Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Another Smart Service Mark


  • This topic is locked This topic is locked
13 replies to this topic

#1 wyton

wyton

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 17 July 2017 - 08:14 PM

They got me.

 

I've tried to get rid of it myself but I can't get rid of it.

 

I managed to get Zemera unblocked by using the Emisoft emergency tool, but it won't delete enough of the malware to allow me to open the Malwarebytes rootkit program (or any other of the dozen or so programs I've tried to get rid of this thing. both Zemera and Emisoft are able to see the rootkits but neither can delete it. Zemara asks me to reboot my system but doesn't solve the problem and I get the same message again and again. 

 

Full Disclosure: I ran the farbar program and did my own fixlog, which allowed me to open malwarebytes, but the program froze after two hours. After a reboot it went back to "program is in use" notice. The only progress I've made is in unblocking my VPN. 

 

Here is a copy of the post fixit log from my first attempt at ridding myself of this petulance. (the delay coming from the negative energy from this virus cracking the plastic around my laptop hinge, which took nearly a week of epoxy experimentation to fix.)  

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 28-06-2017
Ran by cwebb (29-06-2017 01:43:36) Run:1
Running from e:\
Loaded Profiles: cwebb (Available Profiles: defaultuser0 & cwebb)
Boot Mode: Safe Mode (minimal)
==============================================

fixlist content:
*****************
C:\Users\cwebb\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
C:\Users\cwebb\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exeHKLM-x32\...\Run: [cpx] => "C:\Users\cwebb\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <==== ATTENTION
HKLM-x32\...\Run: [svcvmx] => C:\Users\cwebb\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe [884224 2017-04-21]
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
R2 Dataup; C:\Users\cwebb\AppData\Local\ntuserlitelist\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
S2 windowsmanagementservice; C:\Users\cwebb\AppData\Local\ykldd\orjhpr\ct.exe [0 2017-06-15] () <==== ATTENTION (zero byte File/Folder) <==== ATTENTION
S4 0a9c18fec9e5936133109e20b79e627d; "C:\Program Files\0a9c18fec9e5936133109e20b79e627d\8ee4cd5b60c4d41f7d11876628d83604.exe"
R5 drmkpro64;  <==== ATTENTION: Locked Service <==== ATTENTION
2017-06-16 18:05 - 2017-06-16 18:06 - 00000000 ____D C:\Users\cwebb\AppData\Roaming\iSpy
2017-06-14 10:08 - 2017-06-28 04:26 - 00000000 ____D C:\WINDOWS\pss
2017-06-14 08:44 - 2017-06-15 15:03 - 00000000 ____D C:\Users\cwebb\AppData\Roaming\ck1jwcawfmo
2017-06-14 08:41 - 2017-06-15 15:03 - 00000000 ____D C:\Users\cwebb\AppData\Roaming\z3uk3hf4pqk
2017-06-14 08:02 - 2017-06-28 09:52 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-14 07:54 - 2017-06-15 15:03 - 00000000 ____D C:\Users\cwebb\AppData\Roaming\go5ha440xhe
2017-06-14 07:50 - 2017-06-15 15:03 - 00000000 ____D C:\Users\cwebb\AppData\Roaming\2yjyg4h1mwh
2017-06-14 07:48 - 2017-06-15 15:03 - 00000000 ____D C:\Users\cwebb\AppData\Roaming\hfrcbonkv40
2017-06-14 07:43 - 2017-06-15 15:03 - 00000000 ____D C:\Users\cwebb\AppData\Roaming\1rdgzm1tasi
2017-06-14 07:41 - 2017-06-28 05:20 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-14 07:41 - 2017-06-26 22:12 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-06-14 07:41 - 2017-06-15 15:03 - 00000000 ____D C:\Users\cwebb\AppData\Roaming\w0avroqyxbc
2017-06-14 07:40 - 2017-06-28 01:54 - 00000000 ____D C:\Users\cwebb\AppData\Local\ntuserlitelist
2017-06-14 07:40 - 2017-06-15 15:22 - 00000000 ____D C:\Users\cwebb\AppData\Local\llssoft
2017-06-14 07:40 - 2017-06-15 15:03 - 00000000 ____D C:\Users\cwebb\AppData\Roaming\4ze22qswvxx
2017-06-14 07:40 - 2017-06-15 15:03 - 00000000 ____D C:\Users\cwebb\AppData\Local\kceuifma
2017-06-14 07:40 - 2017-06-14 07:40 - 00000000 ____D C:\Users\cwebb\AppData\Roaming\c
2017-06-14 07:40 - 2017-06-14 07:40 - 00000000 ____D C:\Users\cwebb\AppData\Local\ykldd
2017-06-14 07:39 - 2017-06-15 15:11 - 00000000 ____D C:\WINDOWS\silversatellite
2017-06-14 07:39 - 2017-06-15 15:03 - 00000000 ____D C:\Users\cwebb\AppData\Roaming\i24jqgcldlf
2017-06-14 07:39 - 2017-06-15 14:24 - 00187904 _____ C:\WINDOWS\rsrcs.dll
2017-06-14 07:39 - 2017-06-14 07:39 - 00002285 ___RS C:\Users\Public\Desktop\Рaragоn Drivе Сорy™ 15 Рrоfessionаl.lnk
2017-06-14 07:39 - 2017-06-14 07:39 - 00001328 ___RS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Мozilla Firеfoх.lnk
2017-06-14 07:39 - 2017-06-14 07:39 - 00001298 ___RS C:\Users\Public\Desktop\Моzillа Firеfoх.lnk
2017-06-14 07:38 - 2017-06-14 07:38 - 00000000 ____D C:\Users\cwebb\AppData\Local\RenewSoftware.com
2017-06-14 07:38 - 2017-06-14 07:38 - 00000000 ____D C:\ProgramData\Caphyon
2017-06-14 07:38 - 2017-06-14 07:38 - 00000000 ____D C:\Program Files (x86)\RenewSoftware.com
2017-06-14 07:37 - 2017-06-14 07:37 - 00000000 ____D C:\Users\cwebb\AppData\Roaming\RenewSoftware.com
2017-06-14 07:37 - 2017-06-14 07:37 - 00000000 ____D C:\Users\cwebb\AppData\Local\AdvinstAnalytics
Administrator (S-1-5-21-2715202246-2456054378-4196450346-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2715202246-2456054378-4196450346-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-2715202246-2456054378-4196450346-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-2715202246-2456054378-4196450346-501 - Limited - Disabled)
Administrator (S-1-5-21-2715202246-2456054378-4196450346-500 - Administrator - Disabled)
cwebb (S-1-5-21-2715202246-2456054378-4196450346-1001 - Administrator - Enabled) => C:\Users\cwebb
DefaultAccount (S-1-5-21-2715202246-2456054378-4196450346-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-2715202246-2456054378-4196450346-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-2715202246-2456054378-4196450346-501 - Limited - Disabled)
Stopping Plex (HKLM-x32\...\{630E9167-7F30-4474-B4BE-28C6689E559D}) (Version: 1.5.3634 - Plex, Inc.) Hidden

Task: {2614EAD1-FB3E-4814-98BC-F3DEB89D274E} - System32\Tasks\0a9c18fec9e5936133109e20b79e627d => sc start 0a9c18fec9e5936133109e20b79e627d <==== ATTENTION
Task: {4BB5EFA6-DADF-481F-973C-314421E3657B} - System32\Tasks\nvfontcache => C:\Users\cwebb\AppData\Local\nvfontcache\nvfontcache.exe <==== ATTENTION
Task: {75F8A9C7-18B2-4F7F-86AB-0202AB822844} - System32\Tasks\{382206AF-3B40-4179-A5AB-6282A401826A} => C:\Users\cwebb\AppData\Local\Temp\D24C367E-5076-4930-92E7-79723CDDE107\ga_service.exe <==== ATTENTION
=> C:\Users\cwebb\AppData\Local\Temp\RarSFX0\AutoPico.exe <==== ATTENTION
Task: {F72C1733-385E-47ED-929C-66CE8AD54BA0} - \{087D7A47-0E05-7F0C-7D11-7D0C0F7F1178} -> No File <==== ATTENTION
\Browsers\exe.emorhc.bat (No File) <==== Cyrillic
\exe.xoferif.bat (No File) <==== Cyrillic
 C:\Users\cwebb\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <==== Cyrillic
\Roaming\Browsers\exe.xoferif.bat (No File) <==== Cyrillic
\cwebb\AppData\Roaming\Browsers\exe.rehcnual.bat (No File) <==== Cyrillic
\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www-searching.com/?prd=set_epc&s=H6Ezamobl20603AU,b021cbc5-50e4-44db-9b7e-36c71f85a37a,
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www-searching.com/?prd=set_epc&s=H6Ezamobl20603AU,b021cbc5-50e4-44db-9b7e-36c71f85a37a,
2017-01-05 17:36 - 2017-01-05 17:36 - 00077824 _____ () C:\Users\cwebb\AppData\Local\ntuserlitelist\dataup\dataup.exe
2017-04-21 15:37 - 2017-04-21 15:37 - 00884224 ____N () C:\Users\cwebb\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
2017-04-21 16:28 - 2017-04-21 16:28 - 01080832 _____ () C:\Users\cwebb\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
2016-07-16 07:47 - 2017-06-14 07:40 - 00001688 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 wemsofts.com
127.0.0.1 bongadoom.com
127.0.0.1 wepcmainsystem.com
127.0.0.1 internalcampaigntargets.com
127.0.0.1 bongadoom.com
127.0.0.1 getthefilenow.com
127.0.0.1 bigpicturepop.com
127.0.0.1 wizzcaster.com
127.0.0.1 bestoffersfortoday.com
127.0.0.1 wepcmainsystem.com
127.0.0.1 agent.wizztrakys.com
127.0.0.1 csdimonetize.com
127.0.0.1 dl.azalee.site
127.0.0.1 titiaredh.com
127.0.0.1 wepcdisplaysystem.com
127.0.0.1 wepcanalyticsystem.com
127.0.0.1 healthydownload.com
127.0.0.1 leading2download.com
127.0.0.1 dwl0.wizzlabs.com
127.0.0.1 dwl1.wizzlabs.com
127.0.0.1 installpixel.com
127.0.0.1 burningcube.ru
127.0.0.1 mess1.wizzmonetize.com
127.0.0.1 dl.azalee.site
127.0.0.1 dl.smashdl.com
127.0.0.1 downloadmyhost.com


CMD:
EMPTYTEMP:
Reboot:

*****************

Could not move "C:\Users\cwebb\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe" => Scheduled to move on reboot.
"C:\Users\cwebb\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exeHKLM-x32\...\Run: [cpx] => C:\Users\cwebb\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <==== ATTENTION" => not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\svcvmx => value could not remove.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\system32\GroupPolicy\User => moved successfully
HKLM\System\CurrentControlSet\Services\Dataup => key could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\windowsmanagementservice => key could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\0a9c18fec9e5936133109e20b79e627d => key removed successfully
0a9c18fec9e5936133109e20b79e627d => service removed successfully
drmkpro64 => Unable to stop service.
HKLM\System\CurrentControlSet\Services\drmkpro64 => key could not remove. Access Denied.
C:\Users\cwebb\AppData\Roaming\iSpy => moved successfully
C:\WINDOWS\pss => moved successfully
C:\Users\cwebb\AppData\Roaming\ck1jwcawfmo => moved successfully
C:\Users\cwebb\AppData\Roaming\z3uk3hf4pqk => moved successfully
C:\WINDOWS\CbsTemp => moved successfully
C:\Users\cwebb\AppData\Roaming\go5ha440xhe => moved successfully
C:\Users\cwebb\AppData\Roaming\2yjyg4h1mwh => moved successfully
C:\Users\cwebb\AppData\Roaming\hfrcbonkv40 => moved successfully
C:\Users\cwebb\AppData\Roaming\1rdgzm1tasi => moved successfully
C:\WINDOWS\Tasks\SA.DAT => moved successfully
C:\WINDOWS\AppReadiness => moved successfully
C:\Users\cwebb\AppData\Roaming\w0avroqyxbc => moved successfully
C:\Users\cwebb\AppData\Local\ntuserlitelist => moved successfully
C:\Users\cwebb\AppData\Local\llssoft => moved successfully
C:\Users\cwebb\AppData\Roaming\4ze22qswvxx => moved successfully
C:\Users\cwebb\AppData\Local\kceuifma => moved successfully
C:\Users\cwebb\AppData\Roaming\c => moved successfully

"C:\Users\cwebb\AppData\Local\ykldd" folder move:

Could not move "C:\Users\cwebb\AppData\Local\ykldd" => Scheduled to move on reboot.

C:\WINDOWS\silversatellite => moved successfully
C:\Users\cwebb\AppData\Roaming\i24jqgcldlf => moved successfully
C:\WINDOWS\rsrcs.dll => moved successfully
C:\Users\Public\Desktop\Рaragоn Drivе Сорy™ 15 Рrоfessionаl.lnk => moved successfully
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Мozilla Firеfoх.lnk" => not found.
C:\Users\Public\Desktop\Моzillа Firеfoх.lnk => moved successfully
C:\Users\cwebb\AppData\Local\RenewSoftware.com => moved successfully
C:\ProgramData\Caphyon => moved successfully
C:\Program Files (x86)\RenewSoftware.com => moved successfully
C:\Users\cwebb\AppData\Roaming\RenewSoftware.com => moved successfully
C:\Users\cwebb\AppData\Local\AdvinstAnalytics => moved successfully
Administrator (S-1-5-21-2715202246-2456054378-4196450346-500 - Administrator - Disabled) => Error: No automatic fix found for this entry.
DefaultAccount (S-1-5-21-2715202246-2456054378-4196450346-503 - Limited - Disabled) => Error: No automatic fix found for this entry.
defaultuser0 (S-1-5-21-2715202246-2456054378-4196450346-1000 - Limited - Disabled) => C:\Users\defaultuser0 => Error: No automatic fix found for this entry.
Guest (S-1-5-21-2715202246-2456054378-4196450346-501 - Limited - Disabled) => Error: No automatic fix found for this entry.
Administrator (S-1-5-21-2715202246-2456054378-4196450346-500 - Administrator - Disabled) => Error: No automatic fix found for this entry.
cwebb (S-1-5-21-2715202246-2456054378-4196450346-1001 - Administrator - Enabled) => C:\Users\cwebb => Error: No automatic fix found for this entry.
DefaultAccount (S-1-5-21-2715202246-2456054378-4196450346-503 - Limited - Disabled) => Error: No automatic fix found for this entry.
defaultuser0 (S-1-5-21-2715202246-2456054378-4196450346-1000 - Limited - Disabled) => C:\Users\defaultuser0 => Error: No automatic fix found for this entry.
Guest (S-1-5-21-2715202246-2456054378-4196450346-501 - Limited - Disabled) => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{630E9167-7F30-4474-B4BE-28C6689E559D}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{2614EAD1-FB3E-4814-98BC-F3DEB89D274E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2614EAD1-FB3E-4814-98BC-F3DEB89D274E} => key removed successfully
C:\WINDOWS\System32\Tasks\0a9c18fec9e5936133109e20b79e627d => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0a9c18fec9e5936133109e20b79e627d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4BB5EFA6-DADF-481F-973C-314421E3657B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4BB5EFA6-DADF-481F-973C-314421E3657B} => key removed successfully
C:\WINDOWS\System32\Tasks\nvfontcache => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\nvfontcache => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{75F8A9C7-18B2-4F7F-86AB-0202AB822844} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75F8A9C7-18B2-4F7F-86AB-0202AB822844} => key removed successfully
C:\WINDOWS\System32\Tasks\{382206AF-3B40-4179-A5AB-6282A401826A} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{382206AF-3B40-4179-A5AB-6282A401826A} => key removed successfully
=> C:\Users\cwebb\AppData\Local\Temp\RarSFX0\AutoPico.exe <==== ATTENTION => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F72C1733-385E-47ED-929C-66CE8AD54BA0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F72C1733-385E-47ED-929C-66CE8AD54BA0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{087D7A47-0E05-7F0C-7D11-7D0C0F7F1178} => key removed successfully
\Browsers\exe.emorhc.bat (No File) <==== Cyrillic => Error: No automatic fix found for this entry.
\exe.xoferif.bat (No File) <==== Cyrillic => Error: No automatic fix found for this entry.
"C:\Users\cwebb\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <==== Cyrillic" => not found.
\Roaming\Browsers\exe.xoferif.bat (No File) <==== Cyrillic => Error: No automatic fix found for this entry.
\cwebb\AppData\Roaming\Browsers\exe.rehcnual.bat (No File) <==== Cyrillic => Error: No automatic fix found for this entry.
\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www-searching.com/?prd=set_epc&s=H6Ezamobl20603AU,b021cbc5-50e4-44db-9b7e-36c71f85a37a, => Error: No automatic fix found for this entry.
C:\Users\Public\Desktop\Mozilla Firefox.lnk => Shortcut argument removed successfully.
"C:\Users\cwebb\AppData\Local\ntuserlitelist\dataup\dataup.exe" => not found.
"C:\Users\cwebb\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe" => not found.
"C:\Users\cwebb\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe" => not found.
C:\WINDOWS\system32\Drivers\etc\hosts => moved successfully
127.0.0.1 wemsofts.com => Error: No automatic fix found for this entry.
127.0.0.1 bongadoom.com => Error: No automatic fix found for this entry.
127.0.0.1 wepcmainsystem.com => Error: No automatic fix found for this entry.
127.0.0.1 internalcampaigntargets.com => Error: No automatic fix found for this entry.
127.0.0.1 bongadoom.com => Error: No automatic fix found for this entry.
127.0.0.1 getthefilenow.com => Error: No automatic fix found for this entry.
127.0.0.1 bigpicturepop.com => Error: No automatic fix found for this entry.
127.0.0.1 wizzcaster.com => Error: No automatic fix found for this entry.
127.0.0.1 bestoffersfortoday.com => Error: No automatic fix found for this entry.
127.0.0.1 wepcmainsystem.com => Error: No automatic fix found for this entry.
127.0.0.1 agent.wizztrakys.com => Error: No automatic fix found for this entry.
127.0.0.1 csdimonetize.com => Error: No automatic fix found for this entry.
127.0.0.1 dl.azalee.site => Error: No automatic fix found for this entry.
127.0.0.1 titiaredh.com => Error: No automatic fix found for this entry.
127.0.0.1 wepcdisplaysystem.com => Error: No automatic fix found for this entry.
127.0.0.1 wepcanalyticsystem.com => Error: No automatic fix found for this entry.
127.0.0.1 healthydownload.com => Error: No automatic fix found for this entry.
127.0.0.1 leading2download.com => Error: No automatic fix found for this entry.
127.0.0.1 dwl0.wizzlabs.com => Error: No automatic fix found for this entry.
127.0.0.1 dwl1.wizzlabs.com => Error: No automatic fix found for this entry.
127.0.0.1 installpixel.com => Error: No automatic fix found for this entry.
127.0.0.1 burningcube.ru => Error: No automatic fix found for this entry.
127.0.0.1 mess1.wizzmonetize.com => Error: No automatic fix found for this entry.
127.0.0.1 dl.azalee.site => Error: No automatic fix found for this entry.
127.0.0.1 dl.smashdl.com => Error: No automatic fix found for this entry.
127.0.0.1 downloadmyhost.com => Error: No automatic fix found for this entry.

========= CMD: =========

'CMD:' is not recognized as an internal or external command,
operable program or batch file.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 11821056 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 90730303 B
Java, Flash, Steam htmlcache => 545 B
Windows/system/drivers => 2887107 B
Edge => 277116725 B
Chrome => 17568768 B
Firefox => 424703696 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 23522 B
defaultuser0 => 0 B
cwebb => 1062343248 B

RecycleBin => 0 B
EmptyTemp: => 1.8 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 29-06-2017 01:45:55)

C:\Users\cwebb\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe => Is moved successfully
C:\Users\cwebb\AppData\Local\ykldd => Is moved successfully

Result of scheduled keys to remove after reboot:

HKLM\System\CurrentControlSet\Services\Dataup => key could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\windowsmanagementservice => key could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\drmkpro64 => key could not remove. Access Denied.

==== End of Fixlog 01:46:01 ====

 

Here is the latest FRST.txt and Addition.txt log files:

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-07-2017
Ran by cwebb (administrator) on SILVERSATELLITE (17-07-2017 20:30:02)
Running from E:\
Loaded Profiles: cwebb (Available Profiles: defaultuser0 & cwebb)
Platform: Windows 10 Pro Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(AOMEI Tech Co., Ltd.) C:\Program Files (x86)\AOMEI Backupper\ABService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Sourcefire, Inc.) C:\Program Files\Immunet\5.0.2\sfc.exe
(The OpenVPN Project) C:\Program Files\OpenVPN\bin\openvpnserv.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe
(arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Program Files\WinZip Smart Monitor\WinZip Smart Monitor Service.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\pia_manager\pia_manager.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\tprdpw64.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(hxxp://www.ruby-lang.org/) C:\Users\cwebb\AppData\Local\Temp\ocr65FD.tmp\bin\rubyw.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
() C:\Program Files\pia_manager\pia_manager.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Personal Accelerator for Revit\RevitAccelerator.exe
(Microsoft Corporation) C:\Windows\System32\CastSrv.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files\OpenVPN\bin\openvpn-gui.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe
(Plex) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe
(hxxp://www.ruby-lang.org/) C:\Users\cwebb\AppData\Local\Temp\ocr8963.tmp\bin\rubyw.exe
(Corel Corporation) C:\Program Files\WinZip Smart Monitor\WinZipSmartMonitor.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\PlacesServer.exe
(The NWJS Community) C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe
(The NWJS Community) C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe
(The NWJS Community) C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe
() C:\Program Files\pia_manager\openvpn.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13261456 2012-12-10] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2778864 2014-08-06] (Synaptics Incorporated)
HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [7679816 2016-10-09] (SoftPerfect)
HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [1878016 2017-04-19] (WinZip)
HKLM\...\Run: [WinZip PreLoader] => C:\Program Files\WinZip\WzPreloader.exe [124360 2017-04-19] (WinZip Computing, S.L.)
HKLM\...\Run: [pac] => C:\Program Files\Autodesk\Personal Accelerator for Revit\RevitAccelerator.exe [339464 2017-01-17] (Autodesk, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-05-09] (Apple Inc.)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15546512 2017-06-19] (Copyright 2017.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2404952 2017-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [704424 2017-03-10] (Autodesk, Inc.)
HKLM-x32\...\Run: [ADSK DLMSession] => C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [1627032 2015-01-28] (Autodesk, Inc.)
HKLM-x32\...\Run: [Immunet Protect] => C:\Program Files\Immunet\5.0.2\iptray.exe [3158200 2017-05-23] (Immunet)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [97512 2017-05-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [918008 2017-06-13] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [67680 2017-06-01] (Avira Operations GmbH & Co. KG) <==== ATTENTION
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1870928 2017-04-04] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [cpx] => "C:\Users\cwebb\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <==== ATTENTION
HKLM-x32\...\Run: [svcvmx] => "C:\Users\cwebb\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe" -starup
HKLM-x32\...\Run: [ABNotify] => C:\Program Files (x86)\AOMEI Backupper\ABNotify.exe [89968 2017-01-15] ()
HKU\S-1-5-21-2715202246-2456054378-4196450346-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [15947752 2017-06-28] (Plex, Inc.)
HKU\S-1-5-21-2715202246-2456054378-4196450346-1001\...\Run: [kpm.exe] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.6\kpm.exe [411912 2016-12-22] ()
HKU\S-1-5-21-2715202246-2456054378-4196450346-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [886352 2017-04-04] (Adobe Systems Incorporated)
HKU\S-1-5-21-2715202246-2456054378-4196450346-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9292504 2016-12-21] (Piriform Ltd)
HKU\S-1-5-21-2715202246-2456054378-4196450346-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-05-09] (Apple Inc.)
HKU\S-1-5-21-2715202246-2456054378-4196450346-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-05-09] (Apple Inc.)
HKU\S-1-5-21-2715202246-2456054378-4196450346-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2017-03-16] (Apple Inc.)
HKU\S-1-5-21-2715202246-2456054378-4196450346-1001\...\Run: [OPENVPN-GUI] => C:\Program Files\OpenVPN\bin\openvpn-gui.exe [636032 2017-06-20] ()
HKU\S-1-5-21-2715202246-2456054378-4196450346-1001\...\RunOnce: [Application Restart #0] => C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe [1260544 2017-01-15] (The NWJS Community)
HKU\S-1-5-18\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [15947752 2017-06-28] (Plex, Inc.)
Startup: C:\Users\cwebb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zSpeedup.lnk [2017-06-21]
ShortcutTarget: zSpeedup.lnk -> C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe (Avira Operations GmbH & Co. KG)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-19] => Proxy is enabled.
ProxyServer: [S-1-5-19] => 127.0.0.1:8003
ProxyEnable: [S-1-5-20] => Proxy is enabled.
ProxyServer: [S-1-5-20] => 127.0.0.1:8003
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{2404f406-2b30-455b-8682-5a988c65851c}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{27c18d96-e9e6-417d-99f9-395e0929bb08}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8e319e74-6c6e-4bcc-9c28-5eb8f7241548}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{bef10f8c-524b-4e48-a212-6ea69429c2a3}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-06-15] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-04-04] (Adobe Systems Incorporated)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-06-15] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-04-04] (Adobe Systems Incorporated)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-04-04] (Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-04-04] (Adobe Systems Incorporated)
BHO-x32: Kaspersky Password Manager -> {F710F7E5-A520-471D-989C-F653AC328FB2} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.6\ie_engine.dll [2016-12-22] (AO Kaspersky Lab)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-04-04] (Adobe Systems Incorporated)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-15] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-15] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-15] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-15] (Microsoft Corporation)

Edge:
======
Edge Extension: (LastPass: Free Password Manager) -> hdokiejnpimakedhajhdlcegeplioahd_LastPassLastPassFreePasswordManager_qq0fmhteeht3j => C:\Program Files\WindowsApps\LastPass.LastPassFreePasswordManager_4.1.45.0_neutral__qq0fmhteeht3j [2017-06-23]

FireFox:
========
FF DefaultProfile: 78dw97b7.default
FF ProfilePath: C:\Users\cwebb\AppData\Roaming\Mozilla\Firefox\Profiles\78dw97b7.default [2017-07-17]
FF NewTab: Mozilla\Firefox\Profiles\78dw97b7.default -> about:newtab
FF Homepage: Mozilla\Firefox\Profiles\78dw97b7.default -> about:home
FF Extension: (Avira Browser Safety) - C:\Users\cwebb\AppData\Roaming\Mozilla\Firefox\Profiles\78dw97b7.default\Extensions\abs@avira.com.xpi [2017-06-06]
FF Extension: (Easy Screenshot) - C:\Users\cwebb\AppData\Roaming\Mozilla\Firefox\Profiles\78dw97b7.default\Extensions\easyscreenshot@mozillaonline.com.xpi [2017-04-26]
FF Extension: (Firefox Search Test) - C:\Users\cwebb\AppData\Roaming\Mozilla\Firefox\Profiles\78dw97b7.default\Extensions\firefoxsearchtest@mozilla.com.xpi [2017-06-30]
FF Extension: (MakeGIF Video Capture) - C:\Users\cwebb\AppData\Roaming\Mozilla\Firefox\Profiles\78dw97b7.default\Extensions\makegifvideocapture@makegif.com.xpi [2017-03-29]
FF Extension: (OmniSidebar) - C:\Users\cwebb\AppData\Roaming\Mozilla\Firefox\Profiles\78dw97b7.default\Extensions\osb@quicksaver.xpi [2017-03-29]
FF Extension: (uBlock Origin) - C:\Users\cwebb\AppData\Roaming\Mozilla\Firefox\Profiles\78dw97b7.default\Extensions\uBlock0@raymondhill.net.xpi [2017-06-28]
FF Extension: (Lightshot (screenshot tool)) - C:\Users\cwebb\AppData\Roaming\Mozilla\Firefox\Profiles\78dw97b7.default\Extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B} [2017-03-29]
FF Extension: (YouTube High Definition) - C:\Users\cwebb\AppData\Roaming\Mozilla\Firefox\Profiles\78dw97b7.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2017-06-21]
FF Extension: (BetterPrivacy) - C:\Users\cwebb\AppData\Roaming\Mozilla\Firefox\Profiles\78dw97b7.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2017-03-29]
FF Extension: (Open With Photoshop) - C:\Users\cwebb\AppData\Roaming\Mozilla\Firefox\Profiles\78dw97b7.default\Extensions\{f3f219f9-cbce-467e-b8fe-6e076d29665c}.xpi [2017-06-16]
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2017-06-06]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF HKU\S-1-5-21-2715202246-2456054378-4196450346-1001\...\Firefox\Extensions: [mozilla_cc3@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi
FF Extension: (No Name) - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi [2017-04-25]
FF HKU\S-1-5-21-2715202246-2456054378-4196450346-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-01-26]
FF HKU\S-1-5-21-2715202246-2456054378-4196450346-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\cwebb\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\cwebb\AppData\Roaming\IDM\idmmzcc5 [2017-04-30] [not signed]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2017-01-15]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2017-01-15]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-18] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-03-27] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-18] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-26] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-03-27] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2017-01-15] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp:\/\/www.yahoo.com\/
CHR StartupUrls: Default -> "hxxp:\/\/www.nytimes.com\/?campaignId=6JH86","hxxps:\/\/mail.google.com\/mail\/ca\/u\/0\/#inbox","hxxps:\/\/us-mg205.mail.yahoo.com\/neo\/launch?.rand=ata8k1r1mcs4s"
CHR NewTab: Default ->  Not-active:"chrome-extension:\/\/ehhkfhegcenpfoanmgfpfhnmdmflkbgk\/index.html"
CHR Profile: C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default [2017-07-17]
CHR Extension: (Google Slides) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-10]
CHR Extension: (Magic Actions for YouTube™) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2017-05-12]
CHR Extension: (Google Drive) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-18]
CHR Extension: (YouTube) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-18]
CHR Extension: (Classic Games) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpckajjkmjncafjlkielcgheibdlnfgc [2017-01-24]
CHR Extension: (Avira Safe Shopping) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccbpbkebodcjkknkfkpmfeciinhidaeh [2017-06-08]
CHR Extension: (Smooth Scroll) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckpifcbkpbdakjgcigilkdhhfbmgcfdh [2017-06-19]
CHR Extension: (Calculator) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\decmldkknaaemlafplkkdmmmelbdnlja [2017-01-24]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2017-01-24]
CHR Extension: (Adobe Acrobat) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-06-06]
CHR Extension: (Home - New Tab Page) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehhkfhegcenpfoanmgfpfhnmdmflkbgk [2017-06-08]
CHR Extension: (Pandora) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2017-01-24]
CHR Extension: (Google Sheets) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-10]
CHR Extension: (Google Docs Offline) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-18]
CHR Extension: (Smooth Scroll) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghghlbdebkoefdmbfjkicnehjgkmcamf [2017-01-24]
CHR Extension: (AdBlock) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-06-19]
CHR Extension: (Save to Google Drive) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2017-01-24]
CHR Extension: (TweetDeck by Twitter) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2017-01-24]
CHR Extension: (Lexia Reading Core5) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiaoahhgjennidohjjhdcfefikghgple [2017-01-24]
CHR Extension: (McDonald's Management Game) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgcomjojoilpdofoijhcdobmkjidofhl [2017-02-24]
CHR Extension: (Chromium Wheel Smooth Scroller) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\khpcanbeojalbkpgpmjpdkjnkfcgfkhb [2017-01-24]
CHR Extension: (TweetDeck Launcher) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmjdnkpkpnjblbgbnkeedepgnomafojk [2017-01-24]
CHR Extension: (Hootsuite) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneloppijbcidgidihgdjnooihjcdbij [2017-01-24]
CHR Extension: (Take Webpage Screenshots Entirely - FireShot) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2017-05-24]
CHR Extension: (Flashcontrol) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2017-03-14]
CHR Extension: (BetterTweetDeck 3) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\micblkellenpbfapmcpcfhcoeohhnpob [2017-06-19]
CHR Extension: (Kaspersky Password Manager) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkaoblbjfmcalcjjaifickaoccjmhlal [2017-06-19]
CHR Extension: (SmoothScroll) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbokbjkabcmbfdlbddjidfmibcpneigj [2017-01-24]
CHR Extension: (IDM Integration Module) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2017-06-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (Mobialia Chess 3D) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\nngfppohnieolpklikdmhbofoabooijm [2017-01-24]
CHR Extension: (IXL) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpmknlmiefdmkfbfebehccibkjdihbj [2017-01-24]
CHR Extension: (Khan Academy) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\pahdiadnidmaaoohjmlkcjffbfcapgko [2017-01-24]
CHR Extension: (Click&Clean App) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2017-06-01]
CHR Extension: (Kids A-Z) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\pifccnhncmnilgbnnkjkgicpkeclodpd [2017-01-24]
CHR Extension: (Gmail) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-18]
CHR Extension: (Chrome Media Router) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-19]
CHR HKLM\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-04-26]
CHR HKU\S-1-5-21-2715202246-2456054378-4196450346-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mkaoblbjfmcalcjjaifickaoccjmhlal] - hxxps://chrome.google.com/webstore/detail/mkaoblbjfmcalcjjaifickaoccjmhlal
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-04-26]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

"drmkpro64" => service could not be unlocked. <==== ATTENTION

S3 ACTION_SVC; C:\Program Files (x86)\Mirillis\Action!\action_svc.exe [16064 2014-10-25] ()
R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1309176 2017-03-10] (Autodesk Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [771672 2017-03-14] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1128432 2017-06-13] (Avira Operations GmbH & Co. KG)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [490968 2017-06-13] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [490968 2017-06-13] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1524216 2017-06-13] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
S2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [374352 2017-05-22] (Avira Operations GmbH & Co. KG)
R2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [122728 2017-01-15] (AOMEI Tech Co., Ltd.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4122816 2017-06-10] (Microsoft Corporation)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-04] (Intel Corporation)
R2 ImmunetProtect_5.0.2; C:\Program Files\Immunet\5.0.2\sfc.exe [1094168 2017-05-23] (Sourcefire, Inc.)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv2.exe [15872 2016-11-25] ( ) [File not signed]
R2 OpenVPNServiceInteractive; C:\Program Files\OpenVPN\bin\openvpnserv.exe [72832 2017-06-20] (The OpenVPN Project)
S3 OpenVPNServiceLegacy; C:\Program Files\OpenVPN\bin\openvpnserv.exe [72832 2017-06-20] (The OpenVPN Project)
R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [1995240 2017-06-28] (Plex, Inc.)
R2 PSI_SVC_2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (arvato digital services llc)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-12-10] (Realtek Semiconductor)
S3 scan; C:\Program Files\Immunet\tetra\scan.dll [580272 2017-05-23] (Bitdefender)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-18] (Microsoft Corporation)
S2 SpeedupService; C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe [74800 2017-06-01] (Avira Operations GmbH & Co. KG)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
R2 WinZip Smart Monitor Service; C:\Program Files\WinZip Smart Monitor\WinZip Smart Monitor Service.exe [495616 2017-05-19] ()
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15546512 2017-06-19] (Copyright 2017.)
S2 Dataup; C:\Users\cwebb\AppData\Local\ntuserlitelist\dataup\dataup.exe [X] <==== ATTENTION
S2 windowsmanagementservice; C:\Users\cwebb\AppData\Local\ykldd\orjhpr\ct.exe [X] <==== ATTENTION

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 ambakdrv; C:\WINDOWS\System32\ambakdrv.sys [51120 2016-12-22] ()
R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [171952 2016-12-22] ()
S3 ampa; C:\Windows\system32\ampa.sys [38320 2016-12-26] ()
S3 ampa; C:\Windows\SysWOW64\ampa.sys [38320 2016-12-25] ()
R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [38320 2016-12-22] ()
R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [60920 2017-06-13] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [167504 2017-06-13] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [164824 2017-06-13] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2017-04-10] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2017-04-10] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [38048 2017-06-13] (Avira Operations GmbH & Co. KG)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2017-01-19] (Glarysoft Ltd)
R2 ImmunetNetworkMonitorDriver; C:\WINDOWS\System32\Drivers\ImmunetNetworkMonitor.sys [107704 2017-05-23] (Sourcefire, Inc.)
R1 ImmunetProtectDriver; C:\WINDOWS\System32\Drivers\immunetprotect.sys [86712 2017-05-23] (Sourcefire, Inc.)
R1 ImmunetSelfProtectDriver; C:\WINDOWS\System32\Drivers\immunetselfprotect.sys [49336 2017-05-23] (Sourcefire, Inc.)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [194776 2017-06-28] (Malwarebytes)
R3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew00.sys [3341824 2017-03-18] (Intel Corporation)
R1 networx; C:\WINDOWS\System32\drivers\networx.sys [72632 2016-10-04] (NetFilterSDK.com)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [52816 2016-08-03] (Toshiba Client Solutions Co., Ltd.)
S3 Trufos; C:\WINDOWS\System32\Drivers\trufos.sys [389240 2017-05-23] (BitDefender S.R.L.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-07-17] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-07-17] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-17 20:28 - 2017-07-17 20:28 - 00000000 ___HD C:\OneDriveTemp
2017-07-17 06:12 - 2017-07-17 06:12 - 00000002 _____ C:\Users\cwebb\Desktop\Rkill.txt
2017-07-17 05:59 - 2017-07-17 20:30 - 00102218 _____ C:\WINDOWS\ZAM.krnl.trace
2017-07-17 05:59 - 2017-07-17 20:30 - 00034102 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-07-17 05:59 - 2017-07-17 05:59 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-07-17 05:59 - 2017-07-17 05:59 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-07-17 05:59 - 2017-07-17 05:59 - 00001221 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-07-17 05:59 - 2017-07-17 05:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-07-17 05:59 - 2017-07-17 05:59 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-07-17 05:58 - 2017-07-17 05:58 - 00000000 ____D C:\Users\cwebb\AppData\Local\Zemana
2017-07-17 05:32 - 2017-07-17 05:32 - 00000937 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2017-07-17 05:32 - 2017-07-17 05:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2017-07-17 05:30 - 2017-07-17 05:32 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2017-07-17 03:33 - 2017-07-17 03:33 - 00000000 ____D C:\ProgramData\Emsisoft
2017-07-17 03:05 - 2017-07-17 03:05 - 34603008 _____ C:\Users\cwebb\Downloads\EmsisoftEmergencyKit.exe.part
2017-07-17 02:02 - 2017-07-17 02:02 - 00000000 ____D C:\Users\cwebb\OpenVPN
2017-07-17 01:50 - 2017-07-17 01:50 - 00000000 ____D C:\Users\cwebb\Documents\openvpn
2017-07-17 01:46 - 2017-07-17 01:46 - 00000953 _____ C:\Users\Public\Desktop\OpenVPN GUI.lnk
2017-07-17 01:45 - 2017-07-17 01:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2017-07-17 01:45 - 2017-07-17 01:46 - 00000000 ____D C:\Program Files\TAP-Windows
2017-07-17 01:45 - 2017-07-17 01:46 - 00000000 ____D C:\Program Files\OpenVPN
2017-07-17 01:45 - 2017-07-17 01:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2017-07-17 01:09 - 2017-07-17 01:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
2017-07-16 23:49 - 2017-07-16 23:54 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-07-16 23:43 - 2017-07-07 02:57 - 00626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-07-16 23:43 - 2017-07-07 02:39 - 01839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-07-16 23:43 - 2017-07-07 02:37 - 02259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-07-16 23:43 - 2017-07-07 02:31 - 05820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-07-16 23:43 - 2017-07-07 02:31 - 01518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-07-16 23:43 - 2017-07-07 02:30 - 02165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-07-16 23:43 - 2017-07-07 02:27 - 06759512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-07-16 23:43 - 2017-07-07 02:26 - 20373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-07-16 23:43 - 2017-07-07 02:26 - 00988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-07-16 23:43 - 2017-07-07 02:23 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-07-16 23:43 - 2017-07-07 02:14 - 02956800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-07-16 23:43 - 2017-07-07 02:14 - 00790016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-07-16 23:43 - 2017-07-07 02:13 - 13839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-07-16 23:43 - 2017-07-07 02:12 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-07-16 23:43 - 2017-07-07 02:09 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-07-16 23:43 - 2017-07-07 02:05 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-07-16 23:43 - 2017-07-07 02:04 - 05961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-07-16 23:43 - 2017-07-07 02:04 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-07-16 23:43 - 2017-07-07 02:04 - 00506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-07-16 23:43 - 2017-07-07 02:02 - 00952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-07-16 23:43 - 2017-07-07 02:01 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-07-16 23:43 - 2017-07-07 02:00 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-07-16 23:43 - 2017-07-07 02:00 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-07-16 23:43 - 2017-07-07 01:58 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-07-16 23:43 - 2017-07-07 01:58 - 02298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-07-16 23:42 - 2017-07-07 03:24 - 00117664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2017-07-16 23:42 - 2017-07-07 03:23 - 02399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-07-16 23:42 - 2017-07-07 03:20 - 02021680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2017-07-16 23:42 - 2017-07-07 03:13 - 00554392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-07-16 23:42 - 2017-07-07 03:13 - 00336320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-07-16 23:42 - 2017-07-07 03:11 - 00094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-07-16 23:42 - 2017-07-07 03:10 - 01670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-07-16 23:42 - 2017-07-07 02:57 - 00125344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2017-07-16 23:42 - 2017-07-07 02:40 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-07-16 23:42 - 2017-07-07 02:39 - 00096128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-07-16 23:42 - 2017-07-07 02:37 - 01339352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpmde.dll
2017-07-16 23:42 - 2017-07-07 02:31 - 00129184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-07-16 23:42 - 2017-07-07 02:30 - 00949920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2017-07-16 23:42 - 2017-07-07 02:30 - 00750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-07-16 23:42 - 2017-07-07 02:29 - 00349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-07-16 23:42 - 2017-07-07 02:29 - 00123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Clipc.dll
2017-07-16 23:42 - 2017-07-07 02:26 - 01529384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-07-16 23:42 - 2017-07-07 02:26 - 01195240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-07-16 23:42 - 2017-07-07 02:25 - 00035232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininitext.dll
2017-07-16 23:42 - 2017-07-07 02:24 - 01517472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-07-16 23:42 - 2017-07-07 02:22 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2017-07-16 23:42 - 2017-07-07 02:20 - 23681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-07-16 23:42 - 2017-07-07 02:20 - 08331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-07-16 23:42 - 2017-07-07 02:19 - 00165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-07-16 23:42 - 2017-07-07 02:18 - 00548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2017-07-16 23:42 - 2017-07-07 02:17 - 00588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-07-16 23:42 - 2017-07-07 02:16 - 12786176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-07-16 23:42 - 2017-07-07 02:16 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-07-16 23:42 - 2017-07-07 02:15 - 08238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-07-16 23:42 - 2017-07-07 02:14 - 08211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-07-16 23:42 - 2017-07-07 02:14 - 03784704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-07-16 23:42 - 2017-07-07 02:14 - 01448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-07-16 23:42 - 2017-07-07 02:12 - 04730880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-07-16 23:42 - 2017-07-07 02:12 - 01142272 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-07-16 23:42 - 2017-07-07 02:10 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-07-16 23:42 - 2017-07-07 02:10 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapprovp.dll
2017-07-16 23:42 - 2017-07-07 02:09 - 20504576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-07-16 23:42 - 2017-07-07 02:08 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-07-16 23:42 - 2017-07-07 02:07 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2017-07-16 23:42 - 2017-07-07 02:07 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\raschap.dll
2017-07-16 23:42 - 2017-07-07 02:06 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsExt.dll
2017-07-16 23:42 - 2017-07-07 02:05 - 19335168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-07-16 23:42 - 2017-07-07 02:05 - 11870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-07-16 23:42 - 2017-07-07 02:05 - 05719040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-07-16 23:42 - 2017-07-07 02:05 - 00502784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2017-07-16 23:42 - 2017-07-07 02:05 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2017-07-16 23:42 - 2017-07-07 02:04 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-07-16 23:42 - 2017-07-07 02:04 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-07-16 23:42 - 2017-07-07 02:03 - 06123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-07-16 23:42 - 2017-07-07 02:03 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-07-16 23:42 - 2017-07-07 02:03 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-07-16 23:42 - 2017-07-07 02:01 - 06287360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-07-16 23:42 - 2017-07-07 02:00 - 07596544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-07-16 23:42 - 2017-07-07 02:00 - 02588160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-07-16 23:42 - 2017-07-07 02:00 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-07-16 23:42 - 2017-07-07 02:00 - 01565184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-07-16 23:42 - 2017-07-07 01:59 - 04417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-07-16 23:42 - 2017-07-07 01:59 - 03656704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-07-16 23:42 - 2017-07-07 01:59 - 01494016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-07-16 23:42 - 2017-07-07 01:59 - 01355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-07-16 23:42 - 2017-07-07 01:59 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-07-16 23:42 - 2017-07-07 01:58 - 02782720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-07-16 23:42 - 2017-07-07 01:58 - 01237504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2017-07-16 23:42 - 2017-07-07 01:55 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2017-07-16 23:42 - 2017-07-07 01:55 - 00329216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2017-07-16 23:42 - 2017-07-07 01:53 - 01301504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdc.dll
2017-07-16 23:42 - 2017-07-07 01:53 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2017-07-16 23:41 - 2017-07-07 10:00 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2017-07-16 23:41 - 2017-07-07 03:27 - 01147288 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-07-16 23:41 - 2017-07-07 03:27 - 01024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-07-16 23:41 - 2017-07-07 03:27 - 00965024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-07-16 23:41 - 2017-07-07 03:27 - 00821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-07-16 23:41 - 2017-07-07 03:27 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-07-16 23:41 - 2017-07-07 03:26 - 01065104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-07-16 23:41 - 2017-07-07 03:25 - 00899824 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-07-16 23:41 - 2017-07-07 03:22 - 08318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-07-16 23:41 - 2017-07-07 03:22 - 01186464 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-07-16 23:41 - 2017-07-07 03:22 - 00119384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-07-16 23:41 - 2017-07-07 03:21 - 32688336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsRaw.dll
2017-07-16 23:41 - 2017-07-07 03:21 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-07-16 23:41 - 2017-07-07 03:20 - 00923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-07-16 23:41 - 2017-07-07 03:20 - 00519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-07-16 23:41 - 2017-07-07 03:20 - 00382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-07-16 23:41 - 2017-07-07 03:17 - 01017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-07-16 23:41 - 2017-07-07 03:15 - 02444696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-07-16 23:41 - 2017-07-07 03:14 - 07325584 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-07-16 23:41 - 2017-07-07 03:14 - 05477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-07-16 23:41 - 2017-07-07 03:14 - 01760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-07-16 23:41 - 2017-07-07 03:14 - 01171032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2017-07-16 23:41 - 2017-07-07 03:13 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-07-16 23:41 - 2017-07-07 03:13 - 00147800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Clipc.dll
2017-07-16 23:41 - 2017-07-07 03:12 - 00411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-07-16 23:41 - 2017-07-07 03:12 - 00318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-07-16 23:41 - 2017-07-07 03:12 - 00228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-07-16 23:41 - 2017-07-07 03:11 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-07-16 23:41 - 2017-07-07 03:10 - 21353208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-07-16 23:41 - 2017-07-07 03:10 - 01337848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-07-16 23:41 - 2017-07-07 03:10 - 01325968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-07-16 23:41 - 2017-07-07 03:10 - 00372128 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-07-16 23:41 - 2017-07-07 03:10 - 00254168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-07-16 23:41 - 2017-07-07 03:09 - 00041376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininitext.dll
2017-07-16 23:41 - 2017-07-07 03:08 - 02229152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-07-16 23:41 - 2017-07-07 03:08 - 01854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-07-16 23:41 - 2017-07-07 03:08 - 01693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-07-16 23:41 - 2017-07-07 03:08 - 01458584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-07-16 23:41 - 2017-07-07 03:08 - 01100704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2017-07-16 23:41 - 2017-07-07 03:08 - 00992672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2017-07-16 23:41 - 2017-07-07 03:08 - 00848280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-07-16 23:41 - 2017-07-07 03:08 - 00846752 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-07-16 23:41 - 2017-07-07 03:08 - 00844704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-07-16 23:41 - 2017-07-07 03:08 - 00774560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-07-16 23:41 - 2017-07-07 03:08 - 00699808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-07-16 23:41 - 2017-07-07 03:08 - 00672672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-07-16 23:41 - 2017-07-07 03:08 - 00506776 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2017-07-16 23:41 - 2017-07-07 03:08 - 00399264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-07-16 23:41 - 2017-07-07 03:07 - 01106848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-07-16 23:41 - 2017-07-07 03:07 - 00058488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-07-16 23:41 - 2017-07-07 02:37 - 31652264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsRaw.dll
2017-07-16 23:41 - 2017-07-07 02:27 - 03670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-07-16 23:41 - 2017-07-07 02:27 - 01640448 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-07-16 23:41 - 2017-07-07 02:27 - 01050624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-07-16 23:41 - 2017-07-07 02:27 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2017-07-16 23:41 - 2017-07-07 02:27 - 00577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll
2017-07-16 23:41 - 2017-07-07 02:27 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2017-07-16 23:41 - 2017-07-07 02:27 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-07-16 23:41 - 2017-07-07 02:27 - 00360960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2017-07-16 23:41 - 2017-07-07 02:26 - 17364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-07-16 23:41 - 2017-07-07 02:25 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-07-16 23:41 - 2017-07-07 02:24 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2017-07-16 23:41 - 2017-07-07 02:23 - 00113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-07-16 23:41 - 2017-07-07 02:23 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-07-16 23:41 - 2017-07-07 02:23 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-07-16 23:41 - 2017-07-07 02:23 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapprovp.dll
2017-07-16 23:41 - 2017-07-07 02:22 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-07-16 23:41 - 2017-07-07 02:22 - 00520704 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-07-16 23:41 - 2017-07-07 02:21 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll
2017-07-16 23:41 - 2017-07-07 02:21 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-07-16 23:41 - 2017-07-07 02:20 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\prntvpt.dll
2017-07-16 23:41 - 2017-07-07 02:19 - 07149056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-07-16 23:41 - 2017-07-07 02:19 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-07-16 23:41 - 2017-07-07 02:19 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-07-16 23:41 - 2017-07-07 02:19 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\raschap.dll
2017-07-16 23:41 - 2017-07-07 02:18 - 07336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-07-16 23:41 - 2017-07-07 02:18 - 00563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2017-07-16 23:41 - 2017-07-07 02:18 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2017-07-16 23:41 - 2017-07-07 02:18 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsExt.dll
2017-07-16 23:41 - 2017-07-07 02:17 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-07-16 23:41 - 2017-07-07 02:17 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-07-16 23:41 - 2017-07-07 02:17 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-07-16 23:41 - 2017-07-07 02:17 - 00536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-07-16 23:41 - 2017-07-07 02:17 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-07-16 23:41 - 2017-07-07 02:17 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-07-16 23:41 - 2017-07-07 02:16 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-07-16 23:41 - 2017-07-07 02:15 - 00922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-07-16 23:41 - 2017-07-07 02:14 - 01802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-07-16 23:41 - 2017-07-07 02:14 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2017-07-16 23:41 - 2017-07-07 02:14 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-07-16 23:41 - 2017-07-07 02:13 - 05892096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-07-16 23:41 - 2017-07-07 02:13 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-07-16 23:41 - 2017-07-07 02:12 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-07-16 23:41 - 2017-07-07 02:12 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-07-16 23:41 - 2017-07-07 02:12 - 02055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-07-16 23:41 - 2017-07-07 02:12 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-07-16 23:41 - 2017-07-07 02:12 - 01420800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2017-07-16 23:41 - 2017-07-07 02:12 - 01305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-07-16 23:41 - 2017-07-07 02:12 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-07-16 23:41 - 2017-07-07 02:12 - 00706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-07-16 23:41 - 2017-07-07 02:11 - 03139584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-07-16 23:41 - 2017-07-07 02:11 - 02829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-07-16 23:41 - 2017-07-07 02:11 - 02649600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-07-16 23:41 - 2017-07-07 02:11 - 02177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-07-16 23:41 - 2017-07-07 02:11 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-07-16 23:41 - 2017-07-07 02:11 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-07-16 23:41 - 2017-07-07 02:11 - 00986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-07-16 23:41 - 2017-07-07 02:11 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-07-16 23:41 - 2017-07-07 02:10 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-07-16 23:41 - 2017-07-07 02:10 - 04707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-07-16 23:41 - 2017-07-07 02:10 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-07-16 23:41 - 2017-07-07 02:07 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-07-16 23:41 - 2017-07-07 02:07 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2017-07-16 23:41 - 2017-07-07 02:06 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2017-07-16 23:41 - 2017-07-07 02:06 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sensrsvc.dll
2017-07-16 23:41 - 2017-07-07 02:05 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2017-07-16 23:41 - 2017-07-07 02:04 - 01703424 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-07-16 23:41 - 2017-07-07 02:04 - 01403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdc.dll
2017-07-16 23:41 - 2017-07-07 02:04 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2017-07-16 23:41 - 2017-07-07 02:02 - 00508416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2017-07-16 23:41 - 2017-07-01 18:52 - 00031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-07-01 05:56 - 2017-07-01 05:56 - 00000000 ____D C:\Users\cwebb\Desktop\Immunet_Support_Tool_2017_06_29_02_11_38
2017-06-30 09:17 - 2017-07-16 00:37 - 00003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2715202246-2456054378-4196450346-1001
2017-06-30 07:13 - 2017-06-30 07:13 - 00000000 ____D C:\ProgramData\cwebb
2017-06-30 06:58 - 2017-06-30 06:58 - 00001128 _____ C:\Users\Public\Desktop\FileASSASSIN.lnk
2017-06-30 06:58 - 2017-06-30 06:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN
2017-06-30 06:58 - 2017-06-30 06:58 - 00000000 ____D C:\Program Files (x86)\FileASSASSIN
2017-06-30 06:24 - 2017-06-30 06:26 - 06590401 _____ C:\Users\cwebb\Downloads\conIbb_I
2017-06-29 02:30 - 2017-07-16 23:49 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-29 02:11 - 2017-06-29 02:12 - 36905144 _____ C:\Users\cwebb\Desktop\Immunet_Support_Tool_2017_06_29_02_11_38.7z
2017-06-29 01:51 - 2017-07-17 20:27 - 00000000 ____D C:\Users\cwebb\AppData\Local\ntuserlitelist
2017-06-29 01:45 - 2017-07-17 20:28 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-29 01:45 - 2017-07-17 05:38 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-06-28 19:39 - 2017-06-28 21:46 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-06-28 19:38 - 2017-06-28 21:19 - 00000000 ____D C:\Users\cwebb\Desktop\mbar
2017-06-28 17:44 - 2017-06-28 17:44 - 00010442 _____ C:\Users\cwebb\Downloads\Fixlist.txt
2017-06-28 17:07 - 2017-07-17 20:30 - 00000000 ____D C:\FRST
2017-06-28 16:46 - 2017-06-28 18:24 - 00000000 ____D C:\ESD
2017-06-28 16:44 - 2017-06-28 16:44 - 00000000 ___HD C:\$Windows.~WS
2017-06-28 16:44 - 2017-06-28 16:44 - 00000000 ____D C:\$WINDOWS.~BT
2017-06-28 08:38 - 2017-07-17 20:27 - 120324096 _____ C:\WINDOWS\system32\config\SOFTWARE
2017-06-28 08:34 - 2017-06-28 08:38 - 00000000 ____D C:\WINDOWS\Microsoft Antimalware
2017-06-28 05:13 - 2017-06-28 05:13 - 00000000 ___HD C:\$SysReset
2017-06-28 02:24 - 2017-06-20 01:08 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-06-28 02:24 - 2017-06-20 01:05 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-06-28 02:24 - 2017-06-20 01:05 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-06-28 02:24 - 2017-06-20 01:04 - 01818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-06-28 02:24 - 2017-06-20 01:02 - 01121928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-06-28 02:24 - 2017-06-20 01:01 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-06-28 02:24 - 2017-06-20 01:01 - 03332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-06-28 02:24 - 2017-06-20 00:43 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-06-28 02:24 - 2017-06-20 00:43 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-06-28 02:24 - 2017-06-20 00:42 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-06-28 02:24 - 2017-06-20 00:40 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-06-28 02:24 - 2017-06-20 00:38 - 01451008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-06-28 02:24 - 2017-06-20 00:38 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-06-28 02:24 - 2017-06-20 00:37 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-06-28 02:24 - 2017-06-20 00:35 - 02679296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-06-28 02:23 - 2017-06-20 02:02 - 02645688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-06-28 02:23 - 2017-06-20 02:00 - 00142752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-06-28 02:23 - 2017-06-20 01:59 - 06554928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-06-28 02:23 - 2017-06-20 01:59 - 01220072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-06-28 02:23 - 2017-06-20 01:57 - 02681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-06-28 02:23 - 2017-06-20 01:11 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-06-28 02:23 - 2017-06-20 01:10 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-06-28 02:23 - 2017-06-20 01:09 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-06-28 02:23 - 2017-06-20 01:08 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-06-28 02:23 - 2017-06-20 01:07 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2017-06-28 02:23 - 2017-06-20 01:07 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-06-28 02:23 - 2017-06-20 01:06 - 00847872 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-06-28 02:23 - 2017-06-20 01:06 - 00754592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-06-28 02:23 - 2017-06-20 01:06 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-06-28 02:23 - 2017-06-20 01:06 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-06-28 02:23 - 2017-06-20 01:06 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-06-28 02:23 - 2017-06-20 01:05 - 04447744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-06-28 02:23 - 2017-06-20 01:05 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-06-28 02:23 - 2017-06-20 01:04 - 00181656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-06-28 02:23 - 2017-06-20 01:03 - 05806048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-06-28 02:23 - 2017-06-20 01:03 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-06-28 02:23 - 2017-06-20 01:01 - 04536320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-06-28 02:23 - 2017-06-20 00:59 - 02938880 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-06-28 02:23 - 2017-06-20 00:43 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-06-28 02:23 - 2017-06-20 00:42 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-06-28 02:23 - 2017-06-20 00:40 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-06-28 02:23 - 2017-06-20 00:38 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-06-28 02:23 - 2017-06-20 00:38 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-06-28 02:23 - 2017-06-20 00:36 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-06-28 02:23 - 2017-06-20 00:34 - 04056576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-06-28 02:23 - 2017-06-20 00:34 - 02211328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-06-28 02:23 - 2017-06-20 00:30 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-06-28 02:22 - 2017-06-20 02:04 - 04847424 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-06-28 02:22 - 2017-06-20 02:02 - 01055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-06-28 02:22 - 2017-06-20 02:00 - 00255904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-06-28 02:22 - 2017-06-20 01:14 - 01150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-06-28 02:22 - 2017-06-20 01:10 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-06-28 02:22 - 2017-06-20 01:08 - 04469840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-06-28 02:22 - 2017-06-20 01:08 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-06-28 02:22 - 2017-06-20 01:05 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-06-28 02:22 - 2017-06-20 01:05 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-06-28 02:22 - 2017-06-20 01:05 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-06-28 02:22 - 2017-06-20 01:05 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-06-28 02:22 - 2017-06-20 01:04 - 02330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-06-28 02:22 - 2017-06-20 01:02 - 02804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-06-28 02:22 - 2017-06-20 01:02 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-06-28 02:22 - 2017-06-20 01:01 - 03803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-06-28 02:22 - 2017-06-20 01:01 - 01076736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-06-28 02:22 - 2017-06-20 00:59 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-06-28 02:22 - 2017-06-20 00:59 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-06-28 02:22 - 2017-06-20 00:56 - 00985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-06-28 02:21 - 2017-06-20 02:18 - 01564576 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-06-28 02:21 - 2017-06-20 02:18 - 00096672 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-06-28 02:21 - 2017-06-20 02:17 - 00629152 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-06-28 02:21 - 2017-06-20 02:17 - 00544160 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-06-28 02:21 - 2017-06-20 02:17 - 00334240 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-06-28 02:21 - 2017-06-20 02:17 - 00136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-06-28 02:21 - 2017-06-20 02:17 - 00034720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-06-28 02:21 - 2017-06-20 02:16 - 01214880 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-06-28 02:21 - 2017-06-20 02:16 - 00335776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-06-28 02:21 - 2017-06-20 02:15 - 00233376 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-06-28 02:21 - 2017-06-20 02:11 - 01395152 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-06-28 02:21 - 2017-06-20 02:11 - 00411992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2017-06-28 02:21 - 2017-06-20 02:10 - 02327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-06-28 02:21 - 2017-06-20 02:10 - 01930320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-06-28 02:21 - 2017-06-20 02:08 - 01242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-06-28 02:21 - 2017-06-20 02:06 - 00279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-06-28 02:21 - 2017-06-20 02:04 - 00472728 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-06-28 02:21 - 2017-06-20 02:03 - 00820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-06-28 02:21 - 2017-06-20 02:03 - 00179608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll
2017-06-28 02:21 - 2017-06-20 02:03 - 00102312 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialUIBroker.exe
2017-06-28 02:21 - 2017-06-20 02:02 - 00426912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-06-28 02:21 - 2017-06-20 02:00 - 00558920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-06-28 02:21 - 2017-06-20 01:59 - 01054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-06-28 02:21 - 2017-06-20 01:59 - 00583304 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2017-06-28 02:21 - 2017-06-20 01:59 - 00467504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2017-06-28 02:21 - 2017-06-20 01:58 - 00833160 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2017-06-28 02:21 - 2017-06-20 01:58 - 00406072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-06-28 02:21 - 2017-06-20 01:58 - 00203168 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2017-06-28 02:21 - 2017-06-20 01:57 - 00204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-06-28 02:21 - 2017-06-20 01:34 - 00192416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-06-28 02:21 - 2017-06-20 01:15 - 01620368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-06-28 02:21 - 2017-06-20 01:15 - 00455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2017-06-28 02:21 - 2017-06-20 01:13 - 00787712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-06-28 02:21 - 2017-06-20 01:12 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-06-28 02:21 - 2017-06-20 01:12 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2017-06-28 02:21 - 2017-06-20 01:12 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-06-28 02:21 - 2017-06-20 01:11 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-06-28 02:21 - 2017-06-20 01:10 - 00778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2017-06-28 02:21 - 2017-06-20 01:10 - 00722432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-06-28 02:21 - 2017-06-20 01:10 - 00189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-06-28 02:21 - 2017-06-20 01:09 - 00555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgrSvc.dll
2017-06-28 02:21 - 2017-06-20 01:09 - 00551424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2017-06-28 02:21 - 2017-06-20 01:09 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2017-06-28 02:21 - 2017-06-20 01:09 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-06-28 02:21 - 2017-06-20 01:09 - 00406032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-06-28 02:21 - 2017-06-20 01:09 - 00208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-06-28 02:21 - 2017-06-20 01:09 - 00205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipboardServer.dll
2017-06-28 02:21 - 2017-06-20 01:09 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dataclen.dll
2017-06-28 02:21 - 2017-06-20 01:08 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2017-06-28 02:21 - 2017-06-20 01:08 - 00251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-06-28 02:21 - 2017-06-20 01:07 - 00823296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2017-06-28 02:21 - 2017-06-20 01:07 - 00757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-06-28 02:21 - 2017-06-20 01:07 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2017-06-28 02:21 - 2017-06-20 01:07 - 00626176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2017-06-28 02:21 - 2017-06-20 01:07 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2017-06-28 02:21 - 2017-06-20 01:07 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-06-28 02:21 - 2017-06-20 01:07 - 00138656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2017-06-28 02:21 - 2017-06-20 01:06 - 00942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-06-28 02:21 - 2017-06-20 01:05 - 00873472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-06-28 02:21 - 2017-06-20 01:05 - 00438096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-06-28 02:21 - 2017-06-20 01:05 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-06-28 02:21 - 2017-06-20 01:04 - 01425920 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-06-28 02:21 - 2017-06-20 01:04 - 01178528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-06-28 02:21 - 2017-06-20 01:04 - 01177600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2017-06-28 02:21 - 2017-06-20 01:04 - 01077496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2017-06-28 02:21 - 2017-06-20 01:04 - 00899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2017-06-28 02:21 - 2017-06-20 01:04 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-06-28 02:21 - 2017-06-20 01:04 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-06-28 02:21 - 2017-06-20 01:04 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2017-06-28 02:21 - 2017-06-20 01:03 - 01396224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-06-28 02:21 - 2017-06-20 01:03 - 00864240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-06-28 02:21 - 2017-06-20 01:03 - 00443728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2017-06-28 02:21 - 2017-06-20 01:02 - 03377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-28 02:21 - 2017-06-20 01:02 - 03204096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-06-28 02:21 - 2017-06-20 01:02 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-06-28 02:21 - 2017-06-20 01:02 - 00354400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-06-28 02:21 - 2017-06-20 01:01 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-06-28 02:21 - 2017-06-20 01:01 - 00176032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-06-28 02:21 - 2017-06-20 01:00 - 03057664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-06-28 02:21 - 2017-06-20 01:00 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-28 02:21 - 2017-06-20 01:00 - 02171392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2017-06-28 02:21 - 2017-06-20 00:58 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-06-28 02:21 - 2017-06-20 00:57 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2017-06-28 02:21 - 2017-06-20 00:56 - 00600064 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-06-28 02:21 - 2017-06-20 00:56 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdmaud.drv
2017-06-28 02:21 - 2017-06-20 00:54 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
2017-06-28 02:21 - 2017-06-20 00:43 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2017-06-28 02:21 - 2017-06-20 00:43 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dataclen.dll
2017-06-28 02:21 - 2017-06-20 00:42 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2017-06-28 02:21 - 2017-06-20 00:42 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-06-28 02:21 - 2017-06-20 00:41 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2017-06-28 02:21 - 2017-06-20 00:41 - 00601088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2017-06-28 02:21 - 2017-06-20 00:41 - 00433152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2017-06-28 02:21 - 2017-06-20 00:39 - 02671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-28 02:21 - 2017-06-20 00:39 - 00969728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2017-06-28 02:21 - 2017-06-20 00:35 - 02132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-28 02:21 - 2017-06-20 00:35 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-06-28 02:21 - 2017-06-20 00:34 - 02750464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-06-28 02:21 - 2017-06-20 00:34 - 01492480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2017-06-28 02:20 - 2017-06-20 02:05 - 01057832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-06-28 02:20 - 2017-06-20 01:16 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll
2017-06-28 02:20 - 2017-06-20 01:16 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2017-06-28 02:20 - 2017-06-20 01:14 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2017-06-28 02:20 - 2017-06-20 01:13 - 00216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-06-28 02:20 - 2017-06-20 01:13 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2017-06-28 02:20 - 2017-06-20 01:13 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgr.dll
2017-06-28 02:20 - 2017-06-20 01:13 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModelOOBE.exe
2017-06-28 02:20 - 2017-06-20 01:12 - 00264192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbvideo.sys
2017-06-28 02:20 - 2017-06-20 01:12 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Profile.RetailInfo.dll
2017-06-28 02:20 - 2017-06-20 01:12 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2017-06-28 02:20 - 2017-06-20 01:10 - 00188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2017-06-28 02:20 - 2017-06-20 01:09 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Narrator.exe
2017-06-28 02:20 - 2017-06-20 01:09 - 00250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2017-06-28 02:20 - 2017-06-20 01:09 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-06-28 02:20 - 2017-06-20 01:09 - 00135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2017-06-28 02:20 - 2017-06-20 01:08 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\system32\certca.dll
2017-06-28 02:20 - 2017-06-20 01:08 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2017-06-28 02:20 - 2017-06-20 01:08 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-06-28 02:20 - 2017-06-20 01:07 - 02475136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-06-28 02:20 - 2017-06-20 01:07 - 00916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2017-06-28 02:20 - 2017-06-20 01:07 - 00346016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-06-28 02:20 - 2017-06-20 01:06 - 00455680 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-06-28 02:20 - 2017-06-20 01:06 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2017-06-28 02:20 - 2017-06-20 01:06 - 00278944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2017-06-28 02:20 - 2017-06-20 01:06 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2017-06-28 02:20 - 2017-06-20 01:06 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-06-28 02:20 - 2017-06-20 01:05 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2017-06-28 02:20 - 2017-06-20 01:05 - 00696320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2017-06-28 02:20 - 2017-06-20 01:04 - 00049656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msasn1.dll
2017-06-28 02:20 - 2017-06-20 01:02 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinAUG.dll
2017-06-28 02:20 - 2017-06-20 01:01 - 00809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-06-28 02:20 - 2017-06-20 01:01 - 00397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-06-28 02:20 - 2017-06-20 00:57 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMPushRouterCore.dll
2017-06-28 02:20 - 2017-06-20 00:49 - 00899072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfuimanager.dll
2017-06-28 02:20 - 2017-06-20 00:49 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2017-06-28 02:20 - 2017-06-20 00:46 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-06-28 02:20 - 2017-06-20 00:45 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Profile.RetailInfo.dll
2017-06-28 02:20 - 2017-06-20 00:45 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-06-28 02:20 - 2017-06-20 00:43 - 00173568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ClipboardServer.dll
2017-06-28 02:20 - 2017-06-20 00:43 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2017-06-28 02:20 - 2017-06-20 00:42 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certca.dll
2017-06-28 02:20 - 2017-06-20 00:42 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2017-06-28 02:20 - 2017-06-20 00:41 - 00734208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-06-28 02:20 - 2017-06-20 00:41 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2017-06-28 02:20 - 2017-06-20 00:40 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-06-28 02:20 - 2017-06-20 00:40 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-06-28 02:20 - 2017-06-20 00:40 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
2017-06-28 02:20 - 2017-06-20 00:40 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-06-28 02:20 - 2017-06-20 00:39 - 02814464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2017-06-28 02:20 - 2017-06-20 00:39 - 00646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2017-06-28 02:20 - 2017-06-20 00:39 - 00471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
2017-06-28 02:20 - 2017-06-20 00:39 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-06-28 02:20 - 2017-06-20 00:38 - 01171968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-06-28 02:20 - 2017-06-20 00:38 - 00648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2017-06-28 02:20 - 2017-06-20 00:34 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-06-28 02:20 - 2017-06-20 00:31 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-06-28 02:20 - 2017-06-20 00:30 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdmaud.drv
2017-06-28 02:20 - 2017-06-20 00:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2017-06-28 02:20 - 2017-06-20 00:28 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2017-06-27 21:44 - 2017-06-27 21:44 - 00000000 ____D C:\Users\cwebb\Downloads\eXplorer
2017-06-27 21:37 - 2017-06-27 21:37 - 05766464 _____ (Zemana Ltd. ) C:\Users\cwebb\Downloads\eXplorer(1).exe
2017-06-27 21:25 - 2017-06-27 21:25 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\cwebb\Downloads\pXplorer.exe
2017-06-27 21:17 - 2017-06-27 23:25 - 00000000 ____D C:\Users\cwebb\Desktop\Maleware Fixes
2017-06-23 04:01 - 2017-06-23 04:01 - 00001264 _____ C:\Users\Public\Desktop\FolderSizes 8.lnk
2017-06-23 04:01 - 2017-06-23 04:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FolderSizes 8
2017-06-23 04:01 - 2017-06-23 04:01 - 00000000 ____D C:\ProgramData\Key Metric Software
2017-06-23 04:01 - 2017-06-23 04:01 - 00000000 ____D C:\ProgramData\2003-05.com.keymetricsoft
2017-06-23 04:01 - 2017-06-23 04:01 - 00000000 ____D C:\Program Files\Key Metric Software
2017-06-23 04:00 - 2017-06-23 04:01 - 00000000 ____D C:\Users\cwebb\AppData\Roaming\Key Metric Software
2017-06-23 03:38 - 2017-06-23 03:43 - 49722472 _____ (Google Inc.) C:\Users\cwebb\Downloads\ChromeStandaloneSetup64.exe
2017-06-23 03:30 - 2017-06-23 03:30 - 00000000 ____D C:\Users\cwebb\Downloads\ChromeSetup
2017-06-23 02:51 - 2017-06-23 02:51 - 00705073 _____ C:\Users\cwebb\Documents\2sidedfloodwallFlyer.pdf
2017-06-22 13:14 - 2017-06-22 13:14 - 00000000 ____D C:\Users\cwebb\AppData\Local\Tempzxpsign9a665dab77b9cc3c
2017-06-22 01:56 - 2017-06-22 01:56 - 00000000 ____D C:\Users\cwebb\AppData\Local\Tempzxpsign8385485cb49aa147
2017-06-22 01:56 - 2017-06-22 01:56 - 00000000 ____D C:\Users\cwebb\AppData\Local\Tempzxpsign54b5b7c8188e046f
2017-06-22 01:29 - 2017-06-22 01:30 - 00000000 ___RD C:\Users\cwebb\Documents\Scanned Documents
2017-06-22 01:29 - 2017-06-22 01:29 - 00000000 ____D C:\Users\cwebb\Documents\Fax
2017-06-21 16:49 - 2017-06-25 21:01 - 00000000 ___RD C:\Users\cwebb\Desktop\OrganiZen
2017-06-21 16:40 - 2017-06-21 16:41 - 01130328 _____ (Google Inc.) C:\Users\cwebb\Downloads\ChromeSetup.exe
2017-06-21 16:38 - 2017-07-17 20:28 - 00000000 ___RD C:\Users\cwebb\iCloudDrive
2017-06-21 16:38 - 2017-06-21 16:38 - 00000000 ____D C:\Users\cwebb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iCloud
2017-06-21 16:38 - 2017-06-21 16:38 - 00000000 ____D C:\Users\cwebb\AppData\Local\Apple Inc
2017-06-21 16:36 - 2017-07-16 00:41 - 00000000 ____D C:\Users\cwebb\AppData\Local\ABD25F88-F7DD-4788-BFD9-234C2001FDEA.aplzod
2017-06-21 16:36 - 2017-06-21 16:36 - 00000000 ____D C:\Users\cwebb\Documents\Outlook Files
2017-06-21 14:53 - 2017-06-21 14:53 - 00001822 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-06-21 14:53 - 2017-06-21 14:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-06-21 14:51 - 2017-06-21 14:51 - 00000000 ____D C:\Program Files\iPod
2017-06-21 14:36 - 2017-06-21 14:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2017-06-19 03:20 - 2017-06-19 20:39 - 00000000 ____D C:\Users\cwebb\Downloads\HitmanPro.Alert 3.6.6 build 593 Final - [CrackzSoft]
2017-06-19 03:13 - 2017-06-19 07:18 - 23544451 _____ C:\Users\cwebb\Downloads\FolderSizes 8.4.155 Enterprise Edition + keygen - Crackingpatching.com.zip
2017-06-18 14:09 - 2017-07-02 17:32 - 00000000 ____D C:\Users\cwebb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-06-18 04:44 - 2017-06-18 04:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodi
2017-06-18 04:32 - 2017-06-18 04:41 - 83886559 _____ (XBMC-Foundation) C:\Users\cwebb\Downloads\KodiSetup-20170606-21c2dba5a9-Krypton-x86.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-17 20:28 - 2017-05-23 04:05 - 00000000 ____D C:\Program Files\Immunet
2017-07-17 20:28 - 2017-03-31 18:25 - 00000000 ____D C:\Users\cwebb
2017-07-17 20:28 - 2017-01-09 23:39 - 00000082 _____ C:\WINDOWS\SysWOW64\winsevr.dat
2017-07-17 20:28 - 2017-01-09 23:38 - 00000000 ____D C:\Program Files (x86)\AOMEI Backupper
2017-07-17 20:28 - 2017-01-09 20:50 - 00000000 __SHD C:\Users\cwebb\IntelGraphicsProfiles
2017-07-17 20:28 - 2017-01-09 19:58 - 00000000 ___RD C:\Users\cwebb\OneDrive
2017-07-17 20:27 - 2017-03-18 07:40 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-07-17 20:26 - 2017-03-31 18:19 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-07-17 19:51 - 2017-03-31 18:41 - 00004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{19DF12D0-C29F-4DFE-9587-C1F265438938}
2017-07-17 07:19 - 2017-03-18 17:01 - 00000000 ____D C:\WINDOWS\INF
2017-07-17 06:31 - 2017-03-31 18:36 - 02924088 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-07-17 05:38 - 2017-01-09 19:56 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-07-17 05:37 - 2017-03-31 18:19 - 05438992 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-07-17 05:35 - 2017-03-18 17:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-07-17 05:35 - 2017-03-18 17:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-07-17 05:35 - 2017-03-18 17:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-07-17 05:35 - 2017-03-18 17:03 - 00000000 ___RD C:\Program Files\Windows Defender
2017-07-17 05:35 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-07-17 05:35 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\migwiz
2017-07-17 05:35 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-07-17 05:35 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-07-17 05:35 - 2017-03-18 17:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-07-17 05:35 - 2017-03-18 17:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-07-17 05:35 - 2017-03-18 17:03 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-07-17 05:33 - 2017-01-10 05:15 - 00000000 ___HD C:\Users\cwebb\AppData\LocalLow\Mozilla
2017-07-17 05:00 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-07-17 03:12 - 2017-02-28 20:38 - 00000000 ____D C:\Users\cwebb\AppData\Local\ElevatedDiagnostics
2017-07-17 01:21 - 2017-03-18 17:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-17 01:09 - 2017-01-13 07:25 - 00000000 ____D C:\ProgramData\Package Cache
2017-07-16 23:49 - 2017-01-09 22:17 - 135225752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-07-16 00:41 - 2017-06-06 06:20 - 00002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2017-07-16 00:37 - 2017-01-09 19:58 - 00002412 _____ C:\Users\cwebb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-07-05 21:12 - 2017-05-15 17:46 - 00000000 ____D C:\Users\cwebb\AppData\Local\Roblox
2017-07-02 17:29 - 2017-02-26 05:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-07-02 13:38 - 2017-01-10 08:33 - 00000000 ___HD C:\Users\cwebb\AppData\Roaming\Apple Computer
2017-07-01 05:53 - 2017-01-10 05:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-07-01 01:24 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\rescache
2017-06-30 10:47 - 2017-03-18 17:06 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-06-30 10:47 - 2017-03-18 17:06 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-30 07:13 - 2017-06-12 14:36 - 00000000 ____D C:\Users\cwebb\AppData\Local\SquirrelTemp
2017-06-29 11:46 - 2017-02-26 05:15 - 00001232 ____H C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-06-29 11:46 - 2017-02-26 05:15 - 00001220 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-06-29 01:54 - 2017-06-15 13:16 - 00001175 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2017-06-29 01:53 - 2017-05-23 05:02 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-06-29 01:44 - 2017-04-02 10:39 - 00000000 ____D C:\Users\cwebb\AppData\LocalLow\Temp
2017-06-29 01:43 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-06-29 01:43 - 2016-07-16 07:47 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-06-28 19:39 - 2017-06-15 13:22 - 00194776 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-06-28 19:39 - 2017-06-15 13:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-06-28 18:24 - 2017-06-11 23:06 - 00000000 ____D C:\WINDOWS\Panther
2017-06-28 03:51 - 2017-01-17 05:11 - 00001024 ____H C:\SYSTAG.BIN
2017-06-26 18:59 - 2017-01-09 19:56 - 00000000 ___HD C:\Users\cwebb\AppData\Local\Packages
2017-06-26 03:46 - 2017-01-18 06:16 - 00000000 ___HD C:\Users\cwebb\AppData\Roaming\qBittorrent
2017-06-25 20:50 - 2017-03-09 03:00 - 00000000 ____D C:\Users\cwebb\AppData\Roaming\vlc
2017-06-25 20:21 - 2017-04-11 22:53 - 00000000 ____D C:\Users\cwebb\Desktop\Dez schoolwork
2017-06-25 20:16 - 2017-05-23 05:09 - 00000000 ____D C:\ProgramData\Avira
2017-06-25 20:16 - 2017-05-23 05:09 - 00000000 ____D C:\Program Files (x86)\Avira
2017-06-25 20:15 - 2017-05-23 05:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-06-25 18:10 - 2017-03-31 18:41 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-06-25 18:10 - 2017-03-31 18:41 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-06-23 07:06 - 2017-04-30 07:03 - 00000000 ____D C:\ProgramData\Corel
2017-06-21 22:56 - 2017-04-02 10:43 - 00015766 _____ C:\WINDOWS\BRRBCOM.INI
2017-06-21 15:38 - 2017-01-15 03:48 - 00000000 ____D C:\Program Files (x86)\Google
2017-06-21 14:52 - 2017-01-15 04:07 - 00000000 ____D C:\Program Files\iTunes
2017-06-21 14:25 - 2017-06-09 16:33 - 00000000 ____D C:\Users\Public\Speedup Sessions
2017-06-20 16:38 - 2017-06-12 14:36 - 00000000 ____D C:\Users\cwebb\AppData\Roaming\discord
2017-06-20 16:35 - 2017-02-07 10:35 - 00000000 ___HD C:\Users\cwebb\AppData\Roaming\Kodi
2017-06-20 16:13 - 2017-01-20 02:23 - 00000000 ____D C:\Program Files\CCleaner
2017-06-20 16:12 - 2017-01-09 19:56 - 00000000 ___HD C:\Users\cwebb\AppData\Local\ConnectedDevicesPlatform
2017-06-18 16:02 - 2017-05-21 15:03 - 00000000 ____D C:\Users\cwebb\AppData\Local\Screencast-O-Matic-v2
2017-06-18 04:44 - 2017-02-07 10:10 - 00000000 ____D C:\Program Files (x86)\Kodi

==================== Files in the root of some directories =======

2017-01-29 11:34 - 2017-01-29 11:38 - 0000033 ____H () C:\Users\cwebb\AppData\Roaming\AdobeWLCMCache.dat
2017-05-17 11:32 - 2017-05-17 11:32 - 0125952 _____ () C:\Users\cwebb\AppData\Local\report

Files to move or delete:
====================
C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-16 23:18

==================== End of FRST.txt ============================

 

 

Thanks for taking time to help me and others deal with these issues. I very much appreciate it and will look forward to your response.

Attached Files



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:29 PM

Posted 17 July 2017 - 08:30 PM

Hi wyton :)
 
My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules;
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;
This being said, it's time to clean-up some malware, so let's get started, shall we? :)
 
Follow the instructions in the thread below. Make sure to download the MBAR linked in it. Let me know if you're not able to launch it and run a scan.
 
https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/
 
If you manage to run a scan, delete everything it finds, and then copy/paste the content of the "mbar-log-TODAY'S-DATE.txt" log that is located in the MBAR folder here after.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 wyton

wyton
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 17 July 2017 - 11:16 PM

Here is malwarebytes rootkit log:

I'm running a full scan from the regular malwarebytes program. I'll send you the log once it is complete. Thanks.

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2017.07.18.01
  rootkit: v2017.05.27.01

Windows 10 x64 NTFS
Internet Explorer 11.483.15063.0
cwebb :: SILVERSATELLITE [administrator]

7/17/2017 9:41:10 PM
mbar-log-2017-07-17 (21-41-10).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 363841
Time elapsed: 24 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 5
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\drmkpro64 (Rootkit.Agent.PUA) -> Delete on reboot. [447571f633769d998815163b9b66ee12]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DATAUP (Trojan.Clicker) -> Delete on reboot. [17a2184f981192a4792e4fd059a832ce]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Dataup (Trojan.Clicker) -> Delete on reboot. [5f5ac0a79c0d51e517cdad7119e8e818]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDOWSMANAGEMENTSERVICE (Trojan.Clicker) -> Delete on reboot. [f8c1c99e1297d165decc29a2b948c040]
HKU\S-1-5-21-2715202246-2456054378-4196450346-1001\SOFTWARE\MICROSOFT\BIGTIME (Adware.Tuto4PC) -> Delete on reboot. [12a770f76445ad89dbbc817a49b8fd03]

Registry Values Detected: 5
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|cpx (Trojan.Clicker) -> Data: "C:\Users\cwebb\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup -> Delete on reboot. [15a4e087c1e83ff7d6ed5577ec1536ca]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|svcvmx (Trojan.Clicker) -> Data: "C:\Users\cwebb\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe" -starup -> Delete on reboot. [2792d7902c7dce681490faa81fe103fd]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DATAUP|ImagePath (Trojan.Clicker) -> Data: C:\Users\cwebb\AppData\Local\ntuserlitelist\dataup\dataup.exe -> Delete on reboot. [17a2184f981192a4792e4fd059a832ce]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDOWSMANAGEMENTSERVICE|ImagePath (Trojan.Clicker) -> Data: C:\Users\cwebb\AppData\Local\ykldd\orjhpr\ct.exe -> Delete on reboot. [f8c1c99e1297d165decc29a2b948c040]
HKU\S-1-5-21-2715202246-2456054378-4196450346-1001\SOFTWARE\MICROSOFT\BIGTIME|partner (Adware.Tuto4PC) -> Data: installcube -> Delete on reboot. [12a770f76445ad89dbbc817a49b8fd03]

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 6
C:\Users\cwebb\AppData\Local\ntuserlitelist (Trojan.Clicker) -> Delete on reboot. [2792acbbdacf7eb8a089f4c7de23ef11]
C:\Users\cwebb\AppData\Local\ntuserlitelist\dataup (Trojan.Clicker) -> Delete on reboot. [2792acbbdacf7eb8a089f4c7de23ef11]
C:\Users\cwebb\AppData\Local\ntuserlitelist\regtool (Trojan.Clicker) -> Delete on reboot. [2792acbbdacf7eb8a089f4c7de23ef11]
C:\Users\cwebb\AppData\Local\ntuserlitelist\svcvmx (Trojan.Clicker) -> Delete on reboot. [2792acbbdacf7eb8a089f4c7de23ef11]
C:\Users\cwebb\AppData\Local\ntuserlitelist\svcvmx\locales (Trojan.Clicker) -> Delete on reboot. [2792acbbdacf7eb8a089f4c7de23ef11]
C:\Users\cwebb\AppData\Local\ntuserlitelist\winscr (Trojan.Clicker) -> Delete on reboot. [2792acbbdacf7eb8a089f4c7de23ef11]

Files Detected: 4
C:\WINDOWS\SYSTEM32\drivers\ndistpr64.sys (Rootkit.Agent.PUA) -> Delete on reboot. []
C:\Users\cwebb\Downloads\FolderSizes 8.4.155 Enterprise Edition + keygen - Crackingpatching.com.zip (RiskWare.Tool.CK) -> Delete on reboot. [7445e97ee7c29f97d276c7b1d22f57a9]
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\ndistpr64.sys-(1)-r.mbam (Rootkit.Agent.PUA) -> Delete on reboot. [fdbc6bfc9f0afb3b82a11bac23dee11f]
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\ndistpr64.sys-r.mbam (Rootkit.Agent.PUA) -> Delete on reboot. [b2070463cfdaa393af749f2818e99e62]

Physical Sectors Detected: 0
(No malicious items detected)

(end)



#4 wyton

wyton
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 17 July 2017 - 11:42 PM

After I ran the standard malwarebytes program, my Avira free antivirus program successfully blocked an attempt to infiltrate my registry when the system rebooted. It wants me to run a full scan. I'll wait for your instruction, however, before proceeding.

 

Here is the log from the regular malwarebytes program:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/17/2017
Scan Time: 11:59 PM
Logfile:
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2017.07.18.04
Rootkit Database: v2017.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: cwebb

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 363066
Time Elapsed: 27 min, 11 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.Searchy, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{24F5E422-6A70-4FAA-8CAD-E23D5DC1DAE6}, Quarantined, [15a70a5dccdd122425545e18c53c9070],
PUP.Optional.PSScriptLoad.EncJob, HKU\S-1-5-21-2715202246-2456054378-4196450346-1001\CONSOLE\TASKENG.EXE, Quarantined, [00bc92d5bdec2a0c496d35ce8d754bb5],

Registry Values: 2
PUP.Optional.PSScriptLoad.EncJob, HKU\S-1-5-21-2715202246-2456054378-4196450346-1001\CONSOLE\%SYSTEMROOT%_SYSTEM32_WINDOWSPOWERSHELL_V1.0_POWERSHELL.EXE|WindowPosition, 201329664, Quarantined, [8e2e7fe8f5b4fe387f0cb34d53af44bc]
PUP.Optional.PSScriptLoad.EncJob, HKU\S-1-5-21-2715202246-2456054378-4196450346-1001\CONSOLE\TASKENG.EXE|WindowPosition, 201329664, Quarantined, [00bc92d5bdec2a0c496d35ce8d754bb5]

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.RussAd, C:\Users\cwebb\AppData\Local\nvfontcache, Quarantined, [6d4f2f38a20780b6641b759415eddc24],

Files: 1
Trojan.Clicker, C:\Windows\System32\tprdpw64.exe, Quarantined, [03b90c5bfcadcd69149c22e93ac8936d],

Physical Sectors: 0
(No malicious items detected)


(end)

Malwarebytes Anti-Malware
www.malwarebytes.org


Scan, 7/18/2017 12:28 AM, SYSTEM, SILVERSATELLITE, Manual, Start:7/17/2017 11:59 PM, Duration:27 min 11 sec, Threat Scan, Completed, 1 Malware Detection, 5 Non-Malware Detections,

(end)


Edited by wyton, 17 July 2017 - 11:44 PM.


#5 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:29 PM

Posted 17 July 2017 - 11:56 PM

For now, we'll go ahead with AdwCleaner and JRT to remove any remnants there is. Do you also have a screenshot or log from Avira showing the block?

zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the EULA (I accept), let the database update, then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes;
    MV5ejgW.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply;
iT103hr.pngJunkware Removal Tool (JRT)
  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Press on any key to launch the scan and let it complete;
    tLsXbWy.png
    Credits : BleepingComputer.com
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;
Your next reply(ies) should therefore contain:
  • Copy/pasted AdwCleaner clean log;
  • Copy/pasted JRT log;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#6 wyton

wyton
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 18 July 2017 - 12:29 AM

sorry. It was a desktop pop up. The history section only says, "In accordance with security guidelines, the Administrator has blocked access to the registry."
It blocked access three different times
12:30:17AM
12:28:20AM
11:57:37PM
 
I'm sure these times are consistent with scans and reboots, but I'm not sure what is causing it.Attached File  2017-07-18.png   570.57KB   0 downloads



#7 wyton

wyton
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 18 July 2017 - 12:54 AM

Nothing from Avia this time. Running the JWT scan now.

 

# AdwCleaner 7.0.0.0 - Logfile created on Tue Jul 18 05:41:52 2017
# Updated on 2017/17/07 by Malwarebytes
# Running on Windows 10 Pro (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

Deleted: scan
Deleted: AdAppMgrSvc


***** [ Folders ] *****

Deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Mail.Ru
Deleted: C:/Windows\System32\\SSL
Deleted: C:/Windows\SysWOW64\\SSL
Deleted: C:\Users\cwebb\Favorites\StumbleUpon
Deleted: C:\Program Files (x86)\Digital Coupon Printer
Deleted: C:\ProgramData\WinZip\WinZip Smart Monitor
Deleted: C:\ProgramData\Application Data\WinZip\WinZip Smart Monitor
Deleted: C:\Users\All Users\WinZip\WinZip Smart Monitor
Deleted: C:\Program Files\WinZip Smart Monitor


***** [ Files ] *****

Deleted: C:\Users\cwebb\AppData\Roaming\Mozilla\Firefox\Profiles\78dw97b7.default\invalidprefs.js


***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKU\.DEFAULT\Software\Mail.Ru
Deleted: [Key] - HKU\S-1-5-18\Software\Mail.Ru
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\mail.rambler.ru
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\mail.ru
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\news.rambler.ru
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\rambler.ru
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\azlyrics.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\metrolyrics.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.azlyrics.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.metrolyrics.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\azlyrics.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\metrolyrics.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.azlyrics.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.metrolyrics.com
Deleted: [Key] - HKU\S-1-5-21-2715202246-2456054378-4196450346-1001\Software\Microsoft\Gosearchq
Deleted: [Key] - HKCU\Software\Microsoft\Gosearchq
Deleted: [Key] - HKU\S-1-5-21-2715202246-2456054378-4196450346-1001\Software\Microsoft\Gosearch
Deleted: [Key] - HKCU\Software\Microsoft\Gosearch
Deleted: [Key] - HKLM\SOFTWARE\PC
Deleted: [Key] - HKU\S-1-5-21-2715202246-2456054378-4196450346-1001\Software\PC
Deleted: [Key] - HKCU\Software\PC
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}
Deleted: [Key] - HKU\S-1-5-21-2715202246-2456054378-4196450346-1001\Software\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}
Deleted: [Key] - HKCU\Software\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}
Deleted: [Key] - HKLM\SOFTWARE\Event Monitor
Deleted: [Key] - HKU\S-1-5-21-2715202246-2456054378-4196450346-1001\Software\Event Monitor
Deleted: [Key] - HKCU\Software\Event Monitor
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}
Deleted: [Key] - HKU\S-1-5-21-2715202246-2456054378-4196450346-1001\Software\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}
Deleted: [Key] - HKCU\Software\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}
Deleted: [Key] - HKLM\SOFTWARE\mbs_install
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchy
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD0688A5-FC8B-4E93-A485-CBF606A56D49}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\DMunversion
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{65416821-217D-44BD-9C61-F53398FB1B46}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{65416821-217D-44BD-9C61-F53398FB1B46}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{6DFC0DC7-FDC5-44C2-8B80-5977BA8F8ACC}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{E5AFF088-92F8-41a9-8CAB-E9CDCCE967AC}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{39A37965-0A96-43A3-870E-821FE5C84B0B}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AE298D-7E8A-4F53-BE55-15D2B065F6C0}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC}
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}
Deleted: [Key] - HKU\S-1-5-21-2715202246-2456054378-4196450346-1001\Software\win
Deleted: [Key] - HKCU\Software\win
Deleted: [Key] - HKU\S-1-5-21-2715202246-2456054378-4196450346-1001\Software\Installer
Deleted: [Key] - HKCU\Software\Installer
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\{6711eba6-cf08-4edw-9528-86004fa424bb}
Deleted: [Key] - HKU\S-1-5-21-2715202246-2456054378-4196450346-1001\Software\Microsoft\{6711eba6-cf08-4edw-9528-86004fa424bb}
Deleted: [Key] - HKCU\Software\Microsoft\{6711eba6-cf08-4edw-9528-86004fa424bb}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

SearchProvider deleted: AOL - aol.com
SearchProvider deleted: Softonic EN - whos-your-daddy.en.softonic.com
SearchProvider deleted: Softonic EN - whos-your-daddy.en.softonic.com
SearchProvider deleted: Search Module - www-searching.com
SearchProvider deleted: Search Module - www-searching.com
SearchProvider deleted: Ask - ask.com
SearchProvider deleted: Search Module - www-searching.com


*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [8083 B] - [2017/7/18 5:40:34]
C:/AdwCleaner/AdwCleaner[S1].txt - [9194 B] - [2017/7/18 5:40:47]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########



#8 wyton

wyton
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 18 July 2017 - 12:58 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Pro x64
Ran by cwebb (Administrator) on Tue 07/18/2017 at  1:49:55.16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 2

Successfully deleted: C:\Users\cwebb\AppData\Roaming\Mozilla\Firefox\Profiles\fomkx2h2.cw\extensions\staged (Folder)
Successfully deleted: C:\WINDOWS\system32\Tasks\AviraSystemSpeedupUpdate (Task)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 07/18/2017 at  1:56:41.88
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:29 PM

Posted 18 July 2017 - 09:27 AM

Good :) As for Avira, we'll see if it still warns you of this after we're done with the clean-up.

Now, run a new scan with FRST, and provide me a fresh set of logs (FRST.txt and Addition.txt).

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#10 wyton

wyton
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 18 July 2017 - 02:58 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-07-2017
Ran by cwebb (administrator) on SILVERSATELLITE (18-07-2017 15:42:58)
Running from E:\
Loaded Profiles: cwebb (Available Profiles: defaultuser0 & cwebb)
Platform: Windows 10 Pro Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AOMEI Tech Co., Ltd.) C:\Program Files (x86)\AOMEI Backupper\ABService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Sourcefire, Inc.) C:\Program Files\Immunet\5.0.2\sfc.exe
(The OpenVPN Project) C:\Program Files\OpenVPN\bin\openvpnserv.exe
(arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\pia_manager\pia_manager.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Personal Accelerator for Revit\RevitAccelerator.exe
(Microsoft Corporation) C:\Windows\System32\CastSrv.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
() C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.6\kpm.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe
(Plex) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
() C:\Program Files\OpenVPN\bin\openvpn-gui.exe
(Immunet) C:\Program Files\Immunet\5.0.2\iptray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(hxxp://www.ruby-lang.org/) C:\Users\cwebb\AppData\Local\Temp\ocr4F48.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_manager.exe
(hxxp://www.ruby-lang.org/) C:\Users\cwebb\AppData\Local\Temp\ocrC67C.tmp\bin\rubyw.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(The NWJS Community) C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe
(The NWJS Community) C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(The NWJS Community) C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe
() C:\Program Files\pia_manager\openvpn.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
() C:\Users\cwebb\AppData\Local\Plex Media Server\Plug-ins\BitTorrent.bundle\Contents\Bin\windows_386\scrapmagnet.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Scanner.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13261456 2012-12-10] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2778864 2014-08-06] (Synaptics Incorporated)
HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [7679816 2016-10-09] (SoftPerfect)
HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [1878016 2017-04-19] (WinZip)
HKLM\...\Run: [WinZip PreLoader] => C:\Program Files\WinZip\WzPreloader.exe [124360 2017-04-19] (WinZip Computing, S.L.)
HKLM\...\Run: [pac] => C:\Program Files\Autodesk\Personal Accelerator for Revit\RevitAccelerator.exe [339464 2017-01-17] (Autodesk, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-05-09] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2404952 2017-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [704424 2017-03-10] (Autodesk, Inc.)
HKLM-x32\...\Run: [ADSK DLMSession] => C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [1627032 2015-01-28] (Autodesk, Inc.)
HKLM-x32\...\Run: [Immunet Protect] => C:\Program Files\Immunet\5.0.2\iptray.exe [3158200 2017-05-23] (Immunet)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [97512 2017-06-13] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [918008 2017-07-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [66656 2017-06-28] (Avira Operations GmbH & Co. KG) <==== ATTENTION
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1870928 2017-04-04] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ABNotify] => C:\Program Files (x86)\AOMEI Backupper\ABNotify.exe [89968 2017-01-15] ()
HKU\S-1-5-21-2715202246-2456054378-4196450346-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [15947752 2017-06-28] (Plex, Inc.)
HKU\S-1-5-21-2715202246-2456054378-4196450346-1001\...\Run: [kpm.exe] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.6\kpm.exe [411912 2016-12-22] ()
HKU\S-1-5-21-2715202246-2456054378-4196450346-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [886352 2017-04-04] (Adobe Systems Incorporated)
HKU\S-1-5-21-2715202246-2456054378-4196450346-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9292504 2016-12-21] (Piriform Ltd)
HKU\S-1-5-21-2715202246-2456054378-4196450346-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-05-09] (Apple Inc.)
HKU\S-1-5-21-2715202246-2456054378-4196450346-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-05-09] (Apple Inc.)
HKU\S-1-5-21-2715202246-2456054378-4196450346-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2017-03-16] (Apple Inc.)
HKU\S-1-5-21-2715202246-2456054378-4196450346-1001\...\Run: [OPENVPN-GUI] => C:\Program Files\OpenVPN\bin\openvpn-gui.exe [636032 2017-06-20] ()
HKU\S-1-5-21-2715202246-2456054378-4196450346-1001\...\RunOnce: [Application Restart #0] => C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe [1260544 2017-01-15] (The NWJS Community)
HKU\S-1-5-18\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [15947752 2017-06-28] (Plex, Inc.)
Startup: C:\Users\cwebb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zSpeedup.lnk [2017-07-18]
ShortcutTarget: zSpeedup.lnk -> C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe (Avira Operations GmbH & Co. KG)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-19] => Proxy is enabled.
ProxyServer: [S-1-5-19] => 127.0.0.1:8003
ProxyEnable: [S-1-5-20] => Proxy is enabled.
ProxyServer: [S-1-5-20] => 127.0.0.1:8003
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{2404f406-2b30-455b-8682-5a988c65851c}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{27c18d96-e9e6-417d-99f9-395e0929bb08}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8e319e74-6c6e-4bcc-9c28-5eb8f7241548}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{bef10f8c-524b-4e48-a212-6ea69429c2a3}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-07-17] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-04-04] (Adobe Systems Incorporated)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-17] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-04-04] (Adobe Systems Incorporated)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-04-04] (Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-04-04] (Adobe Systems Incorporated)
BHO-x32: Kaspersky Password Manager -> {F710F7E5-A520-471D-989C-F653AC328FB2} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.6\ie_engine.dll [2016-12-22] (AO Kaspersky Lab)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-04-04] (Adobe Systems Incorporated)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-17] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-17] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-17] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-17] (Microsoft Corporation)

Edge:
======
Edge Extension: (LastPass: Free Password Manager) -> hdokiejnpimakedhajhdlcegeplioahd_LastPassLastPassFreePasswordManager_qq0fmhteeht3j => C:\Program Files\WindowsApps\LastPass.LastPassFreePasswordManager_4.1.45.0_neutral__qq0fmhteeht3j [2017-06-23]

FireFox:
========
FF DefaultProfile: 78dw97b7.default
FF ProfilePath: C:\Users\cwebb\AppData\Roaming\Mozilla\Firefox\Profiles\78dw97b7.default [2017-07-18]
FF NewTab: Mozilla\Firefox\Profiles\78dw97b7.default -> about:newtab
FF Homepage: Mozilla\Firefox\Profiles\78dw97b7.default -> about:home
FF Extension: (Avira Browser Safety) - C:\Users\cwebb\AppData\Roaming\Mozilla\Firefox\Profiles\78dw97b7.default\Extensions\abs@avira.com.xpi [2017-07-18]
FF Extension: (Easy Screenshot) - C:\Users\cwebb\AppData\Roaming\Mozilla\Firefox\Profiles\78dw97b7.default\Extensions\easyscreenshot@mozillaonline.com.xpi [2017-04-26]
FF Extension: (Firefox Search Test) - C:\Users\cwebb\AppData\Roaming\Mozilla\Firefox\Profiles\78dw97b7.default\Extensions\firefoxsearchtest@mozilla.com.xpi [2017-06-30]
FF Extension: (MakeGIF Video Capture) - C:\Users\cwebb\AppData\Roaming\Mozilla\Firefox\Profiles\78dw97b7.default\Extensions\makegifvideocapture@makegif.com.xpi [2017-03-29]
FF Extension: (OmniSidebar) - C:\Users\cwebb\AppData\Roaming\Mozilla\Firefox\Profiles\78dw97b7.default\Extensions\osb@quicksaver.xpi [2017-03-29]
FF Extension: (uBlock Origin) - C:\Users\cwebb\AppData\Roaming\Mozilla\Firefox\Profiles\78dw97b7.default\Extensions\uBlock0@raymondhill.net.xpi [2017-06-28]
FF Extension: (Lightshot (screenshot tool)) - C:\Users\cwebb\AppData\Roaming\Mozilla\Firefox\Profiles\78dw97b7.default\Extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B} [2017-03-29]
FF Extension: (YouTube High Definition) - C:\Users\cwebb\AppData\Roaming\Mozilla\Firefox\Profiles\78dw97b7.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2017-06-21]
FF Extension: (BetterPrivacy) - C:\Users\cwebb\AppData\Roaming\Mozilla\Firefox\Profiles\78dw97b7.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2017-03-29]
FF Extension: (Open With Photoshop) - C:\Users\cwebb\AppData\Roaming\Mozilla\Firefox\Profiles\78dw97b7.default\Extensions\{f3f219f9-cbce-467e-b8fe-6e076d29665c}.xpi [2017-06-16]
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2017-06-06]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF HKU\S-1-5-21-2715202246-2456054378-4196450346-1001\...\Firefox\Extensions: [mozilla_cc3@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi
FF Extension: (No Name) - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi [2017-04-25]
FF HKU\S-1-5-21-2715202246-2456054378-4196450346-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-01-26]
FF HKU\S-1-5-21-2715202246-2456054378-4196450346-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\cwebb\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\cwebb\AppData\Roaming\IDM\idmmzcc5 [2017-04-30] [not signed]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2017-01-15]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2017-01-15]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-18] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-03-27] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-18] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-26] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-03-27] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2017-01-15] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp:\/\/www.yahoo.com\/
CHR StartupUrls: Default -> "hxxp:\/\/www.nytimes.com\/?campaignId=6JH86","hxxps:\/\/mail.google.com\/mail\/ca\/u\/0\/#inbox","hxxps:\/\/us-mg205.mail.yahoo.com\/neo\/launch?.rand=ata8k1r1mcs4s"
CHR NewTab: Default -> "active": false,
            "entry": "chrome-extension://ehhkfhegcenpfoanmgfpfhnmdmflkbgk/index.html"
          
CHR Profile: C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default [2017-07-18]
CHR Extension: (Google Slides) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-10]
CHR Extension: (Magic Actions for YouTube™) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2017-05-12]
CHR Extension: (Google Drive) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-18]
CHR Extension: (YouTube) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-18]
CHR Extension: (Classic Games) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpckajjkmjncafjlkielcgheibdlnfgc [2017-01-24]
CHR Extension: (Avira Safe Shopping) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccbpbkebodcjkknkfkpmfeciinhidaeh [2017-06-08]
CHR Extension: (Smooth Scroll) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckpifcbkpbdakjgcigilkdhhfbmgcfdh [2017-06-19]
CHR Extension: (Calculator) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\decmldkknaaemlafplkkdmmmelbdnlja [2017-01-24]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2017-01-24]
CHR Extension: (Adobe Acrobat) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-06-06]
CHR Extension: (Home - New Tab Page) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehhkfhegcenpfoanmgfpfhnmdmflkbgk [2017-06-08]
CHR Extension: (Pandora) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2017-01-24]
CHR Extension: (Google Sheets) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-10]
CHR Extension: (Google Docs Offline) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-18]
CHR Extension: (Smooth Scroll) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghghlbdebkoefdmbfjkicnehjgkmcamf [2017-01-24]
CHR Extension: (AdBlock) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-06-19]
CHR Extension: (Save to Google Drive) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2017-01-24]
CHR Extension: (TweetDeck by Twitter) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2017-01-24]
CHR Extension: (Lexia Reading Core5) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiaoahhgjennidohjjhdcfefikghgple [2017-01-24]
CHR Extension: (McDonald's Management Game) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgcomjojoilpdofoijhcdobmkjidofhl [2017-02-24]
CHR Extension: (Chromium Wheel Smooth Scroller) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\khpcanbeojalbkpgpmjpdkjnkfcgfkhb [2017-01-24]
CHR Extension: (TweetDeck Launcher) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmjdnkpkpnjblbgbnkeedepgnomafojk [2017-01-24]
CHR Extension: (Hootsuite) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneloppijbcidgidihgdjnooihjcdbij [2017-01-24]
CHR Extension: (Take Webpage Screenshots Entirely - FireShot) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2017-05-24]
CHR Extension: (Flashcontrol) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2017-03-14]
CHR Extension: (BetterTweetDeck 3) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\micblkellenpbfapmcpcfhcoeohhnpob [2017-06-19]
CHR Extension: (Kaspersky Password Manager) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkaoblbjfmcalcjjaifickaoccjmhlal [2017-06-19]
CHR Extension: (SmoothScroll) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbokbjkabcmbfdlbddjidfmibcpneigj [2017-01-24]
CHR Extension: (IDM Integration Module) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2017-06-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (Mobialia Chess 3D) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\nngfppohnieolpklikdmhbofoabooijm [2017-01-24]
CHR Extension: (IXL) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpmknlmiefdmkfbfebehccibkjdihbj [2017-01-24]
CHR Extension: (Khan Academy) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\pahdiadnidmaaoohjmlkcjffbfcapgko [2017-01-24]
CHR Extension: (Click&Clean App) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2017-06-01]
CHR Extension: (Kids A-Z) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\pifccnhncmnilgbnnkjkgicpkeclodpd [2017-01-24]
CHR Extension: (Gmail) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-18]
CHR Extension: (Chrome Media Router) - C:\Users\cwebb\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-19]
CHR HKLM\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-04-26]
CHR HKU\S-1-5-21-2715202246-2456054378-4196450346-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mkaoblbjfmcalcjjaifickaoccjmhlal] - hxxps://chrome.google.com/webstore/detail/mkaoblbjfmcalcjjaifickaoccjmhlal
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-04-26]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [771672 2017-03-14] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1128432 2017-07-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [490968 2017-07-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [490968 2017-07-18] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1524216 2017-07-18] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [377976 2017-06-13] (Avira Operations GmbH & Co. KG)
R2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [122728 2017-01-15] (AOMEI Tech Co., Ltd.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4411584 2017-07-02] (Microsoft Corporation)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-04] (Intel Corporation)
R2 ImmunetProtect_5.0.2; C:\Program Files\Immunet\5.0.2\sfc.exe [1094168 2017-05-23] (Sourcefire, Inc.)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv2.exe [15872 2016-11-25] ( ) [File not signed]
R2 OpenVPNServiceInteractive; C:\Program Files\OpenVPN\bin\openvpnserv.exe [72832 2017-06-20] (The OpenVPN Project)
S3 OpenVPNServiceLegacy; C:\Program Files\OpenVPN\bin\openvpnserv.exe [72832 2017-06-20] (The OpenVPN Project)
R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [1995240 2017-06-28] (Plex, Inc.)
R2 PSI_SVC_2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (arvato digital services llc)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-12-10] (Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-18] (Microsoft Corporation)
R2 SpeedupService; C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe [74800 2017-06-28] (Avira Operations GmbH & Co. KG)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
S2 WinZip Smart Monitor Service; "C:\Program Files\WinZip Smart Monitor\WinZip Smart Monitor Service.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 ambakdrv; C:\WINDOWS\System32\ambakdrv.sys [51120 2016-12-22] ()
R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [171952 2016-12-22] ()
S3 ampa; C:\Windows\system32\ampa.sys [38320 2016-12-26] ()
S3 ampa; C:\Windows\SysWOW64\ampa.sys [38320 2016-12-25] ()
R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [38320 2016-12-22] ()
R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [60920 2017-06-13] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [167504 2017-06-13] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [164824 2017-06-13] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2017-04-10] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2017-04-10] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [38048 2017-06-13] (Avira Operations GmbH & Co. KG)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2017-01-19] (Glarysoft Ltd)
R2 ImmunetNetworkMonitorDriver; C:\WINDOWS\System32\Drivers\ImmunetNetworkMonitor.sys [107704 2017-05-23] (Sourcefire, Inc.)
R1 ImmunetProtectDriver; C:\WINDOWS\System32\Drivers\immunetprotect.sys [86712 2017-05-23] (Sourcefire, Inc.)
R1 ImmunetSelfProtectDriver; C:\WINDOWS\System32\Drivers\immunetselfprotect.sys [49336 2017-05-23] (Sourcefire, Inc.)
R3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew00.sys [3341824 2017-03-18] (Intel Corporation)
R1 networx; C:\WINDOWS\System32\drivers\networx.sys [72632 2016-10-04] (NetFilterSDK.com)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [52816 2016-08-03] (Toshiba Client Solutions Co., Ltd.)
S3 Trufos; C:\WINDOWS\System32\Drivers\trufos.sys [389240 2017-05-23] (BitDefender S.R.L.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-07-17] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-18 15:21 - 2017-07-18 15:21 - 00000000 ___HD C:\OneDriveTemp
2017-07-18 04:42 - 2017-07-18 04:42 - 00000000 ____D C:\Users\cwebb\Downloads\Articulate Storyline 4.1.12115.0 + Crack
2017-07-18 04:31 - 2017-07-18 04:31 - 00000000 ____D C:\Users\cwebb\Downloads\SketchUp Pro 2016 v17.0.19911 + Crack
2017-07-18 02:27 - 2017-07-18 02:27 - 00000000 ____D C:\Users\cwebb\Downloads\Avira Antivirus Pro 15.0.28.28 Incl Keys - Freeware Sys 2017
2017-07-18 02:01 - 2017-07-18 06:17 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-07-18 02:01 - 2017-07-18 06:17 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-07-18 01:56 - 2017-07-18 01:56 - 00000754 _____ C:\Users\cwebb\Desktop\JRT.txt
2017-07-18 01:37 - 2017-07-18 01:37 - 01790024 _____ (Malwarebytes) C:\Users\cwebb\Downloads\JRT.exe
2017-07-18 01:31 - 2017-07-18 01:41 - 00000000 ____D C:\AdwCleaner
2017-07-18 01:30 - 2017-07-18 01:31 - 08162248 _____ (Malwarebytes) C:\Users\cwebb\Downloads\AdwCleaner.exe
2017-07-18 00:02 - 2017-07-18 15:10 - 00000000 ____D C:\Users\Public\Speedup Sessions
2017-07-17 05:59 - 2017-07-18 15:42 - 00052355 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-07-17 05:59 - 2017-07-18 15:21 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-07-17 05:59 - 2017-07-18 15:18 - 05316989 _____ C:\WINDOWS\ZAM.krnl.trace
2017-07-17 05:59 - 2017-07-17 05:59 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-07-17 05:58 - 2017-07-17 05:58 - 00000000 ____D C:\Users\cwebb\AppData\Local\Zemana
2017-07-17 03:05 - 2017-07-17 03:05 - 34603008 _____ C:\Users\cwebb\Downloads\EmsisoftEmergencyKit.exe.part
2017-07-17 02:02 - 2017-07-17 02:02 - 00000000 ____D C:\Users\cwebb\OpenVPN
2017-07-17 01:50 - 2017-07-17 01:50 - 00000000 ____D C:\Users\cwebb\Documents\openvpn
2017-07-17 01:46 - 2017-07-17 01:46 - 00000953 _____ C:\Users\Public\Desktop\OpenVPN GUI.lnk
2017-07-17 01:45 - 2017-07-17 01:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2017-07-17 01:45 - 2017-07-17 01:46 - 00000000 ____D C:\Program Files\TAP-Windows
2017-07-17 01:45 - 2017-07-17 01:46 - 00000000 ____D C:\Program Files\OpenVPN
2017-07-17 01:45 - 2017-07-17 01:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2017-07-17 01:09 - 2017-07-17 01:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
2017-07-16 23:49 - 2017-07-16 23:54 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-07-16 23:43 - 2017-07-07 02:57 - 00626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-07-16 23:43 - 2017-07-07 02:39 - 01839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-07-16 23:43 - 2017-07-07 02:37 - 02259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-07-16 23:43 - 2017-07-07 02:31 - 05820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-07-16 23:43 - 2017-07-07 02:31 - 01518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-07-16 23:43 - 2017-07-07 02:30 - 02165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-07-16 23:43 - 2017-07-07 02:27 - 06759512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-07-16 23:43 - 2017-07-07 02:26 - 20373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-07-16 23:43 - 2017-07-07 02:26 - 00988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-07-16 23:43 - 2017-07-07 02:23 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-07-16 23:43 - 2017-07-07 02:14 - 02956800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-07-16 23:43 - 2017-07-07 02:14 - 00790016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-07-16 23:43 - 2017-07-07 02:13 - 13839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-07-16 23:43 - 2017-07-07 02:12 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-07-16 23:43 - 2017-07-07 02:09 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-07-16 23:43 - 2017-07-07 02:05 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-07-16 23:43 - 2017-07-07 02:04 - 05961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-07-16 23:43 - 2017-07-07 02:04 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-07-16 23:43 - 2017-07-07 02:04 - 00506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-07-16 23:43 - 2017-07-07 02:02 - 00952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-07-16 23:43 - 2017-07-07 02:01 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-07-16 23:43 - 2017-07-07 02:00 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-07-16 23:43 - 2017-07-07 02:00 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-07-16 23:43 - 2017-07-07 01:58 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-07-16 23:43 - 2017-07-07 01:58 - 02298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-07-16 23:42 - 2017-07-07 03:24 - 00117664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2017-07-16 23:42 - 2017-07-07 03:23 - 02399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-07-16 23:42 - 2017-07-07 03:20 - 02021680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2017-07-16 23:42 - 2017-07-07 03:13 - 00554392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-07-16 23:42 - 2017-07-07 03:13 - 00336320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-07-16 23:42 - 2017-07-07 03:11 - 00094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-07-16 23:42 - 2017-07-07 03:10 - 01670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-07-16 23:42 - 2017-07-07 02:57 - 00125344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2017-07-16 23:42 - 2017-07-07 02:40 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-07-16 23:42 - 2017-07-07 02:39 - 00096128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-07-16 23:42 - 2017-07-07 02:37 - 01339352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpmde.dll
2017-07-16 23:42 - 2017-07-07 02:31 - 00129184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-07-16 23:42 - 2017-07-07 02:30 - 00949920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2017-07-16 23:42 - 2017-07-07 02:30 - 00750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-07-16 23:42 - 2017-07-07 02:29 - 00349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-07-16 23:42 - 2017-07-07 02:29 - 00123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Clipc.dll
2017-07-16 23:42 - 2017-07-07 02:26 - 01529384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-07-16 23:42 - 2017-07-07 02:26 - 01195240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-07-16 23:42 - 2017-07-07 02:25 - 00035232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininitext.dll
2017-07-16 23:42 - 2017-07-07 02:24 - 01517472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-07-16 23:42 - 2017-07-07 02:22 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2017-07-16 23:42 - 2017-07-07 02:20 - 23681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-07-16 23:42 - 2017-07-07 02:20 - 08331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-07-16 23:42 - 2017-07-07 02:19 - 00165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-07-16 23:42 - 2017-07-07 02:18 - 00548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2017-07-16 23:42 - 2017-07-07 02:17 - 00588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-07-16 23:42 - 2017-07-07 02:16 - 12786176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-07-16 23:42 - 2017-07-07 02:16 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-07-16 23:42 - 2017-07-07 02:15 - 08238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-07-16 23:42 - 2017-07-07 02:14 - 08211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-07-16 23:42 - 2017-07-07 02:14 - 03784704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-07-16 23:42 - 2017-07-07 02:14 - 01448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-07-16 23:42 - 2017-07-07 02:12 - 04730880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-07-16 23:42 - 2017-07-07 02:12 - 01142272 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-07-16 23:42 - 2017-07-07 02:10 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-07-16 23:42 - 2017-07-07 02:10 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapprovp.dll
2017-07-16 23:42 - 2017-07-07 02:09 - 20504576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-07-16 23:42 - 2017-07-07 02:08 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-07-16 23:42 - 2017-07-07 02:07 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2017-07-16 23:42 - 2017-07-07 02:07 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\raschap.dll
2017-07-16 23:42 - 2017-07-07 02:06 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsExt.dll
2017-07-16 23:42 - 2017-07-07 02:05 - 19335168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-07-16 23:42 - 2017-07-07 02:05 - 11870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-07-16 23:42 - 2017-07-07 02:05 - 05719040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-07-16 23:42 - 2017-07-07 02:05 - 00502784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2017-07-16 23:42 - 2017-07-07 02:05 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2017-07-16 23:42 - 2017-07-07 02:04 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-07-16 23:42 - 2017-07-07 02:04 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-07-16 23:42 - 2017-07-07 02:03 - 06123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-07-16 23:42 - 2017-07-07 02:03 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-07-16 23:42 - 2017-07-07 02:03 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-07-16 23:42 - 2017-07-07 02:01 - 06287360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-07-16 23:42 - 2017-07-07 02:00 - 07596544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-07-16 23:42 - 2017-07-07 02:00 - 02588160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-07-16 23:42 - 2017-07-07 02:00 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-07-16 23:42 - 2017-07-07 02:00 - 01565184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-07-16 23:42 - 2017-07-07 01:59 - 04417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-07-16 23:42 - 2017-07-07 01:59 - 03656704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-07-16 23:42 - 2017-07-07 01:59 - 01494016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-07-16 23:42 - 2017-07-07 01:59 - 01355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-07-16 23:42 - 2017-07-07 01:59 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-07-16 23:42 - 2017-07-07 01:58 - 02782720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-07-16 23:42 - 2017-07-07 01:58 - 01237504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2017-07-16 23:42 - 2017-07-07 01:55 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2017-07-16 23:42 - 2017-07-07 01:55 - 00329216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2017-07-16 23:42 - 2017-07-07 01:53 - 01301504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdc.dll
2017-07-16 23:42 - 2017-07-07 01:53 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2017-07-16 23:41 - 2017-07-07 10:00 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2017-07-16 23:41 - 2017-07-07 03:27 - 01147288 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-07-16 23:41 - 2017-07-07 03:27 - 01024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-07-16 23:41 - 2017-07-07 03:27 - 00965024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-07-16 23:41 - 2017-07-07 03:27 - 00821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-07-16 23:41 - 2017-07-07 03:27 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-07-16 23:41 - 2017-07-07 03:26 - 01065104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-07-16 23:41 - 2017-07-07 03:25 - 00899824 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-07-16 23:41 - 2017-07-07 03:22 - 08318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-07-16 23:41 - 2017-07-07 03:22 - 01186464 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-07-16 23:41 - 2017-07-07 03:22 - 00119384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-07-16 23:41 - 2017-07-07 03:21 - 32688336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsRaw.dll
2017-07-16 23:41 - 2017-07-07 03:21 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-07-16 23:41 - 2017-07-07 03:20 - 00923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-07-16 23:41 - 2017-07-07 03:20 - 00519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-07-16 23:41 - 2017-07-07 03:20 - 00382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-07-16 23:41 - 2017-07-07 03:17 - 01017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-07-16 23:41 - 2017-07-07 03:15 - 02444696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-07-16 23:41 - 2017-07-07 03:14 - 07325584 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-07-16 23:41 - 2017-07-07 03:14 - 05477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-07-16 23:41 - 2017-07-07 03:14 - 01760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-07-16 23:41 - 2017-07-07 03:14 - 01171032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2017-07-16 23:41 - 2017-07-07 03:13 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-07-16 23:41 - 2017-07-07 03:13 - 00147800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Clipc.dll
2017-07-16 23:41 - 2017-07-07 03:12 - 00411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-07-16 23:41 - 2017-07-07 03:12 - 00318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-07-16 23:41 - 2017-07-07 03:12 - 00228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-07-16 23:41 - 2017-07-07 03:11 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-07-16 23:41 - 2017-07-07 03:10 - 21353208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-07-16 23:41 - 2017-07-07 03:10 - 01337848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-07-16 23:41 - 2017-07-07 03:10 - 01325968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-07-16 23:41 - 2017-07-07 03:10 - 00372128 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-07-16 23:41 - 2017-07-07 03:10 - 00254168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-07-16 23:41 - 2017-07-07 03:09 - 00041376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininitext.dll
2017-07-16 23:41 - 2017-07-07 03:08 - 02229152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-07-16 23:41 - 2017-07-07 03:08 - 01854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-07-16 23:41 - 2017-07-07 03:08 - 01693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-07-16 23:41 - 2017-07-07 03:08 - 01458584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-07-16 23:41 - 2017-07-07 03:08 - 01100704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2017-07-16 23:41 - 2017-07-07 03:08 - 00992672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2017-07-16 23:41 - 2017-07-07 03:08 - 00848280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-07-16 23:41 - 2017-07-07 03:08 - 00846752 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-07-16 23:41 - 2017-07-07 03:08 - 00844704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-07-16 23:41 - 2017-07-07 03:08 - 00774560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-07-16 23:41 - 2017-07-07 03:08 - 00699808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-07-16 23:41 - 2017-07-07 03:08 - 00672672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-07-16 23:41 - 2017-07-07 03:08 - 00506776 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2017-07-16 23:41 - 2017-07-07 03:08 - 00399264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-07-16 23:41 - 2017-07-07 03:07 - 01106848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-07-16 23:41 - 2017-07-07 03:07 - 00058488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-07-16 23:41 - 2017-07-07 02:37 - 31652264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsRaw.dll
2017-07-16 23:41 - 2017-07-07 02:27 - 03670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-07-16 23:41 - 2017-07-07 02:27 - 01640448 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-07-16 23:41 - 2017-07-07 02:27 - 01050624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-07-16 23:41 - 2017-07-07 02:27 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2017-07-16 23:41 - 2017-07-07 02:27 - 00577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll
2017-07-16 23:41 - 2017-07-07 02:27 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2017-07-16 23:41 - 2017-07-07 02:27 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-07-16 23:41 - 2017-07-07 02:27 - 00360960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2017-07-16 23:41 - 2017-07-07 02:26 - 17364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-07-16 23:41 - 2017-07-07 02:25 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-07-16 23:41 - 2017-07-07 02:24 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2017-07-16 23:41 - 2017-07-07 02:23 - 00113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-07-16 23:41 - 2017-07-07 02:23 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-07-16 23:41 - 2017-07-07 02:23 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-07-16 23:41 - 2017-07-07 02:23 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapprovp.dll
2017-07-16 23:41 - 2017-07-07 02:22 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-07-16 23:41 - 2017-07-07 02:22 - 00520704 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-07-16 23:41 - 2017-07-07 02:21 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll
2017-07-16 23:41 - 2017-07-07 02:21 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-07-16 23:41 - 2017-07-07 02:20 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\prntvpt.dll
2017-07-16 23:41 - 2017-07-07 02:19 - 07149056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-07-16 23:41 - 2017-07-07 02:19 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-07-16 23:41 - 2017-07-07 02:19 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-07-16 23:41 - 2017-07-07 02:19 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\raschap.dll
2017-07-16 23:41 - 2017-07-07 02:18 - 07336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-07-16 23:41 - 2017-07-07 02:18 - 00563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2017-07-16 23:41 - 2017-07-07 02:18 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2017-07-16 23:41 - 2017-07-07 02:18 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsExt.dll
2017-07-16 23:41 - 2017-07-07 02:17 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-07-16 23:41 - 2017-07-07 02:17 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-07-16 23:41 - 2017-07-07 02:17 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-07-16 23:41 - 2017-07-07 02:17 - 00536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-07-16 23:41 - 2017-07-07 02:17 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-07-16 23:41 - 2017-07-07 02:17 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-07-16 23:41 - 2017-07-07 02:16 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-07-16 23:41 - 2017-07-07 02:15 - 00922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-07-16 23:41 - 2017-07-07 02:14 - 01802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-07-16 23:41 - 2017-07-07 02:14 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2017-07-16 23:41 - 2017-07-07 02:14 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-07-16 23:41 - 2017-07-07 02:13 - 05892096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-07-16 23:41 - 2017-07-07 02:13 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-07-16 23:41 - 2017-07-07 02:12 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-07-16 23:41 - 2017-07-07 02:12 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-07-16 23:41 - 2017-07-07 02:12 - 02055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-07-16 23:41 - 2017-07-07 02:12 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-07-16 23:41 - 2017-07-07 02:12 - 01420800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2017-07-16 23:41 - 2017-07-07 02:12 - 01305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-07-16 23:41 - 2017-07-07 02:12 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-07-16 23:41 - 2017-07-07 02:12 - 00706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-07-16 23:41 - 2017-07-07 02:11 - 03139584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-07-16 23:41 - 2017-07-07 02:11 - 02829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-07-16 23:41 - 2017-07-07 02:11 - 02649600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-07-16 23:41 - 2017-07-07 02:11 - 02177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-07-16 23:41 - 2017-07-07 02:11 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-07-16 23:41 - 2017-07-07 02:11 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-07-16 23:41 - 2017-07-07 02:11 - 00986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-07-16 23:41 - 2017-07-07 02:11 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-07-16 23:41 - 2017-07-07 02:10 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-07-16 23:41 - 2017-07-07 02:10 - 04707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-07-16 23:41 - 2017-07-07 02:10 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-07-16 23:41 - 2017-07-07 02:07 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-07-16 23:41 - 2017-07-07 02:07 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2017-07-16 23:41 - 2017-07-07 02:06 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2017-07-16 23:41 - 2017-07-07 02:06 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sensrsvc.dll
2017-07-16 23:41 - 2017-07-07 02:05 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2017-07-16 23:41 - 2017-07-07 02:04 - 01703424 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-07-16 23:41 - 2017-07-07 02:04 - 01403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdc.dll
2017-07-16 23:41 - 2017-07-07 02:04 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2017-07-16 23:41 - 2017-07-07 02:02 - 00508416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2017-07-16 23:41 - 2017-07-01 18:52 - 00031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-07-01 05:56 - 2017-07-01 05:56 - 00000000 ____D C:\Users\cwebb\Desktop\Immunet_Support_Tool_2017_06_29_02_11_38
2017-06-30 09:17 - 2017-07-16 00:37 - 00003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2715202246-2456054378-4196450346-1001
2017-06-30 07:13 - 2017-06-30 07:13 - 00000000 ____D C:\ProgramData\cwebb
2017-06-30 06:58 - 2017-06-30 06:58 - 00001128 _____ C:\Users\Public\Desktop\FileASSASSIN.lnk
2017-06-30 06:58 - 2017-06-30 06:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN
2017-06-30 06:58 - 2017-06-30 06:58 - 00000000 ____D C:\Program Files (x86)\FileASSASSIN
2017-06-30 06:24 - 2017-06-30 06:26 - 06590401 _____ C:\Users\cwebb\Downloads\conIbb_I
2017-06-29 02:30 - 2017-07-16 23:49 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-29 02:11 - 2017-06-29 02:12 - 36905144 _____ C:\Users\cwebb\Desktop\Immunet_Support_Tool_2017_06_29_02_11_38.7z
2017-06-29 01:45 - 2017-07-18 15:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-29 01:45 - 2017-07-18 00:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-06-28 19:39 - 2017-07-18 00:29 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-06-28 19:38 - 2017-07-17 23:55 - 00000000 ____D C:\Users\cwebb\Desktop\mbar
2017-06-28 17:44 - 2017-06-28 17:44 - 00010442 _____ C:\Users\cwebb\Downloads\Fixlist.txt
2017-06-28 17:07 - 2017-07-18 15:42 - 00000000 ____D C:\FRST
2017-06-28 16:46 - 2017-06-28 18:24 - 00000000 ____D C:\ESD
2017-06-28 16:44 - 2017-06-28 16:44 - 00000000 ___HD C:\$Windows.~WS
2017-06-28 16:44 - 2017-06-28 16:44 - 00000000 ____D C:\$WINDOWS.~BT
2017-06-28 08:38 - 2017-07-18 15:20 - 120324096 _____ C:\WINDOWS\system32\config\SOFTWARE
2017-06-28 08:34 - 2017-06-28 08:38 - 00000000 ____D C:\WINDOWS\Microsoft Antimalware
2017-06-28 05:13 - 2017-06-28 05:13 - 00000000 ___HD C:\$SysReset
2017-06-28 02:24 - 2017-06-20 01:08 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-06-28 02:24 - 2017-06-20 01:05 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-06-28 02:24 - 2017-06-20 01:05 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-06-28 02:24 - 2017-06-20 01:04 - 01818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-06-28 02:24 - 2017-06-20 01:02 - 01121928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-06-28 02:24 - 2017-06-20 01:01 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-06-28 02:24 - 2017-06-20 01:01 - 03332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-06-28 02:24 - 2017-06-20 00:43 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-06-28 02:24 - 2017-06-20 00:43 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-06-28 02:24 - 2017-06-20 00:42 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-06-28 02:24 - 2017-06-20 00:40 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-06-28 02:24 - 2017-06-20 00:38 - 01451008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-06-28 02:24 - 2017-06-20 00:38 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-06-28 02:24 - 2017-06-20 00:37 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-06-28 02:24 - 2017-06-20 00:35 - 02679296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-06-28 02:23 - 2017-06-20 02:02 - 02645688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-06-28 02:23 - 2017-06-20 02:00 - 00142752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-06-28 02:23 - 2017-06-20 01:59 - 06554928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-06-28 02:23 - 2017-06-20 01:59 - 01220072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-06-28 02:23 - 2017-06-20 01:57 - 02681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-06-28 02:23 - 2017-06-20 01:11 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-06-28 02:23 - 2017-06-20 01:10 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-06-28 02:23 - 2017-06-20 01:09 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-06-28 02:23 - 2017-06-20 01:08 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-06-28 02:23 - 2017-06-20 01:07 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2017-06-28 02:23 - 2017-06-20 01:07 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-06-28 02:23 - 2017-06-20 01:06 - 00847872 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-06-28 02:23 - 2017-06-20 01:06 - 00754592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-06-28 02:23 - 2017-06-20 01:06 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-06-28 02:23 - 2017-06-20 01:06 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-06-28 02:23 - 2017-06-20 01:06 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-06-28 02:23 - 2017-06-20 01:05 - 04447744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-06-28 02:23 - 2017-06-20 01:05 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-06-28 02:23 - 2017-06-20 01:04 - 00181656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-06-28 02:23 - 2017-06-20 01:03 - 05806048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-06-28 02:23 - 2017-06-20 01:03 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-06-28 02:23 - 2017-06-20 01:01 - 04536320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-06-28 02:23 - 2017-06-20 00:59 - 02938880 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-06-28 02:23 - 2017-06-20 00:43 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-06-28 02:23 - 2017-06-20 00:42 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-06-28 02:23 - 2017-06-20 00:40 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-06-28 02:23 - 2017-06-20 00:38 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-06-28 02:23 - 2017-06-20 00:38 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-06-28 02:23 - 2017-06-20 00:36 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-06-28 02:23 - 2017-06-20 00:34 - 04056576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-06-28 02:23 - 2017-06-20 00:34 - 02211328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-06-28 02:23 - 2017-06-20 00:30 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-06-28 02:22 - 2017-06-20 02:04 - 04847424 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-06-28 02:22 - 2017-06-20 02:02 - 01055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-06-28 02:22 - 2017-06-20 02:00 - 00255904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-06-28 02:22 - 2017-06-20 01:14 - 01150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-06-28 02:22 - 2017-06-20 01:10 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-06-28 02:22 - 2017-06-20 01:08 - 04469840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-06-28 02:22 - 2017-06-20 01:08 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-06-28 02:22 - 2017-06-20 01:05 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-06-28 02:22 - 2017-06-20 01:05 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-06-28 02:22 - 2017-06-20 01:05 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-06-28 02:22 - 2017-06-20 01:05 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-06-28 02:22 - 2017-06-20 01:04 - 02330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-06-28 02:22 - 2017-06-20 01:02 - 02804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-06-28 02:22 - 2017-06-20 01:02 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-06-28 02:22 - 2017-06-20 01:01 - 03803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-06-28 02:22 - 2017-06-20 01:01 - 01076736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-06-28 02:22 - 2017-06-20 00:59 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-06-28 02:22 - 2017-06-20 00:59 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-06-28 02:22 - 2017-06-20 00:56 - 00985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-06-28 02:21 - 2017-06-20 02:18 - 01564576 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-06-28 02:21 - 2017-06-20 02:18 - 00096672 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-06-28 02:21 - 2017-06-20 02:17 - 00629152 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-06-28 02:21 - 2017-06-20 02:17 - 00544160 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-06-28 02:21 - 2017-06-20 02:17 - 00334240 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-06-28 02:21 - 2017-06-20 02:17 - 00136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-06-28 02:21 - 2017-06-20 02:17 - 00034720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-06-28 02:21 - 2017-06-20 02:16 - 01214880 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-06-28 02:21 - 2017-06-20 02:16 - 00335776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-06-28 02:21 - 2017-06-20 02:15 - 00233376 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-06-28 02:21 - 2017-06-20 02:11 - 01395152 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-06-28 02:21 - 2017-06-20 02:11 - 00411992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2017-06-28 02:21 - 2017-06-20 02:10 - 02327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-06-28 02:21 - 2017-06-20 02:10 - 01930320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-06-28 02:21 - 2017-06-20 02:08 - 01242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-06-28 02:21 - 2017-06-20 02:06 - 00279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-06-28 02:21 - 2017-06-20 02:04 - 00472728 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-06-28 02:21 - 2017-06-20 02:03 - 00820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-06-28 02:21 - 2017-06-20 02:03 - 00179608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll
2017-06-28 02:21 - 2017-06-20 02:03 - 00102312 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialUIBroker.exe
2017-06-28 02:21 - 2017-06-20 02:02 - 00426912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-06-28 02:21 - 2017-06-20 02:00 - 00558920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-06-28 02:21 - 2017-06-20 01:59 - 01054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-06-28 02:21 - 2017-06-20 01:59 - 00583304 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2017-06-28 02:21 - 2017-06-20 01:59 - 00467504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2017-06-28 02:21 - 2017-06-20 01:58 - 00833160 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2017-06-28 02:21 - 2017-06-20 01:58 - 00406072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-06-28 02:21 - 2017-06-20 01:58 - 00203168 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2017-06-28 02:21 - 2017-06-20 01:57 - 00204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-06-28 02:21 - 2017-06-20 01:34 - 00192416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-06-28 02:21 - 2017-06-20 01:15 - 01620368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-06-28 02:21 - 2017-06-20 01:15 - 00455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2017-06-28 02:21 - 2017-06-20 01:13 - 00787712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-06-28 02:21 - 2017-06-20 01:12 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-06-28 02:21 - 2017-06-20 01:12 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2017-06-28 02:21 - 2017-06-20 01:12 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-06-28 02:21 - 2017-06-20 01:11 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-06-28 02:21 - 2017-06-20 01:10 - 00778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2017-06-28 02:21 - 2017-06-20 01:10 - 00722432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-06-28 02:21 - 2017-06-20 01:10 - 00189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-06-28 02:21 - 2017-06-20 01:09 - 00555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgrSvc.dll
2017-06-28 02:21 - 2017-06-20 01:09 - 00551424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2017-06-28 02:21 - 2017-06-20 01:09 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2017-06-28 02:21 - 2017-06-20 01:09 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-06-28 02:21 - 2017-06-20 01:09 - 00406032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-06-28 02:21 - 2017-06-20 01:09 - 00208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-06-28 02:21 - 2017-06-20 01:09 - 00205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipboardServer.dll
2017-06-28 02:21 - 2017-06-20 01:09 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dataclen.dll
2017-06-28 02:21 - 2017-06-20 01:08 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2017-06-28 02:21 - 2017-06-20 01:08 - 00251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-06-28 02:21 - 2017-06-20 01:07 - 00823296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2017-06-28 02:21 - 2017-06-20 01:07 - 00757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-06-28 02:21 - 2017-06-20 01:07 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2017-06-28 02:21 - 2017-06-20 01:07 - 00626176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2017-06-28 02:21 - 2017-06-20 01:07 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2017-06-28 02:21 - 2017-06-20 01:07 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-06-28 02:21 - 2017-06-20 01:07 - 00138656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2017-06-28 02:21 - 2017-06-20 01:06 - 00942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-06-28 02:21 - 2017-06-20 01:05 - 00873472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-06-28 02:21 - 2017-06-20 01:05 - 00438096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-06-28 02:21 - 2017-06-20 01:05 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-06-28 02:21 - 2017-06-20 01:04 - 01425920 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-06-28 02:21 - 2017-06-20 01:04 - 01178528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-06-28 02:21 - 2017-06-20 01:04 - 01177600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2017-06-28 02:21 - 2017-06-20 01:04 - 01077496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2017-06-28 02:21 - 2017-06-20 01:04 - 00899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2017-06-28 02:21 - 2017-06-20 01:04 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-06-28 02:21 - 2017-06-20 01:04 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-06-28 02:21 - 2017-06-20 01:04 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2017-06-28 02:21 - 2017-06-20 01:03 - 01396224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-06-28 02:21 - 2017-06-20 01:03 - 00864240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-06-28 02:21 - 2017-06-20 01:03 - 00443728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2017-06-28 02:21 - 2017-06-20 01:02 - 03377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-28 02:21 - 2017-06-20 01:02 - 03204096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-06-28 02:21 - 2017-06-20 01:02 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-06-28 02:21 - 2017-06-20 01:02 - 00354400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-06-28 02:21 - 2017-06-20 01:01 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-06-28 02:21 - 2017-06-20 01:01 - 00176032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-06-28 02:21 - 2017-06-20 01:00 - 03057664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-06-28 02:21 - 2017-06-20 01:00 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-28 02:21 - 2017-06-20 01:00 - 02171392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2017-06-28 02:21 - 2017-06-20 00:58 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-06-28 02:21 - 2017-06-20 00:57 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2017-06-28 02:21 - 2017-06-20 00:56 - 00600064 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-06-28 02:21 - 2017-06-20 00:56 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdmaud.drv
2017-06-28 02:21 - 2017-06-20 00:54 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
2017-06-28 02:21 - 2017-06-20 00:43 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2017-06-28 02:21 - 2017-06-20 00:43 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dataclen.dll
2017-06-28 02:21 - 2017-06-20 00:42 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2017-06-28 02:21 - 2017-06-20 00:42 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-06-28 02:21 - 2017-06-20 00:41 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2017-06-28 02:21 - 2017-06-20 00:41 - 00601088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2017-06-28 02:21 - 2017-06-20 00:41 - 00433152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2017-06-28 02:21 - 2017-06-20 00:39 - 02671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-28 02:21 - 2017-06-20 00:39 - 00969728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2017-06-28 02:21 - 2017-06-20 00:35 - 02132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-28 02:21 - 2017-06-20 00:35 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-06-28 02:21 - 2017-06-20 00:34 - 02750464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-06-28 02:21 - 2017-06-20 00:34 - 01492480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2017-06-28 02:20 - 2017-06-20 02:05 - 01057832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-06-28 02:20 - 2017-06-20 01:16 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll
2017-06-28 02:20 - 2017-06-20 01:16 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2017-06-28 02:20 - 2017-06-20 01:14 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2017-06-28 02:20 - 2017-06-20 01:13 - 00216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-06-28 02:20 - 2017-06-20 01:13 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2017-06-28 02:20 - 2017-06-20 01:13 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgr.dll
2017-06-28 02:20 - 2017-06-20 01:13 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModelOOBE.exe
2017-06-28 02:20 - 2017-06-20 01:12 - 00264192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbvideo.sys
2017-06-28 02:20 - 2017-06-20 01:12 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Profile.RetailInfo.dll
2017-06-28 02:20 - 2017-06-20 01:12 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2017-06-28 02:20 - 2017-06-20 01:10 - 00188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2017-06-28 02:20 - 2017-06-20 01:09 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Narrator.exe
2017-06-28 02:20 - 2017-06-20 01:09 - 00250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2017-06-28 02:20 - 2017-06-20 01:09 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-06-28 02:20 - 2017-06-20 01:09 - 00135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2017-06-28 02:20 - 2017-06-20 01:08 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\system32\certca.dll
2017-06-28 02:20 - 2017-06-20 01:08 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2017-06-28 02:20 - 2017-06-20 01:08 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-06-28 02:20 - 2017-06-20 01:07 - 02475136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-06-28 02:20 - 2017-06-20 01:07 - 00916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2017-06-28 02:20 - 2017-06-20 01:07 - 00346016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-06-28 02:20 - 2017-06-20 01:06 - 00455680 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-06-28 02:20 - 2017-06-20 01:06 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2017-06-28 02:20 - 2017-06-20 01:06 - 00278944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2017-06-28 02:20 - 2017-06-20 01:06 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2017-06-28 02:20 - 2017-06-20 01:06 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-06-28 02:20 - 2017-06-20 01:05 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2017-06-28 02:20 - 2017-06-20 01:05 - 00696320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2017-06-28 02:20 - 2017-06-20 01:04 - 00049656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msasn1.dll
2017-06-28 02:20 - 2017-06-20 01:02 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinAUG.dll
2017-06-28 02:20 - 2017-06-20 01:01 - 00809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-06-28 02:20 - 2017-06-20 01:01 - 00397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-06-28 02:20 - 2017-06-20 00:57 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMPushRouterCore.dll
2017-06-28 02:20 - 2017-06-20 00:49 - 00899072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfuimanager.dll
2017-06-28 02:20 - 2017-06-20 00:49 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2017-06-28 02:20 - 2017-06-20 00:46 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-06-28 02:20 - 2017-06-20 00:45 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Profile.RetailInfo.dll
2017-06-28 02:20 - 2017-06-20 00:45 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-06-28 02:20 - 2017-06-20 00:43 - 00173568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ClipboardServer.dll
2017-06-28 02:20 - 2017-06-20 00:43 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2017-06-28 02:20 - 2017-06-20 00:42 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certca.dll
2017-06-28 02:20 - 2017-06-20 00:42 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2017-06-28 02:20 - 2017-06-20 00:41 - 00734208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-06-28 02:20 - 2017-06-20 00:41 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2017-06-28 02:20 - 2017-06-20 00:40 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-06-28 02:20 - 2017-06-20 00:40 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-06-28 02:20 - 2017-06-20 00:40 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
2017-06-28 02:20 - 2017-06-20 00:40 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-06-28 02:20 - 2017-06-20 00:39 - 02814464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2017-06-28 02:20 - 2017-06-20 00:39 - 00646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2017-06-28 02:20 - 2017-06-20 00:39 - 00471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
2017-06-28 02:20 - 2017-06-20 00:39 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-06-28 02:20 - 2017-06-20 00:38 - 01171968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-06-28 02:20 - 2017-06-20 00:38 - 00648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2017-06-28 02:20 - 2017-06-20 00:34 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-06-28 02:20 - 2017-06-20 00:31 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-06-28 02:20 - 2017-06-20 00:30 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdmaud.drv
2017-06-28 02:20 - 2017-06-20 00:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2017-06-28 02:20 - 2017-06-20 00:28 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2017-06-27 21:44 - 2017-06-27 21:44 - 00000000 ____D C:\Users\cwebb\Downloads\eXplorer
2017-06-27 21:37 - 2017-06-27 21:37 - 05766464 _____ (Zemana Ltd. ) C:\Users\cwebb\Downloads\eXplorer(1).exe
2017-06-27 21:25 - 2017-06-27 21:25 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\cwebb\Downloads\pXplorer.exe
2017-06-27 21:17 - 2017-06-27 23:25 - 00000000 ____D C:\Users\cwebb\Desktop\Maleware Fixes
2017-06-23 04:01 - 2017-06-23 04:01 - 00001264 _____ C:\Users\Public\Desktop\FolderSizes 8.lnk
2017-06-23 04:01 - 2017-06-23 04:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FolderSizes 8
2017-06-23 04:01 - 2017-06-23 04:01 - 00000000 ____D C:\ProgramData\Key Metric Software
2017-06-23 04:01 - 2017-06-23 04:01 - 00000000 ____D C:\ProgramData\2003-05.com.keymetricsoft
2017-06-23 04:01 - 2017-06-23 04:01 - 00000000 ____D C:\Program Files\Key Metric Software
2017-06-23 04:00 - 2017-06-23 04:01 - 00000000 ____D C:\Users\cwebb\AppData\Roaming\Key Metric Software
2017-06-23 03:38 - 2017-06-23 03:43 - 49722472 _____ (Google Inc.) C:\Users\cwebb\Downloads\ChromeStandaloneSetup64.exe
2017-06-23 03:30 - 2017-06-23 03:30 - 00000000 ____D C:\Users\cwebb\Downloads\ChromeSetup
2017-06-23 02:51 - 2017-06-23 02:51 - 00705073 _____ C:\Users\cwebb\Documents\2sidedfloodwallFlyer.pdf
2017-06-22 13:14 - 2017-06-22 13:14 - 00000000 ____D C:\Users\cwebb\AppData\Local\Tempzxpsign9a665dab77b9cc3c
2017-06-22 01:56 - 2017-06-22 01:56 - 00000000 ____D C:\Users\cwebb\AppData\Local\Tempzxpsign8385485cb49aa147
2017-06-22 01:56 - 2017-06-22 01:56 - 00000000 ____D C:\Users\cwebb\AppData\Local\Tempzxpsign54b5b7c8188e046f
2017-06-22 01:29 - 2017-06-22 01:30 - 00000000 ___RD C:\Users\cwebb\Documents\Scanned Documents
2017-06-22 01:29 - 2017-06-22 01:29 - 00000000 ____D C:\Users\cwebb\Documents\Fax
2017-06-21 16:49 - 2017-06-25 21:01 - 00000000 ___RD C:\Users\cwebb\Desktop\OrganiZen
2017-06-21 16:40 - 2017-06-21 16:41 - 01130328 _____ (Google Inc.) C:\Users\cwebb\Downloads\ChromeSetup.exe
2017-06-21 16:38 - 2017-07-18 15:21 - 00000000 ___RD C:\Users\cwebb\iCloudDrive
2017-06-21 16:38 - 2017-06-21 16:38 - 00000000 ____D C:\Users\cwebb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iCloud
2017-06-21 16:38 - 2017-06-21 16:38 - 00000000 ____D C:\Users\cwebb\AppData\Local\Apple Inc
2017-06-21 16:36 - 2017-07-16 00:41 - 00000000 ____D C:\Users\cwebb\AppData\Local\ABD25F88-F7DD-4788-BFD9-234C2001FDEA.aplzod
2017-06-21 16:36 - 2017-06-21 16:36 - 00000000 ____D C:\Users\cwebb\Documents\Outlook Files
2017-06-21 14:53 - 2017-06-21 14:53 - 00001822 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-06-21 14:53 - 2017-06-21 14:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-06-21 14:51 - 2017-06-21 14:51 - 00000000 ____D C:\Program Files\iPod
2017-06-21 14:36 - 2017-06-21 14:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2017-06-19 03:20 - 2017-06-19 20:39 - 00000000 ____D C:\Users\cwebb\Downloads\HitmanPro.Alert 3.6.6 build 593 Final - [CrackzSoft]
2017-06-18 14:09 - 2017-07-02 17:32 - 00000000 ____D C:\Users\cwebb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-06-18 04:44 - 2017-06-18 04:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodi
2017-06-18 04:32 - 2017-06-18 04:41 - 83886559 _____ (XBMC-Foundation) C:\Users\cwebb\Downloads\KodiSetup-20170606-21c2dba5a9-Krypton-x86.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-18 15:39 - 2017-01-10 05:15 - 00000000 ___HD C:\Users\cwebb\AppData\LocalLow\Mozilla
2017-07-18 15:27 - 2017-03-31 18:36 - 03041364 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-07-18 15:21 - 2017-05-23 04:05 - 00000000 ____D C:\Program Files\Immunet
2017-07-18 15:21 - 2017-01-09 23:39 - 00000082 _____ C:\WINDOWS\SysWOW64\winsevr.dat
2017-07-18 15:21 - 2017-01-09 23:38 - 00000000 ____D C:\Program Files (x86)\AOMEI Backupper
2017-07-18 15:21 - 2017-01-09 20:50 - 00000000 __SHD C:\Users\cwebb\IntelGraphicsProfiles
2017-07-18 15:21 - 2017-01-09 19:58 - 00000000 ___RD C:\Users\cwebb\OneDrive
2017-07-18 15:20 - 2017-03-18 07:40 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-07-18 15:12 - 2017-03-31 18:41 - 00004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{19DF12D0-C29F-4DFE-9587-C1F265438938}
2017-07-18 15:11 - 2017-03-18 17:01 - 00000000 ____D C:\WINDOWS\INF
2017-07-18 07:05 - 2017-01-18 06:16 - 00000000 ___HD C:\Users\cwebb\AppData\Roaming\qBittorrent
2017-07-18 06:09 - 2017-05-23 05:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-07-18 05:37 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-07-18 04:08 - 2017-03-31 18:19 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-07-18 02:01 - 2017-01-15 03:48 - 00000000 ____D C:\Program Files (x86)\Google
2017-07-18 01:41 - 2017-04-30 05:30 - 00000000 ____D C:\ProgramData\WinZip
2017-07-18 00:31 - 2017-06-15 13:22 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-07-18 00:28 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\appcompat
2017-07-18 00:15 - 2017-01-10 05:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-07-18 00:04 - 2017-03-18 17:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-17 23:57 - 2017-03-18 17:03 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-07-17 23:57 - 2017-01-13 07:25 - 00000000 ____D C:\ProgramData\Package Cache
2017-07-17 20:52 - 2017-03-18 17:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-07-17 20:28 - 2017-03-31 18:25 - 00000000 ____D C:\Users\cwebb
2017-07-17 05:38 - 2017-01-09 19:56 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-07-17 05:37 - 2017-03-31 18:19 - 05438992 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-07-17 05:35 - 2017-03-18 17:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-07-17 05:35 - 2017-03-18 17:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-07-17 05:35 - 2017-03-18 17:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-07-17 05:35 - 2017-03-18 17:03 - 00000000 ___RD C:\Program Files\Windows Defender
2017-07-17 05:35 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-07-17 05:35 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\migwiz
2017-07-17 05:35 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-07-17 05:35 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-07-17 05:35 - 2017-03-18 17:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-07-17 05:35 - 2017-03-18 17:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-07-17 05:35 - 2017-03-18 17:03 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-07-17 03:12 - 2017-02-28 20:38 - 00000000 ____D C:\Users\cwebb\AppData\Local\ElevatedDiagnostics
2017-07-16 23:49 - 2017-01-09 22:17 - 135225752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-07-16 00:41 - 2017-06-06 06:20 - 00002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2017-07-16 00:37 - 2017-01-09 19:58 - 00002412 _____ C:\Users\cwebb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-07-05 21:12 - 2017-05-15 17:46 - 00000000 ____D C:\Users\cwebb\AppData\Local\Roblox
2017-07-02 17:29 - 2017-02-26 05:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-07-02 13:38 - 2017-01-10 08:33 - 00000000 ___HD C:\Users\cwebb\AppData\Roaming\Apple Computer
2017-07-01 05:53 - 2017-01-10 05:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-07-01 01:24 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\rescache
2017-06-30 10:47 - 2017-03-18 17:06 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-06-30 10:47 - 2017-03-18 17:06 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-30 07:13 - 2017-06-12 14:36 - 00000000 ____D C:\Users\cwebb\AppData\Local\SquirrelTemp
2017-06-29 11:46 - 2017-02-26 05:15 - 00001232 ____H C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-06-29 11:46 - 2017-02-26 05:15 - 00001220 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-06-29 01:54 - 2017-06-15 13:16 - 00001175 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2017-06-29 01:53 - 2017-05-23 05:02 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-06-29 01:44 - 2017-04-02 10:39 - 00000000 ____D C:\Users\cwebb\AppData\LocalLow\Temp
2017-06-29 01:43 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-06-29 01:43 - 2016-07-16 07:47 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-06-28 19:39 - 2017-06-15 13:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-06-28 18:24 - 2017-06-11 23:06 - 00000000 ____D C:\WINDOWS\Panther
2017-06-28 03:51 - 2017-01-17 05:11 - 00001024 ____H C:\SYSTAG.BIN
2017-06-26 18:59 - 2017-01-09 19:56 - 00000000 ___HD C:\Users\cwebb\AppData\Local\Packages
2017-06-25 20:50 - 2017-03-09 03:00 - 00000000 ____D C:\Users\cwebb\AppData\Roaming\vlc
2017-06-25 20:21 - 2017-04-11 22:53 - 00000000 ____D C:\Users\cwebb\Desktop\Dez schoolwork
2017-06-25 20:16 - 2017-05-23 05:09 - 00000000 ____D C:\ProgramData\Avira
2017-06-25 20:16 - 2017-05-23 05:09 - 00000000 ____D C:\Program Files (x86)\Avira
2017-06-25 18:10 - 2017-03-31 18:41 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-06-25 18:10 - 2017-03-31 18:41 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-06-23 07:06 - 2017-04-30 07:03 - 00000000 ____D C:\ProgramData\Corel
2017-06-21 22:56 - 2017-04-02 10:43 - 00015766 _____ C:\WINDOWS\BRRBCOM.INI
2017-06-21 14:52 - 2017-01-15 04:07 - 00000000 ____D C:\Program Files\iTunes
2017-06-20 16:38 - 2017-06-12 14:36 - 00000000 ____D C:\Users\cwebb\AppData\Roaming\discord
2017-06-20 16:35 - 2017-02-07 10:35 - 00000000 ___HD C:\Users\cwebb\AppData\Roaming\Kodi
2017-06-20 16:13 - 2017-01-20 02:23 - 00000000 ____D C:\Program Files\CCleaner
2017-06-20 16:12 - 2017-01-09 19:56 - 00000000 ___HD C:\Users\cwebb\AppData\Local\ConnectedDevicesPlatform
2017-06-18 16:02 - 2017-05-21 15:03 - 00000000 ____D C:\Users\cwebb\AppData\Local\Screencast-O-Matic-v2
2017-06-18 04:44 - 2017-02-07 10:10 - 00000000 ____D C:\Program Files (x86)\Kodi

==================== Files in the root of some directories =======

2017-01-29 11:34 - 2017-01-29 11:38 - 0000033 ____H () C:\Users\cwebb\AppData\Roaming\AdobeWLCMCache.dat
2017-05-17 11:32 - 2017-05-17 11:32 - 0125952 _____ () C:\Users\cwebb\AppData\Local\report

Files to move or delete:
====================
C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-16 23:18

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-07-2017
Ran by cwebb (18-07-2017 15:44:47)
Running from E:\
Windows 10 Pro Version 1703 (X64) (2017-04-01 00:59:49)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2715202246-2456054378-4196450346-500 - Administrator - Disabled)
cwebb (S-1-5-21-2715202246-2456054378-4196450346-1001 - Administrator - Enabled) => C:\Users\cwebb
DefaultAccount (S-1-5-21-2715202246-2456054378-4196450346-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-2715202246-2456054378-4196450346-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-2715202246-2456054378-4196450346-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2715202246-2456054378-4196450346-1004 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Ablebits.com Link Checker for Microsoft Word (HKLM-x32\...\{9589E892-D860-4C71-A6DB-1CD6B81E76C3}) (Version: 3.1.108 - Add-in Express Ltd)
AbleBits.com Note&Do for Microsoft Office (HKLM-x32\...\{778BC416-21C3-4BAC-B773-0D098FD30538}) (Version: 2.0.4 - Add-in Express Ltd)
Ablebits.com Ultimate Suite for Microsoft Excel (HKLM-x32\...\{F2A020E7-840B-4895-9500-FCD14C5D6BEF}) (Version: 16.4.484 - Add-in Express Ltd)
Acoustica Mixcraft 8 Pro Studio (64-bit) (HKLM-x32\...\Mixcraft 8-64) (Version: 8.0.1.394 - Acoustica)
Action! (HKLM-x32\...\Mirillis Action!) (Version: 2.2.1 - Mirillis)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 17.009.20058 - Adobe Systems Incorporated)
Adobe After (HKLM\...\{6A915992-D887-4897-82F5-950EDD12DEB1}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
Adobe After Effects CC 2017 (HKLM-x32\...\AEFT_14_0_1) (Version: 14.0.1 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Animate CC 2017 (HKLM-x32\...\FLPR_16_0_1) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Audition CC 2017 (HKLM-x32\...\AUDT_10_0_1) (Version: 10.0.1 - Adobe Systems Incorporated)
Adobe Bridge CC 2017 (HKLM-x32\...\KBRG_7_0) (Version: 7.0 - Adobe Systems Incorporated)
Adobe Captivate 9 (64 Bit) (HKLM-x32\...\{BF58ED42-4121-11E5-889B-DA4C38A5DEE9}) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Captivate Quiz Results Analyzer (HKLM-x32\...\QuizResultsAnalyzer9) (Version: 9 - Adobe Systems Incorporated)
Adobe Character Animator CC (Beta) (HKLM-x32\...\ANMLBETA_1_0_5) (Version: 1.0.5 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.0.1.188 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2017 (HKLM-x32\...\DRWV_17_0_1) (Version: 17.0.1 - Adobe Systems Incorporated)
Adobe Extension Manager CC (HKLM-x32\...\{244FD30F-63F1-49B9-9D98-1150FF4FFCB1}) (Version: 7.0 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Fuse CC (Preview) (HKLM-x32\...\{06F1F289-ACFE-43A2-A654-7950079D6685}) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Illustrator CC 2017 (HKLM-x32\...\ILST_21_0_1) (Version: 21.0.1 - Adobe Systems Incorporated)
Adobe InCopy CC 2017 (HKLM-x32\...\AICY_12_0_0) (Version: 12.0 - Adobe Systems Incorporated)
Adobe InDesign CC 2017 (HKLM-x32\...\IDSN_12_0_0) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2017 (HKLM-x32\...\AME_11_0_0) (Version: 11.0.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0_1) (Version: 18.0.1 - Adobe Systems Incorporated)
Adobe Prelude CC 2017 (HKLM-x32\...\PRLD_6_0_1) (Version: 6.0.1 - Adobe Systems Incorporated)
Adobe Premiere (HKLM\...\{C1CB876C-A08E-4692-B525-42848BD154D7}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CC 2017 (HKLM-x32\...\PPRO_11_0_1) (Version: 11.0.1 - Adobe Systems Incorporated)
Adobe SpeedGrade CC 2015 (HKLM-x32\...\{8FD7F1DB-7355-469E-A3F2-2118148D8477}) (Version: 9.0.0 - Adobe Systems Incorporated)
Advanced Batch Image Converter x86 (HKLM-x32\...\ABIC64) (Version: 1.2.2 - Roman Hiestand)
Akamai NetSession Interface (HKU\S-1-5-21-2715202246-2456054378-4196450346-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Autodesk Certificate Package  (x64) - 5.1.4 (HKLM\...\{79D5E475-5EAB-4474-84F5-BD612337A175}) (Version: 5.1.4.100 - Autodesk)
Autodesk Collaboration for Revit 2018 (HKLM\...\{AA384BE4-1800-0010-0000-97E7D7D00B17}) (Version: 18.0.0.420 - Autodesk) Hidden
Autodesk Collaboration for Revit 2018 (HKLM\...\Autodesk Collaboration for Revit 2018) (Version: 18.0.0.420 - Autodesk)
Autodesk Desktop App (HKLM-x32\...\Autodesk Desktop App) (Version: 7.0.5.154 - Autodesk)
Autodesk Download Manager (HKLM-x32\...\{EC92633C-8F08-470A-BCDF-3FE5FD778C8D}) (Version: 4.0.14.0 - Autodesk, Inc.)
Autodesk License Service (x64) - 5.1.4 (HKLM\...\{3609A8D9-FC0C-4C9B-9F58-0B1D1A4FE556}) (Version: 5.1.4.0 - Autodesk)
Autodesk Material Library 2018 (HKLM-x32\...\{7847611E-92E9-4917-B395-71C91D523104}) (Version: 16.11.1.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2018 (HKLM-x32\...\{FCDED119-A969-4E48-8A32-D21AD6B03253}) (Version: 16.11.1.0 - Autodesk)
Autodesk Material Library Low Resolution Image Library 2018 (HKLM-x32\...\{1B0F011A-66B4-4865-98B7-0FE132841035}) (Version: 16.11.1.0 - Autodesk)
Autodesk Network License Manager (HKLM\...\{4BE91685-1632-47FC-B563-A8A542C6664C}) (Version: 11.13.1.2 - Autodesk)
Autodesk Revit 2018 (HKLM\...\Autodesk Revit 2018) (Version: 18.0.0.420 - Autodesk)
Autodesk Revit 2018 (HKLM\...\Revit 2018) (Version:  - )
Autodesk Revit Content Libraries 2018 (HKLM\...\Autodesk Revit Content Libraries 2018) (Version: 18.0.0.420 - Autodesk)
Autodesk Revit Content Libraries 2018 (HKLM\...\Revit Content Libraries 2018) (Version:  - )
Autodesk Revit MEP Imperial Content (HKLM\...\{7A218E72-B73A-44AF-B4CA-D97EEEAACEFF}) (Version: 2.1 - Autodesk)
Autodesk Revit MEP Metric Content (HKLM\...\{14301A33-A4A1-41B8-A3BF-237AEC8561BB}) (Version: 2.1 - Autodesk)
Autodesk Revit Model Review 2018 (HKLM\...\{715812E8-1800-0010-0000-BBB894911B46}) (Version: 18.0.0.420 - Autodesk) Hidden
Autodesk Revit Model Review 2018 (HKLM\...\Autodesk Revit Model Review 2018) (Version: 18.0.0.420 - Autodesk)
Autodesk Workflows 2018 (HKLM\...\{28B17270-375A-4844-9D34-754A457E17BF}) (Version: 16.11.1.0 - Autodesk, Inc.)
Avira Connect (HKLM-x32\...\{661C79C2-D156-419C-81CA-D1A2523B0841}) (Version: 1.2.91.10326 - Avira Operations GmbH & Co. KG) Hidden
Avira Connect (HKLM-x32\...\{dd9049b8-31d1-40bd-8c8c-97a7b087a78f}) (Version: 1.2.91.10326 - Avira Operations GmbH & Co. KG)
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 3.7.1.5481 - Avira Operations GmbH & Co. KG)
Batch Print for Autodesk Revit 2018 (HKLM\...\{82AF00E4-1800-0010-0000-FCE0F87063F9}) (Version: 18.0.0.420 - Autodesk) Hidden
Batch Print for Autodesk Revit 2018 (HKLM\...\Batch Print for Autodesk Revit 2018) (Version: 18.0.0.420 - Autodesk)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.26 - Piriform)
Corel Graphics - Windows Shell Extension (HKLM\...\_{E7F9082A-E477-4DBC-8FBC-E19B53B7BBC9}) (Version: 19.0.0.328 - Corel Corporation)
Corel Graphics - Windows Shell Extension (HKLM\...\{E7F9082A-E477-4DBC-8FBC-E19B53B7BBC9}) (Version: 19.0.328 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit Keys (HKLM\...\{58B4F27F-B90B-4188-AA05-088B9788F8FF}) (Version: 19.0.328 - Corel Corporation) Hidden
Corel Update Manager (HKLM\...\{9E1EE683-0C7B-46E7-83EC-1F5A1D8F2296}) (Version: 2.3.170 - Corel corporation) Hidden
CorelDRAW Graphics Suite 2017 - Capture (x64) (HKLM\...\{AC9BB7B7-A763-43C5-9830-F3B78FDB051D}) (Version: 19.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2017 - Common (x64) (HKLM\...\{B8C51F00-63AE-4327-A533-375CB7B6BF26}) (Version: 19.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2017 - Connect (x64) (HKLM\...\{BD0F92AD-DFDB-4BC5-BAA5-FB27892F9483}) (Version: 19.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2017 - Custom Data (x64) (HKLM\...\{E7975CC5-05E4-45E3-AFD3-234809F694A0}) (Version: 19.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2017 - Draw (x64) (HKLM\...\{A16C7EEB-69CB-42A1-AD10-0E19A133D957}) (Version: 19.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2017 - EN (x64) (HKLM\...\{DB9ECE8C-5065-4388-B70D-D137A2C03152}) (Version: 19.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2017 - Filters (x64) (HKLM\...\{EEC42BAD-9517-450D-AF99-FA3C16D0377C}) (Version: 19.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2017 - Font Manager (x64) (HKLM\...\{D276DE88-654E-4738-A736-6E18D12F0C34}) (Version: 19.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2017 - IPM (x64) (HKLM\...\{904B10A6-0D9C-4645-9C61-504FA92B9220}) (Version: 19.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2017 - IPM Content (x64) (HKLM\...\{54F024CB-16AF-4CC0-9BC2-D2507E7C6C01}) (Version: 19.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2017 - PHOTO-PAINT (x64) (HKLM\...\{B2D66383-4F98-4108-B6A3-F9CF8715875C}) (Version: 19.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2017 - Redist (x64) (HKLM\...\{47865C60-4ED8-4678-B23F-C2D1C2DDC09C}) (Version: 19.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2017 - Setup Files (x64) (HKLM\...\{07B49D5C-2AB6-4D40-8A9B-BEDA6021A7C7}) (Version: 19.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2017 - VBA (x64) (HKLM\...\{5330DEB9-A612-4679-ACC1-D3D9C6190824}) (Version: 19.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2017 - VideoBrowser (x64) (HKLM\...\{C451F155-26B7-48F2-8A8F-9428B4D479D2}) (Version: 19.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2017 - Workspaces (x64) (HKLM\...\{F3EFAF0E-DF3C-4384-8A0F-90D79FEFD7F5}) (Version: 19.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2017 - Writing Tools (x64) (HKLM\...\{E38357D4-1B80-400F-A6D7-B4D5DD83D979}) (Version: 19.0 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite 2017 (64-Bit) (HKLM\...\_{07B49D5C-2AB6-4D40-8A9B-BEDA6021A7C7}) (Version: 19.0.0.328 - Corel Corporation)
CorelDRAW Graphics Suite 2017 (HKLM\...\{03E21392-CE4A-4FC6-B593-370E7A7E345A}) (Version: 19.0 - Corel Corporation) Hidden
Discord (HKU\S-1-5-21-2715202246-2456054378-4196450346-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Dynamo Core 1.2.2 (HKLM\...\{AEC2A178-12F1-4B42-B277-E7C395FC771C}) (Version: 1.2.2.373 - Dynamo)
Dynamo Revit 1.2.2 (HKLM\...\{0FF47E28-76A5-44BA-8EEF-58824252F528}) (Version: 1.2.2.373 - Dynamo)
eTransmit for Autodesk Revit 2018 (HKLM\...\{4477F08B-1800-0010-0000-9A09D834DFF5}) (Version: 18.0.0.420 - Autodesk) Hidden
eTransmit for Autodesk Revit 2018 (HKLM\...\eTransmit for Autodesk Revit 2018) (Version: 18.0.0.420 - Autodesk)
FARO LS 1.1.600.6 (64bit) (HKLM-x32\...\{510A08AF-1649-4844-94E5-EAC43A023685}) (Version: 6.0.6.5 - FARO Scanner Production)
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
FolderSizes 8 (HKLM\...\{E2BC1123-2B6D-4C93-8651-51EFA08A244A}) (Version: 8.4.155 - Key Metric Software)
FormIt Converter For Revit 2018 (HKLM\...\{9FFF4CAD-41A6-44D2-9467-A16AC4B6DC2A}) (Version: 1.9.3.0 - Autodesk)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{DE706580-82C7-4B1A-ABA4-EA48AC15B045}) (Version: 7.1.8.3036 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
iCloud (HKLM\...\{5B1A59DA-D1EC-4C3A-A996-DF011A0A9668}) (Version: 6.2.2.39 - Apple Inc.)
iGrafx Origins (HKLM-x32\...\{D972F309-7376-4B25-10AA-04C80D16E6F1}) (Version: 16.6.1 - iGrafx) Hidden
iGrafx Origins (HKLM-x32\...\iGrafx Origins) (Version: 16.6.1.1249 - iGrafx)
Immunet (HKLM-x32\...\Immunet Protect) (Version: 5.0.2.10301 - Sourcefire, Inc.)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonek Inc.)
IronPython 2.7.3 (HKLM-x32\...\{1EBADAEA-1A0F-40E3-848C-0DD8C5E5A10D}) (Version: 2.7.31000.0 - IronPython Team)
iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)
Kaspersky Password Manager (HKLM-x32\...\{D4C3D682-E15A-4A48-A7B7-3F021A525F8F}) (Version: 8.0.6.538 - Kaspersky Lab) Hidden
Kaspersky Password Manager (HKLM-x32\...\InstallWIX_{D4C3D682-E15A-4A48-A7B7-3F021A525F8F}) (Version: 8.0.6.538 - Kaspersky Lab)
Kodi (HKU\S-1-5-21-2715202246-2456054378-4196450346-1001\...\Kodi) (Version:  - XBMC-Foundation)
MAGIX Content and Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Music Maker Premium (HKLM\...\{7C0E97DB-B7FF-4248-BA47-4718D1D104A6}) (Version: 24.1.3.57 - MAGIX Software GmbH) Hidden
MAGIX Music Maker Premium (HKLM-x32\...\MX.{7C0E97DB-B7FF-4248-BA47-4718D1D104A6}) (Version: 24.1.3.57 - MAGIX Software GmbH)
MAGIX Music Maker Trial Live Pads (HKLM\...\{922FBB61-4DD9-4326-9B1D-82ED1A1B53AC}) (Version: 24.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Music Maker Trial Soundpools (HKLM\...\{E086B126-0CBD-4AD6-9581-4A6DB295B27F}) (Version: 24.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Speed burnR (HKLM\...\{0C2227DF-218B-4DA2-99F8-0B2EBF9EA5A0}) (Version: 7.0.1.27 - MAGIX Software GmbH) Hidden
MAGIX Speed burnR (HKLM-x32\...\MX.{0C2227DF-218B-4DA2-99F8-0B2EBF9EA5A0}) (Version: 7.0.1.27 - MAGIX Software GmbH)
Melodyne 4 (HKLM-x32\...\{16DF894D-FC3F-4B87-908D-671E201CD7A8}) (Version: 4.01.0001 - Celemony Software GmbH)
Melodyne Runtime 4.1 (x64) (HKLM\...\{721E4E34-AF7C-4345-93F9-282CCC8CCCB5}) (Version: 1.0.2 - Celemony Software GmbH)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8229.2086 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2715202246-2456054378-4196450346-1001\...\OneDriveSetup.exe) (Version: 17.3.6944.0627 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB  (HKLM\...\{52EBC484-44A1-4DC5-824A-0A503735ABD8}) (Version: 12.1.4100.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2015 (HKLM-x32\...\{dd8b09df-3ef8-49f1-bd1a-65278435860b}) (Version: 14.0.23217 - Microsoft Corporation)
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8229.2086 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2086 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2086 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8201.2075 - Microsoft Corporation) Hidden
OpenVPN 2.4.3-I601  (HKLM\...\OpenVPN) (Version: 2.4.3-I601 - OpenVPN Technologies, Inc.)
PagePlusX7ContentDeclaration (HKLM-x32\...\{DDD8D35B-EDEA-45FC-8930-C494B02E42FF}) (Version: 1.0.0.0 - Serif (Europe) Ltd) Hidden
Paragon Drive Copy™ 15 Professional (HKLM\...\{24371D30-7CFF-11DE-B053-005056C00008}) (Version: 90.00.0003 - Paragon Software)
Personal Accelerator for Revit (HKLM\...\{7C317DB0-F399-4024-A289-92CF4B6FB256}) (Version: 16.0.1205.0 - Autodesk) Hidden
Personal Accelerator for Revit (HKLM\...\Personal Accelerator for Revit) (Version: 16.0.1205.0 - Autodesk)
Plex Media Server (HKLM-x32\...\{763A44F9-11ED-4C90-B79F-01077108135B}) (Version: 1.7.4035 - Plex, Inc.) Hidden
Plex Media Server (HKLM-x32\...\{d30c30f4-3b8f-4a97-83a8-ade21eb5089e}) (Version: 1.7.5.4035 - Plex, Inc.)
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
qBittorrent 3.3.13 (HKLM-x32\...\qBittorrent) (Version: 3.3.13 - The qBittorrent project)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6794 - Realtek Semiconductor Corp.)
Registry Trash Keys Finder (Full version) (HKLM-x32\...\Registry Trash Keys Finder) (Version: 3.9.4.0 - SNC)
Revit 2018 (HKLM\...\{7346B4A0-1800-0510-0000-705C0D862004}) (Version: 18.0.0.420 - Autodesk) Hidden
Revit Content Libraries 2018 (HKLM\...\{941030D0-1800-0410-0000-818BB38A95FC}) (Version: 18.0.0.420 - Autodesk) Hidden
Revit Extensions for Autodesk Revit 2018 (HKLM\...\{E38BD3EC-0ACB-4EDD-8DF8-448D691E2CE4}) (Version: 1.0.0.0 - Autodesk)
ROBLOX Player (HKLM-x32\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Player for cwebb (HKU\S-1-5-21-2715202246-2456054378-4196450346-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Studio (HKLM-x32\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
ROBLOX Studio for cwebb (HKU\S-1-5-21-2715202246-2456054378-4196450346-1001\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
Serif PagePlus X9 (HKLM\...\{E66C777A-BF1A-4ECA-811F-9ED530C31FC4}) (Version: 19.0.2.21 - Serif (Europe) Ltd)
Serif PagePlus: Business Stationery Template Pack - Electrical Repairs (HKLM-x32\...\{F686BAA5-8CED-48EE-AFC9-B10C33434C89}) (Version: 1.0.2.054 - Serif (Europe) Ltd)
Serif PagePlus: Home Stationery Template Pack - Fishing (HKLM-x32\...\{BA35AC3F-662E-46AB-BB72-BF84ED43335A}) (Version: 1.0.2.054 - Serif (Europe) Ltd)
SketchUp 2017 (HKLM\...\{E59BD84C-169B-4F3F-AC5D-85127CF67051}) (Version: 17.2.2555 - Trimble, Inc.)
Stopping Plex (HKLM-x32\...\{64DC32A4-FE15-4054-AC6C-421DE509BF51}) (Version: 1.7.4035 - Plex, Inc.) Hidden
SymMover (HKLM-x32\...\SymMover) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
Tweaking.com - Hardware Identify (HKLM-x32\...\Tweaking.com - Hardware Identify) (Version: 2.1.1 - Tweaking.com)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{6DA2B636-698A-3294-BF4A-B5E11B238CDD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{14866AAD-1F23-39AC-A62B-7091ED1ADE64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Web Launch Recorder (HKU\S-1-5-21-2715202246-2456054378-4196450346-1001\...\WebLaunchRecorder) (Version: 2.0 - )
WinDirStat 1.1.2 (HKU\S-1-5-21-2715202246-2456054378-4196450346-1001\...\WinDirStat) (Version:  - )
WinZip 21.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2410F}) (Version: 21.5.12480 - WinZip Computing, S.L. )
Worksharing Monitor for Autodesk Revit 2018 (HKLM\...\{5063E738-1800-0010-0000-7B7B9AB0B696}) (Version: 18.0.0.420 - Autodesk) Hidden
Worksharing Monitor for Autodesk Revit 2018 (HKLM\...\Worksharing Monitor for Autodesk Revit 2018) (Version: 18.0.0.420 - Autodesk)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{0045B4D9-BA8C-3069-8559-866EFAAC2E41}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{03FD2EFF-E668-3B9B-8116-EBC8BE84C99B}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{07E2883A-7DD3-354F-A731-B91320F64F09}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{0B855069-B722-3C3B-8622-EA22C1AD437E}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{0DE0C7D7-DF02-31D6-B0B7-F948BFB8AE0D}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-EA9F92CB2995}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{0E52030B-C7F3-3722-A600-6D8632B9885B}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{0FCEC664-F780-3AF4-AF67-55F906234790}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{11A1A093-EF58-3778-8BF2-A51259BED415}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{12877337-5FC2-3BC7-935B-681516BB6314}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{1F46FA02-994B-370D-9AD9-AC8E3002BA5B}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{1FC22A66-FE7F-35A6-9388-00BCA9D73EA3}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{20DE22E0-135C-333A-ADFF-7DCC932CC253}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{25758A89-65AB-3403-812F-54AACBD289CA}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{26D9CC59-FFE5-36F2-919F-D5BEDABB71A8}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{287C39FC-2B1C-3076-936F-C2B0BD08D70E}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{2D1482DE-1144-3129-8A4E-2EBF1E0C3CD1}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{2D3DC66B-1614-39EF-AE06-30A32BC2DC87}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{2FFDF364-EF38-3916-9CDB-3E2DE5AC7DC3}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{300216E5-D02D-3B66-BD6D-3BE785ADB217}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{31AF334F-0654-4BBB-88CA-CB2366167005}\InprocServer32 -> C:\Users\cwebb\AppData\Roaming\Add-in Express\Note and Do for Microsoft Office\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{31F7619D-F1EF-30A5-BF69-8854E4FB067E}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{321D4458-053A-3E6A-BAFA-C1F789C4153D}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{36550938-3C41-321B-97FE-6983C9FA2355}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{3912E676-3176-3DF3-8A85-715709F8E612}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{3D617CE6-C7CF-4B1D-86B4-BF8C8C530210}\InprocServer32 -> C:\Users\cwebb\AppData\Roaming\Add-in Express\Ultimate Suite for Microsoft Excel\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{3DC8D899-5909-34E2-8A76-13E718968495}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{409B3492-7EA6-387F-98DF-144CDD899C28}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{42CCA369-9DE9-3524-9471-AD0ED9721213}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{43BA05C6-983D-3935-8E0D-0FFD96A26BE4}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{44C2E497-F77B-339A-8D1F-1F02C1FC63C4}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{488E398F-7846-3D35-B4ED-1C4DC5D67AA8}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{4F02CEAC-0647-3A4F-BEFA-C6B150A480F7}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{4FC22687-8B8F-322B-9B46-1F577D781EA1}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{4FFB7E33-09A1-4F52-8E93-0FFE031AA2D0}\InprocServer32 -> C:\Users\cwebb\AppData\Roaming\Add-in Express\Link Checker for Microsoft Word\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{51177181-08ED-3D2C-B38E-2394C70160AA}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{53FBD9D7-69FB-32F2-AA44-6ABF040D2F02}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{54ACD037-3855-3542-BBB9-A8965D7303EC}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{56A936DE-8A07-32F5-BB00-E19FF7131FF3}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{5715FBBA-BC61-3D39-BBD7-52B76F03313C}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{5823CA10-6302-33FB-83F7-F1B6328C192F}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{5ADCB1B8-27E4-3E19-BB1F-CBB1B0550D7F}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{5BFAB51E-41AD-3D59-BF5A-91BEF3B4E4C4}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{625CBB1D-2D57-34D8-939B-2275C0988447}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{63BDDF6C-C557-3096-B598-3037A19C4FE3}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{6599765C-9878-3CF0-80C6-D2D138390AE5}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{65BD17CA-7380-3B6B-9FAE-A6A461DBDB62}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{67038E65-0574-3CC6-94C0-58638350873A}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{67D37794-70A9-3617-8C1B-599C9D5948E6}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{6A80A88B-8001-3015-AE16-2A5F29AC87B0}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{6BE0C6A4-2E70-341A-AD1B-795CFA32135F}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{6CAE3962-E3D5-3D44-8642-E0A47DADEA81}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{6FD58A90-A24C-38A2-A23F-FE56D71FD92D}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{7254EF86-4DB6-34DF-B306-7F8047079464}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{79280FD0-7017-3F54-9844-1073B710C63D}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{7960F658-9EB8-324B-B7E6-DBC92AF84CCA}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{7AC6AF8A-B2E0-31BA-B859-4FB2E66ECFCC}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{7C12DF8F-DA41-33E2-84E1-294661D3A7E6}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{81705503-007F-3CA8-BB65-579B86791E69}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{8670DE5A-CF8D-3BCA-A913-983BF9CB4971}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{88C7C9D0-9FE0-3EC8-85AA-2BC76F6597E7}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{900363DB-A42F-3E75-A921-74ED66763760}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{94A523F1-6428-361B-8D2C-3253CE37EE88}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{9C6FA6EC-6F73-348D-BC74-A09F7C94F7AC}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{A12C1EDA-46FF-3C80-8607-690ED6D6B1B6}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{A366AE03-393E-3829-84B8-B24118D34AB0}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{A3E4893D-4FCF-341F-8EE0-E5C4528444B2}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{A574951E-C1F9-3A07-B18F-18CD7A411FAA}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{A7438874-7DA0-326B-96C0-63C449862C18}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{A93BAA34-0843-3DE3-9F5A-FF249E41C885}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{A9AE6EB5-DFF4-3988-9500-453775F5B3E2}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{AFB6E014-63BA-35F6-B11D-395F5FB71D1F}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{B0474813-C7CA-365C-8E96-002D9AE85937}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{B4806774-0413-33D2-BA4D-E963C3B3EBA9}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{B6DCCF5E-F372-32CA-8BC9-6320BE91A2D9}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{B8F9AA9C-776E-3F96-A693-151F9BD803B0}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{BAAFD54E-3E00-37C0-9A86-A6482A732769}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{BDCCF4A5-DFC1-3F84-AB98-651F6D77F159}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{BE6C206B-6AD0-33D4-A408-35B9EFE262E6}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{BE71CB61-AD24-30EB-9945-0F9EB76EF53C}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{C496C6DC-4063-3053-818A-6B944CB796C1}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{C4C2C8F4-3412-348B-8A9D-9AC31B3EDB5A}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{C65E6497-607A-3074-9E08-824219B149BB}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{C6614F8B-EEBA-383D-8E01-D930D3C98650}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{C6767C2E-5B93-3563-8B4E-D5AA281DECA1}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{C73A9005-C966-34C2-95A7-5DBF43E18572}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{CA027201-87F5-3F1F-B5D6-7A24C1E30A9D}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{CC66D6CF-4B79-38C7-8D00-F00A758BEDEA}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{D1DDAEC2-A75B-3E15-AE90-4743065AC9D3}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{D3519DBA-F023-3470-ABD8-2F9BFEAE1C25}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{D4EB6D0D-EEA8-3C5E-9173-702418019AFC}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{D59753C8-4694-3FDF-A243-4F1A81B98537}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{D63AE62B-67CD-31B4-9C39-2326F05FB4F8}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{D88F7D12-10D2-3C5D-96E2-06CCB6530134}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{D8EF93AE-8D53-31BC-8FF5-A25A2B4C4E6A}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{D93BFA3C-F751-31A7-829C-9D61A97AD5C3}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{D97EF3DF-48DF-3BF6-9E67-8A02F1542179}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{DAF07FB7-5F64-35A9-8040-47B5ACA24E03}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{DBE95724-C5BD-31F0-BEA4-F871CE7EBE09}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{DFC09CFC-05C7-3032-9033-FA9C3B5D4EE9}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{E1D71666-5D26-32D6-B552-C11AB4C7A0C4}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{E2DCF7AF-22C1-3B6E-BAD7-77A858AFE1D9}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{E3F6F520-9CF0-39B6-A4AA-C7CE23385DD2}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{E50CB17D-2096-33EE-A840-7D2F227A28DD}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{E5EA42C0-7842-3E34-BBB9-1066723624D1}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{E6AC0222-1899-3EBA-A0F6-C680DD21F749}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{E962C5AF-7877-3EFA-89DF-E5FEEC1E0862}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{EDBA4B67-A29D-342F-8E45-26A74F758AF4}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{F024FA55-9770-32A7-AADA-52B73794E898}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{F2D6B43E-6C7E-3318-9CAA-F1D5BB747F17}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{F62A453E-6CCB-34F3-A32A-357D9575BBE8}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{F930FDA6-DD2F-3D47-B10F-173880C681B7}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{F948488C-EEA6-3FA1-A188-3C5FF02F646D}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{F9618249-0285-32D0-BA62-0EEE7E97333E}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{F9E5A74D-8E71-37D3-BECE-9169C49DF54E}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{F9FE5F3F-9F66-3223-8D49-A772E81B10D7}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{FAD484FA-DEE7-346D-8FF9-AEBCA34660BE}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{FCA5262F-51F3-3BA6-B3E4-92C5839EF36B}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{FE490DC0-ECB2-30F3-B1E3-8EF12DEA835B}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{FEA01661-A422-3383-8AC8-F4EAECAA721B}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ContextMenuHandlers01: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers01: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ContextMenuHandlers01: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers01: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-05-09] (Apple Inc.)
ContextMenuHandlers01: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2017-07-18] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers01: [SystemSpeedupFilesMenu] -> {ef263503-8f0e-3e6a-ae2e-fe0b4b441d52} => C:\WINDOWS\system32\mscoree.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers01: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\WZSHLS64.DLL [2017-04-19] (WinZip Computing, S.L.)
ContextMenuHandlers03: [FAExt] -> {05672D66-9736-42F5-8BEB-FA1DD3CA51C4} =>  -> No File
ContextMenuHandlers04: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers04: [SystemSpeedupFoldersMenu] -> {3d52b24d-33bb-3895-99ea-a0156f24a3f9} => C:\WINDOWS\system32\mscoree.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers04: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\WZSHLS64.DLL [2017-04-19] (WinZip Computing, S.L.)
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers05: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-04] (Intel Corporation)
ContextMenuHandlers05: [SystemSpeedupDesktopMenu] -> {cefaf456-bc17-3f4b-b7d9-75070925911b} => C:\WINDOWS\system32\mscoree.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers06: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers06: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ContextMenuHandlers06: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers06: [FSShellExt] -> {56160A70-D083-4856-9998-F565ABC03F86} => C:\Program Files\Key Metric Software\FolderSizes 8\FSShellExt.dll [2017-06-06] (Key Metric Software, LLC.)
ContextMenuHandlers06: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2017-07-18] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers06: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\WZSHLS64.DLL [2017-04-19] (WinZip Computing, S.L.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0543DFCC-85F6-4E48-AB32-1C662B6C06EE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-02] (Microsoft Corporation)
Task: {0E6153F4-D894-41A2-99B0-BF5766148638} - System32\Tasks\CorelUpdateHelperTaskCore => c:\Program Files (x86)\Corel\CUH\v2\CUH.exe [2017-05-29] (Corel Corporation)
Task: {35BE886E-38D4-4A1B-8DE9-FD823862AC5C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {4033F71F-2992-46DF-B2F7-E06C861CBD48} - System32\Tasks\WinZip Update Notifier => C:\Program Files\WinZip\WZUpdateNotifier.exe [2017-04-19] (WinZip)
Task: {4555BCE0-8864-42B7-8448-A23B6519BB57} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-21] (Piriform Ltd)
Task: {4E012324-FA1D-4A31-B79C-12D0AAB82854} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-08-06] (Synaptics Incorporated)
Task: {52B7ED8F-975A-48ED-8172-5AE8DF82AD2B} - System32\Tasks\Avira\System Speedup\TestScheduler => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [2017-06-28] (Avira Operations GmbH & Co. KG)
Task: {578F058E-4397-4BEA-96AF-2EF25DBD9FBE} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-07-17] (Microsoft Corporation)
Task: {6025D962-A49E-4F6C-8C5D-4EE5F742187A} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-17] ()
Task: {605EA14F-EDA8-436A-AF93-B9B5E2185A51} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2017-01-15] ()
Task: {641C00C6-F2D9-4155-ABA7-36B3E596E9D0} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-17] ()
Task: {657273B5-0468-4BE4-A51C-3B4ECCF70CCE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {6AB18462-CF20-4EC7-98BD-BC48F8F7536D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-02] (Microsoft Corporation)
Task: {6B0D8F69-7551-41A5-BED5-2CBCA8A352BA} - System32\Tasks\CCleanerClean => C:\Program Files\CCleaner\CCleaner.exe [2016-12-21] (Piriform Ltd)
Task: {AE29B523-C24C-4C46-9E95-DF9FC8990AC0} - System32\Tasks\AutoPico Daily Restart => C:\Users\cwebb\AppData\Local\Temp\RarSFX0\AutoPico.exe <==== ATTENTION
Task: {B1E1CD16-D4F2-482D-9DFC-E45A62270569} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-15] (Google Inc.)
Task: {B4CB5E67-78B7-4FA0-B4F4-A4907ACCBBEB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-15] (Google Inc.)
Task: {BB6BC9AE-3F15-4C8B-BB1F-B9AA6ECB6061} - System32\Tasks\Avira\System Speedup\SpeedupSysTray => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe [2017-06-28] (Avira Operations GmbH & Co. KG)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CCleanerClean.job => C:\Program Files\CCleaner\CCleaner.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\Immunet Scan  13750984.job => C:\Program Files\Immunet\ips.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\cwebb\Desktop\OrganiZen\All-in-One 21-06-2017\Мozilla Firefoх.lnk -> C:\Users\cwebb\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <==== Cyrillic
Shortcut: C:\Users\cwebb\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gоogle Сhrome.lnk -> C:\Users\cwebb\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <==== Cyrillic
Shortcut: C:\Users\cwebb\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Мozilla Firefоx.lnk -> C:\Users\cwebb\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <==== Cyrillic

==================== Loaded Modules (Whitelisted) ==============

2016-11-17 05:28 - 2016-11-17 05:28 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-05-09 00:44 - 2017-05-09 00:44 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-05-23 04:05 - 2017-05-23 04:05 - 00459960 _____ () C:\Program Files\Immunet\5.0.2\dhr.dll
2016-10-25 09:57 - 2016-10-25 09:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2017-01-10 05:06 - 2017-07-17 20:48 - 08932040 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-01-10 08:33 - 2017-01-15 04:07 - 07711966 _____ () C:\Program Files\pia_manager\pia_manager.exe
2017-03-18 16:58 - 2017-03-18 16:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 16:59 - 2017-03-18 22:30 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-04-21 12:44 - 2015-04-21 12:44 - 00048520 _____ () C:\Program Files\Autodesk\Personal Accelerator for Revit\QtSolutions_MFCMigrationFramework_Ad_2.dll
2015-04-21 12:44 - 2015-04-21 12:44 - 00059784 _____ () C:\Program Files\Autodesk\Personal Accelerator for Revit\qoauth_Ad_1.dll
2015-04-21 12:44 - 2015-04-21 12:44 - 00232328 _____ () C:\Program Files\Autodesk\Personal Accelerator for Revit\qjson_Ad_0.dll
2015-04-21 12:44 - 2015-04-21 12:44 - 00922504 _____ () C:\Program Files\Autodesk\Personal Accelerator for Revit\qca_Ad_2.dll
2016-12-22 23:58 - 2016-12-22 23:58 - 00411912 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.6\kpm.exe
2017-06-20 08:48 - 2017-06-20 08:48 - 00636032 _____ () C:\Program Files\OpenVPN\bin\openvpn-gui.exe
2016-12-16 16:03 - 2016-12-16 16:03 - 00054488 _____ () C:\Program Files\CCleaner\branding.dll
2017-01-10 08:33 - 2017-01-15 04:07 - 00693760 _____ () C:\Program Files\pia_manager\openvpn.exe
2017-01-10 08:33 - 2017-01-15 04:07 - 00190317 _____ () C:\Program Files\pia_manager\liblzo2-2.dll
2017-01-10 08:33 - 2017-01-15 04:07 - 00108441 _____ () C:\Program Files\pia_manager\libpkcs11-helper-1.dll
2017-01-15 04:07 - 2017-01-15 04:07 - 00144896 _____ () C:\Program Files\pia_manager\pia-openvpn.dll
2017-01-20 05:18 - 2017-01-20 05:18 - 13847363 ____H () C:\Users\cwebb\AppData\Local\Plex Media Server\Plug-ins\BitTorrent.bundle\Contents\Bin\windows_386\scrapmagnet.exe
2017-01-09 23:38 - 2017-01-15 03:48 - 00937832 _____ () C:\Program Files (x86)\AOMEI Backupper\UiLogic.dll
2017-01-09 23:38 - 2017-01-15 03:48 - 00327528 _____ () C:\Program Files (x86)\AOMEI Backupper\Comn.dll
2017-01-09 23:38 - 2017-01-15 03:48 - 00253800 _____ () C:\Program Files (x86)\AOMEI Backupper\diskmgr.dll
2017-01-09 23:38 - 2017-01-15 03:48 - 00360304 _____ () C:\Program Files (x86)\AOMEI Backupper\ImgFile.dll
2017-01-09 23:38 - 2017-01-15 03:48 - 00135016 _____ () C:\Program Files (x86)\AOMEI Backupper\FuncLogic.dll
2017-01-09 23:38 - 2017-01-15 03:48 - 00040816 _____ () C:\Program Files (x86)\AOMEI Backupper\Encrypt.dll
2017-01-09 23:38 - 2017-01-15 03:48 - 00081768 _____ () C:\Program Files (x86)\AOMEI Backupper\Compress.dll
2017-01-09 23:38 - 2017-01-15 03:48 - 00495472 _____ () C:\Program Files (x86)\AOMEI Backupper\EnumFolder.dll
2017-01-09 23:38 - 2017-01-15 03:48 - 00114536 _____ () C:\Program Files (x86)\AOMEI Backupper\BrLog.dll
2017-01-09 23:38 - 2017-01-15 03:48 - 02403504 _____ () C:\Program Files (x86)\AOMEI Backupper\QtCore4.dll
2017-01-09 23:38 - 2017-01-15 03:48 - 00294768 _____ () C:\Program Files (x86)\AOMEI Backupper\Clone.dll
2017-01-09 23:38 - 2017-01-15 03:48 - 00167784 _____ () C:\Program Files (x86)\AOMEI Backupper\FlBackup.dll
2017-01-09 23:38 - 2017-01-15 03:48 - 00126824 _____ () C:\Program Files (x86)\AOMEI Backupper\Backup.dll
2017-01-09 23:38 - 2017-01-15 03:48 - 00724840 _____ () C:\Program Files (x86)\AOMEI Backupper\Sync.dll
2017-01-09 23:38 - 2017-01-15 03:48 - 00089960 _____ () C:\Program Files (x86)\AOMEI Backupper\Ldm.dll
2017-01-09 23:38 - 2017-01-15 03:48 - 00073584 _____ () C:\Program Files (x86)\AOMEI Backupper\Device.dll
2017-01-09 23:38 - 2017-01-15 03:48 - 00298864 _____ () C:\Program Files (x86)\AOMEI Backupper\BrFat.dll
2017-01-09 23:38 - 2017-01-15 03:48 - 00978800 _____ () C:\Program Files (x86)\AOMEI Backupper\BrNtfs.dll
2017-01-09 23:38 - 2017-01-15 03:48 - 00114544 _____ () C:\Program Files (x86)\AOMEI Backupper\BrVol.dll
2017-01-09 23:38 - 2017-01-15 03:48 - 00266088 _____ () C:\Program Files (x86)\AOMEI Backupper\GptBcd.dll
2017-01-09 23:38 - 2017-01-15 03:48 - 00188272 _____ () C:\Program Files (x86)\AOMEI Backupper\DeviceMgr.dll
2017-06-28 06:02 - 2017-06-28 06:02 - 00083432 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
2017-06-28 06:02 - 2017-06-28 06:02 - 00203240 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
2017-01-10 05:05 - 2017-07-17 20:47 - 00164552 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\JitV.dll
2017-06-28 06:02 - 2017-06-28 06:02 - 01083368 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
2017-06-28 06:02 - 2017-06-28 06:02 - 00115688 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
2017-06-28 06:02 - 2017-06-28 06:02 - 00059880 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
2017-06-28 06:02 - 2017-06-28 06:02 - 00772072 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
2017-06-28 06:02 - 2017-06-28 06:02 - 01741288 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_imgproc2411.dll
2017-06-28 06:02 - 2017-06-28 06:02 - 01962984 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_core2411.dll
2017-06-28 06:02 - 2017-06-28 06:02 - 00025576 _____ () C:\Program Files (x86)\Plex\Plex Media Server\lyric_lite.dll
2017-06-28 06:02 - 2017-06-28 06:02 - 01549104 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libstdc++-6.dll
2017-06-28 06:01 - 2017-06-28 06:01 - 00127136 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libgcc_s_dw2-1.dll
2017-06-28 06:02 - 2017-06-28 06:02 - 00050152 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
2017-06-28 06:02 - 2017-06-28 06:02 - 00071656 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
2017-06-28 06:02 - 2017-06-28 06:02 - 00024552 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
2017-06-28 06:02 - 2017-06-28 06:02 - 00041448 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
2017-06-28 06:02 - 2017-06-28 06:02 - 00930280 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
2017-06-28 06:02 - 2017-06-28 06:02 - 00190952 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
2017-06-28 06:01 - 2017-06-28 06:01 - 00074728 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
2017-06-28 06:02 - 2017-06-28 06:02 - 00218088 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
2017-06-28 06:02 - 2017-06-28 06:02 - 00018920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
2017-06-28 06:02 - 2017-06-28 06:02 - 00095720 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
2017-06-28 06:02 - 2017-06-28 06:02 - 00143336 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
2017-06-28 06:02 - 2017-06-28 06:02 - 00694248 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
2016-12-05 14:03 - 2016-12-05 14:03 - 00600160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.6\dblite.dll
2016-12-22 23:24 - 2016-12-22 23:24 - 00513960 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.6\ipm_service.dll
2016-12-22 23:26 - 2016-12-22 23:26 - 00362344 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.6\ucp_meta.dll
2016-12-22 23:58 - 2016-12-22 23:58 - 00237416 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.6\infra.dll
2017-05-09 00:45 - 2017-05-09 00:45 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-11-17 05:29 - 2016-11-17 05:29 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2017-06-28 06:02 - 2017-06-28 06:02 - 00064488 _____ () C:\Program Files (x86)\Plex\Plex Media Server\TeVii.dll
2017-05-09 00:44 - 2017-05-09 00:44 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2017-07-18 15:21 - 2017-07-18 15:21 - 00012800 _____ () C:\Users\cwebb\AppData\Local\Temp\ocr4F48.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2017-07-18 15:21 - 2017-07-18 15:21 - 00009728 _____ () C:\Users\cwebb\AppData\Local\Temp\ocr4F48.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2017-07-18 15:21 - 2017-07-18 15:21 - 00014848 _____ () C:\Users\cwebb\AppData\Local\Temp\ocr4F48.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2017-07-18 15:21 - 2017-07-18 15:21 - 00094208 _____ () C:\Users\cwebb\AppData\Local\Temp\ocr4F48.tmp\src\rgloader\rgloader193.mswin.so
2017-07-18 15:21 - 2017-07-18 15:21 - 00009216 _____ () C:\Users\cwebb\AppData\Local\Temp\ocr4F48.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2017-07-18 15:21 - 2017-07-18 15:21 - 00094208 _____ () C:\Users\cwebb\AppData\Local\Temp\ocr4F48.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2017-07-18 15:21 - 2017-07-18 15:21 - 00126976 _____ () C:\Users\cwebb\AppData\Local\Temp\ocr4F48.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2017-07-18 15:21 - 2017-07-18 15:21 - 00087552 _____ () C:\Users\cwebb\AppData\Local\Temp\ocr4F48.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2017-07-18 15:21 - 2017-07-18 15:21 - 00016384 _____ () C:\Users\cwebb\AppData\Local\Temp\ocr4F48.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2017-07-18 15:21 - 2017-07-18 15:21 - 00127316 _____ () C:\Users\cwebb\AppData\Local\Temp\ocr4F48.tmp\bin\libffi-6.dll
2017-07-18 15:21 - 2017-07-18 15:21 - 00008704 _____ () C:\Users\cwebb\AppData\Local\Temp\ocr4F48.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2017-07-18 15:21 - 2017-07-18 15:21 - 00013312 _____ () C:\Users\cwebb\AppData\Local\Temp\ocr4F48.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2017-07-18 15:21 - 2017-07-18 15:21 - 00095744 _____ () C:\Users\cwebb\AppData\Local\Temp\ocr4F48.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2017-07-18 15:21 - 2017-07-18 15:22 - 00026624 _____ () C:\Users\cwebb\AppData\Local\Temp\ocr4F48.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2017-07-18 15:22 - 2017-07-18 15:22 - 00012800 _____ () C:\Users\cwebb\AppData\Local\Temp\ocrC67C.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2017-07-18 15:22 - 2017-07-18 15:22 - 00009728 _____ () C:\Users\cwebb\AppData\Local\Temp\ocrC67C.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2017-07-18 15:22 - 2017-07-18 15:22 - 00014848 _____ () C:\Users\cwebb\AppData\Local\Temp\ocrC67C.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2017-07-18 15:22 - 2017-07-18 15:22 - 00094208 _____ () C:\Users\cwebb\AppData\Local\Temp\ocrC67C.tmp\src\rgloader\rgloader193.mswin.so
2017-07-18 15:22 - 2017-07-18 15:22 - 00094208 _____ () C:\Users\cwebb\AppData\Local\Temp\ocrC67C.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2017-07-18 15:22 - 2017-07-18 15:22 - 00118784 _____ () C:\Users\cwebb\AppData\Local\Temp\ocrC67C.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so
2017-07-18 15:22 - 2017-07-18 15:22 - 00069120 _____ () C:\Users\cwebb\AppData\Local\Temp\ocrC67C.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so
2017-07-18 15:22 - 2017-07-18 15:22 - 00083968 _____ () C:\Users\cwebb\AppData\Local\Temp\ocrC67C.tmp\bin\zlib1.dll
2017-07-18 15:22 - 2017-07-18 15:22 - 00026624 _____ () C:\Users\cwebb\AppData\Local\Temp\ocrC67C.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so
2017-07-18 15:22 - 2017-07-18 15:22 - 00275968 _____ () C:\Users\cwebb\AppData\Local\Temp\ocrC67C.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so
2017-07-18 15:22 - 2017-07-18 15:22 - 00015360 _____ () C:\Users\cwebb\AppData\Local\Temp\ocrC67C.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so
2017-07-18 15:22 - 2017-07-18 15:22 - 00008192 _____ () C:\Users\cwebb\AppData\Local\Temp\ocrC67C.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so
2017-07-18 15:22 - 2017-07-18 15:22 - 00009216 _____ () C:\Users\cwebb\AppData\Local\Temp\ocrC67C.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2017-07-18 15:22 - 2017-07-18 15:22 - 00023552 _____ () C:\Users\cwebb\AppData\Local\Temp\ocrC67C.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so
2017-07-18 15:22 - 2017-07-18 15:22 - 00008704 _____ () C:\Users\cwebb\AppData\Local\Temp\ocrC67C.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so
2017-07-18 15:22 - 2017-07-18 15:22 - 00008704 _____ () C:\Users\cwebb\AppData\Local\Temp\ocrC67C.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2017-07-18 15:22 - 2017-07-18 15:22 - 00008704 _____ () C:\Users\cwebb\AppData\Local\Temp\ocrC67C.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so
2017-07-18 15:22 - 2017-07-18 15:22 - 00008704 _____ () C:\Users\cwebb\AppData\Local\Temp\ocrC67C.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so
2017-07-18 15:22 - 2017-07-18 15:22 - 00036352 _____ () C:\Users\cwebb\AppData\Local\Temp\ocrC67C.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so
2017-07-18 15:22 - 2017-07-18 15:22 - 00126976 _____ () C:\Users\cwebb\AppData\Local\Temp\ocrC67C.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2017-07-18 15:22 - 2017-07-18 15:22 - 00087552 _____ () C:\Users\cwebb\AppData\Local\Temp\ocrC67C.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2017-07-18 15:22 - 2017-07-18 15:22 - 00016384 _____ () C:\Users\cwebb\AppData\Local\Temp\ocrC67C.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2017-07-18 15:22 - 2017-07-18 15:22 - 00127316 _____ () C:\Users\cwebb\AppData\Local\Temp\ocrC67C.tmp\bin\libffi-6.dll
2017-07-18 15:22 - 2017-07-18 15:22 - 00013312 _____ () C:\Users\cwebb\AppData\Local\Temp\ocrC67C.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2017-07-18 15:22 - 2017-07-18 15:22 - 00095744 _____ () C:\Users\cwebb\AppData\Local\Temp\ocrC67C.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2017-07-18 15:22 - 2017-07-18 15:22 - 00026624 _____ () C:\Users\cwebb\AppData\Local\Temp\ocrC67C.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2017-01-15 04:07 - 2017-01-15 04:07 - 00939520 _____ () C:\Program Files\pia_manager\pia_tray_bin\nw-win\ffmpeg.dll
2017-01-15 04:07 - 2017-01-15 04:07 - 03115520 _____ () C:\Program Files\pia_manager\pia_tray_bin\nw-win\node.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\Users\cwebb\Documents\1WFAllenvelope.ppp:SummaryInformation [215]
AlternateDataStreams: C:\Users\cwebb\Documents\1WFAllenvelope.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\cwebb\Documents\build the wall.logo.ppp:SummaryInformation [219]
AlternateDataStreams: C:\Users\cwebb\Documents\build the wall.logo.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\cwebb\Documents\build the wall.ppp:SummaryInformation [215]
AlternateDataStreams: C:\Users\cwebb\Documents\build the wall.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\cwebb\Documents\canalmeme.ppp:SummaryInformation [213]
AlternateDataStreams: C:\Users\cwebb\Documents\canalmeme.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\cwebb\Documents\Donatiom Envelope.ppp:SummaryInformation [217]
AlternateDataStreams: C:\Users\cwebb\Documents\Donatiom Envelope.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\cwebb\Documents\donation slip.ppp:SummaryInformation [213]
AlternateDataStreams: C:\Users\cwebb\Documents\donation slip.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2715202246-2456054378-4196450346-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\cwebb\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg
DNS Servers: 209.222.18.222 - 209.222.18.218
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: 0a9c18fec9e5936133109e20b79e627d => 2
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "NetWorx"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "ABNotify"
HKLM\...\StartupApproved\Run32: => "Autodesk Desktop App"
HKLM\...\StartupApproved\Run32: => "ADSK DLMSession"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Avira System Speedup User Starter"
HKU\S-1-5-21-2715202246-2456054378-4196450346-1001\...\StartupApproved\StartupFolder: => "zSpeedup.lnk"
HKU\S-1-5-21-2715202246-2456054378-4196450346-1001\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"
HKU\S-1-5-21-2715202246-2456054378-4196450346-1001\...\StartupApproved\Run: => "iCloudServices"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{39F4689D-63E5-4666-A614-58A6487C342C}] => (Allow) C:\program files (x86)\plex\plex media server\plex media server.exe
FirewallRules: [{B021603A-31BA-4AAE-B4AA-F31E1688531D}] => (Allow) C:\program files (x86)\plex\plex media server\plex media server.exe
FirewallRules: [UDP Query User{6D569817-F737-4238-8105-A2C24E5D611C}C:\program files (x86)\plex\plex media server\plex media server.exe] => (Allow) C:\program files (x86)\plex\plex media server\plex media server.exe
FirewallRules: [TCP Query User{D22F8D3E-A1BB-40D0-B327-434C7F98EADE}C:\program files (x86)\plex\plex media server\plex media server.exe] => (Allow) C:\program files (x86)\plex\plex media server\plex media server.exe
FirewallRules: [{E217955A-25CC-40DE-9587-B8B7EC3A61EE}] => (Block) C:\users\cwebb\appdata\local\plex media server\plug-ins\bittorrent.bundle\contents\bin\windows_386\scrapmagnet.exe
FirewallRules: [{523AFCA2-9EC1-4FFB-B98A-AE498F6AB771}] => (Block) C:\users\cwebb\appdata\local\plex media server\plug-ins\bittorrent.bundle\contents\bin\windows_386\scrapmagnet.exe
FirewallRules: [UDP Query User{2149FE8D-F6DB-41C8-9538-BE11EC413E02}C:\users\cwebb\appdata\local\plex media server\plug-ins\bittorrent.bundle\contents\bin\windows_386\scrapmagnet.exe] => (Allow) C:\users\cwebb\appdata\local\plex media server\plug-ins\bittorrent.bundle\contents\bin\windows_386\scrapmagnet.exe
FirewallRules: [TCP Query User{1F7D5CD5-CFC7-482C-BFD1-8A2B8ED93731}C:\users\cwebb\appdata\local\plex media server\plug-ins\bittorrent.bundle\contents\bin\windows_386\scrapmagnet.exe] => (Allow) C:\users\cwebb\appdata\local\plex media server\plug-ins\bittorrent.bundle\contents\bin\windows_386\scrapmagnet.exe
FirewallRules: [{054F0FA6-4596-462C-9F4B-92A777EC26A5}] => (Allow) C:\Program Files (x86)\MAGIX\Music Maker Premium\2017\MusicMaker.exe
FirewallRules: [{E94E6E09-E8A6-4973-8981-78942AD4D755}] => (Allow) E:\Portable Software\Product Key Explorer v3.9.4.0 + Portable [4realtorrentz]\Product Key Explorer Portable\App\ProductKeyExplorer.exe
FirewallRules: [{16531B3C-3C0D-4F44-BA9F-341179492106}] => (Allow) E:\Portable Software\Product Key Explorer v3.9.4.0 + Portable [4realtorrentz]\Product Key Explorer Portable\App\ProductKeyExplorer.exe
FirewallRules: [{D84239A6-C46B-4645-873E-94B273C91652}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0D4D4735-7432-4BE4-949F-91E18BBA7859}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3DB47BAE-FE55-47B1-B272-25340F7C0DA4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5FAF0A52-7F61-4008-B360-50725C06E519}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{6434A29A-AC09-46BB-A435-1E0D1BED54A1}E:\plex media server\plex dlna server.exe] => (Allow) E:\plex media server\plex dlna server.exe
FirewallRules: [TCP Query User{5DB26D92-C00F-48B1-B3EB-C4FB888886A8}E:\plex media server\plex dlna server.exe] => (Allow) E:\plex media server\plex dlna server.exe
FirewallRules: [TCP Query User{12DD0CAF-D52C-4274-86D6-A641ACBBFCBA}E:\plex media server\plex media server.exe] => (Allow) E:\plex media server\plex media server.exe
FirewallRules: [UDP Query User{A9688B97-A1F5-4294-AF84-6050D40C92D0}G:\plex media server\plex dlna server.exe] => (Allow) G:\plex media server\plex dlna server.exe
FirewallRules: [TCP Query User{87E8A11A-843E-47CD-ACC5-71CC6CBDB088}G:\plex media server\plex dlna server.exe] => (Allow) G:\plex media server\plex dlna server.exe
FirewallRules: [UDP Query User{C412A59F-E56A-4687-86FF-DAB0AB1ECD5D}G:\plex media server\plex media server.exe] => (Allow) G:\plex media server\plex media server.exe
FirewallRules: [{401C6645-B639-4138-ABFB-5EE3967070C0}] => (Allow) C:\Program Files\NetWorx\networx.exe
FirewallRules: [{258AE9A6-5D37-48CD-B260-93AB1E4C3DC9}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite 2017\Programs64\CorelDrw.exe
FirewallRules: [{6608A10F-ED24-4948-B55E-3D92ED14F2BD}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite 2017\Programs64\CorelPP.exe
FirewallRules: [TCP Query User{1AC0FA4E-B750-49C9-B5CA-378C8DAF8CC7}C:\users\cwebb\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\cwebb\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{A64FAB79-6B53-4562-AFDE-33BECEAF2917}C:\users\cwebb\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\cwebb\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{37020AED-C1B5-447D-B2CE-3A3F5F7E44DC}C:\users\cwebb\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\cwebb\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{FD4FA890-7D05-4441-8183-F82A446CA7B2}C:\users\cwebb\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\cwebb\appdata\local\akamai\netsession_win.exe
FirewallRules: [{F62FAB2B-FB6F-4CE9-8A88-2FC82E98CD44}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{81B94D88-D82C-404E-B47D-99B2FFD855EE}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{A8726493-BE70-416F-A27B-E312D67C134E}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [TCP Query User{06796043-1349-43DF-AF73-99E007608D49}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{90A1B47A-4292-45E7-B755-88AE927040C5}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{7F485478-B690-48B9-BA34-210220DCAEF7}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{33C9A3F1-9BBD-46AC-B8BD-DDC8B123B22B}] => (Allow) C:\Users\cwebb\Downloads\ChromeSetup.exe
FirewallRules: [{4EAA3998-4EDF-47C6-BFB1-C3AAC310D1DC}] => (Allow) C:\Users\cwebb\Downloads\ChromeSetup.exe
FirewallRules: [{E311B9D6-8A88-424C-94BB-E83C24B4C7C8}] => (Allow) C:\Users\cwebb\Downloads\ChromeSetup.exe
FirewallRules: [{100E716D-6974-4401-950D-45FD3E5952E7}] => (Allow) C:\Users\cwebb\Downloads\ChromeSetup.exe
FirewallRules: [{4A0E2FDB-AEE7-4903-9939-A36F306F5D1E}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{6826C594-240A-41C0-A54D-7E4C4BFA3AC9}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe
FirewallRules: [{1F32A435-E531-43F3-9111-7FE79429587E}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe
FirewallRules: [{EBBBC944-2FDB-4311-97D1-B8E35312B439}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

28-06-2017 23:47:30 Windows Update
16-07-2017 23:45:05 Windows Update
16-07-2017 23:46:01 Windows Update
18-07-2017 01:49:57 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: Microsoft Wi-Fi Direct Virtual Adapter #2
Description: Microsoft Wi-Fi Direct Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/18/2017 03:49:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.15063.0, time stamp: 0x0fa14906
Faulting module name: biwinrt.dll, version: 10.0.15063.0, time stamp: 0x87ee4a59
Exception code: 0xc000027b
Fault offset: 0x00000000000156f9
Faulting process id: 0x1540
Faulting application start time: 0x01d2fffecb961290
Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe
Faulting module path: C:\Windows\System32\biwinrt.dll
Report Id: 06d0da94-382a-4fe0-8453-be227f8b92e9
Faulting package full name: Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI

Error: (07/18/2017 03:48:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.15063.0, time stamp: 0x0fa14906
Faulting module name: biwinrt.dll, version: 10.0.15063.0, time stamp: 0x87ee4a59
Exception code: 0xc000027b
Fault offset: 0x00000000000156f9
Faulting process id: 0x1540
Faulting application start time: 0x01d2fffecb961290
Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe
Faulting module path: C:\Windows\System32\biwinrt.dll
Report Id: 5bbf7342-3b37-49dd-a8de-1529e0336856
Faulting package full name: Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI

Error: (07/18/2017 03:22:47 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (07/18/2017 03:22:23 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (07/18/2017 03:21:35 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (07/18/2017 03:21:32 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (07/18/2017 03:19:26 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (07/18/2017 03:19:10 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (07/18/2017 03:19:00 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (07/18/2017 03:15:34 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable


System errors:
=============
Error: (07/18/2017 03:42:16 PM) (Source: BROWSER) (EventID: 8009) (User: )
Description: The browser was unable to promote itself to master browser.  The computer that currently
believes it is the master browser is LINKSYS02798.

Error: (07/18/2017 03:26:46 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.136.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (07/18/2017 03:22:38 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/18/2017 03:22:22 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/18/2017 03:22:06 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/18/2017 03:21:36 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.136.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (07/18/2017 03:21:26 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/18/2017 03:21:26 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/18/2017 03:21:18 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/18/2017 03:21:18 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.


CodeIntegrity:
===================================
  Date: 2017-07-18 01:22:12.766
  Description: Code Integrity determined that a process (\Device\HarddiskVolume9\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume9\Program Files (x86)\Mirillis\Action!\action_x64.dll that did not meet the Store signing level requirements.

  Date: 2017-07-17 23:58:17.510
  Description: Code Integrity determined that a process (\Device\HarddiskVolume9\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume9\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-17 23:58:17.507
  Description: Code Integrity determined that a process (\Device\HarddiskVolume9\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume9\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-02 16:09:35.104
  Description: Code Integrity determined that a process (\Device\HarddiskVolume9\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume9\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-02 16:09:35.098
  Description: Code Integrity determined that a process (\Device\HarddiskVolume9\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume9\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-02 15:51:18.700
  Description: Code Integrity determined that a process (\Device\HarddiskVolume9\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume9\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-02 15:51:18.695
  Description: Code Integrity determined that a process (\Device\HarddiskVolume9\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume9\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-02 00:26:28.081
  Description: Code Integrity determined that a process (\Device\HarddiskVolume9\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume9\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-02 00:26:28.075
  Description: Code Integrity determined that a process (\Device\HarddiskVolume9\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume9\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-01 22:26:23.735
  Description: Code Integrity determined that a process (\Device\HarddiskVolume9\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume9\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 16%
Total physical RAM: 24460.22 MB
Available physical RAM: 20526.53 MB
Total Virtual: 25996.22 MB
Available Virtual: 21993.32 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:435.53 GB) (Free:194.58 GB) NTFS
Drive d: () (Fixed) (Total:447.11 GB) (Free:220.86 GB) NTFS
Drive e: (FEDEX32GIG) (Removable) (Total:57.68 GB) (Free:56.47 GB) FAT32
Drive h: () (Fixed) (Total:251.5 GB) (Free:155.96 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 447.1 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 57.7 GB) (Disk ID: FB4F6903)
Partition 1: (Not Active) - (Size=57.7 GB) - (Type=0C)

==================== End of Addition.txt ============================



#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:29 PM

Posted 18 July 2017 - 03:31 PM

Almost done.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located);
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste its content in your next reply;
How's your system behaving now? Are there any other issues to address?

Attached Files


unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#12 wyton

wyton
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 19 July 2017 - 03:16 AM

The Avira notification is probably the Farbar scan and fix. I got same notifications. I really appreciate your guidance. Very straightforward instructions and easy communication. Thank you, Aura.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 18-07-2017
Ran by cwebb (19-07-2017 04:02:36) Run:3
Running from E:\FRST-OlderVersion
Loaded Profiles: cwebb (Available Profiles: defaultuser0 & cwebb)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

HKLM-x32\...\Run: [] => [X]

ProxyEnable: [S-1-5-19] => Proxy is enabled.
ProxyServer: [S-1-5-19] => 127.0.0.1:8003
ProxyEnable: [S-1-5-20] => Proxy is enabled.
ProxyServer: [S-1-5-20] => 127.0.0.1:8003

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2017-01-15]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2017-01-15]

CHR NewTab: Default -> "active": false,
            "entry": "chrome-extension://ehhkfhegcenpfoanmgfpfhnmdmflkbgk/index.html"

CustomCLSID: HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-EA9F92CB2995}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File

Task: {AE29B523-C24C-4C46-9E95-DF9FC8990AC0} - System32\Tasks\AutoPico Daily Restart => C:\Users\cwebb\AppData\Local\Temp\RarSFX0\AutoPico.exe <==== ATTENTION

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\Users\cwebb\Documents\1WFAllenvelope.ppp:SummaryInformation [215]
AlternateDataStreams: C:\Users\cwebb\Documents\1WFAllenvelope.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\cwebb\Documents\build the wall.logo.ppp:SummaryInformation [219]
AlternateDataStreams: C:\Users\cwebb\Documents\build the wall.logo.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\cwebb\Documents\build the wall.ppp:SummaryInformation [215]
AlternateDataStreams: C:\Users\cwebb\Documents\build the wall.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\cwebb\Documents\canalmeme.ppp:SummaryInformation [213]
AlternateDataStreams: C:\Users\cwebb\Documents\canalmeme.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\cwebb\Documents\Donatiom Envelope.ppp:SummaryInformation [217]
AlternateDataStreams: C:\Users\cwebb\Documents\Donatiom Envelope.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\cwebb\Documents\donation slip.ppp:SummaryInformation [213]
AlternateDataStreams: C:\Users\cwebb\Documents\donation slip.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

MSCONFIG\Services: 0a9c18fec9e5936133109e20b79e627d => 2

HKU\S-1-5-21-2715202246-2456054378-4196450346-1001\...\StartupApproved\StartupFolder: => "zSpeedup.lnk"

FirewallRules: [{E94E6E09-E8A6-4973-8981-78942AD4D755}] => (Allow) E:\Portable Software\Product Key Explorer v3.9.4.0 + Portable [4realtorrentz]\Product Key Explorer Portable\App\ProductKeyExplorer.exe
FirewallRules: [{16531B3C-3C0D-4F44-BA9F-341179492106}] => (Allow) E:\Portable Software\Product Key Explorer v3.9.4.0 + Portable [4realtorrentz]\Product Key Explorer Portable\App\ProductKeyExplorer.exe

C:\Users\cwebb\Desktop\OrganiZen\All-in-One 21-06-2017\Мozilla Firefoх.lnk
C:\Users\cwebb\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gоogle Сhrome.lnk
C:\Users\cwebb\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Мozilla Firefоx.lnk
C:\Users\cwebb\AppData\Local\report
C:\Users\cwebb\AppData\Roaming\Browsers

EmptyTemp:
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value not found.
"C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml" => not found.
"C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml" => not found.
Chrome NewTab => removed successfully
"entry": "chrome-extension://ehhkfhegcenpfoanmgfpfhnmdmflkbgk/index.html" => Error: No automatic fix found for this entry.
HKU\S-1-5-21-2715202246-2456054378-4196450346-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-EA9F92CB2995} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE29B523-C24C-4C46-9E95-DF9FC8990AC0} => key not found.
C:\WINDOWS\System32\Tasks\AutoPico Daily Restart => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart => key not found.
"C:\ProgramData\Reprise" => ":wupeogjxlctlfudivq`qsp`28hfm" ADS not found.
C:\Users\cwebb\Documents\1WFAllenvelope.ppp => ":SummaryInformation" ADS could not remove.
C:\Users\cwebb\Documents\1WFAllenvelope.ppp => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS could not remove.
C:\Users\cwebb\Documents\build the wall.logo.ppp => ":SummaryInformation" ADS could not remove.
C:\Users\cwebb\Documents\build the wall.logo.ppp => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS could not remove.
C:\Users\cwebb\Documents\build the wall.ppp => ":SummaryInformation" ADS could not remove.
C:\Users\cwebb\Documents\build the wall.ppp => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS could not remove.
C:\Users\cwebb\Documents\canalmeme.ppp => ":SummaryInformation" ADS could not remove.
C:\Users\cwebb\Documents\canalmeme.ppp => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS could not remove.
C:\Users\cwebb\Documents\Donatiom Envelope.ppp => ":SummaryInformation" ADS could not remove.
C:\Users\cwebb\Documents\Donatiom Envelope.ppp => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS could not remove.
C:\Users\cwebb\Documents\donation slip.ppp => ":SummaryInformation" ADS could not remove.
C:\Users\cwebb\Documents\donation slip.ppp => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS could not remove.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\0a9c18fec9e5936133109e20b79e627d => key not found.
HKLM\System\CurrentControlSet\Services\0a9c18fec9e5936133109e20b79e627d => key not found.
C:\Users\cwebb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zSpeedup.lnk => not found.
HKU\S-1-5-21-2715202246-2456054378-4196450346-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\zSpeedup.lnk => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E94E6E09-E8A6-4973-8981-78942AD4D755} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{16531B3C-3C0D-4F44-BA9F-341179492106} => value not found.
"C:\Users\cwebb\Desktop\OrganiZen\All-in-One 21-06-2017\Мozilla Firefoх.lnk" => not found.
"C:\Users\cwebb\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gоogle Сhrome.lnk" => not found.
"C:\Users\cwebb\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Мozilla Firefоx.lnk" => not found.
"C:\Users\cwebb\AppData\Local\report" => not found.
"C:\Users\cwebb\AppData\Roaming\Browsers" => not found.

=========== EmptyTemp: ==========

BITS transfer queue => 11821056 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => -7464 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => -3696 B
Edge => 0 B
Chrome => 0 B
Firefox => 9720497 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
defaultuser0 => 0 B
cwebb => 2471172 B
 



#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:29 PM

Posted 19 July 2017 - 05:40 AM

The Avira notification is probably the Farbar scan and fix.


That's most likely it. Sometimes we ask users to disable their Antivirus to allow the tools and fix we use to go through. Never had an issue before with Avira. Maybe you have a special config or they tweaked some default settings.

I really appreciate your guidance. Very straightforward instructions and easy communication. Thank you, Aura.


No problem wyton, you're welcome :)

Since there are no signs of infection anymore in your logs, and you just told me that there are no more issues left to address, I guess we're done here. We'll wrap it up by running DelFix to delete the tools and logs that were used in this clean-up.

BWuhenj.pngDelFix
Follow the instructions below to download and execute DelFix.
  • Download DelFix and move the executable to your Desktop;
  • Right-click on DelFix.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Check the following options :
    • Activate UAC;
    • Remove disinfection tools;
    • Create registry backup;
    • Purge system restore;
    • Reset system settings;
  • Once all the options mentionned above are checked, click on Run;
  • After DelFix is done running, a log will open. Please copy/paste the content of the output log in your next reply;
Qt25440.pngTips, tricks, advice and recommendations

Now it's time to give you some tips, tricks, advice and recommendations on how to protect your system and prevent you from being infected in the future. This is where I'll explain basic security measures that you should take to protect and harden your system, and also make sure it stays as safe and secure as possible against hackers and malware. You are free to ignore the recommendations listed below, although I obviously do not recommend it. If you have any questions about one of the points covered in the speech below, feel free to ask me your questions here directly so I can answer them and guide you.

Windows Updates

Keeping Windows up to date is one of the first steps in having a safe and secure system. The Security Updates that Windows receives are meant to fix exploits and flaws in it that makes it more secure and not exploitable by hackers. In order to do that, you should always install the Security Updates, known as "Important Updates" on your Windows system. These updates are released on the second Tuesday of every month, but some are also released before if they are emergency/critical Security Updates. Let's make sure that you have all your Important Updates and Recommended Updates installed and that your Windows Updates are set to be installed automatically.Keeping your programs up-to-date

Like keeping Windows updated, keeping your installed programs up-to-date is another important step in having a safe and secure system. Outdated programs can be exploited by hackers and malware to infect a system and take it over. This is especially true today with the rise of Exploit Kits which is one of the biggest attack vectors to distribute malware. Therefore, you should always keep vulnerable programs like Adobe Flash Player, Adobe Shockwave Player, Java, Silverlight, etc. updated to their most recent version (even better, you don't have to install them if you don't use them). Programs like eLDnJfI.pngSecuniaPSI and y5YE7At.pngHeimdal Free will scan your system for outdated programs, and help you identify them, as well as update them.

Antivirus, Antimalware, Firewall and Anti-Exploit/Ransomware

Having a decent security setup (led by an Antivirus) is the most crucial step to protect a system. These programs are a layer of defence that will prevent a system from being infected, or if it somehow ends up infected, help mitigate the infection and remediate it. Ideally, you should have on your system one Antivirus (never more than one installed at the time), one Antimalware (you can install multiple of these, assuming they do not conflict with each other and the other security programs installed), one Firewall and if you wish, one Anti-Exploit and/or Anti-Ransomware (since Ransomware are currently the most dangerous threat around and it can hit anywhere). Here are a few programs worth checking out if you don't have one yet.

Note: The programs listed below are all free to use or they have some sort of trial. Some of them have a paid version that provides more features, while a lot of other good programs only have a paid version but aren't listed there (such as Kaspersky and ESET Antivirus products).

AntivirusAntimalwareFirewall
Starting in Windows Vista, the Windows Firewall greatly improved and will satisfy the needs of most users. If you do not have an Internet Suite Antivirus program (which includes a firewall) and you want to use a 3rd party firewall, you can consider the options below.
  • 7p3JzTS.pngGlassWire - Has both a free and paid version (with different packages);
  • MQIMh6k.pngWindows Firewall Control - Gives you more control over your Windows Firewall;
  • 5RXGshU.pngTinyWall - Lightweight firewall implementing the Windows Firewall and giving you more control over it;
Anti-Exploit/Anti-RansomwareWeb Browsers and Web Browsing

Web Browsers could be considered as the closest door between a malware and your system. This is where most malware goes through to infect a system, and therefore it should be the program(s) you want to secure the most. There are two ways of going about it: hardening your web browser via extensions, and having good browsing habits.

Hardening your web browser means to install extensions that will help it protect itself (and your system on the same occasion) against Exploit Kits, MiTM attacks, etc. but also you at the same time. Here are a few extensions that I recommend you to install.
  • uBlock Origin: Efficient multi-purpose blocker that is lightweight on RAM and CPU usage (Google Chrome and Mozilla Firefox, called uBlock on Opera);
  • HTTPS Everywhere: Extension that converts your HTTP (unencrypted) requests to HTTPS (encrypted) ones (Google Chrome, Mozilla Firefox and Opera);
  • Web of Trust: Website reputation, rating and review extension that will help you quickly identify bad and suspicious sites from good ones (every web browsers);
  • NoScript: NoScript is a script blocker (Java, Flash, JavaScript, etc.) for Mozilla Firefox and Firefox-based browsers (Mozilla Firefox and Firefox-based web browsers);
  • uMatrix: For advanced users, a point and click matrix-like extensions that allow you to control requests done on a webpage (based on source, destination and type) (Google Chrome, Mozilla Firefox and Opera);
  • LastPass: Secure password manager allowing you to create, manage, and use passwords you save in your LastPass account (every web browser);
As for safe browsing habits, you can find tons of guides, tutorials, articles, etc. online that will highlight the basics you need to follow (only visit websites you trust, do not click on ads, do not download files from untrusted sources, use a password manager, always verify the URL of a website and make sure it's correctly typed, etc.), and even what you can do if you want to take it a step further (create a fake email address for spam emails, browse the web in a privacy mode, etc.). Here are a few:As you can see, there are plenty of resources out there. Simply Googling "good browsing habits" or "safe browsing habits" should allow you to find a lot of them.

Other recommendations

Even if you follow every recommendation that I listed here, in the end, it's also your job to be careful when browsing the web and downloading files if you don't want to get infected. Therefore, if you use your brain (common sense) when browsing the web, downloading programs and files, etc., you have far less chances to get infected by a malware. If for example you're not sure if a website is legitimate or not, or if a file is safe to download and execute, or if a program looks "too good" to be free, I suggest you to avoid going to that website, downloading that file or using that program.

Here are a few guides, tutorials, articles, etc. that you could read in order to learn more about computer protection and security to improve your current computer protection setup but also improve your good web browsing and computer usage practices :gRvSooB.pngThe End!

And that's it! Now that you know more about how to protect your computer and secure it, you're good to go back to your online activities, but in a safe and secure way! You are also free to stay on the forums and ask for help in different topics if you ever need to. Just make sure that you post your question/issue in the right section to get the best assistance possible. And if you ever get infected again (which I hope you wont!), you can always comeback in this section to get another checkup with one of our trained malware removal member.

Do you have any questions before I close this thread? :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:29 PM

Posted 23 July 2017 - 09:17 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users