696-BCA9-7D75525BE134} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {F7CFA24D-D1E4-4245-B731-AC40928F738E} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {F92CEAAB-507E-495D-8E37-7F815F6693A0} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-09-11] (ASUSTek Computer Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0914968019ee0.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-05-27 15:41 - 2013-10-23 15:24 - 00087600 _____ () C:\WINDOWS\System32\cpwmon64.dll
2016-10-06 09:04 - 2012-08-28 14:20 - 00313432 _____ () C:\WINDOWS\system32\GManager.exe
2017-02-10 11:26 - 2016-02-04 12:53 - 00387144 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2016-10-06 09:04 - 2014-08-22 17:10 - 02244912 _____ () C:\WINDOWS\system32\MlPatch.exe
2015-05-19 11:25 - 2017-01-17 04:25 - 00117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2017-03-18 21:58 - 2017-03-18 21:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2016-11-30 22:57 - 2016-11-30 22:57 - 00401888 _____ () C:\WINDOWS\system32\igfxTray.exe
2017-03-18 21:59 - 2017-03-20 04:43 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-05-12 08:19 - 2017-05-09 10:13 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libglesv2.dll
2017-05-12 08:19 - 2017-05-09 10:13 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libegl.dll
2017-06-28 08:27 - 2017-06-26 11:27 - 00018904 _____ () C:\Program Files (x86)\Dropbox\Client\QtWebEngineProcess.exe
2014-09-03 12:03 - 2014-09-03 12:03 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-09-11 19:31 - 2014-09-11 19:31 - 00037424 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2014-09-11 19:31 - 2014-09-11 19:31 - 00124928 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2014-09-11 19:31 - 2014-09-11 19:31 - 00018992 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDColorEnhance.dll
2014-09-11 19:31 - 2014-09-11 19:31 - 00020528 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDRegammaAndGamut.dll
2017-06-28 08:22 - 2017-06-28 08:22 - 00098816 ____R () C:\Users\Jamin\AppData\Local\Temp\_MEI66242\win32api.pyd
2017-06-28 08:22 - 2017-06-28 08:22 - 00110080 ____R () C:\Users\Jamin\AppData\Local\Temp\_MEI66242\pywintypes27.dll
2017-06-28 08:22 - 2017-06-28 08:22 - 00364544 ____R () C:\Users\Jamin\AppData\Local\Temp\_MEI66242\pythoncom27.dll
2017-06-28 08:22 - 2017-06-28 08:22 - 00320512 ____R () C:\Users\Jamin\AppData\Local\Temp\_MEI66242\win32com.shell.shell.pyd
2017-06-28 08:22 - 2017-06-28 08:22 - 00914432 ____R () C:\Users\Jamin\AppData\Local\Temp\_MEI66242\_hashlib.pyd
2017-06-28 08:22 - 2017-06-28 08:22 - 01176576 ____R () C:\Users\Jamin\AppData\Local\Temp\_MEI66242\wx._core_.pyd
2017-06-28 08:22 - 2017-06-28 08:22 - 00806400 ____R () C:\Users\Jamin\AppData\Local\Temp\_MEI66242\wx._gdi_.pyd
2017-06-28 08:22 - 2017-06-28 08:22 - 00816128 ____R () C:\Users\Jamin\AppData\Local\Temp\_MEI66242\wx._windows_.pyd
2017-06-28 08:22 - 2017-06-28 08:22 - 01067008 ____R () C:\Users\Jamin\AppData\Local\Temp\_MEI66242\wx._controls_.pyd
2017-06-28 08:22 - 2017-06-28 08:22 - 00733184 ____R () C:\Users\Jamin\AppData\Local\Temp\_MEI66242\wx._misc_.pyd
2017-06-28 08:22 - 2017-06-28 08:22 - 00682496 ____R () C:\Users\Jamin\AppData\Local\Temp\_MEI66242\pysqlite2._sqlite.pyd
2017-06-28 08:22 - 2017-06-28 08:22 - 00088064 ____R () C:\Users\Jamin\AppData\Local\Temp\_MEI66242\_ctypes.pyd
2017-06-28 08:22 - 2017-06-28 08:22 - 00686080 ____R () C:\Users\Jamin\AppData\Local\Temp\_MEI66242\unicodedata.pyd
2017-06-28 08:22 - 2017-06-28 08:22 - 00119808 ____R () C:\Users\Jamin\AppData\Local\Temp\_MEI66242\win32file.pyd
2017-06-28 08:22 - 2017-06-28 08:22 - 00108544 ____R () C:\Users\Jamin\AppData\Local\Temp\_MEI66242\win32security.pyd
2017-06-28 08:22 - 2017-06-28 08:22 - 00007168 ____R () C:\Users\Jamin\AppData\Local\Temp\_MEI66242\hashobjs_ext.pyd
2017-06-28 08:22 - 2017-06-28 08:22 - 00017920 ____R () C:\Users\Jamin\AppData\Local\Temp\_MEI66242\thumbnails_ext.pyd
2017-06-28 08:22 - 2017-06-28 08:22 - 00088064 ____R () C:\Users\Jamin\AppData\Local\Temp\_MEI66242\usb_ext.pyd
2017-06-28 08:22 - 2017-06-28 08:22 - 00012800 ____R () C:\Users\Jamin\AppData\Local\Temp\_MEI66242\common.time34.pyd
2017-06-28 08:22 - 2017-06-28 08:22 - 00018432 ____R () C:\Users\Jamin\AppData\Local\Temp\_MEI66242\win32event.pyd
2017-06-28 08:22 - 2017-06-28 08:22 - 00167936 ____R () C:\Users\Jamin\AppData\Local\Temp\_MEI66242\win32gui.pyd
2017-06-28 08:22 - 2017-06-28 08:22 - 00046080 ____R () C:\Users\Jamin\AppData\Local\Temp\_MEI66242\_socket.pyd
2017-06-28 08:22 - 2017-06-28 08:22 - 01303552 ____R () C:\Users\Jamin\AppData\Local\Temp\_MEI66242\_ssl.pyd
2017-06-28 08:22 - 2017-06-28 08:22 - 00128512 ____R () C:\Users\Jamin\AppData\Local\Temp\_MEI66242\_elementtree.pyd
2017-06-28 08:22 - 2017-06-28 08:22 - 00127488 ____R () C:\Users\Jamin\AppData\Local\Temp\_MEI66242\pyexpat.pyd
2017-06-28 08:22 - 2017-06-28 08:22 - 00038912 ____R () C:\Users\Jamin\AppData\Local\Temp\_MEI66242\win32inet.pyd
2017-06-28 08:22 - 2017-06-28 08:22 - 00036864 ____R () C:\Users\Jamin\AppData\Local\Temp\_MEI66242\_psutil_windows.pyd
2017-06-28 08:22 - 2017-06-28 08:22 - 00524248 ____R () C:\Users\Jamin\AppData\Local\Temp\_MEI66242\windows._lib_cacheinvalidation.pyd
2017-06-28 08:22 - 2017-06-28 08:22 - 00011264 ____R () C:\Users\Jamin\AppData\Local\Temp\_MEI66242\win32crypt.pyd
2017-06-28 08:22 - 2017-06-28 08:22 - 00123392 ____R () C:\Users\Jamin\AppData\Local\Temp\_MEI66242\wx._wizard.pyd
2017-06-28 08:22 - 2017-06-28 08:22 - 00077312 ____R () C:\Users\Jamin\AppData\Local\Temp\_MEI66242\wx._html2.pyd
2017-06-28 08:22 - 2017-06-28 08:22 - 00027648 ____R () C:\Users\Jamin\AppData\Local\Temp\_MEI66242\_multiprocessing.pyd
2017-06-28 08:22 - 2017-06-28 08:22 - 00020480 ____R () C:\Users\Jamin\AppData\Local\Temp\_MEI66242\_yappi.pyd
2017-06-28 08:22 - 2017-06-28 08:22 - 00035840 ____R () C:\Users\Jamin\AppData\Local\Temp\_MEI66242\win32process.pyd
2017-06-28 08:22 - 2017-06-28 08:22 - 00078848 ____R () C:\Users\Jamin\AppData\Local\Temp\_MEI66242\wx._animate.pyd
2017-06-28 08:22 - 2017-06-28 08:22 - 00024064 ____R () C:\Users\Jamin\AppData\Local\Temp\_MEI66242\win32pipe.pyd
2017-06-28 08:22 - 2017-06-28 08:22 - 00010240 ____R () C:\Users\Jamin\AppData\Local\Temp\_MEI66242\select.pyd
2017-06-28 08:22 - 2017-06-28 08:22 - 00025600 ____R () C:\Users\Jamin\AppData\Local\Temp\_MEI66242\win32pdh.pyd
2017-06-28 08:22 - 2017-06-28 08:22 - 00017408 ____R () C:\Users\Jamin\AppData\Local\Temp\_MEI66242\win32profile.pyd
2017-06-28 08:22 - 2017-06-28 08:22 - 00022528 ____R () C:\Users\Jamin\AppData\Local\Temp\_MEI66242\win32ts.pyd
2015-10-13 15:07 - 2015-10-13 15:07 - 01032360 _____ () C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\UmOutlookAddin.dll
2017-06-28 08:27 - 2017-06-26 11:27 - 00801600 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-06-28 08:27 - 2017-06-26 11:27 - 01787200 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2017-06-28 08:27 - 2017-06-26 11:26 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-06-28 08:27 - 2017-06-26 11:26 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-06-28 08:27 - 2017-06-26 11:29 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-06-28 08:27 - 2017-06-26 11:26 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-06-28 08:27 - 2017-06-26 11:28 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-06-28 08:27 - 2017-06-26 11:26 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-06-28 08:27 - 2017-06-26 11:26 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-06-28 08:27 - 2017-06-26 11:29 - 01729360 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-06-28 08:27 - 2017-06-26 11:29 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-06-28 08:27 - 2017-06-26 11:26 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-06-28 08:27 - 2017-06-26 11:26 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-06-28 08:27 - 2017-06-26 11:27 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-06-28 08:27 - 2017-06-26 11:26 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-06-28 08:27 - 2017-06-26 11:30 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-06-28 08:27 - 2017-06-26 11:29 - 00060736 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-06-28 08:27 - 2017-06-26 11:29 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-06-28 08:27 - 2017-06-26 11:26 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-06-28 08:27 - 2017-06-26 11:27 - 00392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-06-28 08:27 - 2017-06-26 11:26 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-06-28 08:27 - 2017-06-26 11:26 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-06-28 08:27 - 2017-06-26 11:29 - 00392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-06-28 08:27 - 2017-06-26 11:26 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-06-28 08:27 - 2017-06-26 11:30 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-06-28 08:27 - 2017-06-26 11:26 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-06-28 08:27 - 2017-06-26 11:26 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-06-28 08:27 - 2017-06-26 11:26 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-06-28 08:27 - 2017-06-26 11:26 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-06-28 08:27 - 2017-06-26 11:26 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-06-28 08:27 - 2017-06-26 11:26 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-06-28 08:27 - 2017-06-26 11:26 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-06-28 08:27 - 2017-06-26 11:28 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-06-28 08:27 - 2017-06-26 11:30 - 00082264 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2017-06-28 08:27 - 2017-06-26 11:30 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-06-28 08:27 - 2017-06-26 11:28 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2017-06-28 08:27 - 2017-06-26 11:29 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-06-28 08:27 - 2017-06-26 11:29 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-06-28 08:27 - 2017-06-26 11:26 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-06-28 08:27 - 2017-06-26 11:29 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-06-28 08:27 - 2017-06-26 11:29 - 01972024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-06-28 08:27 - 2017-06-26 11:26 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-06-28 08:27 - 2017-06-26 11:29 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-06-28 08:27 - 2017-06-26 11:29 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-06-28 08:27 - 2017-06-26 11:29 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-06-28 08:27 - 2017-06-26 11:29 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-06-28 08:27 - 2017-06-26 11:29 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-06-28 08:27 - 2017-06-26 11:29 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-06-28 08:27 - 2017-06-26 11:26 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-06-28 08:27 - 2017-06-26 11:30 - 00054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-06-28 08:27 - 2017-06-26 11:30 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-06-28 08:27 - 2017-06-26 11:30 - 00069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-06-28 08:27 - 2017-06-26 11:30 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-06-28 08:27 - 2017-06-26 11:30 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-06-28 08:27 - 2017-06-26 11:30 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-06-28 08:27 - 2017-06-26 11:26 - 00349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-06-28 08:27 - 2017-06-26 11:29 - 00103232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2017-06-28 08:27 - 2017-06-26 11:30 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-06-28 08:27 - 2017-06-26 11:29 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-06-28 08:27 - 2017-06-26 11:27 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-06-28 08:27 - 2017-06-26 11:29 - 00033112 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-06-28 08:27 - 2017-06-26 11:27 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-06-28 08:27 - 2017-06-26 11:29 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-06-28 08:27 - 2017-06-26 11:30 - 00030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-06-28 08:27 - 2017-06-26 11:27 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-06-28 08:27 - 2017-06-26 11:27 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-06-28 08:27 - 2017-06-26 11:30 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-06-28 08:27 - 2017-06-26 11:30 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.shcore.compiled._winffi_shcore.pyd
2017-06-28 08:27 - 2017-06-26 11:29 - 00023368 _____ () C:\Program Files (x86)\Dropbox\Client\wincrashpad.compiled._Crashpad.pyd
2017-06-28 08:27 - 2017-06-26 11:29 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2017-06-28 08:27 - 2017-06-26 11:29 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2015-06-02 15:51 - 2015-06-02 15:51 - 00545792 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1018740086-1649920780-886622785-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jamin\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 194.168.4.100 - 194.168.8.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "ZAM"
HKLM\...\StartupApproved\Run32: => "IJNetworkScannerSelectorEX"
HKLM\...\StartupApproved\Run32: => "CanonQuickMenu"
HKU\S-1-5-21-1018740086-1649920780-886622785-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000002"
HKU\S-1-5-21-1018740086-1649920780-886622785-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000001"
HKU\S-1-5-21-1018740086-1649920780-886622785-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"
HKU\S-1-5-21-1018740086-1649920780-886622785-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1018740086-1649920780-886622785-1001\...\StartupApproved\Run: => "Kaspersky Software Updater"
HKU\S-1-5-21-1018740086-1649920780-886622785-1001\...\StartupApproved\Run: => "KSS"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{17B00A2A-5252-46C1-95E7-E8666E42BEF6}C:\users\jamin\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\jamin\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{9F432ECF-2F60-4230-80EF-E66C2A25BB9E}C:\users\jamin\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\jamin\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{86CC92BD-D61D-4CC6-94F5-7BE8705F7A10}C:\program files (x86)\dropbox\client\dropbox.exe] => (Block) C:\program files (x86)\dropbox\client\dropbox.exe
FirewallRules: [UDP Query User{FF5155AC-A8E0-4293-AF68-8F902B4F5EDD}C:\program files (x86)\dropbox\client\dropbox.exe] => (Block) C:\program files (x86)\dropbox\client\dropbox.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/28/2017 08:56:23 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Toons)
Description: Activation of application Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/28/2017 08:49:02 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Toons)
Description: Package Microsoft.Windows.ShellExperienceHost_10.0.15063.332_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend.
 
Error: (06/27/2017 05:11:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Toons)
Description: Package Microsoft.Windows.ShellExperienceHost_10.0.15063.332_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend.
 
Error: (06/27/2017 01:55:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dwm.exe, version: 10.0.15063.0, time stamp: 0x982d0cc7
Faulting module name: igd10iumd64.dll, version: 20.19.15.4549, time stamp: 0x5825237d
Exception code: 0xc0000005
Fault offset: 0x00000000002be025
Faulting process ID: 0x2334
Faulting application start time: 0x01d2ec23db68d955
Faulting application path: C:\WINDOWS\System32\dwm.exe
Faulting module path: C:\WINDOWS\system32\igd10iumd64.dll
Report ID: 7c5230be-9313-446a-8184-76aa0899b028
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (06/27/2017 08:02:15 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Toons)
Description: Activation of application Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/26/2017 06:10:36 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Toons)
Description: Package Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.
 
Error: (06/23/2017 02:23:14 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Toons)
Description: Activation of application Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/23/2017 11:45:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dwm.exe, version: 10.0.15063.0, time stamp: 0x982d0cc7
Faulting module name: igd10iumd64.dll, version: 20.19.15.4549, time stamp: 0x5825237d
Exception code: 0xc0000005
Fault offset: 0x00000000002be025
Faulting process ID: 0x378
Faulting application start time: 0x01d2ebfad3b6ef9b
Faulting application path: C:\WINDOWS\system32\dwm.exe
Faulting module path: C:\WINDOWS\system32\igd10iumd64.dll
Report ID: bfd246d2-a156-4c44-8946-4eecd3255bca
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (06/23/2017 09:29:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dwm.exe, version: 10.0.15063.0, time stamp: 0x982d0cc7
Faulting module name: igd10iumd64.dll, version: 20.19.15.4549, time stamp: 0x5825237d
Exception code: 0xc0000005
Fault offset: 0x00000000002be04e
Faulting process ID: 0x2b7c
Faulting application start time: 0x01d2eb8e84ab390a
Faulting application path: C:\WINDOWS\system32\dwm.exe
Faulting module path: C:\WINDOWS\system32\igd10iumd64.dll
Report ID: 203cac65-064e-41e9-8a0f-88341815ba5d
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (06/23/2017 08:57:30 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Toons)
Description: Activation of application Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (06/28/2017 08:56:23 AM) (Source: DCOM) (EventID: 10010) (User: Toons)
Description: The server Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe!MicrosoftEdge did not register with DCOM within the required timeout.
 
Error: (06/28/2017 08:53:51 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/28/2017 08:35:45 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/28/2017 08:28:38 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/28/2017 08:22:43 AM) (Source: Netwtw04) (EventID: 5010) (User: )
Description: \Device\NDMP1Intel® Dual Band Wireless-AC 7265
 
Error: (06/28/2017 08:22:43 AM) (Source: Netwtw04) (EventID: 5010) (User: )
Description: \Device\NDMP1Intel® Dual Band Wireless-AC 7265
 
Error: (06/27/2017 06:41:13 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/27/2017 05:09:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/27/2017 05:07:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/27/2017 05:04:44 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
CodeIntegrity:
===================================
  Date: 2017-06-22 20:41:12.280
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-06-14 23:23:12.152
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-06-04 16:04:49.336
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ M-5Y10c CPU @ 0.80GHz
Percentage of memory in use: 46%
Total physical RAM: 8094.69 MB
Available physical RAM: 4292.04 MB
Total Virtual: 8606.69 MB
Available Virtual: 4538.61 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:118.56 GB) (Free:44.77 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 1DAFF985)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#4 satchfan

satchfan

  • Malware Response Team
  • 2,662 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:02:07 PM

Posted 28 June 2017 - 07:53 AM

(X64) HKEY_USERS\S-1-5-21-1018740086-1649920780-886622785-1001\Software\Microsoft\Internet Explorer\Main|Start Page

That alone tells us nothing I'm afraid.

Can you tell me why you ran RogueKiller in the first place.

===================================================

Enable System Restore

Did you know that System Restore is disabled?

If you did’t do this intentionally, please check the following:

  • go to Start and type System in the search box
  • click on System, (under ‘Control Panel’ or ‘Settings’) and then on System Protection
  • click on Configure and then select Turn on system protection
  • click Apply and then on OK.

In the ‘System Protection’ screen, is Protection now On?

If the status of System Restore is still Off or Disabled, please let me know.

===================================================

Note: Please complete these tasks in the order given in the instructions.

===================================================

Run Farbar Recovery Scan Tool

Open notepad. Please copy the contents of the code box below and paste it into Notepad.

CloseProcesses:
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-17]
CHR Extension: (Chrome Media Router) - C:\Users\Jamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-15]
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
2015-05-18 09:24 - 2017-06-28 08:22 - 0000125 _____ () C:\Users\Jamin\AppData\Roaming\sp_data.sys
2015-08-12 11:28 - 2017-06-27 16:03 - 0007602 _____ () C:\Users\Jamin\AppData\Local\Resmon.ResmonCfg
2014-10-29 07:25 - 2012-09-07 12:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2014-10-29 07:25 - 2009-07-22 11:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2014-10-29 07:25 - 2012-09-07 12:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
2017-06-27 15:48 - 2017-03-18 21:57 - 1930320 _____ (Microsoft Corporation) C:\Users\Jamin\AppData\Local\Temp\dllnt_dump.dll
Task: {0AC22387-D7B4-4B71-B2B9-C3C0894CB907} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {1782D791-0727-4A29-B147-155FC8515F4A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {1C7A6E0F-02AE-40A9-A05D-406240DE41E1} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {4BA89020-06A4-406F-926D-AEF1B57EA592} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {5DE9F438-90D3-49A8-900A-0C43E5554111} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {646933EF-1230-4A0A-8E2C-362F583D38EB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {8BBAD749-CE63-4E10-AD42-C4B1B665AB4D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {938EDE28-E9FC-4141-8095-12EC89B478CE} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {9999B42B-3AE2-41FF-AEC2-9259BAB916A4} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {A13221AB-885F-441B-B023-BB6656847CE2} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {B4B69DAB-569D-4C1B-B239-7F904A036075} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {B8EC281C-9330-4E08-A53E-72CE04F32387} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {D3A379FF-CA56-439A-80DB-C94CCB862127} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
EmptyTemp:

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST64 then click Fix just once and wait
  • it will create a log on your desktop, (Fixlog.txt); please post it to your reply.

================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.

  • run AdwCleaner by clicking on Scan
  • when it has finished, leave everything that was found checked, (ticked), then click on Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

================================================

Download zoek.exe to your Desktop:

Important: Disable your AntiVirus and AntiSpyware programs, so they do not interfere with the running of Zoek.exe. You can find instructions how to disable your security applications here.

  • on Windows Vista, 7/8, right-click Zoek.exe and select: Run as Administrator
  • give it a few seconds to appear
  • copy/paste the entire script inside the codebox below into the input field of Zoek:
    createsrpoint;
    autoclean;
    emptyalltemp;
    ipconfig /flushdns;b
    
  • close any open programs.
  • click the Run script button, and wait. It takes a few minutes to run.
  • when the tool finishes, the zoek-results.log is opened in Notepad: the log can also be found on the systemdrive, normally C:\
  • if a reboot is needed, the log will be opened after the reboot.

Logs to include with next post:

Fixlog.txt
AdwCleaner log
zoek-results.log


Thanks

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#5 toooons

toooons
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:07 PM

Posted 28 June 2017 - 08:44 AM

Thanks again. Have nearly completed the processes but the zoek.exe link does not work:

 
Not Found

The requested URL /smeenk/ was not found on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

 

Also tried this place to download: http://download.bleepingcomputer.com/smeenk/ - same error.

 

Thanks again

 



#6 satchfan

satchfan

  • Malware Response Team
  • 2,662 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:02:07 PM

Posted 28 June 2017 - 09:45 AM

All links for Zoek seem to be down at the moment.

 

Please send the logs you do have.


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#7 toooons

toooons
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:07 PM

Posted 28 June 2017 - 09:57 AM

I ran roguekiller as had a very slow computer with 100% CPU usage with no programs running. I looked at task manager and performance monitor and could not see anything that would explain the high CPU. As such I suspected a virus and ran a number of security scans which did not show anything and having googled to find other scanners came to roguekiller. 

 

System protection is now on.

 

fixlog and adw log below.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 25-06-2017 01
Ran by Jamin (28-06-2017 14:07:00) Run:1
Running from C:\Users\Jamin\Desktop
Loaded Profiles: Jamin (Available Profiles: Jamin)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-17]
CHR Extension: (Chrome Media Router) - C:\Users\Jamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-15]
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
2015-05-18 09:24 - 2017-06-28 08:22 - 0000125 _____ () C:\Users\Jamin\AppData\Roaming\sp_data.sys
2015-08-12 11:28 - 2017-06-27 16:03 - 0007602 _____ () C:\Users\Jamin\AppData\Local\Resmon.ResmonCfg
2014-10-29 07:25 - 2012-09-07 12:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2014-10-29 07:25 - 2009-07-22 11:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2014-10-29 07:25 - 2012-09-07 12:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
2017-06-27 15:48 - 2017-03-18 21:57 - 1930320 _____ (Microsoft Corporation) C:\Users\Jamin\AppData\Local\Temp\dllnt_dump.dll
Task: {0AC22387-D7B4-4B71-B2B9-C3C0894CB907} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {1782D791-0727-4A29-B147-155FC8515F4A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {1C7A6E0F-02AE-40A9-A05D-406240DE41E1} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {4BA89020-06A4-406F-926D-AEF1B57EA592} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {5DE9F438-90D3-49A8-900A-0C43E5554111} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {646933EF-1230-4A0A-8E2C-362F583D38EB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {8BBAD749-CE63-4E10-AD42-C4B1B665AB4D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {938EDE28-E9FC-4141-8095-12EC89B478CE} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {9999B42B-3AE2-41FF-AEC2-9259BAB916A4} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {A13221AB-885F-441B-B023-BB6656847CE2} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {B4B69DAB-569D-4C1B-B239-7F904A036075} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {B8EC281C-9330-4E08-A53E-72CE04F32387} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {D3A379FF-CA56-439A-80DB-C94CCB862127} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
EmptyTemp:
*****************
 
Processes closed successfully.
HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf => key removed successfully
C:\Users\Jamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\Jamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
HKLM\System\CurrentControlSet\Services\ibtsiva => key removed successfully
ibtsiva => service removed successfully
C:\Users\Jamin\AppData\Roaming\sp_data.sys => moved successfully
C:\Users\Jamin\AppData\Local\Resmon.ResmonCfg => moved successfully
C:\ProgramData\SetStretch.cmd => moved successfully
C:\ProgramData\SetStretch.exe => moved successfully
C:\ProgramData\SetStretch.VBS => moved successfully
C:\Users\Jamin\AppData\Local\Temp\dllnt_dump.dll => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0AC22387-D7B4-4B71-B2B9-C3C0894CB907} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0AC22387-D7B4-4B71-B2B9-C3C0894CB907} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1782D791-0727-4A29-B147-155FC8515F4A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1782D791-0727-4A29-B147-155FC8515F4A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1C7A6E0F-02AE-40A9-A05D-406240DE41E1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C7A6E0F-02AE-40A9-A05D-406240DE41E1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4BA89020-06A4-406F-926D-AEF1B57EA592} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4BA89020-06A4-406F-926D-AEF1B57EA592} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5DE9F438-90D3-49A8-900A-0C43E5554111} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5DE9F438-90D3-49A8-900A-0C43E5554111} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{646933EF-1230-4A0A-8E2C-362F583D38EB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{646933EF-1230-4A0A-8E2C-362F583D38EB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8BBAD749-CE63-4E10-AD42-C4B1B665AB4D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8BBAD749-CE63-4E10-AD42-C4B1B665AB4D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{938EDE28-E9FC-4141-8095-12EC89B478CE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{938EDE28-E9FC-4141-8095-12EC89B478CE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9999B42B-3AE2-41FF-AEC2-9259BAB916A4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9999B42B-3AE2-41FF-AEC2-9259BAB916A4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A13221AB-885F-441B-B023-BB6656847CE2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A13221AB-885F-441B-B023-BB6656847CE2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B4B69DAB-569D-4C1B-B239-7F904A036075} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B4B69DAB-569D-4C1B-B239-7F904A036075} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B8EC281C-9330-4E08-A53E-72CE04F32387} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8EC281C-9330-4E08-A53E-72CE04F32387} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D3A379FF-CA56-439A-80DB-C94CCB862127} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3A379FF-CA56-439A-80DB-C94CCB862127} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 7364608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 84671834 B
Java, Flash, Steam htmlcache => 2305 B
Windows/system/drivers => 19246781 B
Edge => 42526149 B
Chrome => 554262954 B
Firefox => 13774192 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 6656 B
 
 
# AdwCleaner v6.047 - Logfile created 28/06/2017 at 14:33:19
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-06-26.1 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : Jamin - TOONS
# Running from : C:\Users\Jamin\Desktop\adwcleaner_6.047.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
 
 
***** [ Web browsers ] *****
 
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [747 Bytes] - [28/06/2017 14:33:19]
C:\AdwCleaner\AdwCleaner[S0].txt - [1138 Bytes] - [28/06/2017 14:33:02]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [892 Bytes] ##########
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 304430 B
Jamin => 388247006 B
 
RecycleBin => 885899829 B
EmptyTemp: => 1.9 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 14:16:55 ====


#8 satchfan

satchfan

  • Malware Response Team
  • 2,662 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:02:07 PM

Posted 28 June 2017 - 10:05 AM

Please try running Zoek again using this link.


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#9 toooons

toooons
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:07 PM

Posted 28 June 2017 - 10:55 AM

Done thanks:

 

 
Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Jamin on 28/06/2017 at 16:11:18.35.
Microsoft Windows 10 Home 10.0.15063  x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Jamin\Desktop\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
28/06/2017 16:13:54 Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~2\epson deleted successfully
C:\PROGRA~2\Zemana AntiMalware deleted successfully
C:\PROGRA~3\Canon IJ Network Tool deleted successfully
C:\PROGRA~3\CanonEPP deleted successfully
C:\PROGRA~3\CanonIJEPPEX2 deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\Users\Jamin\AppData\Local\ActiveSync deleted successfully
C:\Users\Jamin\AppData\Local\Canon Easy-PhotoPrint EX deleted successfully
C:\Users\Jamin\AppData\Local\DBG deleted successfully
C:\Users\Jamin\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Jamin\AppData\Local\EmieSiteList deleted successfully
C:\Users\Jamin\AppData\Local\EmieUserList deleted successfully
C:\Users\Jamin\AppData\Local\Skype deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Maps deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2ce45a33-7a0a-45f7-ac0c-107cd9dc191a} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== Batch Command(s) Run By Tool======================
 
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~2\epson not found
C:\PROGRA~2\Zemana AntiMalware not found
C:\PROGRA~2\Microsoft Junk E-mail Reporting deleted
C:\PROGRA~3\Package Cache deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\WINDOWS\Syswow64\SET376.tmp deleted
C:\WINDOWS\Syswow64\SET486.tmp deleted
C:\WINDOWS\Syswow64\SETFB81.tmp deleted
C:\WINDOWS\Syswow64\SETFF0E.tmp deleted
"C:\WINDOWS\Installer\483af41.msi" deleted
 
==== Firefox Extensions ======================
 
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
 
==== Firefox Plugins ======================
 
Profilepath: C:\Users\Jamin\AppData\Roaming\Mozilla\Firefox\Profiles\elntd35e.default-1498139189440
9C06DBC403F91D518ED117E460F03F85 - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL - CANON iMAGE GATEWAY Album Plugin Utility for IJ
 
 
==== Chromium Look ======================
 
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
bbjllphbppobebmjpjcijfbakobcheof - No path found[]
lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[]
 
Rapport - Jamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof
IBA Opt-out (by Google) - Jamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb
Google Drive App Launcher - Jamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\858ADEED4B9A21248837F2C22E07E686 deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DEEDA858-A9B4-4212-8873-2F2CE2706E68} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallWIX_{DEEDA858-A9B4-4212-8873-2F2CE2706E68} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\858ADEED4B9A21248837F2C22E07E686 deleted successfully
 
==== Empty IE Cache ======================
 
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jamin\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Jamin\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
 
==== Empty FireFox Cache ======================
 
No FireFox Profiles found
 
==== Empty Chrome Cache ======================
 
C:\Users\Jamin\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
No Flash Cache Found
 
==== Empty All Java Cache ======================
 
No Java Cache Found
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=38 folders=30 235609858 bytes)
 
==== Empty Temp Folders ======================
 
C:\WINDOWS\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\WINDOWS\Temp successfully emptied
C:\Users\Jamin\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== EOF on 28/06/2017 at 16:51:59.39 ======================


#10 satchfan

satchfan

  • Malware Response Team
  • 2,662 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:02:07 PM

Posted 28 June 2017 - 02:48 PM

That looks good.

 

Are there any remaining problems?


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#11 toooons

toooons
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:07 PM

Posted 29 June 2017 - 03:22 AM

Hi Thanks,

 

I still have very high - 100% - unexplained cpu - it looks like some of this is dwm but the different tasks do not seem to add up to 100%. Maybe it is a hardware problem or corrupted system? If it is certainly clear of virus / malware i will have to look at other options? Any other ideas? Many thanks for you help again.



#12 satchfan

satchfan

  • Malware Response Team
  • 2,662 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:02:07 PM

Posted 29 June 2017 - 04:53 AM

Akamai's NetSession is running constantly which could account for the high usage.

 

Let's run a couple more scans to be sure there is no infection and if they're clear I'd advise you to start a topic in our Windows forum where they might have an idea as to the cause.

 

Run Malwarebytes Anti-Malware

Please download and run the installer for Malwarebytes 3.0.

  • follow the prompts to install the program, (Malwarebytes 3.0 will automatically upgrade Malwarebytes Anti-Malware 2.x to Malwarebytes 3.0)
  • at the end, be sure a checkmark is placed next to the following
    • Launch Malwarebytes Anti-Malware
    • a 14 day trial of the Premium features is pre-selected: deselect this if you don’t want it, (it won’t diminish the scanning and removal capabilities of the program).
  • click Finish.
  • on the Dashboard, click Update Now
  • after the update completes, click the Scan Now' button.
  • if an update is available, clicking the Update Now button will update it
  • a Threat Scan will begin.
  • when the scan is complete, if malware has been detected, click Apply Actions to allow MBAM to clean what was found
  • when the prompt to restart the computer appears, click Yes.
  • after the restart once you are back at your desktop, open MBAM once more
  • click on the ‘History’ tab, the ‘Application Logs’
  • double-click on the scan log which shows the date and time of the scan just performed.
  • click Copy to Clipboard
  • please paste the contents of the clipboard into your reply.

===================================================

Run Emsisoft Emergency Kit

Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).

  • after extraction, double-click on the new Start Emsisoft Emergency Kit icon on your desktop
  • the first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates: click Yes so that it downloads the latest database updates
  • when update the is complete, click Malware Scan. When asked if you want the scanner to scan for Potentially Unwanted Programs, click Yes. Emsisoft Emergency Kit will start scanning.
  • when the scan has completed click Quarantine selected objects. Note, this option is only available if malicious objects were detected during the scan
  • when the threats have been quarantined, click the View report button in the lower-right corner and the scan log will open in Notepad
  • please save the Notepad log on your desktop and post the contents in your next reply
  • when you close Emsisoft Emergency Kit it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.

Logs to include with next post:

Mbam.txt
Emsisoft log

 

I'm busy for most of the day so won't reply until this afternoon.

 

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#13 toooons

toooons
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:07 PM

Posted 29 June 2017 - 10:52 AM

Thanks: Seems nothing was found. Does that mean it is pretty sure i have no virus anymore? If not great thanks for your help and i will try the windows thread. Let me know and i will certainly donate a beer or 2!

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 6/29/17
Scan Time: 4:17 PM
Log File: mab.txt
Administrator: Yes
 
-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.141
Update Package Version: 1.0.2255
License: Free
 
-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: Toons\Jamin
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 395243
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 13 min, 14 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)
 
Emsisoft Emergency Kit - Version 2017.4
Last update: 29/06/2017 16:44:42
User account: Toons\Jamin
Computer name: TOONS
OS version: Windows 10x64 
 
Scan settings:
 
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
 
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Direct disk access: Off
 
Scan start: 29/06/2017 16:45:04
 
Scanned 140789
Found 0
 
Scan end: 29/06/2017 16:48:25
Scan time: 0:03:21
 


#14 satchfan

satchfan

  • Malware Response Team
  • 2,662 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:02:07 PM

Posted 29 June 2017 - 03:39 PM

They both look good and I’m happy that there is nothing bad on your computer but suggest that you ask for help at the Windows forum to see what’s using up your resources.

I’ll give you instructions to tidy up and a link to the Windows forum but first I just want one final fix and scan.

================================================

Run Farbar Recovery Scan Tool

Open notepad. Please copy the contents of the code box below and paste it into Notepad.

CloseProcesses:
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Sarah\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
EmptyTemp:

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST64 then click Fix just once and wait
  • it will create a log on your desktop, (Fixlog.txt); please post it to your reply.

================================================

Run Security Check

Download Security Check by screen317 from here.

  • save it to your Desktop.
  • double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • a Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE: If you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED!, try rebooting the system and then run SecurityCheck again.

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#15 toooons

toooons
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:07 PM

Posted 30 June 2017 - 03:00 AM

Thanks again. Logs below.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-06-2017
Ran by Jamin (30-06-2017 08:46:13) Run:2
Running from C:\Users\Jamin\Desktop
Loaded Profiles: Jamin (Available Profiles: Jamin)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Sarah\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
EmptyTemp:
*****************
 
Processes closed successfully.
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Sarah\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) => Error: No automatic fix found for this entry.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 16962742 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 1045308 B
Edge => 1441130 B
Chrome => 417666125 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 8588 B
Jamin => 49117859 B
 
RecycleBin => 23230 B
EmptyTemp: => 471.3 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 08:46:51 ====
 

 Results of screen317's Security Check version 1.014 --- 12/23/15  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Mozilla Firefox (54.0) 
 Google Chrome (59.0.3071.115) 
 Google Chrome (SetupMetrics...) 
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamtray.exe  
 Windows Defender MSASCuiL.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users