Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 10 is slow in Normal mode but perfectly fast in Safe mode!?


  • This topic is locked This topic is locked
34 replies to this topic

#1 Joey-Sarkaria

Joey-Sarkaria

  • Members
  • 25 posts
  • OFFLINE
  •  

Posted 08 July 2017 - 10:13 PM

It's been happening from this last week, even there is no background apps running or no apps running, my laptop will be releasing hot air and responding super slow. This morning i boot it in safe mode and found out everything is fast and perfect. 

My firewall is mostly detecting only 2 things and I don't know how to remove them! 

1. Sound.exe 
2. Nhqeminer 

 

Thats not all there might be more errors or infections running stealthy making my pc slower.

Sometimes when i click restart my pc i get this message- " :( Your PC ran into a problem and needs to restart. Windows is collecting information on the error and we'll restart it for you (100% complete)" after it completes my pc restarts again. 

I don't wanna lose anything on my pc since all my backups are in it and since my pc is already infected I cannot put the files on external harddrive. I would like to get it clean first so i can make a backup of my computer.

Additional Details about my Laptop 
Intel core : i3 
6Gb Ram 
451 hdd 

 

 

 

FRST.TXT

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-07-2017

Ran by Prabh (administrator) on GAME-OVER (08-07-2017 19:50:18)
Running from C:\Users\Prabh\Downloads
Loaded Profiles: Prabh & netfl (Available Profiles: Prabh & netfl)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Atheros Communications, Inc.) C:\Program Files (x86)\Jumpstart\jswpbapi.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Mega Limited) C:\ProgramData\MEGAsync\MEGAsync.exe
() C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.0\bin\TrayPopupE\TrayTipAgentE.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17042.14111.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-08] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-05-09] (Apple Inc.)
HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.0\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] ()
HKLM-x32\...\Run: [jswtrayutil] => C:\Program Files (x86)\Jumpstart\jswtrayutil.exe [528384 2008-09-26] (Atheros Communications, Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2243171186-2860035005-3469232857-1001\...\Run: [BitTorrent] => C:\Users\Prabh\AppData\Roaming\BitTorrent\BitTorrent.exe [1579008 2015-03-01] (BitTorrent Inc.)
HKU\S-1-5-21-2243171186-2860035005-3469232857-1001\...\Run: [Spotify Web Helper] => C:\Users\Prabh\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1562224 2017-06-26] (Spotify Ltd)
HKU\S-1-5-21-2243171186-2860035005-3469232857-1001\...\Run: [Spotify] => C:\Users\Prabh\AppData\Roaming\Spotify\Spotify.exe [7047792 2017-06-26] (Spotify Ltd)
HKU\S-1-5-21-2243171186-2860035005-3469232857-1001\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2008-01-22] (Nero AG)
HKU\S-1-5-21-2243171186-2860035005-3469232857-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27716568 2017-05-04] (Skype Technologies S.A.)
HKU\S-1-5-21-2243171186-2860035005-3469232857-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421224 2017-05-23] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-2243171186-2860035005-3469232857-1003\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517120 2017-03-18] (Microsoft Corporation)
Startup: C:\Users\Prabh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2017-06-02]
ShortcutTarget: MEGAsync.lnk -> C:\ProgramData\MEGAsync\MEGAsync.exe (Mega Limited)
Startup: C:\Users\Prabh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msce.exe [2017-06-22] ()
Startup: C:\Users\Prabh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msces.exe [2017-06-22] ()
Startup: C:\Users\Prabh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sound.vbs [2017-06-03] ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{16765c18-2780-468e-b987-aa0e9ea4793d}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{bea125c2-3e8c-464b-b41f-561ba538ee36}: [DhcpNameServer] 38.132.106.139 194.187.251.67 185.93.180.131
 
Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {DDA57003-0068-4ed2-9D32-4D1EC707D94D} -> C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2010-03-19] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll [2009-08-17] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.ca/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR DefaultSearchKeyword: Default -> lp
CHR Profile: C:\Users\Prabh\AppData\Local\Google\Chrome\User Data\Default [2017-07-08]
CHR Extension: (Google Translate) - C:\Users\Prabh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-06-14]
CHR Extension: (Google Slides) - C:\Users\Prabh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-06-02]
CHR Extension: (Google Docs) - C:\Users\Prabh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-06-02]
CHR Extension: (Google Drive) - C:\Users\Prabh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-06-02]
CHR Extension: (Free Proxy to Unblock any sites | Touch VPN) - C:\Users\Prabh\AppData\Local\Google\Chrome\User Data\Default\Extensions\bihmplhobchoageeokmgbdihknkjbknd [2017-06-26]
CHR Extension: (Blue Rose) - C:\Users\Prabh\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkofacaddcdfbpmghnlpdgdeienflcoh [2017-06-03]
CHR Extension: (YouTube) - C:\Users\Prabh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-02]
CHR Extension: (Adblock Plus) - C:\Users\Prabh\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-06-03]
CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\Prabh\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2017-06-03]
CHR Extension: (Google Sheets) - C:\Users\Prabh\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-06-02]
CHR Extension: (Google Docs Offline) - C:\Users\Prabh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-06-03]
CHR Extension: (AdBlock) - C:\Users\Prabh\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-06-26]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Prabh\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-06-25]
CHR Extension: (Super Simple Highlighter) - C:\Users\Prabh\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlhjgianpocpoppaiihmlpgcoehlhio [2017-06-02]
CHR Extension: (Grammarly for Chrome) - C:\Users\Prabh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-07-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Prabh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-06-02]
CHR Extension: (AdF.ly Skipper ★WORKING: 7/1/2017★) - C:\Users\Prabh\AppData\Local\Google\Chrome\User Data\Default\Extensions\obnfifcganohemahpomajbhocfkdgmjb [2017-07-01]
CHR Extension: (Gmail) - C:\Users\Prabh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-06-02]
CHR Extension: (Chrome Media Router) - C:\Users\Prabh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-27]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [369720 2017-06-29] (BlueStack Systems, Inc.)
S2 CG6Service; C:\Program Files\CyberGhost 6\CyberGhost.Service.exe [91184 2017-05-03] (CyberGhost S.R.L)
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1093648 2017-05-23] (Garmin Ltd. or its subsidiaries)
R2 jswpbapi; C:\Program Files (x86)\Jumpstart\jswpbapi.exe [265216 2008-09-26] (Atheros Communications, Inc.) [File not signed]
S3 jswpsapi; C:\Program Files (x86)\Jumpstart\jswpsapi.exe [954368 2008-09-26] (Atheros Communications, Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [275752 2008-01-22] (Nero AG)
R2 PLFlash DeviceIoControl Service; C:\WINDOWS\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [269400 2017-01-17] (Synaptics Incorporated)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10885360 2017-05-31] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-06-21] (Bluestack System Inc. )
S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [33448 2016-12-07] ()
S3 epmntdrv; C:\WINDOWS\SysWOW64\epmntdrv.sys [21496 2016-01-14] ()
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [10848 2016-07-11] ()
S3 EuGdiDrv; C:\WINDOWS\SysWOW64\EuGdiDrv.sys [10208 2016-07-11] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2017-07-02] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R1 MpKsl36c32e6d; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CE404940-AE89-4458-93A7-74049B963E44}\MpKsl36c32e6d.sys [44928 2017-07-01] (Microsoft Corporation)
R1 MpKslbbcaf5c5; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CC4D812B-1D78-406C-8D9E-C06C18ACC616}\MpKslbbcaf5c5.sys [44928 2017-07-08] (Microsoft Corporation)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64640 2016-04-25] (QUALCOMM Incorporated)
R3 USBPcap; C:\WINDOWS\system32\DRIVERS\USBPcap.sys [51104 2016-08-02] (USBPcap)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-08 19:50 - 2017-07-08 19:51 - 00018543 _____ C:\Users\Prabh\Downloads\FRST.txt
2017-07-08 19:49 - 2017-07-08 19:50 - 00000000 ____D C:\FRST
2017-07-08 19:49 - 2017-07-08 19:49 - 02437120 _____ (Farbar) C:\Users\Prabh\Downloads\FRST64.exe
2017-07-07 22:49 - 2017-07-07 22:49 - 00000000 ____D C:\Users\Prabh\Documents\Garmin
2017-07-07 22:39 - 2017-07-07 22:48 - 00000000 ____D C:\ProgramData\Garmin
2017-07-07 22:39 - 2017-07-07 22:40 - 00000000 ____D C:\Users\Prabh\AppData\Local\Garmin_Ltd._or_its_subsid
2017-07-07 22:39 - 2017-07-07 22:39 - 00001967 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2017-07-07 22:39 - 2017-07-07 22:39 - 00000000 ____D C:\Users\Prabh\AppData\Roaming\Garmin
2017-07-07 22:39 - 2017-07-07 22:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2017-07-07 22:39 - 2017-07-07 22:39 - 00000000 ____D C:\Program Files\DIFX
2017-07-07 22:38 - 2017-07-07 22:39 - 00000000 ____D C:\Program Files (x86)\Garmin
2017-07-07 22:38 - 2017-07-07 22:38 - 00003624 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask
2017-07-07 22:36 - 2017-07-07 22:36 - 50775344 _____ (Garmin Ltd or its subsidiaries) C:\Users\Prabh\Downloads\GarminExpress.exe
2017-07-07 20:41 - 2017-07-07 20:41 - 00000000 ____D C:\Users\Prabh\AppData\Roaming\djz89is
2017-07-07 20:04 - 2017-07-07 20:04 - 00001515 _____ C:\Users\Public\Desktop\Black Ops 3 - Public Cheater.lnk
2017-07-07 20:04 - 2017-07-07 20:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Black Ops 3 - Public Cheater
2017-07-07 20:03 - 2017-07-07 20:03 - 00000000 ____D C:\Users\Prabh\Downloads\iMCS Productions
2017-07-02 19:27 - 2017-07-02 19:27 - 00000000 ____D C:\Users\Prabh\AppData\Local\Kryptus
2017-07-02 19:17 - 2017-07-02 19:17 - 00000000 ____D C:\Users\Prabh\AppData\Local\__
2017-07-02 18:12 - 2017-07-02 18:12 - 00000000 ____D C:\Users\Prabh\AppData\Local\CEF
2017-07-02 18:12 - 2017-07-02 18:11 - 00001521 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BlueStacks.lnk
2017-07-02 18:09 - 2017-07-02 18:12 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2017-07-02 18:09 - 2017-07-02 18:11 - 00000000 ____D C:\ProgramData\BlueStacks
2017-07-02 18:09 - 2017-07-02 18:11 - 00000000 ____D C:\Program Files (x86)\BlueStacks
2017-07-02 18:08 - 2017-07-02 18:11 - 00000000 ____D C:\Users\Prabh\AppData\Local\Bluestacks
2017-07-02 16:38 - 2017-07-02 16:38 - 04608512 _____ (New Technology Studio) C:\Users\Prabh\Downloads\ovisetup.exe
2017-07-02 06:38 - 2017-07-02 06:38 - 00000000 ____D C:\Users\Prabh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winnydows
2017-07-02 06:38 - 2017-07-02 06:38 - 00000000 ____D C:\Program Files (x86)\AviSynth 2.5
2017-07-02 06:37 - 2017-07-02 06:37 - 00000000 ____D C:\Program Files (x86)\Winnydows
2017-07-02 06:36 - 2017-07-02 06:36 - 00873085 _____ C:\Users\Prabh\Desktop\ColdBoot.psd
2017-07-02 06:26 - 2017-07-02 06:43 - 00000000 ____D C:\Users\Prabh\Desktop\ColdBoot
2017-07-02 05:03 - 2017-07-02 05:50 - 00000000 ____D C:\Users\Prabh\Desktop\Param.sfo - By BaSs_HaXoR
2017-07-02 04:50 - 2017-07-02 04:50 - 00077544 _____ C:\Users\Prabh\SCE-PS3-SR-R-LATIN2.TTF
2017-07-02 04:49 - 2017-07-02 04:49 - 00053680 _____ C:\Users\Prabh\SCE-PS3-SR-R-LATIN.TTF
2017-07-02 04:21 - 2017-07-02 05:09 - 00000000 ____D C:\Users\Prabh\Desktop\In-game icons
2017-07-01 20:19 - 2017-07-01 20:19 - 00000000 ____D C:\Program Files (x86)\ESET
2017-07-01 19:17 - 2017-07-02 05:12 - 00000000 ____D C:\Users\Prabh\Desktop\Editing SPRX
2017-07-01 17:12 - 2017-07-01 17:12 - 00060776 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2017-07-01 17:12 - 2017-07-01 17:12 - 00060776 _____ (Khronos Group) C:\Users\Prabh\Downloads\OpenCL.dll
2017-07-01 15:41 - 2017-07-01 15:42 - 00508188 _____ C:\WINDOWS\Minidump\070117-24593-01.dmp
2017-07-01 13:55 - 2017-07-01 13:55 - 01314304 _____ () C:\Users\Prabh\AppData\Roaming\mcjEo.exe
2017-07-01 13:52 - 2017-07-01 13:52 - 03225088 _____ () C:\Users\Prabh\AppData\Roaming\44t6E.exe
2017-07-01 13:51 - 2017-07-01 13:51 - 06296576 _____ () C:\Users\Prabh\AppData\Roaming\rmgr7.exe
2017-06-25 03:43 - 2017-07-01 15:41 - 525167211 _____ C:\WINDOWS\MEMORY.DMP
2017-06-25 03:43 - 2017-07-01 15:41 - 00000000 ____D C:\WINDOWS\Minidump
2017-06-25 03:43 - 2017-06-25 03:46 - 00554252 _____ C:\WINDOWS\Minidump\062517-36218-01.dmp
2017-06-25 03:34 - 2017-06-25 03:34 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-06-25 03:34 - 2017-06-25 03:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atheros
2017-06-25 03:34 - 2017-06-25 03:34 - 00000000 ____D C:\ProgramData\Atheros
2017-06-25 03:34 - 2017-06-25 03:34 - 00000000 ____D C:\Program Files (x86)\Jumpstart
2017-06-25 03:34 - 2008-05-15 03:28 - 00026624 _____ (Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\jswpslwfx.sys
2017-06-25 01:40 - 2017-06-25 01:43 - 00000000 ____D C:\Users\Prabh\AppData\Local\CyberGhost
2017-06-25 01:40 - 2017-06-25 01:40 - 00001773 _____ C:\Users\Prabh\Desktop\CyberGhost 6.lnk
2017-06-25 01:40 - 2017-06-25 01:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 6
2017-06-25 01:40 - 2017-06-25 01:40 - 00000000 ____D C:\Program Files\CyberGhost 6
2017-06-25 01:10 - 2017-06-25 01:10 - 00000000 ____D C:\ProgramData\ExpressVPN
2017-06-25 01:00 - 2017-06-25 01:00 - 00000000 ____D C:\Users\Prabh\AppData\Local\VPNium
2017-06-25 00:58 - 2017-06-25 01:09 - 00000000 ____D C:\Program Files (x86)\VPNium
2017-06-22 17:07 - 2017-06-22 17:07 - 06725632 _____ (Splenditisme) C:\Users\Prabh\AppData\Roaming\X3UnL.exe
2017-06-22 17:03 - 2017-06-22 17:03 - 02219520 _____ (Splenditisme) C:\Users\Prabh\AppData\Roaming\F5xLE.exe
2017-06-22 14:51 - 2017-07-02 00:15 - 00000000 ____D C:\Users\Prabh\Downloads\VPN's
2017-06-22 04:21 - 2017-06-22 04:21 - 19153403 _____ C:\Users\Prabh\Downloads\Cinch Audio Recorder.exe
2017-06-22 03:40 - 2017-06-27 06:11 - 00000000 ____D C:\Users\Prabh\Desktop\Spotify
2017-06-22 03:39 - 2017-06-22 03:39 - 00000000 ____D C:\Users\Prabh\AppData\Roaming\Macromedia
2017-06-22 03:10 - 2017-06-22 03:10 - 00000000 ____D C:\Users\Prabh\AppData\Roaming\CinchAudioRecorder
2017-06-22 03:10 - 2017-06-22 03:10 - 00000000 ____D C:\Cinch Solutions
2017-06-22 02:46 - 2009-07-22 01:17 - 00078872 _____ (Microsoft Corporation) C:\WINDOWS\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2017-06-22 02:46 - 2009-07-22 01:17 - 00050200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2017-06-22 02:45 - 2009-07-22 01:17 - 00111640 _____ (Microsoft Corporation) C:\WINDOWS\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2017-06-22 02:45 - 2009-07-22 01:17 - 00079896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2017-06-22 02:44 - 2017-06-22 02:44 - 00000000 ____D C:\WINDOWS\system32\RsFx
2017-06-22 02:43 - 2017-06-22 02:43 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 9.0
2017-06-22 02:40 - 2017-06-22 02:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
2017-06-22 02:29 - 2017-06-22 02:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Sync Framework
2017-06-22 02:28 - 2017-06-22 02:28 - 00000000 ____D C:\Program Files\Microsoft Synchronization Services
2017-06-22 02:28 - 2017-06-22 02:28 - 00000000 ____D C:\Program Files\Microsoft Sync Framework
2017-06-22 02:28 - 2017-06-22 02:28 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2017-06-22 02:27 - 2017-06-22 02:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2017-06-22 02:27 - 2017-06-22 02:27 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2017-06-22 02:24 - 2017-06-22 02:24 - 00000000 ____D C:\ProgramData\PreEmptive Solutions
2017-06-22 02:20 - 2017-06-22 02:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 3 SDK
2017-06-22 02:19 - 2017-06-22 02:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-06-22 02:14 - 2017-06-22 02:14 - 00000000 ____D C:\Program Files\IIS
2017-06-22 02:14 - 2017-06-22 02:14 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2017-06-22 02:14 - 2017-06-22 02:14 - 00000000 ____D C:\Program Files (x86)\IIS
2017-06-22 02:12 - 2017-06-22 02:12 - 00000000 ____D C:\Users\Prabh\Documents\Visual Studio 2008
2017-06-22 02:09 - 2017-07-02 03:18 - 00000000 ____D C:\Users\Prabh\Documents\Visual Studio 2010
2017-06-22 02:03 - 2017-06-22 02:42 - 00000000 ____D C:\WINDOWS\SysWOW64\1033
2017-06-22 02:02 - 2017-06-22 02:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 10.0
2017-06-22 02:02 - 2017-06-22 02:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010
2017-06-22 02:02 - 2017-06-22 02:07 - 00000000 ____D C:\Program Files (x86)\Microsoft F#
2017-06-22 02:02 - 2017-06-22 02:05 - 00000000 ____D C:\Program Files (x86)\HTML Help Workshop
2017-06-22 01:51 - 2017-06-22 01:51 - 00000000 ____D C:\Program Files (x86)\SCE
2017-06-22 01:49 - 2017-06-22 02:42 - 00000000 ____D C:\WINDOWS\system32\1033
2017-06-22 01:49 - 2017-06-22 01:49 - 00000000 ____D C:\WINDOWS\symbols
2017-06-22 01:49 - 2017-06-22 01:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 9.0
2017-06-22 01:48 - 2017-06-22 02:30 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 10.0
2017-06-22 01:48 - 2017-06-22 02:29 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2017-06-22 01:48 - 2017-06-22 01:48 - 00000000 ____D C:\Program Files\Microsoft Help Viewer
2017-06-22 01:33 - 2017-06-22 01:33 - 00000000 ____D C:\Users\Prabh\Downloads\Visual Studio 2010 Ultimate - www.GuruFuel.com
2017-06-22 01:11 - 2017-06-22 01:51 - 00000000 ____D C:\Users\Prabh\Downloads\ps3
2017-06-22 01:02 - 2017-06-22 01:21 - 2405322071 _____ C:\Users\Prabh\Downloads\Visual Studio 2010 Ultimate - www.GuruFuel.com.rar
2017-06-21 20:02 - 2017-06-21 20:02 - 00000000 ____D C:\Users\Prabh\AppData\Roaming\Unbanned DEX v3
2017-06-21 20:02 - 2017-06-21 20:02 - 00000000 ____D C:\Users\Prabh\AppData\Local\Swiss_Modding_Team
2017-06-21 19:49 - 2017-06-27 04:22 - 00000439 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2017-06-20 22:25 - 2017-06-20 22:25 - 00001055 _____ C:\Users\Prabh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk
2017-06-19 21:35 - 2017-06-19 21:35 - 00000000 ____D C:\Users\Prabh\AppData\Local\DBG
2017-06-19 21:21 - 2017-06-19 21:21 - 07075640 _____ (Tim Kosse) C:\Users\Prabh\Downloads\FileZilla_3.26.2_win64-setup.exe
2017-06-19 18:37 - 2017-07-08 14:02 - 00005212 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for GAME-OVER-Prabh Game-Over
2017-06-19 14:50 - 2017-06-19 14:50 - 00000000 ____D C:\ProgramData\Microsoft Toolkit
2017-06-19 14:44 - 2017-06-19 14:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-06-19 14:43 - 2017-06-19 14:43 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2017-06-19 14:42 - 2017-06-22 02:43 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2017-06-19 14:41 - 2017-06-22 02:44 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2017-06-19 14:41 - 2017-06-19 14:41 - 00000000 ____D C:\WINDOWS\PCHEALTH
2017-06-19 14:41 - 2017-06-19 14:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-06-19 14:37 - 2017-06-19 14:43 - 00000000 ____D C:\WINDOWS\SHELLNEW
2017-06-19 14:37 - 2017-06-19 14:41 - 00000000 ____D C:\Program Files\Microsoft Office
2017-06-19 14:37 - 2017-06-19 14:37 - 00000000 ____D C:\Users\Prabh\AppData\Local\Microsoft Help
2017-06-19 14:37 - 2017-06-19 14:37 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2017-06-19 14:37 - 2017-06-19 14:37 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-06-19 14:37 - 2017-06-19 14:37 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2017-06-19 14:29 - 2017-06-19 14:58 - 00000000 ____D C:\Users\Prabh\Downloads\[]Microsoft Office Professional Plus (x64) 2013 Incl  Activator  P2P
2017-06-16 16:18 - 2017-06-16 16:18 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2017-06-16 16:14 - 2017-06-16 16:14 - 00000020 ___SH C:\Users\Prabh\ntuser.ini
2017-06-16 05:46 - 2017-06-16 05:46 - 13840384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 06551856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 05961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 05821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 05802968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 05719040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 04709528 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 04672848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 04537344 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 04056576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 02672128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 02604256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 02588160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 02424016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 02341376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 02298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 02158544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 02132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 02088960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 01984000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 01700408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 01529384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 01518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 01506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 01474800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 01455592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 01266544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 01219560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 01150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 01120864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 00797184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-16 05:46 - 2017-06-16 05:46 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 00754080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 00716440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 00559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-06-16 05:46 - 2017-06-16 05:46 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-06-16 05:46 - 2017-06-16 05:46 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-06-16 05:46 - 2017-06-16 05:46 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DictationManager.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 00387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-06-16 05:46 - 2017-06-16 05:46 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 00335808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-06-16 05:46 - 2017-06-16 05:46 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-06-16 05:46 - 2017-06-16 05:46 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 00254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-06-16 05:46 - 2017-06-16 05:46 - 00059904 _____ C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 23682048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 21352696 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 20506624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 20373920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 19336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 17365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 11870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 08331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 08318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-16 05:45 - 2017-06-16 05:45 - 08245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 07336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 07325584 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 06760024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 06726656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-06-16 05:45 - 2017-06-16 05:45 - 06535168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-06-16 05:45 - 2017-06-16 05:45 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 05477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 04847928 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-06-16 05:45 - 2017-06-16 05:45 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 04707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 04469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-06-16 05:45 - 2017-06-16 05:45 - 04446208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 04417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 03803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 03784704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 03673088 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-06-16 05:45 - 2017-06-16 05:45 - 03656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 03379200 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 03332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 03135488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 03116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 02958848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-06-16 05:45 - 2017-06-16 05:45 - 02938880 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 02829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 02804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 02730496 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-06-16 05:45 - 2017-06-16 05:45 - 02681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-06-16 05:45 - 2017-06-16 05:45 - 02679296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 02650112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 02635336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 02625024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 02516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 02444192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-16 05:45 - 2017-06-16 05:45 - 02443776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 02438656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 02399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 02347520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 02330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 02259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 02211328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 02085280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-06-16 05:45 - 2017-06-16 05:45 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-06-16 05:45 - 2017-06-16 05:45 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-06-16 05:45 - 2017-06-16 05:45 - 01911752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 01852776 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 01839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 01818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 01803264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 01760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 01675264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 01670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 01657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 01628160 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 01611776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 01605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 01600512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 01596600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 01583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 01557288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 01536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 01506712 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 01463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 01459728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 01450496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 01433600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 01409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 01333136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 01325456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 01320352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 01295872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 01275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 01269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-06-16 05:45 - 2017-06-16 05:45 - 01257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 01242624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-06-16 05:45 - 2017-06-16 05:45 - 01142784 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 01141760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 01102848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 01085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 01078272 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 01076736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 01067008 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 01055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 01051648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 01028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 01024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-06-16 05:45 - 2017-06-16 05:45 - 01003624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00975360 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-16 05:45 - 2017-06-16 05:45 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe
2017-06-16 05:45 - 2017-06-16 05:45 - 00972800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-06-16 05:45 - 2017-06-16 05:45 - 00961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-16 05:45 - 2017-06-16 05:45 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00892416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-06-16 05:45 - 2017-06-16 05:45 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSMDesktopProvider.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00846848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00826368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSMDesktopProvider.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthSSO.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-06-16 05:45 - 2017-06-16 05:45 - 00777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-06-16 05:45 - 2017-06-16 05:45 - 00750080 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00741784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaserver.exe
2017-06-16 05:45 - 2017-06-16 05:45 - 00730016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-06-16 05:45 - 2017-06-16 05:45 - 00722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-06-16 05:45 - 2017-06-16 05:45 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00712608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-06-16 05:45 - 2017-06-16 05:45 - 00708712 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-06-16 05:45 - 2017-06-16 05:45 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00673112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00660384 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00651680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-06-16 05:45 - 2017-06-16 05:45 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-06-16 05:45 - 2017-06-16 05:45 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00606960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00599576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00573856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-06-16 05:45 - 2017-06-16 05:45 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-06-16 05:45 - 2017-06-16 05:45 - 00543648 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-06-16 05:45 - 2017-06-16 05:45 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00523296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-06-16 05:45 - 2017-06-16 05:45 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00439808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-06-16 05:45 - 2017-06-16 05:45 - 00411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00409504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-06-16 05:45 - 2017-06-16 05:45 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00406064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00388000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-06-16 05:45 - 2017-06-16 05:45 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-06-16 05:45 - 2017-06-16 05:45 - 00371616 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00370928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-06-16 05:45 - 2017-06-16 05:45 - 00363424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2017-06-16 05:45 - 2017-06-16 05:45 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00354400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00321376 _____ (Microsoft Corporation) C:\WINDOWS\system32\capauthz.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00311200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-06-16 05:45 - 2017-06-16 05:45 - 00287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-06-16 05:45 - 2017-06-16 05:45 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2017-06-16 05:45 - 2017-06-16 05:45 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00266640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\capauthz.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-06-16 05:45 - 2017-06-16 05:45 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00255904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Preview.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-06-16 05:45 - 2017-06-16 05:45 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\devicengccredprov.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00219040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2017-06-16 05:45 - 2017-06-16 05:45 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00211872 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-06-16 05:45 - 2017-06-16 05:45 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00188824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-06-16 05:45 - 2017-06-16 05:45 - 00181664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devicengccredprov.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\embeddedmodesvc.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2017-06-16 05:45 - 2017-06-16 05:45 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00142240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-06-16 05:45 - 2017-06-16 05:45 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSaveExt.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00130464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-16 05:45 - 2017-06-16 05:45 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-16 05:45 - 2017-06-16 05:45 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2017-06-16 05:45 - 2017-06-16 05:45 - 00112544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2017-06-16 05:45 - 2017-06-16 05:45 - 00105456 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-06-16 05:45 - 2017-06-16 05:45 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00095584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00086016 _____ C:\WINDOWS\system32\xboxgipsynthetic.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2017-06-16 05:45 - 2017-06-16 05:45 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCredentialDeployment.exe
2017-06-16 05:45 - 2017-06-16 05:45 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2017-06-16 05:45 - 2017-06-16 05:45 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\bfsvc.exe
2017-06-16 05:45 - 2017-06-16 05:45 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvps.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-16 05:45 - 2017-06-16 05:45 - 00032004 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-06-16 05:45 - 2017-06-16 05:45 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksthunk.sys
2017-06-16 05:45 - 2017-06-16 05:45 - 00027040 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2017-06-16 05:45 - 2017-06-16 05:45 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmptrap.exe
2017-06-16 05:45 - 2017-06-16 05:45 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rootmdm.sys
2017-06-16 05:45 - 2017-06-16 05:45 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-06-16 05:45 - 2017-06-16 05:45 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-06-16 05:38 - 2017-06-16 05:38 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2017-06-16 05:38 - 2017-06-16 04:56 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2017-06-16 05:36 - 2017-06-22 02:21 - 00000000 ____D C:\Program Files\MSBuild
2017-06-16 05:36 - 2017-06-22 02:02 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-06-16 05:36 - 2017-06-16 05:36 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-06-16 05:36 - 2017-06-16 05:36 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-06-16 05:35 - 2017-02-10 12:21 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-06-16 05:35 - 2017-02-10 12:21 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-06-16 05:35 - 2017-02-10 12:21 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-06-16 05:34 - 2017-06-16 05:34 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-06-16 05:34 - 2017-02-10 12:26 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-06-16 05:34 - 2017-02-10 12:26 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-06-16 05:34 - 2017-02-10 12:26 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-06-16 05:27 - 2017-06-16 05:27 - 00000000 _SHDL C:\Users\Default\My Documents
2017-06-16 05:24 - 2017-06-16 05:26 - 00011433 _____ C:\WINDOWS\diagwrn.xml
2017-06-16 05:24 - 2017-06-16 05:26 - 00011433 _____ C:\WINDOWS\diagerr.xml
2017-06-16 05:19 - 2017-07-01 20:17 - 01034710 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-16 05:19 - 2017-07-01 20:11 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-16 05:19 - 2017-06-16 05:19 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-06-16 05:19 - 2017-06-16 05:19 - 00003344 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-06-16 05:19 - 2017-06-16 05:19 - 00003120 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-06-16 05:19 - 2017-06-16 05:19 - 00000000 ____D C:\WINDOWS\System32\Tasks\NCH Software
2017-06-16 05:19 - 2017-06-16 05:19 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2017-06-16 05:09 - 2017-06-16 05:09 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-06-16 05:07 - 2017-06-16 05:07 - 00000000 ____D C:\ProgramData\USOShared
2017-06-16 05:04 - 2017-06-16 05:10 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-06-16 05:01 - 2017-07-02 04:50 - 00000000 ____D C:\Users\Prabh
2017-06-16 05:01 - 2017-06-16 05:15 - 00000000 ____D C:\Users\netfl
2017-06-16 05:01 - 2017-06-16 05:01 - 00000000 _SHDL C:\Users\Prabh\My Documents
2017-06-16 05:01 - 2017-06-16 05:01 - 00000000 _SHDL C:\Users\Prabh\Documents\My Videos
2017-06-16 05:01 - 2017-06-16 05:01 - 00000000 _SHDL C:\Users\Prabh\Documents\My Pictures
2017-06-16 05:01 - 2017-06-16 05:01 - 00000000 _SHDL C:\Users\Prabh\Documents\My Music
2017-06-16 05:01 - 2017-06-16 05:01 - 00000000 _SHDL C:\Users\netfl\My Documents
2017-06-16 05:01 - 2017-06-16 05:01 - 00000000 _SHDL C:\Users\netfl\Documents\My Videos
2017-06-16 05:01 - 2017-06-16 05:01 - 00000000 _SHDL C:\Users\netfl\Documents\My Pictures
2017-06-16 05:01 - 2017-06-16 05:01 - 00000000 _SHDL C:\Users\netfl\Documents\My Music
2017-06-16 04:59 - 2017-06-16 04:59 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2017-06-16 04:59 - 2017-06-16 04:59 - 00000000 ____D C:\Program Files\Synaptics
2017-06-16 04:59 - 2017-03-18 13:56 - 02233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-06-16 04:58 - 2017-06-16 04:58 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-06-16 04:58 - 2017-06-16 04:58 - 00000000 ____D C:\Program Files\Realtek
2017-06-16 04:56 - 2017-07-08 18:11 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-06-16 04:55 - 2017-06-25 03:44 - 00522776 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-16 04:16 - 2017-06-16 04:16 - 00000000 ___SD C:\WINDOWS\UpdateAssistantV2
2017-06-15 02:45 - 2017-06-15 02:45 - 00000028 _____ C:\WINDOWS\OutLog.txt
2017-06-15 02:43 - 2017-06-16 05:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 12.0
2017-06-15 02:43 - 2017-04-26 15:37 - 03885248 _____ C:\WINDOWS\system32\BootMan.exe
2017-06-15 02:43 - 2017-04-26 15:37 - 02953920 _____ C:\WINDOWS\SysWOW64\BootMan.exe
2017-06-15 02:43 - 2016-12-07 13:26 - 00033448 _____ C:\WINDOWS\system32\epmntdrv.sys
2017-06-15 02:43 - 2016-07-11 10:01 - 00101984 _____ C:\WINDOWS\system32\setupempdrvx64.exe
2017-06-15 02:43 - 2016-07-11 10:01 - 00088160 _____ C:\WINDOWS\SysWOW64\setupempdrv03.exe
2017-06-15 02:43 - 2016-07-11 10:01 - 00010848 _____ C:\WINDOWS\system32\EuGdiDrv.sys
2017-06-15 02:43 - 2016-07-11 10:01 - 00010208 _____ C:\WINDOWS\SysWOW64\EuGdiDrv.sys
2017-06-15 02:43 - 2016-07-08 15:28 - 00248832 _____ C:\WINDOWS\SysWOW64\epmntdrv.pdb
2017-06-15 02:43 - 2016-01-14 10:05 - 00021496 _____ C:\WINDOWS\SysWOW64\epmntdrv.sys
2017-06-15 02:43 - 2014-11-18 14:46 - 00021088 _____ C:\WINDOWS\SysWOW64\EuEpmGdi.dll
2017-06-15 02:43 - 2014-11-18 14:46 - 00017504 _____ C:\WINDOWS\system32\EuEpmGdi.dll
2017-06-15 02:21 - 2017-06-15 02:21 - 00000000 ____D C:\Program Files (x86)\EaseUS
2017-06-15 00:54 - 2017-06-16 16:14 - 00000000 ___DC C:\WINDOWS\Panther
2017-06-14 21:46 - 2017-06-16 22:05 - 00000000 ____D C:\Users\Prabh\AppData\Roaming\dvdcss
2017-06-14 21:01 - 2017-06-22 14:36 - 00000000 ____D C:\Users\Prabh\AppData\Roaming\vlc
2017-06-14 21:01 - 2017-06-16 05:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2017-06-14 21:00 - 2017-06-14 21:00 - 30950664 _____ C:\Users\Prabh\Downloads\vlc-2.2.6-win32.exe
2017-06-14 21:00 - 2017-06-14 21:00 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2017-06-14 19:12 - 2017-06-14 19:12 - 00000000 ____D C:\Users\Prabh\AppData\Local\UNP
2017-06-14 17:54 - 2017-06-14 17:54 - 00385432 _____ C:\Users\Prabh\Evasion.sprx
2017-06-14 17:54 - 2017-06-14 17:54 - 00000017 _____ C:\Users\Prabh\_Key.txt
2017-06-14 14:11 - 2017-06-14 14:11 - 00000000 ____D C:\Users\Prabh\AppData\Roaming\Mael
2017-06-14 13:53 - 2017-06-16 05:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HxD Hex Editor
2017-06-14 13:53 - 2017-06-14 13:53 - 00000000 ____D C:\Program Files (x86)\HxD
2017-06-14 13:50 - 2017-07-02 04:29 - 00000000 ____D C:\Users\Prabh\AppData\Roaming\Notepad++
2017-06-14 13:50 - 2017-06-16 05:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2017-06-14 13:50 - 2017-06-14 13:50 - 02982992 _____ C:\Users\Prabh\Downloads\npp.7.3.3.Installer.exe
2017-06-14 13:50 - 2017-06-14 13:50 - 00001096 _____ C:\Users\Public\Desktop\Notepad++.lnk
2017-06-14 13:50 - 2017-06-14 13:50 - 00000000 ____D C:\Program Files (x86)\Notepad++
2017-06-14 03:58 - 2017-06-14 21:46 - 00000074 _____ C:\Users\Prabh\AppData\default.pls
2017-06-14 03:32 - 2017-06-16 05:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-06-14 03:32 - 2017-06-14 03:32 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-06-14 01:06 - 2017-06-14 02:11 - 00000000 ____D C:\Users\Prabh\Downloads\Black Ops
2017-06-14 00:53 - 2017-06-14 00:54 - 00000000 ____D C:\Users\Prabh\AppData\Roaming\Process Hacker 2
2017-06-14 00:52 - 2017-06-16 05:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
2017-06-14 00:51 - 2017-06-14 00:52 - 00000000 ____D C:\Program Files\Process Hacker 2
2017-06-14 00:50 - 2017-06-14 00:50 - 02267848 _____ (wj32 ) C:\Users\Prabh\Downloads\processhacker-2.39-setup.exe
2017-06-14 00:43 - 2017-06-14 00:43 - 00000000 ____D C:\Users\Prabh\AppData\Roaming\Wireshark
2017-06-14 00:20 - 2017-06-14 00:20 - 00001831 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2017-06-14 00:20 - 2017-06-14 00:20 - 00000000 ____D C:\Program Files\USBPcap
2017-06-14 00:19 - 2017-07-07 22:38 - 00000000 ____D C:\ProgramData\Package Cache
2017-06-14 00:19 - 2017-06-14 00:19 - 00001569 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark Legacy.lnk
2017-06-14 00:18 - 2017-06-14 00:21 - 00000000 ____D C:\Program Files\Wireshark
2017-06-14 00:17 - 2017-06-14 00:17 - 49400720 _____ (Wireshark development team) C:\Users\Prabh\Downloads\Wireshark-win64-2.2.7.exe
2017-06-14 00:14 - 2017-06-16 05:10 - 00000000 ____D C:\WINDOWS\system32\UNP
2017-06-14 00:14 - 2017-06-14 00:15 - 00000000 ____D C:\Program Files\UNP
2017-06-12 00:09 - 2017-06-12 00:37 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-06-11 23:23 - 2017-06-11 23:23 - 00000000 ____D C:\WINDOWS\pss
2017-06-11 21:43 - 2017-06-11 21:43 - 00007605 _____ C:\Users\Prabh\AppData\Local\Resmon.ResmonCfg
2017-06-11 20:07 - 2017-06-11 20:08 - 00545280 _____ () C:\Users\Prabh\AppData\Roaming\0BTan.exe
2017-06-11 18:02 - 2017-06-27 14:22 - 00000000 ____D C:\Users\Prabh\AppData\Local\Ahead
2017-06-11 18:00 - 2017-06-16 05:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition
2017-06-10 00:28 - 2017-06-22 01:38 - 00000000 ____D C:\Users\Prabh\AppData\Roaming\Ahead
2017-06-10 00:25 - 2017-06-10 00:25 - 00000000 ____D C:\ProgramData\Ahead
2017-06-10 00:16 - 2017-06-10 00:16 - 00000000 ____D C:\ProgramData\Nero
2017-06-10 00:16 - 2017-06-10 00:16 - 00000000 ____D C:\Program Files (x86)\Nero
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-08 19:50 - 2017-06-02 22:38 - 00000000 ____D C:\Users\Prabh\AppData\Roaming\Skype
2017-07-08 19:35 - 2017-06-02 23:27 - 00001044 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-07-08 19:35 - 2017-06-02 23:27 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-07-08 19:08 - 2017-06-02 23:27 - 00000000 ____D C:\Users\Prabh\AppData\Roaming\TeamViewer
2017-07-08 08:52 - 2017-03-18 14:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-08 08:52 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-07-07 22:39 - 2017-03-18 14:01 - 00000000 ____D C:\WINDOWS\INF
2017-07-07 20:41 - 2016-08-12 19:30 - 00000000 ____D C:\Users\Prabh\Documents\Ghosts
2017-07-07 20:39 - 2017-03-28 12:24 - 00000000 ____D C:\Users\Prabh\Documents\Black ops 1
2017-07-07 20:39 - 2017-03-16 07:34 - 00000000 ____D C:\Users\Prabh\Documents\BlackOps3
2017-07-07 20:36 - 2016-10-18 20:12 - 00000000 ____D C:\Users\Prabh\Documents\MEGAsync Downloads
2017-07-07 20:35 - 2016-07-17 14:28 - 00000000 ___RD C:\Users\Prabh\Documents\GTA
2017-07-07 20:33 - 2016-08-25 22:15 - 00000000 ____D C:\Users\Prabh\Documents\MW2
2017-07-07 20:33 - 2016-07-17 13:00 - 00000000 ___RD C:\Users\Prabh\Documents\MW3
2017-07-07 20:04 - 2017-06-02 23:03 - 00000000 ____D C:\Program Files (x86)\iMCS Productions
2017-07-07 19:59 - 2016-07-18 19:29 - 00000000 ___RD C:\Users\Prabh\Documents\Black Ops2
2017-07-04 16:00 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-07-02 20:55 - 2017-06-02 22:57 - 00000000 ____D C:\Users\Prabh\AppData\Roaming\FileZilla
2017-07-02 19:28 - 2017-06-03 00:00 - 00000000 ____D C:\Users\Prabh\AppData\Local\CrashDumps
2017-07-02 06:44 - 2016-08-10 00:04 - 00000000 ____D C:\Temp
2017-07-02 06:36 - 2017-03-22 15:46 - 00000000 ____D C:\Users\Prabh\AppData\LocalLow\Adobe
2017-07-02 04:33 - 2017-06-02 22:57 - 00000000 ____D C:\Users\Prabh\AppData\Local\FileZilla
2017-07-02 02:32 - 2017-06-03 00:11 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-07-02 00:15 - 2016-11-30 17:37 - 00000000 ____D C:\Users\Prabh\Downloads\SkullGrabber
2017-07-02 00:06 - 2016-08-04 13:16 - 00000000 ____D C:\Users\Prabh\Documents\Advance Warfare
2017-07-01 20:10 - 2017-03-18 04:40 - 01310720 _____ C:\WINDOWS\system32\config\BBI
2017-07-01 20:10 - 2016-08-09 20:57 - 00000000 ____D C:\AdwCleaner
2017-07-01 15:31 - 2017-06-03 00:16 - 00000000 ____D C:\Users\Prabh\AppData\Roaming\tor
2017-07-01 14:22 - 2017-03-18 13:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-07-01 13:55 - 2017-06-03 21:08 - 00000000 ____D C:\Users\Prabh\AppData\Roaming\Spotify
2017-07-01 01:49 - 2017-06-03 21:09 - 00000000 ____D C:\Users\Prabh\AppData\Local\Spotify
2017-06-27 14:24 - 2017-06-02 22:47 - 00002276 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-25 01:40 - 2017-06-02 22:33 - 00000000 ____D C:\Users\Prabh\AppData\Local\VirtualStore
2017-06-22 19:23 - 2017-06-02 22:33 - 00000000 ____D C:\Users\Prabh\AppData\Local\Packages
2017-06-22 17:11 - 2017-06-02 23:43 - 00000000 ____D C:\ProgramData\MEGAsync
2017-06-22 03:02 - 2017-06-02 23:34 - 00000000 ____D C:\Users\Prabh\AppData\Roaming\BitTorrent
2017-06-22 02:43 - 2017-03-18 14:03 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-06-19 21:22 - 2017-06-02 22:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2017-06-19 21:22 - 2017-06-02 22:56 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2017-06-19 18:30 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\rescache
2017-06-19 14:42 - 2017-03-18 14:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-06-19 14:38 - 2017-06-02 22:05 - 00000167 _____ C:\WINDOWS\win.ini
2017-06-19 14:38 - 2017-03-18 14:03 - 00000000 ____D C:\Program Files\Common Files\System
2017-06-19 14:22 - 2016-08-10 09:28 - 00000000 ____D C:\Users\Prabh\Downloads\GTA Tool
2017-06-17 20:00 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\appcompat
2017-06-16 16:23 - 2017-06-02 22:37 - 00002371 _____ C:\Users\Prabh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-16 16:23 - 2016-07-17 11:55 - 00000000 ___RD C:\Users\Prabh\OneDrive
2017-06-16 16:16 - 2017-06-02 22:38 - 00000000 ____D C:\Users\Prabh\AppData\Local\MicrosoftEdge
2017-06-16 16:14 - 2017-03-18 14:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-06-16 16:14 - 2016-07-17 11:51 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-16 05:55 - 2017-03-18 14:03 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-06-16 05:50 - 2017-03-18 14:06 - 00000000 ____D C:\WINDOWS\Setup
2017-06-16 05:47 - 2017-03-18 14:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-06-16 05:47 - 2017-03-18 14:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-06-16 05:47 - 2017-03-18 14:03 - 00000000 ___RD C:\Program Files\Windows Defender
2017-06-16 05:47 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-06-16 05:47 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-06-16 05:47 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-06-16 05:47 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-16 05:47 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-06-16 05:47 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\Provisioning
2017-06-16 05:47 - 2017-03-18 14:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-06-16 05:47 - 2017-03-18 14:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-06-16 05:47 - 2017-03-18 04:40 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-06-16 05:26 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-06-16 05:26 - 2017-03-18 04:40 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-06-16 05:24 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\Registration
2017-06-16 05:23 - 2017-06-02 22:05 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-06-16 05:19 - 2017-03-18 19:31 - 00000000 ____D C:\WINDOWS\HoloShell
2017-06-16 05:18 - 2017-03-18 14:03 - 00000000 __RHD C:\Users\Public\Libraries
2017-06-16 05:10 - 2017-06-06 15:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6
2017-06-16 05:10 - 2017-06-05 20:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-06-16 05:10 - 2017-06-05 14:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Warfare - Recovery Tool
2017-06-16 05:10 - 2017-06-03 00:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-06-16 05:10 - 2017-06-02 23:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEGAsync
2017-06-16 05:10 - 2017-06-02 23:26 - 00000000 ____D C:\Users\Prabh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-06-16 05:10 - 2017-06-02 23:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-06-16 05:10 - 2017-06-02 23:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2017-06-16 05:10 - 2017-06-02 23:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Black Ops 2 - GSC Studio
2017-06-16 05:10 - 2017-06-02 22:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ControlConsole API
2017-06-16 05:07 - 2017-03-18 14:03 - 00000000 ____D C:\ProgramData\USOPrivate
2017-06-16 05:06 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\system32\spool
2017-06-16 05:04 - 2017-06-02 23:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SCE
2017-06-16 05:02 - 2017-06-03 14:16 - 00000000 ____D C:\Users\netfl\AppData\Local\Packages
2017-06-16 05:00 - 2017-03-18 04:40 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-06-14 03:32 - 2017-06-02 23:17 - 00000000 ____D C:\ProgramData\Skype
2017-06-14 02:27 - 2017-06-03 13:59 - 00000000 ____D C:\Users\Prabh\AppData\Local\Call_of_DDoS_(PS3_Edition
2017-06-14 00:31 - 2017-06-03 13:21 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
 
==================== Files in the root of some directories =======
 
2017-06-11 20:07 - 2017-06-11 20:08 - 0545280 _____ () C:\Users\Prabh\AppData\Roaming\0BTan.exe
2017-07-01 13:52 - 2017-07-01 13:52 - 3225088 _____ () C:\Users\Prabh\AppData\Roaming\44t6E.exe
2017-06-22 17:03 - 2017-06-22 17:03 - 2219520 _____ (Splenditisme) C:\Users\Prabh\AppData\Roaming\F5xLE.exe
2017-07-01 13:55 - 2017-07-01 13:55 - 1314304 _____ () C:\Users\Prabh\AppData\Roaming\mcjEo.exe
2017-07-01 13:51 - 2017-07-01 13:51 - 6296576 _____ () C:\Users\Prabh\AppData\Roaming\rmgr7.exe
2017-06-03 00:20 - 2017-06-03 00:20 - 0232464 _____ () C:\Users\Prabh\AppData\Roaming\sound_br.dat
2017-06-03 00:25 - 2017-06-03 00:25 - 0245264 _____ () C:\Users\Prabh\AppData\Roaming\sound_el.dat
2017-06-03 00:25 - 2017-06-03 00:25 - 0047120 _____ () C:\Users\Prabh\AppData\Roaming\sound_ftp.dat
2017-06-03 00:25 - 2017-06-03 00:25 - 0936976 _____ () C:\Users\Prabh\AppData\Roaming\sound_ge.dat
2017-06-03 00:25 - 2017-06-03 00:25 - 0253456 _____ () C:\Users\Prabh\AppData\Roaming\sound_sf.dat
2017-06-22 17:07 - 2017-06-22 17:07 - 6725632 _____ (Splenditisme) C:\Users\Prabh\AppData\Roaming\X3UnL.exe
2017-06-11 21:43 - 2017-06-11 21:43 - 0007605 _____ () C:\Users\Prabh\AppData\Local\Resmon.ResmonCfg
 
Some files in TEMP:
====================
2017-07-02 20:06 - 2017-07-02 20:06 - 0000000 _____ () C:\Users\Prabh\AppData\Local\Temp\18945974-0c3b-457c-b35e-e7b0a6109e370.exe
2017-07-02 20:06 - 2017-07-02 20:06 - 0000000 _____ () C:\Users\Prabh\AppData\Local\Temp\1c48efbe-d70d-4de6-a9c4-1c2a416cf9831.exe
2017-07-07 20:34 - 2017-07-07 20:34 - 0000000 _____ () C:\Users\Prabh\AppData\Local\Temp\26e40de0-6682-4a89-90cf-33750f2f676d1.exe
2017-07-02 20:03 - 2017-07-02 20:03 - 0000000 _____ () C:\Users\Prabh\AppData\Local\Temp\3dda8b34-75e8-48fc-b9e9-5f90f85455c80.exe
2017-07-02 20:03 - 2017-07-02 20:03 - 0000000 _____ () C:\Users\Prabh\AppData\Local\Temp\43083be3-429b-4536-9bf1-bf60716269000.exe
2017-07-02 20:04 - 2017-07-02 20:04 - 0000000 _____ () C:\Users\Prabh\AppData\Local\Temp\5b15c28d-9e83-4dee-b221-cec079f4c0d31.exe
2017-07-02 20:07 - 2017-07-02 20:07 - 0000000 _____ () C:\Users\Prabh\AppData\Local\Temp\7c8f0242-907f-44ad-bfef-f6b54cb2b9771.exe
2017-07-02 20:07 - 2017-07-02 20:07 - 0000000 _____ () C:\Users\Prabh\AppData\Local\Temp\8e3ad2ed-9c96-4bc3-b032-6e3c3d8d9ced0.exe
2017-07-07 20:34 - 2017-07-07 20:34 - 0000000 _____ () C:\Users\Prabh\AppData\Local\Temp\92930188-214b-472a-82cd-b20c36062ba50.exe
2017-07-02 19:29 - 2017-07-02 19:29 - 0000000 _____ () C:\Users\Prabh\AppData\Local\Temp\97ec22fa-7d93-4f13-86a4-39c7f94976a31.exe
2017-07-07 20:40 - 2017-07-07 20:40 - 0000000 _____ () C:\Users\Prabh\AppData\Local\Temp\99cccd66-cb2e-4ea4-90c5-2cd2dbec54a51.exe
2017-07-07 20:39 - 2017-07-07 20:39 - 0000000 _____ () C:\Users\Prabh\AppData\Local\Temp\a61b959c-b02e-4a6f-82e8-96253dcf29560.exe
2017-07-07 20:40 - 2017-07-07 20:40 - 0000000 _____ () C:\Users\Prabh\AppData\Local\Temp\ab36757a-6ab9-475f-bae4-c4bf55e564ba0.exe
2017-07-02 19:28 - 2017-07-02 19:28 - 0000000 _____ () C:\Users\Prabh\AppData\Local\Temp\ab773c4f-2fa1-485e-ba8d-be13b1de2e0d0.exe
2017-07-02 20:05 - 2017-07-02 20:05 - 0000000 _____ () C:\Users\Prabh\AppData\Local\Temp\acd94798-4096-4ac3-a3b8-397c385ef20c0.exe
2017-07-02 20:04 - 2017-07-02 20:04 - 0000000 _____ () C:\Users\Prabh\AppData\Local\Temp\cafa35fa-59bc-4dda-bc01-ea22184246541.exe
2017-07-07 20:39 - 2017-07-07 20:39 - 0000000 _____ () C:\Users\Prabh\AppData\Local\Temp\cea8c26f-cbe5-4468-b498-5c684f48d7a41.exe
2017-07-07 20:31 - 2017-07-07 20:31 - 0000000 _____ () C:\Users\Prabh\AppData\Local\Temp\ecb96826-6ff1-4b15-9f28-23cd04dbaa861.exe
2017-07-02 20:05 - 2017-07-02 20:05 - 0000000 _____ () C:\Users\Prabh\AppData\Local\Temp\f0bb98f2-b806-4d85-a2c8-06f2b54d7b390.exe
2017-07-02 20:07 - 2017-07-02 20:07 - 0000000 _____ () C:\Users\Prabh\AppData\Local\Temp\f466fbb3-4e0c-4383-8681-371ae8154ea51.exe
2017-07-07 20:30 - 2017-07-07 20:30 - 0000000 _____ () C:\Users\Prabh\AppData\Local\Temp\fe035902-4c97-41ab-8378-8561f391ef590.exe
2014-08-27 08:02 - 2014-08-27 08:02 - 2686232 _____ (Microsoft Corporation) C:\Users\Prabh\AppData\Local\Temp\vcredist_x86.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-07-07 19:13
 
==================== End of FRST.txt ============================
 
Addition.Txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-07-2017
Ran by Prabh (08-07-2017 19:52:06)
Running from C:\Users\Prabh\Downloads
Windows 10 Home Version 1703 (X64) (2017-06-16 12:28:25)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2243171186-2860035005-3469232857-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2243171186-2860035005-3469232857-503 - Limited - Disabled)
Guest (S-1-5-21-2243171186-2860035005-3469232857-501 - Limited - Disabled)
netfl (S-1-5-21-2243171186-2860035005-3469232857-1003 - Limited - Enabled) => C:\Users\netfl
Prabh (S-1-5-21-2243171186-2860035005-3469232857-1001 - Administrator - Enabled) => C:\Users\Prabh
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Photoshop CS6 version 13.0.1 (HKLM-x32\...\{A724DC44-6241-42D3-BA57-778B178ABC17}_is1) (Version: 13.0.1 - Adobe Systems, Inc.)
Advanced Warfare - Recovery Tool (HKLM-x32\...\{85A11D71-5436-4F72-9F22-F72DDE0CDE55}_is1) (Version: 1.10 - iMCS Productions)
ANT Drivers Installer x64 (HKLM\...\{A1EECEC9-2A14-4BE2-8820-66747A61AA8F}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
BitTorrent (HKU\S-1-5-21-2243171186-2860035005-3469232857-1001\...\BitTorrent) (Version: 7.9.2.38914 - BitTorrent Inc.)
Black Ops 2 - GSC Studio (HKLM-x32\...\{909C0DF9-6BBE-42BD-8FB2-0ADEBA3459B6}_is1) (Version: 16.2.15.0 - iMCS Productions)
Black Ops 3 - Public Cheater (HKLM-x32\...\{51D47910-A49D-4E80-AEE9-D332F6CABCF0}_is1) (Version: 1.02 - iMCS Productions)
BlueStacks 3 (HKLM-x32\...\BlueStacks) (Version: 3.7.12.1547 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
ControlConsole API version 2.60 (HKLM-x32\...\{E6C0F5ED-B5EA-451D-8CB1-57902AA188DE}_is1) (Version: 2.60 - Enstone)
Crystal Reports for Visual Studio (HKLM-x32\...\{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}) (Version: 12.51.0.240 - SAP) Hidden
CyberGhost 6 (HKLM\...\CyberGhost 6_is1) (Version:  - CyberGhost S.R.L.)
Dotfuscator Software Services - Community Edition (HKLM-x32\...\{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}) (Version: 5.0.2300.0 - PreEmptive Solutions)
EaseUS Partition Master 12.0 (HKLM-x32\...\EaseUS Partition Master_is1) (Version:  - EaseUS)
Elevated Installer (HKLM-x32\...\{C07003B9-FDC4-45A1-9591-ACBF55C6B022}) (Version: 5.5.0.0 - Garmin Ltd or its subsidiaries) Hidden
Express Burn Disc Burning Software (HKU\S-1-5-21-2243171186-2860035005-3469232857-1003\...\ExpressBurn) (Version: 6.09 - NCH Software)
FileZilla Client 3.26.2 (HKLM-x32\...\FileZilla Client) (Version: 3.26.2 - Tim Kosse)
Garmin Express (HKLM-x32\...\{265e66eb-aaef-49b6-a890-ab4a7a60f4a9}) (Version: 5.5.0.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{F7E67BDA-D15C-48B3-BE25-CC97739F1FDA}) (Version: 5.5.0.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (HKLM-x32\...\{3E614111-85D4-4894-9970-AF03BD189E91}) (Version: 5.5.0.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
Intel® C++ Redistributables on IA-32 (HKLM-x32\...\{22405A43-ACAB-441D-A9C5-E176170910BC}) (Version: 14.0.237 - Intel Corporation)
Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{B548D238-D8C7-4A36-8C4E-496F62285BB3}) (Version: 14.0.237 - Intel Corporation)
iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)
Jumpstart Installation Program (HKLM-x32\...\{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}) (Version:  - Atheros)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM-x32\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{1803A630-3C38-4D2B-9B9A-0CB37243539C}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2243171186-2860035005-3469232857-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2243171186-2860035005-3469232857-1003\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (HKLM-x32\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Framework (HKLM-x32\...\{0DDCEC37-369C-484B-B16D-B4413FD42FB9}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (HKLM-x32\...\{E5AE9031-79A5-4627-9641-BEFA82819B08}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{4E968D9C-21A7-4915-B698-F7AEB913541D}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (x64) (HKLM\...\{DA67488A-2689-4F10-B90F-D2F6977509D6}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (HKLM-x32\...\{78C3657E-742C-40B1-9F53-E5A921D40F17}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM-x32\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{2A2F3AE8-246A-4252-BB26-1BEB45627074}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4A8CE6D7-4D52-43B9-970B-03FC75FAD667}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) (HKLM\...\{8438EC02-B8A9-462D-AC72-1B521349C001}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework SDK v1.0 SP1 (HKLM-x32\...\{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework Services v1.0 SP1 (x64) (HKLM\...\{034106B5-54B7-467F-B477-5B7DBB492624}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) (HKLM\...\{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}) (Version: 2.0.3010.0 - Microsoft Corporation)
Microsoft Team Foundation Server 2010 Object Model - ENU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319 (HKLM\...\{F5079164-1DB9-3BDA-853B-F78AF67CE071}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319 (HKLM-x32\...\{6A86554B-8928-30E4-A53C-D7337689134D}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{729A3000-BC8A-3B74-BA5D-5068FE12D70C}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 IntelliTrace Collection (x64) (HKLM\...\{88BAE373-00F4-3E33-828F-96E89E5E0CB9}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Ultimate - ENU (HKLM-x32\...\Microsoft Visual Studio 2010 Ultimate - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio Macro Tools (HKLM-x32\...\Microsoft Visual Studio Macro Tools) (Version: 9.0.30729 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Nero 7 Ultra Edition (HKLM-x32\...\{C6115A28-F277-4E82-B067-84D28BF21033}) (Version: 7.03.1357 - Nero AG)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.3.3 - Notepad++ Team)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Process Hacker 2.39 (r124) (HKLM\...\Process_Hacker2_is1) (Version: 2.39.0.124 - wj32)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6392 - Realtek Semiconductor Corp.)
SCE ProDG Debugger Documentation for PlayStation®3 v420.1.0 (HKLM-x32\...\{D7BF9F65-76E8-44BA-948A-875863CF3144}) (Version: 4.20.1 - Sony Computer Entertainment Ltd. / SN Systems Ltd.)
SCE ProDG Debugger for PlayStation®3 v420.1.0 (HKLM-x32\...\{6C8B2A8A-50E7-4D9F-80E7-94CBD6148FBB}) (Version: 4.20.1 - Sony Computer Entertainment Ltd. / SN Systems Ltd.)
SCE ProDG Target Manager Documentation for PlayStation®3 v420.1.0 (HKLM-x32\...\{6DDB0863-803D-4814-A39F-E395A5D4EE34}) (Version: 4.20.1 - Sony Computer Entertainment Ltd. / SN Systems Ltd.)
SCE ProDG Target Manager for PlayStation®3 v420.1.0 (HKLM-x32\...\{149E5890-9C43-4E68-92A3-5516705D1CAD}) (Version: 4.20.1 - Sony Computer Entertainment Ltd. / SN Systems Ltd.)
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
Skype™ 7.36 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.36.101 - Skype Technologies S.A.)
SN Systems SN Launcher v1.0.7.1 (HKLM-x32\...\{C72CA33A-AA67-4CB8-BD94-E2ABDED81173}) (Version: 1.0.7.1 - Sony Computer Entertainment Ltd. / SN Systems Ltd.)
Spotify (HKU\S-1-5-21-2243171186-2860035005-3469232857-1001\...\Spotify) (Version: 1.0.57.474.gca9c9538 - Spotify AB)
Sql Server Customer Experience Improvement Program (HKLM\...\{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}) (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.1.3.6 - Synaptics Incorporated)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.78716 - TeamViewer)
USBPcap 1.1.0.0-g794bf26-5 (HKLM\...\USBPcap) (Version: 1.1.0.0-g794bf26-5 - )
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.30319 - Microsoft Corporation)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.40 beta 3 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.3 - win.rar GmbH)
Wireshark 2.2.7 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.2.7 - The Wireshark developer community, hxxps://www.wireshark.org)
XviD4PSP 5.0 (HKLM-x32\...\XviD4PSP5) (Version: 5.0.37.8 r132 - Winnydows 2007-2008 and FCP-team 2009-2010)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-06-22] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-06-22] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-06-22] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2017-06-22] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2017-06-22] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2017-06-22] ()
ContextMenuHandlers01: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-03-07] ()
ContextMenuHandlers01: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} =>  -> No File
ContextMenuHandlers01: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-06-22] ()
ContextMenuHandlers01: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-07-14] (Alexander Roshal)
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers03: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-06-22] ()
ContextMenuHandlers04: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-06-22] ()
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Intel Corporation)
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers06: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-07-14] (Alexander Roshal)
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1C83A482-5F56-43F3-B959-46ABB4E7F60C} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {1ED8B0D7-7A62-4EF2-8E17-C8100581DD98} - \OneDrive Standalone Update Task v2 -> No File <==== ATTENTION
Task: {32167949-0E3F-45E8-86EE-83F3D40266D0} - System32\Tasks\NCH Software\ExpressBurnSevenDays => C:\Users\netfl\AppData\Roaming\NCH Software\Program Files\ExpressBurn\ExpressBurn.exe [2017-05-17] (NCH Software)
Task: {34929D8A-39F7-4E00-A3D3-F3F9D179B7F3} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-05-23] ()
Task: {5D18A7C9-F55E-4864-950F-A9752B747EF7} - System32\Tasks\Microsoft Office 15 Sync Maintenance for GAME-OVER-Prabh Game-Over => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
Task: {CE540855-5619-4356-96A3-E4DBD37C0910} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {DEC1EC71-C8CA-4E1A-99A1-1287C03B856B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-02] (Google Inc.)
Task: {EB624DB2-4996-408B-9263-01D6FF260658} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-02] (Google Inc.)
Task: {EF709F97-F449-4DA2-BC48-6493E3298941} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {FA3FAB28-39CD-495C-9D76-476F51411F97} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-01-13 13:56 - 2017-01-13 13:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-05-09 00:44 - 2017-05-09 00:44 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-03-18 13:58 - 2017-03-18 13:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-04-26 09:32 - 2017-06-22 17:11 - 00598528 _____ () C:\ProgramData\MEGAsync\ShellExtX64.dll
2012-10-01 20:36 - 2012-10-01 20:36 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2017-03-07 19:42 - 2017-03-07 19:42 - 00230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2017-06-12 10:48 - 2017-06-12 10:48 - 00052392 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2017-06-20 18:19 - 2017-06-20 18:36 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-06-20 18:19 - 2017-06-20 18:36 - 00203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-06-20 18:19 - 2017-06-20 18:36 - 43454464 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-06-20 18:19 - 2017-06-20 18:36 - 02437120 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\skypert.dll
2017-03-09 01:16 - 2017-03-09 01:16 - 00112264 _____ () C:\Windows\System32\IccLibDll_x64.dll
2017-05-09 03:05 - 2017-05-09 03:05 - 00092472 _____ () C:\Program Files\iTunes\zlib1.dll
2017-05-09 03:05 - 2017-05-09 03:05 - 01354040 _____ () C:\Program Files\iTunes\libxml2.dll
2017-06-15 02:43 - 2014-11-18 14:44 - 00255072 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.0\bin\TrayPopupE\TrayTipAgentE.exe
2017-06-05 11:07 - 2017-06-05 11:07 - 03139496 ____N () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-06-21 16:43 - 2017-06-21 16:43 - 00766464 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\WinStore.Vui.dll
2017-06-21 16:43 - 2017-06-21 16:43 - 10628608 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2017-06-21 16:43 - 2017-06-21 16:43 - 02640384 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2017-06-27 14:24 - 2017-06-22 20:21 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-06-27 14:24 - 2017-06-22 20:21 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
2017-06-03 15:01 - 2017-06-03 15:01 - 30965760 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17042.14111.0_x64__8wekyb3d8bbwe\Music.UI.exe
2017-06-03 15:01 - 2017-06-03 15:01 - 09016320 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17042.14111.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-06-03 14:57 - 2017-06-03 14:57 - 03140520 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17042.14111.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-03-18 13:59 - 2017-03-18 19:31 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-06-19 10:55 - 2017-06-19 10:55 - 00020480 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-06-19 10:55 - 2017-06-19 10:55 - 27430400 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-06-05 11:07 - 2017-06-05 11:07 - 00460288 ____N () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll
2017-06-05 11:07 - 2017-06-05 11:07 - 02275328 ____N () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-06-05 11:07 - 2017-06-05 11:07 - 03139496 ____N () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-06-05 11:07 - 2017-06-05 11:07 - 00046080 ____N () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2017-06-03 14:58 - 2017-06-03 14:59 - 00680448 ____N () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2017-06-05 11:07 - 2017-06-05 11:07 - 00900096 ____N () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-06-03 14:58 - 2017-06-03 14:59 - 01062400 ____N () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2016-07-16 07:34 - 2016-07-16 07:34 - 00291328 ____N () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2017-04-26 09:31 - 2017-06-22 17:11 - 00569856 _____ () C:\ProgramData\MEGAsync\ShellExtX32.dll
2012-10-01 20:37 - 2012-10-01 20:37 - 06522480 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-04-13 01:38 - 2016-04-13 01:38 - 00482304 _____ () C:\ProgramData\MEGAsync\libsodium.dll
2017-06-15 02:43 - 2014-02-13 15:27 - 00222792 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.0\bin\TrayPopupE\traynet.dll
2017-06-15 02:43 - 2014-02-13 15:27 - 00275528 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.0\bin\TrayPopupE\libcurl.dll
2017-06-15 02:43 - 2014-02-13 15:27 - 00113166 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.0\bin\TrayPopupE\zlib1.dll
2017-06-15 02:43 - 2014-02-13 15:27 - 00249928 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.0\bin\TrayPopupE\uexper.dll
2017-04-26 15:19 - 2017-04-26 15:19 - 02005976 ____R () C:\Program Files (x86)\Skype\Phone\skypert.dll
2017-05-09 00:45 - 2017-05-09 00:45 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2017-02-14 09:42 - 2017-02-14 09:42 - 00326144 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\GpsImgWrapper.dll
2017-05-23 09:00 - 2017-05-23 09:00 - 00073216 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\FixBootSector.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-06-02 22:06 - 2017-06-02 22:01 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2243171186-2860035005-3469232857-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Prabh\Desktop\oRanjha.jpg
HKU\S-1-5-21-2243171186-2860035005-3469232857-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKU\S-1-5-21-2243171186-2860035005-3469232857-1001\...\StartupApproved\StartupFolder: => "msceInter.exe"
HKU\S-1-5-21-2243171186-2860035005-3469232857-1001\...\StartupApproved\StartupFolder: => "msceIntern.exe"
HKU\S-1-5-21-2243171186-2860035005-3469232857-1001\...\StartupApproved\StartupFolder: => "sound.vbs"
HKU\S-1-5-21-2243171186-2860035005-3469232857-1001\...\StartupApproved\StartupFolder: => "MsHost.exe"
HKU\S-1-5-21-2243171186-2860035005-3469232857-1001\...\StartupApproved\Run: => "BitTorrent"
HKU\S-1-5-21-2243171186-2860035005-3469232857-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2243171186-2860035005-3469232857-1001\...\StartupApproved\Run: => "sound"
HKU\S-1-5-21-2243171186-2860035005-3469232857-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2243171186-2860035005-3469232857-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-2243171186-2860035005-3469232857-1001\...\StartupApproved\Run: => "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{CDD15571-054F-4D1C-B3B4-12412756D96D}] => (Allow) C:\Users\Prabh\Desktop\ReliefSniff - Cracked By Unhapn.exe
FirewallRules: [{0ED2039D-CF0F-4D1B-87E4-27B5102F3951}] => (Allow) C:\Users\Prabh\Desktop\ReliefSniff - Cracked By Unhapn.exe
FirewallRules: [{010A3D5A-5F2D-466E-B22B-86CF8FDD4A5D}] => (Allow) C:\Users\Prabh\Desktop\ReliefSniff - Cracked By Unhapn.exe
FirewallRules: [{190ECFAE-1B2C-4571-89B1-ED84C5DE31A9}] => (Allow) C:\Users\Prabh\Desktop\ReliefSniff - Cracked By Unhapn.exe
FirewallRules: [UDP Query User{BC0E02B1-4CD8-4F61-BDBB-66C18022C0D0}C:\users\prabh\appdata\roaming\skgw1.exe] => (Block) C:\users\prabh\appdata\roaming\skgw1.exe
FirewallRules: [TCP Query User{F69B8399-4127-496D-A029-BA06DEA9BB92}C:\users\prabh\appdata\roaming\skgw1.exe] => (Block) C:\users\prabh\appdata\roaming\skgw1.exe
FirewallRules: [UDP Query User{F1AED300-4EC3-4C01-B112-68111F851CD7}C:\users\prabh\appdata\local\microsoft\windows\{40ba54e0-a93f-4762-989b-762810f6f6f0}\csrss.exe] => (Block) C:\users\prabh\appdata\local\microsoft\windows\{40ba54e0-a93f-4762-989b-762810f6f6f0}\csrss.exe
FirewallRules: [TCP Query User{F09BFB10-9CFE-4295-8E64-882DAE46D2CF}C:\users\prabh\appdata\local\microsoft\windows\{40ba54e0-a93f-4762-989b-762810f6f6f0}\csrss.exe] => (Block) C:\users\prabh\appdata\local\microsoft\windows\{40ba54e0-a93f-4762-989b-762810f6f6f0}\csrss.exe
FirewallRules: [UDP Query User{9D540A71-7281-4F50-8313-19371C9511EF}C:\users\prabh\appdata\local\microsoft\windows\{a0428c76-ebc9-428a-a71a-2e8b4c5c8333}\system.exe] => (Block) C:\users\prabh\appdata\local\microsoft\windows\{a0428c76-ebc9-428a-a71a-2e8b4c5c8333}\system.exe
FirewallRules: [TCP Query User{2393791F-0FF6-42CE-BCD8-9E9651882C06}C:\users\prabh\appdata\local\microsoft\windows\{a0428c76-ebc9-428a-a71a-2e8b4c5c8333}\system.exe] => (Block) C:\users\prabh\appdata\local\microsoft\windows\{a0428c76-ebc9-428a-a71a-2e8b4c5c8333}\system.exe
FirewallRules: [UDP Query User{6A3ED6D8-03A0-40B5-A5CA-34801E375144}C:\users\prabh\appdata\local\microsoft\windows\{2aa40ebb-1072-40f2-a7cc-f12ec648963d}\wscript.exe] => (Block) C:\users\prabh\appdata\local\microsoft\windows\{2aa40ebb-1072-40f2-a7cc-f12ec648963d}\wscript.exe
FirewallRules: [TCP Query User{4D9B4E42-8590-4CE1-BED6-03C377B33B33}C:\users\prabh\appdata\local\microsoft\windows\{2aa40ebb-1072-40f2-a7cc-f12ec648963d}\wscript.exe] => (Block) C:\users\prabh\appdata\local\microsoft\windows\{2aa40ebb-1072-40f2-a7cc-f12ec648963d}\wscript.exe
FirewallRules: [UDP Query User{596DFF4D-DCC4-474E-84F6-867A1514F10D}C:\users\prabh\appdata\local\microsoft\windows\{df26bf3d-bed9-41e4-b3aa-e7568c728f14}\winlogon.exe] => (Block) C:\users\prabh\appdata\local\microsoft\windows\{df26bf3d-bed9-41e4-b3aa-e7568c728f14}\winlogon.exe
FirewallRules: [TCP Query User{68ACAF29-8617-402A-8D90-96837114FC0A}C:\users\prabh\appdata\local\microsoft\windows\{df26bf3d-bed9-41e4-b3aa-e7568c728f14}\winlogon.exe] => (Block) C:\users\prabh\appdata\local\microsoft\windows\{df26bf3d-bed9-41e4-b3aa-e7568c728f14}\winlogon.exe
FirewallRules: [UDP Query User{9259F43E-527F-493D-9F39-04953465F72D}C:\users\prabh\appdata\local\microsoft\windows\{5cede459-d6e9-4b2c-bdd4-201aba7912f9}\skype.exe] => (Block) C:\users\prabh\appdata\local\microsoft\windows\{5cede459-d6e9-4b2c-bdd4-201aba7912f9}\skype.exe
FirewallRules: [TCP Query User{4779CFD6-00E2-4FD1-B7F8-0C62B2DE04B7}C:\users\prabh\appdata\local\microsoft\windows\{5cede459-d6e9-4b2c-bdd4-201aba7912f9}\skype.exe] => (Block) C:\users\prabh\appdata\local\microsoft\windows\{5cede459-d6e9-4b2c-bdd4-201aba7912f9}\skype.exe
FirewallRules: [UDP Query User{1D2834AF-A873-4B8F-B229-D7F2FB1B8213}C:\users\prabh\appdata\local\microsoft\windows\{92037047-ff4c-4c15-a330-0fc16dbe3733}\services.exe] => (Block) C:\users\prabh\appdata\local\microsoft\windows\{92037047-ff4c-4c15-a330-0fc16dbe3733}\services.exe
FirewallRules: [TCP Query User{09E859A9-8524-4DD8-8737-C901F4126941}C:\users\prabh\appdata\local\microsoft\windows\{92037047-ff4c-4c15-a330-0fc16dbe3733}\services.exe] => (Block) C:\users\prabh\appdata\local\microsoft\windows\{92037047-ff4c-4c15-a330-0fc16dbe3733}\services.exe
FirewallRules: [UDP Query User{488474D6-522A-4232-8F4F-70FF66838431}C:\users\prabh\appdata\local\microsoft\windows\{3a9e67f7-1f14-4de4-bb09-be1bb5e9ce46}\csrss.exe] => (Block) C:\users\prabh\appdata\local\microsoft\windows\{3a9e67f7-1f14-4de4-bb09-be1bb5e9ce46}\csrss.exe
FirewallRules: [TCP Query User{1B2D5D7E-4B44-46DD-91DA-468685D78B2D}C:\users\prabh\appdata\local\microsoft\windows\{3a9e67f7-1f14-4de4-bb09-be1bb5e9ce46}\csrss.exe] => (Block) C:\users\prabh\appdata\local\microsoft\windows\{3a9e67f7-1f14-4de4-bb09-be1bb5e9ce46}\csrss.exe
FirewallRules: [UDP Query User{BEF5269A-FC40-4230-8BB2-B9D7DA0B126F}C:\users\prabh\appdata\local\microsoft\windows\{bbdfd8c7-e324-40c9-b482-d5ec063c8e1f}\cleanmgr.exe] => (Block) C:\users\prabh\appdata\local\microsoft\windows\{bbdfd8c7-e324-40c9-b482-d5ec063c8e1f}\cleanmgr.exe
FirewallRules: [TCP Query User{DD75E126-2816-49B4-B9C5-6657200713AC}C:\users\prabh\appdata\local\microsoft\windows\{bbdfd8c7-e324-40c9-b482-d5ec063c8e1f}\cleanmgr.exe] => (Block) C:\users\prabh\appdata\local\microsoft\windows\{bbdfd8c7-e324-40c9-b482-d5ec063c8e1f}\cleanmgr.exe
FirewallRules: [UDP Query User{9D49DDC5-336F-47D0-A787-47531AC58F32}C:\users\prabh\appdata\local\microsoft\windows\{116bdafb-54b7-47bf-8799-3c719ccac0f3}\iexplore.exe] => (Block) C:\users\prabh\appdata\local\microsoft\windows\{116bdafb-54b7-47bf-8799-3c719ccac0f3}\iexplore.exe
FirewallRules: [TCP Query User{159D4079-998A-4E3E-8708-71A45AA34D64}C:\users\prabh\appdata\local\microsoft\windows\{116bdafb-54b7-47bf-8799-3c719ccac0f3}\iexplore.exe] => (Block) C:\users\prabh\appdata\local\microsoft\windows\{116bdafb-54b7-47bf-8799-3c719ccac0f3}\iexplore.exe
FirewallRules: [UDP Query User{B339DCEF-A0EE-4113-8484-CE1203B881D4}C:\users\prabh\appdata\local\microsoft\windows\{d0f2e59f-e4eb-475a-8861-a058708308db}\explorer.exe] => (Block) C:\users\prabh\appdata\local\microsoft\windows\{d0f2e59f-e4eb-475a-8861-a058708308db}\explorer.exe
FirewallRules: [TCP Query User{A6D69D88-1087-4C33-AC31-B881B81E2EF2}C:\users\prabh\appdata\local\microsoft\windows\{d0f2e59f-e4eb-475a-8861-a058708308db}\explorer.exe] => (Block) C:\users\prabh\appdata\local\microsoft\windows\{d0f2e59f-e4eb-475a-8861-a058708308db}\explorer.exe
FirewallRules: [{9604A045-33D1-40C3-A300-A5D9FCEB6421}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{BF5BBF4B-B893-4137-A6E0-9B5D9F03D3A3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{76108BB7-4022-4AA9-A2C5-07375BBD189A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8713FD83-FA48-4706-A827-8F6F226C4087}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{412D6E52-3595-4AEA-AAF5-1C68E74177FD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{A52C681C-F5A0-4B23-B911-AAA1CE14C044}C:\users\prabh\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\prabh\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{852C1D33-4AC2-4B6B-A410-5D27BEB779C2}C:\users\prabh\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\prabh\appdata\roaming\spotify\spotify.exe
FirewallRules: [{7992E237-B329-4781-90E5-E427593FDCF8}] => (Block) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
FirewallRules: [{FA0196B6-B69E-4A7A-A2AA-8FE94B1DDBE9}] => (Allow) C:\Users\Prabh\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{A5920FE8-2BC9-426C-B11B-F759BB8C5B50}] => (Allow) C:\Users\Prabh\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{741842ED-F2D6-4646-A747-233C88427D34}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{08DA4F4D-C76A-43D4-8782-F98C3BC43F4E}] => (Allow) C:\Program Files (x86)\SN Systems\PS3\bin\ps3tmserver.exe
FirewallRules: [TCP Query User{4A877898-4BE4-4C0B-8802-6A75C29780F5}C:\users\prabh\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\prabh\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{9E494AD6-D0AD-4A99-99D3-0CAE2B4EF891}C:\users\prabh\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\prabh\appdata\roaming\spotify\spotify.exe
FirewallRules: [{5485D704-D0CC-4A68-A638-4E114DE1AE3D}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{F4462B65-FFCB-4A89-8930-B1269789D929}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{4A145DA2-78F9-4D74-AB6F-DFD61D5D336A}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{167C39FF-EAB2-433C-80DF-3DCD13BA0B85}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{E7EDBEA5-134A-4F2A-92BD-B1934B1774B5}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{00F0810C-FB9F-419E-A733-E1C2D2BF0F61}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{1CAECD41-255B-4CAF-97FD-C39EC768D55E}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{3C30319E-7AF3-49D8-81B5-D47479C291CE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{124533F4-A92A-4F4D-9924-1D10A9684824}C:\program files\filezilla ftp client\filezilla.exe] => (Block) C:\program files\filezilla ftp client\filezilla.exe
FirewallRules: [UDP Query User{C6860F8A-0C09-40DF-866B-90E96B99283D}C:\program files\filezilla ftp client\filezilla.exe] => (Block) C:\program files\filezilla ftp client\filezilla.exe
FirewallRules: [{264AB5B8-CD75-498E-8B47-953054497635}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe
FirewallRules: [{F00DFB9C-B1AC-4ECE-82E9-A14348755A56}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{A3D3E0FB-DCBF-4F9D-8071-20BA99588730}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{01759C89-E8FA-4D4C-82A9-F203EA3E4994}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{0546FF96-1AF0-4A50-A45F-128CE7E91014}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
 
==================== Restore Points =========================
 
25-06-2017 00:59:20 Installed Microsoft Visual C++ 2005 Redistributable
01-07-2017 14:20:26 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/08/2017 06:19:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files (x86)\microsoft visual studio 10.0\common7\ide\remote debugger\ia64\msvsmon.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/08/2017 06:17:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   19 A.B.A.1.4.0.C.1.F.4.3.A.9.F.C.6.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR Game-Over-3.local.
 
Error: (07/08/2017 06:17:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.12:5353   19 A.B.A.1.4.0.C.1.F.4.3.A.9.F.C.6.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR Game-Over-2.local.
 
Error: (07/08/2017 06:17:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   19 A.B.A.1.4.0.C.1.F.4.3.A.9.F.C.6.2.4.D.6.F.7.F.3.E.4.8.A.0.0.D.F.ip6.arpa. PTR Game-Over-3.local.
 
Error: (07/08/2017 06:17:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.12:5353   19 A.B.A.1.4.0.C.1.F.4.3.A.9.F.C.6.2.4.D.6.F.7.F.3.E.4.8.A.0.0.D.F.ip6.arpa. PTR Game-Over-2.local.
 
Error: (07/08/2017 06:17:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   19 12.0.168.192.in-addr.arpa. PTR Game-Over-3.local.
 
Error: (07/08/2017 06:17:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.12:5353   19 12.0.168.192.in-addr.arpa. PTR Game-Over-2.local.
 
Error: (07/08/2017 06:17:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Game-Over-2.local already in use; will try Game-Over-3.local instead
 
Error: (07/08/2017 06:17:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 0; will deregister   16 Game-Over-2.local. AAAA FE80:0000:0000:0000:6CF9:A34F:1C04:1ABA
 
Error: (07/08/2017 06:17:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.12:5353   16 Game-Over-2.local. AAAA FD00:A84E:3F7F:6D42:FD76:9B27:1982:BDD5
 
 
System errors:
=============
Error: (07/08/2017 08:43:28 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (07/08/2017 08:43:25 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (07/08/2017 12:41:58 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR13.
 
Error: (07/07/2017 10:34:27 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/07/2017 06:58:46 PM) (Source: DCOM) (EventID: 10010) (User: GAME-OVER)
Description: The server Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca did not register with DCOM within the required timeout.
 
Error: (07/07/2017 06:39:54 PM) (Source: DCOM) (EventID: 10010) (User: GAME-OVER)
Description: The server Microsoft.ZuneVideo_10.17042.14211.0_x64__8wekyb3d8bbwe!Microsoft.ZuneVideo.AppXjgy0dfr6tssa93yj5px65cbv2gsc8r39.mca did not register with DCOM within the required timeout.
 
Error: (07/07/2017 06:35:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/07/2017 06:35:21 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 0.0.0.0 with the system
having network hardware address 00-00-00-00-00-00. Network operations on this system may
be disrupted as a result.
 
Error: (07/04/2017 03:55:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/02/2017 04:59:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
CodeIntegrity:
===================================
  Date: 2017-07-08 19:49:31.975
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-08 19:49:31.972
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-08 19:49:09.306
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-08 19:49:09.302
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-08 19:49:08.246
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-08 19:49:08.243
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-08 19:49:02.205
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-08 19:49:02.201
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-08 19:01:38.125
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-08 19:01:38.122
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2350M CPU @ 2.30GHz
Percentage of memory in use: 59%
Total physical RAM: 5995.86 MB
Available physical RAM: 2436.78 MB
Total Virtual: 8960.63 MB
Available Virtual: 3966.71 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:451.66 GB) (Free:138.75 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 6FD7BE27)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451.7 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:10:55 PM

Posted 09 July 2017 - 06:11 AM

Joey-Sarkaria:

 
:welcome: to the Bleeping Computer Virus, Trojans, Spyware, and Malware Removal Logs Forum.  My name is Phil.  May I address you by your first name?
 
I will be assisting you with your computer issues.  I will endeavor to respond within a reasonable time, normally 48 hours after your last post.
 
Please copy and paste the contents of all requested log files directly into your replies, as you have done with your initial post.  Please do not use "code" or "quote" boxes.  Thank you for your anticipated cooperation.
 
I will need some time to review your FRST logs.  That could take a day or two.
 
PLEASE DO NOT RUN ANY ADDITIONAL SCANS OR ANTI-MALWARE REMOVAL TOOLS UNTIL YOU HAVE RECEIVED A RESPONSE FROM ME.
Doing so would complicate the situation and it would cause further delays in resolving your issues.  It could also potentially result in harm to your computer because my "fix" will be based on the FRST scan logs you have already submitted.
 
Thank you and have a great day.
 
Regards,
-Phil

Member of the Unified Network of Instructors and Trusted Eliminators


#3 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:10:55 PM

Posted 09 July 2017 - 12:05 PM

Joey-Sarkaria:

Thank you for your patience while I analyzed your FRST logs.

Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I can only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only the tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post(s), unless otherwise instructed. Please do not use code or quote boxes.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and may have been the route the malware used to infect your computer.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

.

OK, let's get started ...

.

:step1: You should back up all your important data files to an external hard drive or other external media. It is unlikely that your documents, photos, music, and videos have been infected. That is just a precaution to back them up. Malware removal can be tricky.

.

:step2: I have found some suspicious files that might be malware.

Please upload the following file(s) individually to VirusTotal.:

  • C:\Users\Prabh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msce.exe
  • C:\Users\Prabh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msces.exe
  • C:\Users\Prabh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sound.vbs
  • C:\WINDOWS\system32\epmntdrv.sys
  • C:\WINDOWS\SysWOW64\epmntdrv.sys
  • C:\WINDOWS\system32\EuGdiDrv.sys
  • C:\WINDOWS\SysWOW64\EuGdiDrv.sys
  • C:\Users\Prabh\AppData\Roaming\mcjEo.exe
  • C:\Users\Prabh\AppData\Roaming\44t6E.exe
  • C:\Users\Prabh\AppData\Roaming\rmgr7.exe
  • C:\Users\Prabh\AppData\Roaming\X3UnL.exe
  • C:\Users\Prabh\AppData\Roaming\F5xLE.exe
  • C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll
  • C:\WINDOWS\system32\xboxgipsynthetic.dll
  • Please press the Scan it! button to produce a fresh scan.
  • When the scan completes, please copy and paste the URL/link at the top of the screen into your next reply so that I can review the scan results.
  • Repeat until all of the files listed above have been scanned and all URLs/links have been copied into your reply.

.

:step3: In going over your logs I noticed that you have BitTorrent installed. Please consider the following advice to reduce the possibility of being infected when surfing the web.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, your computer will get infected again.
I would recommend that you uninstall BitTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.

.

:step4: Did you install this Chrome extension? My research indicates that it is very questionable and may be associated with phishing attempts. I would recommend that you disable and delete this extension.

 

CHR Extension: (AdF.ly Skipper ★WORKING: 7/1/2017★) - C:\Users\Prabh\AppData\Local\Google\Chrome\User Data\Default\Extensions\obnfifcganohemahpomajbhocfkdgmjb [2017-07-01]


.

:step5: Please run a FRST fix for me.

NOTICE: This FRST "fixlist" script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.
 

Start::
CreateRestorePoint:
CloseProcesses:
File: C:\Users\Prabh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msce.exe
File: C:\Users\Prabh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msces.exe
File: C:\Users\Prabh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sound.vbs
File: C:\WINDOWS\system32\epmntdrv.sys
File: C:\WINDOWS\SysWOW64\epmntdrv.sys
File: C:\WINDOWS\system32\EuGdiDrv.sys
File: C:\WINDOWS\SysWOW64\EuGdiDrv.sys
Folder: C:\Users\Prabh\AppData\Roaming\djz89is
Folder: C:\Users\Prabh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winnydows
Folder: C:\Program Files (x86)\Winnydows
File: C:\Users\Prabh\AppData\Roaming\mcjEo.exe
File: C:\Users\Prabh\AppData\Roaming\44t6E.exe
File: C:\Users\Prabh\AppData\Roaming\rmgr7.exe
File: C:\Users\Prabh\AppData\Roaming\X3UnL.exe
File: C:\Users\Prabh\AppData\Roaming\F5xLE.exe
File: C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll
File: C:\WINDOWS\system32\xboxgipsynthetic.dll
ContextMenuHandlers01: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} =>  -> No File
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
Task: {1ED8B0D7-7A62-4EF2-8E17-C8100581DD98} - \OneDrive Standalone Update Task v2 -> No File <==== ATTENTION
EmptyTemp:
End::
  • Please highlight the entire contents of the code box above, from the "Start::" line to the "End::" line, including both of those lines, right click, and select "Copy", which will copy the "fix" script into the Windows clipboard.
  • Right click FRST/FRST64.exe, and select "Run as Administrator".
  • Press Fix button once and wait.
  • Please reboot the computer, if requested.
  • A log file called "fixlog.txt" will be saved in the same folder as the FRST program is located.
  • Please copy and paste the contents of the "fixlog.txt" file into your next reply.

.


Thank you and have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#4 Joey-Sarkaria

Joey-Sarkaria
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  

Posted 09 July 2017 - 10:01 PM

Joey-Sarkaria:

Thank you for your patience while I analyzed your FRST logs.

Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I can only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only the tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post(s), unless otherwise instructed. Please do not use code or quote boxes.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and may have been the route the malware used to infect your computer.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

.

OK, let's get started ...

.

:step1: You should back up all your important data files to an external hard drive or other external media. It is unlikely that your documents, photos, music, and videos have been infected. That is just a precaution to back them up. Malware removal can be tricky.

.

:step2: I have found some suspicious files that might be malware.

Please upload the following file(s) individually to VirusTotal.:

  • C:\Users\Prabh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msce.exe
  • C:\Users\Prabh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msces.exe
  • C:\Users\Prabh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sound.vbs
  • C:\WINDOWS\system32\epmntdrv.sys
  • C:\WINDOWS\SysWOW64\epmntdrv.sys
  • C:\WINDOWS\system32\EuGdiDrv.sys
  • C:\WINDOWS\SysWOW64\EuGdiDrv.sys
  • C:\Users\Prabh\AppData\Roaming\mcjEo.exe
  • C:\Users\Prabh\AppData\Roaming\44t6E.exe
  • C:\Users\Prabh\AppData\Roaming\rmgr7.exe
  • C:\Users\Prabh\AppData\Roaming\X3UnL.exe
  • C:\Users\Prabh\AppData\Roaming\F5xLE.exe
  • C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll
  • C:\WINDOWS\system32\xboxgipsynthetic.dll
  • Please press the Scan it! button to produce a fresh scan.
  • When the scan completes, please copy and paste the URL/link at the top of the screen into your next reply so that I can review the scan results.
  • Repeat until all of the files listed above have been scanned and all URLs/links have been copied into your reply.

.

:step3: In going over your logs I noticed that you have BitTorrent installed. Please consider the following advice to reduce the possibility of being infected when surfing the web.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, your computer will get infected again.
I would recommend that you uninstall BitTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.

.

:step4: Did you install this Chrome extension? My research indicates that it is very questionable and may be associated with phishing attempts. I would recommend that you disable and delete this extension.

 

CHR Extension: (AdF.ly Skipper ★WORKING: 7/1/2017★) - C:\Users\Prabh\AppData\Local\Google\Chrome\User Data\Default\Extensions\obnfifcganohemahpomajbhocfkdgmjb [2017-07-01]


.

:step5: Please run a FRST fix for me.

NOTICE: This FRST "fixlist" script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.
 

Start::
CreateRestorePoint:
CloseProcesses:
File: C:\Users\Prabh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msce.exe
File: C:\Users\Prabh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msces.exe
File: C:\Users\Prabh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sound.vbs
File: C:\WINDOWS\system32\epmntdrv.sys
File: C:\WINDOWS\SysWOW64\epmntdrv.sys
File: C:\WINDOWS\system32\EuGdiDrv.sys
File: C:\WINDOWS\SysWOW64\EuGdiDrv.sys
Folder: C:\Users\Prabh\AppData\Roaming\djz89is
Folder: C:\Users\Prabh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winnydows
Folder: C:\Program Files (x86)\Winnydows
File: C:\Users\Prabh\AppData\Roaming\mcjEo.exe
File: C:\Users\Prabh\AppData\Roaming\44t6E.exe
File: C:\Users\Prabh\AppData\Roaming\rmgr7.exe
File: C:\Users\Prabh\AppData\Roaming\X3UnL.exe
File: C:\Users\Prabh\AppData\Roaming\F5xLE.exe
File: C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll
File: C:\WINDOWS\system32\xboxgipsynthetic.dll
ContextMenuHandlers01: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} =>  -> No File
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
Task: {1ED8B0D7-7A62-4EF2-8E17-C8100581DD98} - \OneDrive Standalone Update Task v2 -> No File <==== ATTENTION
EmptyTemp:
End::
  • Please highlight the entire contents of the code box above, from the "Start::" line to the "End::" line, including both of those lines, right click, and select "Copy", which will copy the "fix" script into the Windows clipboard.
  • Right click FRST/FRST64.exe, and select "Run as Administrator".
  • Press Fix button once and wait.
  • Please reboot the computer, if requested.
  • A log file called "fixlog.txt" will be saved in the same folder as the FRST program is located.
  • Please copy and paste the contents of the "fixlog.txt" file into your next reply.

.


Thank you and have a great day.

Regards,
-Phil

:step1:  I am backing it up right now, it's on 7% total file size tranferring is 130 gb so will take a awhile.

:step2: Virus Total for followings things you've asked 

1. https://www.virustotal.com/en/file/3671cd2ac2bb1e8267192f8608d1395437893525a26826bfd07103a1b998b4aa/analysis/

2. https://www.virustotal.com/en/file/42c711e313531ae2869ce385eec0a883bb5cfdd165fe7ec3cf3ebda4e04eb9e1/analysis/

3. https://www.virustotal.com/en/file/839b9f4173c2f21074568c8f4d6b106c575d4bb26631826e937c70905055c6ae/analysis/1499651266/

4. https://www.virustotal.com/en/file/7eb808fcefb69ab8b38158825ad368bfd2631a3620e2b466390ec1e1b7147c1b/analysis/

5. https://www.virustotal.com/en/file/5e8b32d70be5854f26f8ceead539a5e28b54e2dee764456507083bfbcb301538/analysis/

6. https://www.virustotal.com/en/file/b3c1def26c9c9123d34395717220b450c705b5fa9fc8e321adc444a4d63e6f36/analysis/

7. https://www.virustotal.com/en/file/88210b2651b27a669307e464150ae87486647558a0e2b40e308a20e72a4bd2fd/analysis/

8. https://www.virustotal.com/en/file/d1e563c162c472b19b6ccd112341fda3d0d64cbe5c7f39584af56be1e84cf32a/analysis/

9. https://www.virustotal.com/en/file/b7dc643c989ee70c6a30f77f4e49f087b66e376203d9e0871e173d262c9903ba/analysis/

10. https://www.virustotal.com/en/file/48c07237e7f8471012b1443fefca4f013cc988a50c866aadac4ec5026b6fa497/analysis/

11. https://www.virustotal.com/en/file/222af0e3efff4de4f76328410b01f32f462c3d6d36a87622e234c30a8c38728f/analysis/1499654981/

12. https://www.virustotal.com/en/file/27cbab70186d0cb43c5957d58c026ede4cc6b4ee9650b715a6cad7c8fd9beaa7/analysis/

13. https://www.virustotal.com/en/file/28894f2670fc959285ed620cc6018d91a91e775968f6acfd6b02dec677ea2dda/analysis/

14. https://www.virustotal.com/en/file/ec670fad735718ffbedbdaf3f777491423dfa8c25afda937a53f472b5c6ae563/analysis/

 

:step3: Yes, i am aware that i have bit torrent downloaded and i do use vpn and i do not click on malicious stuff like popups and ads. But i wont use the bittorrent until my pc is cleaned.

 

:step4: I did added that extension and i removed it from chrome now.

:step5: Doesn't let me do the fix scan, says could not locate the file fix in the same folder something like that.



#5 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:10:55 PM

Posted 10 July 2017 - 12:31 PM

Joey-Sarkaria:

Thank you for your post. I would ask that you not quote my previous posts. It is of no value.

.

:step1: Hopefully your backup is completed by now. That is one of the most overlooked security precautions.

.

:step2: Thank you for the VirusTotal scan results. I am supplying an amended FRST "fixlist" script, based on the VT scan results.

.

:step3: Thank you for agreeing to suspend use of P2P software while we disinfect your computer. :thumbup2:

.

:step4: Thank you for removing the Chrome extension that I suggested be removed. :thumbup2:

.

step5: Please run a FRST fix for me.

NOTICE: This "fixlist" script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.



start::
CreateRestorePoint:
CloseProcesses:
Startup: C:\Users\Prabh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msce.exe [2017-06-22] ()
C:\Users\Prabh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msce.exe
Startup: C:\Users\Prabh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msces.exe [2017-06-22] ()
C:\Users\Prabh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msces.exe
Startup: C:\Users\Prabh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sound.vbs [2017-06-03] ()
C:\Users\Prabh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sound.vbs
Folder: C:\Users\Prabh\AppData\Roaming\djz89is
Folder: C:\Users\Prabh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winnydows
Folder: C:\Program Files (x86)\Winnydows
C:\Users\Prabh\AppData\Roaming\mcjEo.exe
C:\Users\Prabh\AppData\Roaming\44t6E.exe
C:\Users\Prabh\AppData\Roaming\rmgr7.exe
C:\Users\Prabh\AppData\Roaming\X3UnL.exe
C:\Users\Prabh\AppData\Roaming\F5xLE.exe
ContextMenuHandlers01: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} =>  -> No File
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
Task: {1ED8B0D7-7A62-4EF2-8E17-C8100581DD98} - \OneDrive Standalone Update Task v2 -> No File <==== ATTENTION
EmptyTemp:
End::
  • Please highlight the entire contents of the code box above, from the "Start::" line to the "End::" line, including both of those lines, right click, and select "Copy" to copy the "fix" script into the Windows clipboard.
  • Right click FRST64.exe, and select "Run as Administrator".
  • Press Fix button once and wait.
  • If that does not work for you, please download and copy the attached "fixlist.txt" file to this folder, where FRST64.exe is located: C:\Users\Prabh\Downloads. Then press the "Fix" button again.
  • Please reboot the computer, if requested.
  • A log file called "fixlog.txt" will be saved in the same folder as the FRST program is located.
  • Please copy and paste the contents of the "fixlog.txt" file directly into your next reply.

.

Thank you and have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#6 Joey-Sarkaria

Joey-Sarkaria
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  

Posted 10 July 2017 - 12:43 PM

Joey-Sarkaria:

Thank you for your post. I would ask that you not quote my previous posts. It is of no value.

.

:step1: Hopefully your backup is completed by now. That is one of the most overlooked security precautions.

.

:step2: Thank you for the VirusTotal scan results. I am supplying an amended FRST "fixlist" script, based on the VT scan results.

.

:step3: Thank you for agreeing to suspend use of P2P software while we disinfect your computer. :thumbup2:

.

:step4: Thank you for removing the Chrome extension that I suggested be removed. :thumbup2:

.

step5: Please run a FRST fix for me.

NOTICE: This "fixlist" script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.



start::
CreateRestorePoint:
CloseProcesses:
Startup: C:\Users\Prabh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msce.exe [2017-06-22] ()
C:\Users\Prabh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msce.exe
Startup: C:\Users\Prabh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msces.exe [2017-06-22] ()
C:\Users\Prabh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msces.exe
Startup: C:\Users\Prabh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sound.vbs [2017-06-03] ()
C:\Users\Prabh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sound.vbs
Folder: C:\Users\Prabh\AppData\Roaming\djz89is
Folder: C:\Users\Prabh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winnydows
Folder: C:\Program Files (x86)\Winnydows
C:\Users\Prabh\AppData\Roaming\mcjEo.exe
C:\Users\Prabh\AppData\Roaming\44t6E.exe
C:\Users\Prabh\AppData\Roaming\rmgr7.exe
C:\Users\Prabh\AppData\Roaming\X3UnL.exe
C:\Users\Prabh\AppData\Roaming\F5xLE.exe
ContextMenuHandlers01: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} =>  -> No File
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
Task: {1ED8B0D7-7A62-4EF2-8E17-C8100581DD98} - \OneDrive Standalone Update Task v2 -> No File <==== ATTENTION
EmptyTemp:
End::
  • Please highlight the entire contents of the code box above, from the "Start::" line to the "End::" line, including both of those lines, right click, and select "Copy" to copy the "fix" script into the Windows clipboard.
  • Right click FRST64.exe, and select "Run as Administrator".
  • Press Fix button once and wait.
  • If that does not work for you, please download and copy the attached "fixlist.txt" file to this folder, where FRST64.exe is located: C:\Users\Prabh\Downloads. Then press the "Fix" button again.
  • Please reboot the computer, if requested.
  • A log file called "fixlog.txt" will be saved in the same folder as the FRST program is located.
  • Please copy and paste the contents of the "fixlog.txt" file directly into your next reply.

.

Thank you and have a great day.

Regards,
-Phil

No my backup was so it's still in process 58% completed. 

Yes i was able to start fix and here is the log-

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 08-07-2017

Ran by Prabh (10-07-2017 10:42:00) Run:1

Running from C:\Users\Prabh\Downloads

Loaded Profiles: Prabh & netfl (Available Profiles: Prabh & netfl)

Boot Mode: Normal

==============================================

 

fixlist content:

*****************

start

CreateRestorePoint

CloseProcesses

Startup CUsersPrabhAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupmsce.exe [2017-06-22] ()

CUsersPrabhAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupmsce.exe

Startup CUsersPrabhAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupmsces.exe [2017-06-22] ()

CUsersPrabhAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupmsces.exe

Startup CUsersPrabhAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupsound.vbs [2017-06-03] ()

CUsersPrabhAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupsound.vbs

Folder CUsersPrabhAppDataRoamingdjz89is

Folder CUsersPrabhAppDataRoamingMicrosoftWindowsStart MenuProgramsWinnydows

Folder CProgram Files (x86)Winnydows

CUsersPrabhAppDataRoamingmcjEo.exe

CUsersPrabhAppDataRoaming44t6E.exe

CUsersPrabhAppDataRoamingrmgr7.exe

CUsersPrabhAppDataRoamingX3UnL.exe

CUsersPrabhAppDataRoamingF5xLE.exe

ContextMenuHandlers01 [Cover Designer] - {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} =  - No File

ContextMenuHandlers01 [WinRAR32] - {B41DB860-8EE4-11D2-9906-E49FADC173CA} =  - No File

ContextMenuHandlers06 [WinRAR32] - {B41DB860-8EE4-11D2-9906-E49FADC173CA} =  - No File

Task {1ED8B0D7-7A62-4EF2-8E17-C8100581DD98} - OneDrive Standalone Update Task v2 - No File ==== ATTENTION

EmptyTemp

End

*****************

 

CreateRestorePoint => Error: No automatic fix found for this entry.

CloseProcesses => Error: No automatic fix found for this entry.

Startup CUsersPrabhAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupmsce.exe [2017-06-22] () => Error: No automatic fix found for this entry.

CUsersPrabhAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupmsce.exe => Error: No automatic fix found for this entry.

Startup CUsersPrabhAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupmsces.exe [2017-06-22] () => Error: No automatic fix found for this entry.

CUsersPrabhAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupmsces.exe => Error: No automatic fix found for this entry.

Startup CUsersPrabhAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupsound.vbs [2017-06-03] () => Error: No automatic fix found for this entry.

CUsersPrabhAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupsound.vbs => Error: No automatic fix found for this entry.

Folder CUsersPrabhAppDataRoamingdjz89is => Error: No automatic fix found for this entry.

Folder CUsersPrabhAppDataRoamingMicrosoftWindowsStart MenuProgramsWinnydows => Error: No automatic fix found for this entry.

Folder CProgram Files (x86)Winnydows => Error: No automatic fix found for this entry.

CUsersPrabhAppDataRoamingmcjEo.exe => Error: No automatic fix found for this entry.

CUsersPrabhAppDataRoaming44t6E.exe => Error: No automatic fix found for this entry.

CUsersPrabhAppDataRoamingrmgr7.exe => Error: No automatic fix found for this entry.

CUsersPrabhAppDataRoamingX3UnL.exe => Error: No automatic fix found for this entry.

CUsersPrabhAppDataRoamingF5xLE.exe => Error: No automatic fix found for this entry.

ContextMenuHandlers01 [Cover Designer] - {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} =  - No File => Error: No automatic fix found for this entry.

ContextMenuHandlers01 [WinRAR32] - {B41DB860-8EE4-11D2-9906-E49FADC173CA} =  - No File => Error: No automatic fix found for this entry.

ContextMenuHandlers06 [WinRAR32] - {B41DB860-8EE4-11D2-9906-E49FADC173CA} =  - No File => Error: No automatic fix found for this entry.

Task {1ED8B0D7-7A62-4EF2-8E17-C8100581DD98} - OneDrive Standalone Update Task v2 - No File ==== ATTENTION => Error: No automatic fix found for this entry.

EmptyTemp => Error: No automatic fix found for this entry.

 

==== End of Fixlog 10:42:00 ====



#7 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:10:55 PM

Posted 10 July 2017 - 01:03 PM

Joey-Sarkaria:

 

Thank you for your post.  It appears that you might not be following the FRST "fixlist.txt" instructions that I provided.  The entire script bombed.

 

If you look, you will see that the FRST "fixlist" script syntax in your last post does not match the syntax that I provided to you in my previous post.  There are colons missing and the file path backslashes are gone.  I am not sure what you are doing wrong?  Is it possible you are trying to use a word processing program to handle the FRST "fixlist" script?  If so, don't.

 

Did you try to download the "fixlist.txt" file that I attached to my last post?

 

Please download and copy that attached "fixlist.txt" file to the exact same folder where FRST64.exe is located.  The right-click FRST64.exe, select "Run as Administrator" and press the "Fix" button once.  Do nothing else.

 

Please copy and paste the contents of the resulting "fixlog.txt" file into your next reply.

 

Good luck, thank you, and have a great day,  ... and please stop quoting my posts to you.

 

Regards,

-Phil


Edited by garioch7, 10 July 2017 - 01:03 PM.

Member of the Unified Network of Instructors and Trusted Eliminators


#8 Joey-Sarkaria

Joey-Sarkaria
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  

Posted 10 July 2017 - 08:43 PM

Post too long so i am attaching the file!

Attached Files



#9 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:10:55 PM

Posted 11 July 2017 - 04:50 AM

Joey-Sarkaria:

 

Thank you for your "fixlog.txt" file.  The Winnydows folder search resulted in the large log size.

 

The fixlist.txt script executed properly this time.   :thumbup2:

 

How is your computer working now?  If there are still issues, please describe them in as much detail as possible, and provide the content of any error messages or screen pop-ups that occur.

 

If all is reasonably good, then we will continue with some standard anti-malware scans to ensure that your computer is completely disinfected.

 

Please note that, due to "real life" commitments, I will be unavailable until tomorrow afternoon.  Thank you for your understanding.

 

Have a great day.

 

Regards,

-Phil

 

 


Member of the Unified Network of Instructors and Trusted Eliminators


#10 Joey-Sarkaria

Joey-Sarkaria
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  

Posted 11 July 2017 - 05:30 AM

there is a difference yes but i got this notification from malwarebytes like sound.exe found or sometimes my computer gets slow, it wont even open task manager :/ like happened today, i was tranferring one folder to dropbox and it got too slow it wont respond me !



#11 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:10:55 PM

Posted 11 July 2017 - 06:23 AM

Joey-Sarkaria:
 
Thank you for your post.  I just saw it before I was heading out to mow my large rural property which takes the day, so I won't be back until tomorrow afternoon.  In the meantime, let's run some more standard anti-malware scans.
 
I know that you have already run the ESET online scan and Malwarebytes before.  I ask that you follow all of the instructions below carefully because I want to see the logs of the in-depth scans.
 
.
 
:step1: ESET Online Scanner using Internet Explorer:

Note 1: These instructions are for Internet Explorer only! If you're using Chrome or Firefox, you will need to download and install the ESET Smart Installer tool before it can scan. See instructions here.
Note 2: You will need to disable your currently installed Anti-Virus, how to do so can be found here.

  • Download esetsmartinstaller_enu.exe and save it to your Desktop.
  • Double click the icon.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Then select: "Enable detection of potentially unwanted applications" - Yes.
  • Click Advanced settings.
  • Check the following items.

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Change next to Current scan targets:
  • Place a check mark in any additional drive you wish to scan then click OK.
  • Click Start.
  • ESET will then download updates and begin scanning your computer.
  • If no threats are found simply click Uninstall application on close and hit Finish.
  • If threats are found click List of found threats.
  • Click Export to text file.
  • Save the file on your Desktop as ESET.txt.
  • Click Back.
  • Check Uninstall application on close and Delete quarantined files.
  • Click Finish.
  • Close the ESET Online Scanner window.
  • Copy and paste the contents of ESET.txt into your reply, if any threats were detected.

Don't forget to re-enable your antivirus when finished!

.

:step2: Please run a Malwarebytes Anti-Malware scan for me.

  • Please download Malwarebytes to your Desktop.
  • Double-click mb3-setup-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Next, please go to "Settings", "Protection", and turn on "Scan for rootkits", if it is not "On."
  • Ensure that under "Potential Threat Protetion", both switches are set to "Always Detect PUPs/PUMs (recommended).
  • Then scroll to the bottom of that page and ensure that "Automatic Quarantine" is turned "On."
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If an update of the definitions is available, it will be downloaded and installed before the scan commences.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.

The Scan log is available through History ->Application logs. Please copy and paste the contents of the log into your next reply.

.

Thank you and have a great day. Be back tomorrow.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#12 Joey-Sarkaria

Joey-Sarkaria
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  

Posted 11 July 2017 - 08:53 AM

Eset smart scanner got stuck at 39%, won't go further ! My anti virus and windows defender is off



#13 Joey-Sarkaria

Joey-Sarkaria
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  

Posted 11 July 2017 - 05:33 PM

C:\FRST\Quarantine\C\Users\Prabh\AppData\Roaming\44t6E.exe.xBAD a variant of MSIL/Kryptik.JUG trojan cleaned by deleting

C:\FRST\Quarantine\C\Users\Prabh\AppData\Roaming\mcjEo.exe.xBAD a variant of MSIL/Kryptik.JWG trojan cleaned by deleting

C:\FRST\Quarantine\C\Users\Prabh\AppData\Roaming\rmgr7.exe.xBAD BAT/CoinMiner.QI trojan cleaned by deleting

C:\Program Files (x86)\iMCS Productions\Black Ops 3 - Public Cheater\Black Ops 3 - Public Cheater.exe a variant of Win32/Packed.Themida suspicious application cleaned by deleting

C:\Users\Prabh\Documents\Black Ops2\BO2DestinyV1.12_CCAPI_package.rar a variant of Win32/Packed.Themida suspicious application deleted

C:\Users\Prabh\Documents\Black Ops2\Project Theolonius.rar a variant of Generik.LSIYVPH trojan deleted

C:\Users\Prabh\Documents\Black Ops2\setup-bo3pc-1.00.exe a variant of Win32/Packed.Themida suspicious application cleaned by deleting

C:\Users\Prabh\Documents\Black Ops2\BO2DestinyV1.12_CCAPI_package\BO2Destiny_CCAPI.exe a variant of Win32/Packed.Themida suspicious application cleaned by deleting

C:\Users\Prabh\Documents\Black Ops2\Project Theolonius\Project Theolonius\Project Theolonius.exe a variant of Generik.LSIYVPH trojan cleaned by deleting

C:\Users\Prabh\Downloads\Call of DDoS (PS3 Edition).exe a variant of MSIL/Packed.Confuser.J suspicious application cleaned by deleting

C:\Users\Prabh\Downloads\Call of DDoS (PS3 Edition).rar a variant of MSIL/Packed.Confuser.J suspicious application deleted

C:\Users\Prabh\Downloads\Call of DDoS (PS3 Edition)\Call of DDoS (PS3 Edition).exe a variant of MSIL/Packed.Confuser.J suspicious application cleaned by deleting

C:\Users\Prabh\Downloads\iMCS Productions\setup-bo3pc.exe a variant of Win32/Packed.Themida suspicious application cleaned by deleting



#14 Joey-Sarkaria

Joey-Sarkaria
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  

Posted 11 July 2017 - 07:07 PM

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 2017-07-11

Scan Time: 3:34 PM

Logfile: MalwareBytes.txt

Administrator: Yes

 

Version: 2.2.1.1043

Malware Database: v2016.02.16.06

Rootkit Database: v2016.02.08.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 10

CPU: x64

File System: NTFS

User: Prabh

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 413427

Time Elapsed: 44 min, 27 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)



#15 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:10:55 PM

Posted 12 July 2017 - 12:15 PM

Joey-Sarkaria:
 
Thank you for your ESET and MBAM logs.  Let's run a few more scans to see if there are any nuisance malware apps still lurking in your computer.
 
.
 
:step1: Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait for it to complete the update.
  • Click on I Agree button.
  • Click on the Scan button.
  • AdwCleaner will begin its scan ... please be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, then make sure that you uncheck it before running the "Clean" process.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • After the scan has finished ...
  • Uncheck any PUP and adware applications that you want to keep.
  • Then click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Please copy and paste the contents of that logfile into your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

.

:step2: Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Please copy and paste the contents of JRT.txt into your next message.

.

Thank you and have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users