Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Dllhost.exe and Svchost.exe wants to change your browser settings Gmer Rootkit A


  • This topic is locked This topic is locked
36 replies to this topic

#1 nevans07

nevans07

  • Members
  • 311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:17 PM

Posted 25 July 2017 - 07:57 AM

Dear Bleeping Computer Staff,

I think I may have been hacked. At first to speed up developing my WordPress site at work (since I'm never home working crazy hrs) I tried to download Local by flywheel with Oracle VM. It was really sluggish and never fully loaded to my Windows 10 laptop. I then downloaded Desktop Server. But later found out it only runs in Php 5.6 Didn't want to deal with messy migration to live site. Elementor can't update. Around this time I noticed I started seeing notifications in my comodo firewall.

Dllhost.exe wants to change your browser settings?? I started having problems running a few desktop applications. I could never complete a system restore to earlier restore point etc. I then did a fresh windows 10 installation usb dvd and then restored files from a month earlier than when I started having problems using my external drive backup. I then noticed I got a notification from comodo firewall saying svchost.exe is trying to change your browser settings. My normal av's found nothing wrong. Bitdefender. HitmanPro, Malwarebytes found nothing. RKill found nothing. TDSS Killer found nothing. AdwCleaner found some things about Google I deleted. RogueKiller found nothing. Googled my problem. Went to bleepingcomputer.com downloaded Eset Online Scanner it found 5 threats-
Target
C:\OEM\Preload\APP\PCMANAGER\qqpcmgr_v10.5..Silence.exe a variant of Win32\Tencent. A potentially unwanted application
NateDownloads5-19-2017 PDF\Phishing.A.Gen. trojan
Nate\Downloads\CCleaner
Win32\BundledToolbar.Google.D.potentially unsafe application
C:\NATE\Downloads\maldetect-current.tar.gz
PHP\Obfuscated F potentially unwanted application


Deleted them.

I then ran aswMBR and Gmer and they both crashed. And will not let me scan. aswMBR immediately crashes. Gmer notifies me I have rootkit activity running potentially. I see a bunch of red colored hidden processes on the screen. In Gmer 1 time I clicked scan now it shortly crashed. The other time I clicked do not scan. It shortly shut down the computer. Presently I'm doing Rkill and re scanning with Bitdefender Full scan and Malwarebytes Threat scan. They both found nothing..

Please help!! I'm worried this rootkit will try to compromise my banking login etc..

Thank you so much for what you do!

Very Best Regards,
Nathaniel Evans

 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-07-2017
Ran by Nate (administrator) on DESKTOP-628Q94M (25-07-2017 08:21:42)
Running from C:\Users\Nate\Downloads
Loaded Profiles: Nate (Available Profiles: Nate)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\vsserv.exe
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igfxEM.exe
(COMODO) C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Windows ® Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\vsservp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Ruiware) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(WinPatrol) C:\Program Files\Ruiware\WinAntiRansom\WAR_TrayApp.exe
(COMODO) C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(Bitdefender) C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
(WinPatrol) C:\Program Files\Ruiware\WinAntiRansom\WARWDSvc.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdwtxag.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\seccenter.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16695816 2016-08-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_TrueHarmony] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1462792 2016-08-19] (Realtek Semiconductor)
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1489088 2017-07-19] (COMODO)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [3632848 2017-07-19] (COMODO)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3486520 2017-07-12] (Dropbox, Inc.)
HKU\S-1-5-21-3808504719-902934913-2112380188-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [44024 2017-07-16] (Glarysoft Ltd)
HKU\S-1-5-21-3808504719-902934913-2112380188-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1223560 2017-05-07] (Ruiware)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WAR Tray Application.lnk [2017-07-20]
ShortcutTarget: WAR Tray Application.lnk -> C:\Program Files\Ruiware\WinAntiRansom\WAR_TrayApp.exe (WinPatrol)
BootExecute: autocheck autochk *  

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{eb5d1fea-b59e-4747-a187-8e31bc5b0d96}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3808504719-902934913-2112380188-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2017-06-27] (Bitdefender)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2017-06-27] (Bitdefender)
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2017-06-27] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2017-06-27] (Bitdefender)

FireFox:
========
FF DefaultProfile: eha9epo1.default
FF ProfilePath: C:\Users\Nate\AppData\Roaming\Mozilla\Firefox\Profiles\eha9epo1.default [2017-07-25]
FF Extension: (Adblock Plus) - C:\Users\Nate\AppData\Roaming\Mozilla\Firefox\Profiles\eha9epo1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-07-21]
FF HKLM\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff [2017-07-14]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext [2017-07-14] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-19] (Google Inc.)

Chrome:
=======
CHR Profile: C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default [2017-07-25]
CHR Extension: (Google Slides) - C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-07-19]
CHR Extension: (Google Docs) - C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-07-19]
CHR Extension: (Google Drive) - C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-07-19]
CHR Extension: (YouTube) - C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-19]
CHR Extension: (Adblock Plus) - C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-19]
CHR Extension: (Google Sheets) - C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-07-19]
CHR Extension: (Google Docs Offline) - C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-07-19]
CHR Extension: (Gmail) - C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-07-19]
CHR Extension: (Chrome Media Router) - C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-19]
CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\WINDOWS\system32\DRIVERS\AdminService.exe [347056 2017-04-24] (Windows ® Win 7 DDK provider)
R2 bdredline; C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe [2127552 2017-06-29] (Bitdefender)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [10501104 2017-07-19] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2876096 2017-07-19] (COMODO)
S3 cphs; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\IntelCpHeciSvc.exe [310256 2017-02-08] (Intel Corporation)
S3 cplspcon; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\IntelCpHDCPSvc.exe [488944 2017-02-08] (Intel Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-07-19] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-07-19] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [49992 2017-07-12] (Dropbox, Inc.)
R2 DevMgmtService; C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe [103072 2017-06-27] (Bitdefender)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135488 2017-07-19] (SurfRight B.V.)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [4853384 2017-07-19] (SurfRight B.V.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igfxCUIService.exe [350704 2017-02-08] (Intel Corporation)
S2 IntelSSTSvc; C:\WINDOWS\system32\IntelSSTAPO\ParameterService\ParameterService.exe [26608 2016-07-12] (Intel Corporation)
R2 isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [133840 2017-07-19] (COMODO)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1254736 2017-04-11] (Bitdefender)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe [218416 2017-06-27] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender Security\vsserv.exe [1421608 2017-06-30] (Bitdefender)
R2 vsservp; C:\Program Files\Bitdefender\Bitdefender Security\vsservp.exe [524872 2016-08-25] (Bitdefender)
S2 WARSvc; C:\Program Files\Ruiware\WinAntiRansom\WARSvc.exe [213896 2017-05-02] (WinPatrol)
R2 WARWDSvc; C:\Program Files\Ruiware\WinAntiRansom\WARWDSvc.exe [249224 2017-05-02] (WinPatrol)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-19] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [950160 2017-06-07] (BitDefender S.R.L. Bucharest, ROMANIA)
R0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [1612648 2017-04-19] (BitDefender)
S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [23672 2016-03-15] (Bitdefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [133088 2017-06-06] (BitDefender LLC)
S3 bdprivmon; C:\WINDOWS\System32\DRIVERS\bdprivmon.sys [47856 2017-05-11] (© Bitdefender SRL)
S3 BDVEDISK; C:\WINDOWS\system32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
R3 BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [605616 2017-04-24] (Qualcomm)
R1 CGKDarkWatcher; C:\WINDOWS\System32\drivers\CGKDarkWatcher.sys [15128 2017-03-05] (Ruiware, LLC)
R1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [40936 2017-06-01] (COMODO)
R1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [831992 2017-06-01] (COMODO)
R1 cmdhlp; C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [50776 2017-06-01] (COMODO)
R1 GUBootStartup; C:\WINDOWS\System32\drivers\GUBootStartup.sys [20160 2017-07-19] (Glarysoft Ltd)
R0 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [187688 2017-05-11] (BitDefender LLC)
R1 hmpalert; C:\WINDOWS\system32\drivers\hmpalert.sys [253048 2017-07-19] (SurfRight B.V.)
R3 hmpnet; C:\WINDOWS\system32\drivers\hmpnet.sys [93800 2017-07-19] (SurfRight B.V.)
R3 igfx; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igdkmd64.sys [11041776 2017-02-08] (Intel Corporation)
S3 Ignis; C:\WINDOWS\system32\DRIVERS\ignis.sys [346704 2017-06-08] (Bitdefender)
R1 inspect; C:\WINDOWS\system32\DRIVERS\inspect.sys [132880 2017-06-07] (COMODO)
R1 isedrv; C:\WINDOWS\system32\drivers\isedrv.sys [62208 2017-03-29] (COMODO)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [188352 2017-07-19] (Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [45472 2017-07-25] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253856 2017-07-25] (Malwarebytes)
R3 Qcamain10x64; C:\WINDOWS\System32\drivers\Qcamain10x64.sys [2344448 2017-03-18] (Qualcomm Atheros, Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek                                            )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [791008 2017-06-21] (Realsil Semiconductor Corporation)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [439576 2017-04-11] (BitDefender S.R.L.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-25 08:21 - 2017-07-25 08:22 - 00016615 _____ C:\Users\Nate\Downloads\FRST.txt
2017-07-25 08:21 - 2017-07-25 08:21 - 00000000 ____D C:\FRST
2017-07-25 06:39 - 2017-07-25 06:39 - 02382336 _____ (Farbar) C:\Users\Nate\Downloads\FRST64.exe
2017-07-25 05:03 - 2017-07-25 05:03 - 00745996 _____ C:\WINDOWS\Minidump\072517-27546-01.dmp
2017-07-25 04:47 - 2017-07-25 04:47 - 00767996 _____ C:\WINDOWS\Minidump\072517-31078-01.dmp
2017-07-25 04:24 - 2017-07-25 05:03 - 846127666 _____ C:\WINDOWS\MEMORY.DMP
2017-07-25 04:24 - 2017-07-25 05:03 - 00000000 ____D C:\WINDOWS\Minidump
2017-07-25 04:24 - 2017-07-25 04:24 - 00761364 _____ C:\WINDOWS\Minidump\072517-32296-01.dmp
2017-07-25 04:19 - 2016-03-11 15:53 - 00380928 _____ C:\Users\Nate\Downloads\hgmer.exe
2017-07-25 04:16 - 2017-07-25 04:16 - 05198336 _____ (AVAST Software) C:\Users\Nate\Downloads\aswmbr.exe
2017-07-25 04:15 - 2017-07-25 04:15 - 00371282 _____ C:\Users\Nate\Downloads\gmer.zip
2017-07-25 00:42 - 2017-07-25 00:42 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-07-25 00:41 - 2017-07-25 01:07 - 00000000 ____D C:\ProgramData\RogueKiller
2017-07-25 00:41 - 2017-07-25 00:41 - 00000903 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-07-25 00:41 - 2017-07-25 00:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-07-25 00:41 - 2017-07-25 00:41 - 00000000 ____D C:\Program Files\RogueKiller
2017-07-25 00:36 - 2017-07-25 00:36 - 00253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\38E161B2.sys
2017-07-25 00:30 - 2017-07-25 00:36 - 00000000 ____D C:\AdwCleaner
2017-07-25 00:29 - 2017-07-25 00:30 - 00122734 _____ C:\TDSSKiller.3.1.0.15_25.07.2017_00.29.37_log.txt
2017-07-25 00:24 - 2017-07-25 05:11 - 00005104 _____ C:\Users\Nate\Desktop\Rkill.txt
2017-07-25 00:16 - 2017-07-25 00:14 - 02870984 _____ (ESET) C:\Users\Nate\Desktop\esetsmartinstaller_enu.exe
2017-07-25 00:14 - 2017-07-25 00:14 - 02870984 _____ (ESET) C:\Users\Nate\Downloads\esetsmartinstaller_enu.exe
2017-07-25 00:13 - 2017-07-25 00:12 - 08162248 _____ (Malwarebytes) C:\Users\Nate\Desktop\AdwCleaner.exe
2017-07-25 00:12 - 2017-07-25 00:12 - 08162248 _____ (Malwarebytes) C:\Users\Nate\Downloads\AdwCleaner.exe
2017-07-25 00:03 - 2017-07-25 00:01 - 35709112 _____ (Adlice Software ) C:\Users\Nate\Desktop\RogueKiller_setup_ref3.exe
2017-07-24 23:58 - 2017-07-25 00:01 - 35709112 _____ (Adlice Software ) C:\Users\Nate\Downloads\RogueKiller_setup_ref3.exe
2017-07-24 23:55 - 2017-07-24 23:55 - 04922400 _____ (AO Kaspersky Lab) C:\Users\Nate\Downloads\tdsskiller.exe
2017-07-24 23:51 - 2017-07-24 23:49 - 02107392 _____ (Bleeping Computer, LLC) C:\Users\Nate\Desktop\rkill-unsigned.exe
2017-07-24 23:49 - 2017-07-24 23:49 - 02107392 _____ (Bleeping Computer, LLC) C:\Users\Nate\Downloads\rkill-unsigned.exe
2017-07-24 23:45 - 2017-07-24 23:45 - 02107392 _____ (Bleeping Computer, LLC) C:\Users\Nate\Downloads\Unconfirmed 359650.crdownload
2017-07-24 23:44 - 2017-07-24 23:44 - 00003153 _____ C:\WINDOWS\Tweaking.com - Windows Repair Setup Log.txt
2017-07-24 23:44 - 2017-07-24 23:44 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2017-07-24 23:42 - 2017-07-24 23:42 - 34869800 _____ (Tweaking.com) C:\Users\Nate\Desktop\tweaking.com_windows_repair_aio_setup (1).exe
2017-07-24 23:41 - 2017-07-24 23:42 - 34869800 _____ (Tweaking.com) C:\Users\Nate\Downloads\tweaking.com_windows_repair_aio_setup (1).exe
2017-07-21 10:30 - 2017-07-21 10:28 - 00004750 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ds_backup
2017-07-21 10:25 - 2017-07-21 10:25 - 00000000 ____D C:\ProgramData\DesktopServer
2017-07-21 09:51 - 2017-07-21 09:51 - 00019023 _____ C:\Users\Nate\Downloads\desktopserver.zip
2017-07-21 08:37 - 2017-07-21 08:33 - 00004482 _____ C:\Users\Nate\Desktop\BitdefenderFullScanLog9Hrs!!.xml
2017-07-21 06:26 - 2017-07-25 08:18 - 00000000 ____D C:\Users\Nate\AppData\LocalLow\Mozilla
2017-07-21 06:26 - 2017-07-21 06:30 - 00000000 ____D C:\Users\Nate\AppData\Local\Mozilla
2017-07-21 06:26 - 2017-07-21 06:26 - 00000000 ____D C:\Users\Nate\AppData\Roaming\Mozilla
2017-07-21 05:14 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll
2017-07-21 05:14 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
2017-07-21 05:14 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
2017-07-21 05:14 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll
2017-07-21 05:14 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2017-07-21 05:14 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
2017-07-21 05:14 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2017-07-21 05:14 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll
2017-07-21 05:13 - 2017-07-21 05:13 - 00001451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2017-07-21 05:13 - 2017-07-21 05:13 - 00001382 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2017-07-21 05:12 - 2017-07-21 05:13 - 00000000 ____D C:\Program Files (x86)\Windows Live
2017-07-21 05:12 - 2017-07-21 05:12 - 00001000 _____ C:\Users\Public\Desktop\Video Win Movie Maker.lnk
2017-07-21 05:12 - 2017-07-21 05:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Win Movie Maker
2017-07-21 05:12 - 2017-07-21 05:12 - 00000000 ____D C:\Program Files (x86)\Video Win Movie Maker
2017-07-21 05:11 - 2017-07-21 05:11 - 00002148 _____ C:\Users\Nate\Desktop\VirusTotal Uploader 2.2.lnk
2017-07-21 05:11 - 2017-07-21 05:11 - 00000000 ____D C:\Users\Nate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirusTotal Uploader 2.2
2017-07-21 05:11 - 2017-07-21 05:11 - 00000000 ____D C:\Program Files (x86)\VirusTotalUploader2
2017-07-21 05:07 - 2017-07-21 05:07 - 26703372 _____ (videowinsoft.com ) C:\Users\Nate\Downloads\windows-movie-maker-2016-full (1).exe
2017-07-21 04:47 - 2017-07-21 04:47 - 26703372 _____ (videowinsoft.com ) C:\Users\Nate\Downloads\windows-movie-maker-2016-full.exe
2017-07-20 21:58 - 2017-07-20 22:03 - 00001087 _____ C:\Users\Public\Desktop\WinPatrol WAR Explorer.lnk
2017-07-20 21:57 - 2017-07-20 21:57 - 00000000 ____D C:\ProgramData\WinPatrol
2017-07-20 21:57 - 2017-07-20 21:57 - 00000000 ____D C:\Program Files\Ruiware
2017-07-20 21:57 - 2017-03-05 17:48 - 00015128 _____ (Ruiware, LLC) C:\WINDOWS\system32\Drivers\CGKDarkWatcher.sys
2017-07-20 13:24 - 2017-07-20 13:24 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-07-20 13:24 - 2017-07-20 13:24 - 00000000 ____D C:\Program Files\MSBuild
2017-07-20 13:24 - 2017-07-20 13:24 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-07-20 13:24 - 2017-07-20 13:24 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-07-20 13:21 - 2017-02-10 11:26 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-07-20 13:21 - 2017-02-10 11:26 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-07-20 13:21 - 2017-02-10 11:26 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-07-20 13:21 - 2017-02-10 11:21 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-07-20 13:21 - 2017-02-10 11:21 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-07-20 13:21 - 2017-02-10 11:21 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-07-20 13:06 - 2017-07-20 13:06 - 00001506 _____ C:\Users\Public\Desktop\Tipard 3D Converter.lnk
2017-07-20 13:06 - 2017-07-20 13:06 - 00000000 ____D C:\Users\Nate\Documents\Tipard Studio
2017-07-20 13:06 - 2017-07-20 13:06 - 00000000 ____D C:\Users\Nate\AppData\Local\Tipard Studio
2017-07-20 13:06 - 2017-07-20 13:06 - 00000000 ____D C:\ProgramData\Tipard Studio
2017-07-20 13:06 - 2017-07-20 13:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tipard
2017-07-20 13:06 - 2017-07-20 13:06 - 00000000 ____D C:\Program Files (x86)\Tipard Studio
2017-07-20 12:50 - 2017-07-20 12:46 - 00004485 _____ C:\Users\Nate\Desktop\1500554960_1_01.xml
2017-07-20 12:40 - 2017-07-25 05:42 - 00042168 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2017-07-20 12:40 - 2017-07-20 12:40 - 00000000 ____D C:\Users\Nate\Downloads\ProcessExplorer
2017-07-20 12:38 - 2017-07-20 12:38 - 00000000 ____D C:\Users\Nate\AppData\Roaming\WinRAR
2017-07-20 12:37 - 2017-07-20 12:37 - 01931969 _____ C:\Users\Nate\Downloads\ProcessExplorer.zip
2017-07-20 12:32 - 2017-07-20 12:32 - 01510832 _____ (Ruiware) C:\Users\Nate\Downloads\wpsetup (5).exe
2017-07-20 12:26 - 2017-07-20 12:26 - 00001278 _____ C:\Users\Nate\Desktop\AVS Video Editor.lnk
2017-07-20 12:22 - 2017-07-20 12:27 - 00000000 ____D C:\Users\Nate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2017-07-20 12:22 - 2017-07-20 12:27 - 00000000 ____D C:\Users\Nate\AppData\Roaming\AVS4YOU
2017-07-20 12:22 - 2017-07-20 12:22 - 00000000 ____D C:\ProgramData\AVS4YOU
2017-07-20 12:21 - 2017-07-20 12:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2017-07-20 12:21 - 2017-07-20 12:21 - 00001278 _____ C:\Users\Nate\Desktop\AVS Audio Editor.lnk
2017-07-20 12:21 - 2010-05-11 13:17 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3a.dll
2017-07-20 12:20 - 2017-07-20 12:27 - 00000000 ____D C:\Program Files (x86)\AVS4YOU
2017-07-20 12:18 - 2017-07-20 12:18 - 00001104 _____ C:\Users\Nate\Desktop\bvcsoft3GP.lnk
2017-07-20 12:18 - 2017-07-20 12:18 - 00000000 ____D C:\Users\Nate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\bvcsoft3GP
2017-07-20 12:18 - 2017-07-20 12:18 - 00000000 ____D C:\Program Files (x86)\bvcsoft3GP
2017-07-19 12:39 - 2017-07-20 12:10 - 00001126 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2017-07-19 12:39 - 2017-07-20 12:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2017-07-19 12:39 - 2017-07-19 12:39 - 00000000 ____D C:\Users\Nate\AppData\Local\VS Revo Group
2017-07-19 12:39 - 2017-07-19 12:39 - 00000000 ____D C:\ProgramData\VS Revo Group
2017-07-19 12:39 - 2017-07-19 12:39 - 00000000 ____D C:\Program Files\VS Revo Group
2017-07-19 12:39 - 2016-12-21 14:52 - 00040240 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
2017-07-19 12:22 - 2017-07-25 08:07 - 00093600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-07-19 12:22 - 2017-07-25 05:12 - 00101784 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-07-19 12:22 - 2017-07-25 05:05 - 00045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-07-19 12:22 - 2017-07-19 12:26 - 00188352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-07-19 12:21 - 2017-07-19 12:26 - 00001916 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-07-19 12:21 - 2017-07-19 12:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-07-19 12:21 - 2017-07-19 12:21 - 00000000 ____D C:\Program Files\Malwarebytes
2017-07-19 12:21 - 2017-06-27 12:06 - 00077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-07-19 12:20 - 2017-07-19 12:19 - 65033984 _____ (Malwarebytes ) C:\Users\Nate\Desktop\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe
2017-07-19 12:19 - 2017-07-19 12:19 - 65033984 _____ (Malwarebytes ) C:\Users\Nate\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe
2017-07-19 12:09 - 2017-07-25 08:21 - 00000000 ____D C:\WINDOWS\CryptoGuard
2017-07-19 12:09 - 2017-07-25 00:37 - 00000000 ____D C:\ProgramData\HitmanPro.Alert
2017-07-19 12:09 - 2017-07-19 12:41 - 00000000 ____D C:\Program Files (x86)\HitmanPro.Alert
2017-07-19 12:09 - 2017-07-19 12:33 - 00918664 _____ (SurfRight B.V.) C:\WINDOWS\system32\hmpalert.dll
2017-07-19 12:09 - 2017-07-19 12:33 - 00843400 _____ (SurfRight B.V.) C:\WINDOWS\SysWOW64\hmpalert.dll
2017-07-19 12:09 - 2017-07-19 12:33 - 00253048 _____ (SurfRight B.V.) C:\WINDOWS\system32\Drivers\hmpalert.sys
2017-07-19 12:09 - 2017-07-19 12:33 - 00093800 _____ (SurfRight B.V.) C:\WINDOWS\system32\Drivers\hmpnet.sys
2017-07-19 12:09 - 2017-07-19 12:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert
2017-07-19 11:48 - 2017-07-20 22:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2017-07-19 11:48 - 2017-07-20 22:02 - 00000000 ____D C:\ProgramData\InstallMate
2017-07-19 11:48 - 2017-07-20 21:57 - 00000000 ____D C:\Users\Nate\AppData\Roaming\WinPatrol
2017-07-19 11:48 - 2017-07-19 11:48 - 00000000 ____D C:\Program Files (x86)\Ruiware
2017-07-19 11:15 - 2017-07-19 11:15 - 00030960 _____ C:\ProgramData\agent.update.1500477336.bdinstall.bin
2017-07-19 11:15 - 2017-07-19 11:15 - 00000385 _____ C:\WINDOWS\system32\user_gensett.xml
2017-07-19 11:13 - 2017-07-25 08:18 - 00000000 ____D C:\Users\Nate\AppData\Local\CrashDumps
2017-07-19 11:13 - 2017-07-19 11:13 - 00484249 _____ C:\ProgramData\cl.1500476944.bdinstall.bin
2017-07-19 11:13 - 2017-07-19 11:13 - 00074297 _____ C:\ProgramData\cl.kit.1500476921.bdinstall.bin
2017-07-19 11:13 - 2017-07-19 11:13 - 00057040 _____ C:\ProgramData\dm.1500477193.bdinstall.bin
2017-07-19 11:13 - 2017-07-19 11:13 - 00003420 _____ C:\WINDOWS\System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C
2017-07-19 11:13 - 2017-07-19 11:13 - 00000000 ____D C:\ProgramData\Bitdefender Device Management
2017-07-19 11:12 - 2017-07-19 11:12 - 00000000 ____D C:\ProgramData\Atc
2017-07-19 11:11 - 2017-07-19 11:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender Security
2017-07-19 11:11 - 2017-07-19 11:11 - 00002347 _____ C:\Users\Public\Desktop\Bitdefender.lnk
2017-07-19 11:11 - 2017-07-19 11:11 - 00000000 ____D C:\ProgramData\BDLogging
2017-07-19 11:10 - 2017-07-19 11:13 - 00000000 ____D C:\Users\Nate\AppData\Roaming\Bitdefender
2017-07-19 11:10 - 2017-06-08 08:19 - 00346704 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\ignis.sys
2017-07-19 11:10 - 2017-06-07 08:04 - 00950160 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\atc.sys
2017-07-19 11:10 - 2017-05-11 08:16 - 00047856 _____ (© Bitdefender SRL) C:\WINDOWS\system32\Drivers\bdprivmon.sys
2017-07-19 11:10 - 2017-04-19 10:19 - 01612648 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avc3.sys
2017-07-19 11:10 - 2016-03-15 01:04 - 00023672 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bdelam.sys
2017-07-19 11:10 - 2015-12-04 22:27 - 00087912 _____ (BitDefender) C:\WINDOWS\system32\Drivers\bdvedisk.sys
2017-07-19 11:10 - 2007-04-11 14:11 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\capicom.dll
2017-07-19 11:09 - 2017-07-19 11:15 - 00000000 ____D C:\ProgramData\Bitdefender
2017-07-19 11:09 - 2017-07-19 11:13 - 00000000 ____D C:\Program Files\Bitdefender
2017-07-19 11:09 - 2017-07-19 11:09 - 00000000 ____D C:\Users\Nate\AppData\Roaming\QuickScan
2017-07-19 11:09 - 2017-05-11 08:37 - 00187688 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
2017-07-19 11:09 - 2017-04-11 07:19 - 00439576 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys
2017-07-19 11:08 - 2017-07-19 11:09 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2017-07-19 11:08 - 2017-07-19 11:08 - 00003798 _____ C:\WINDOWS\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2017-07-19 11:06 - 2017-07-21 18:52 - 00000000 ____D C:\Program Files\Bitdefender Agent
2017-07-19 11:06 - 2017-07-19 11:06 - 00048457 _____ C:\ProgramData\agent.1500476793.bdinstall.bin
2017-07-19 11:06 - 2017-07-19 11:06 - 00000000 ____D C:\ProgramData\Bitdefender Agent
2017-07-19 11:02 - 2017-07-21 08:02 - 00000000 ____D C:\Users\Nate\AppData\Local\Google
2017-07-19 11:02 - 2017-07-19 11:01 - 00001335 _____ C:\Users\Nate\Desktop\Dropbox.lnk
2017-07-19 11:01 - 2017-07-19 11:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-07-19 11:00 - 2017-07-19 11:41 - 00000936 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2017-07-19 11:00 - 2017-07-19 11:41 - 00000932 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2017-07-19 11:00 - 2017-07-19 11:02 - 00000000 ____D C:\Users\Nate\AppData\Local\Dropbox
2017-07-19 11:00 - 2017-07-19 11:02 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-07-19 11:00 - 2017-07-19 11:00 - 00003996 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2017-07-19 11:00 - 2017-07-19 11:00 - 00003764 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2017-07-19 11:00 - 2017-07-19 11:00 - 00000000 ____D C:\Users\Nate\AppData\Roaming\Dropbox
2017-07-19 11:00 - 2017-07-19 11:00 - 00000000 ____D C:\ProgramData\Dropbox
2017-07-19 10:59 - 2017-07-25 05:07 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5
2017-07-19 10:59 - 2017-07-21 11:32 - 00000000 ____D C:\Users\Nate\AppData\Roaming\Notepad++
2017-07-19 10:59 - 2017-07-21 04:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2017-07-19 10:59 - 2017-07-21 04:10 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2017-07-19 10:59 - 2017-07-19 10:59 - 00020160 _____ (Glarysoft Ltd) C:\WINDOWS\system32\Drivers\GUBootStartup.sys
2017-07-19 10:59 - 2017-07-19 10:59 - 00003394 _____ C:\WINDOWS\System32\Tasks\GlaryInitialize 5
2017-07-19 10:59 - 2017-07-19 10:59 - 00003040 _____ C:\WINDOWS\System32\Tasks\GU5SkipUAC
2017-07-19 10:59 - 2017-07-19 10:59 - 00001171 _____ C:\Users\Public\Desktop\Glary Utilities 5.lnk
2017-07-19 10:59 - 2017-07-19 10:59 - 00001165 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2017-07-19 10:59 - 2017-07-19 10:59 - 00001110 _____ C:\Users\Public\Desktop\Notepad++.lnk
2017-07-19 10:59 - 2017-07-19 10:59 - 00001066 _____ C:\Users\Public\Desktop\WinRAR.lnk
2017-07-19 10:59 - 2017-07-19 10:59 - 00001057 _____ C:\Users\Public\Desktop\FileZilla.lnk
2017-07-19 10:59 - 2017-07-19 10:59 - 00001023 _____ C:\Users\Public\Desktop\PuTTY.lnk
2017-07-19 10:59 - 2017-07-19 10:59 - 00000920 _____ C:\Users\Public\Desktop\VLC media player.lnk
2017-07-19 10:59 - 2017-07-19 10:59 - 00000000 ____D C:\Users\Nate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-07-19 10:59 - 2017-07-19 10:59 - 00000000 ____D C:\Users\Nate\AppData\Roaming\GlarySoft
2017-07-19 10:59 - 2017-07-19 10:59 - 00000000 ____D C:\Users\Nate\AppData\Roaming\DiskDefrag
2017-07-19 10:59 - 2017-07-19 10:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-07-19 10:59 - 2017-07-19 10:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2017-07-19 10:59 - 2017-07-19 10:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY (64-bit)
2017-07-19 10:59 - 2017-07-19 10:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2017-07-19 10:59 - 2017-07-19 10:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2017-07-19 10:59 - 2017-07-19 10:59 - 00000000 ____D C:\Program Files\VideoLAN
2017-07-19 10:59 - 2017-07-19 10:59 - 00000000 ____D C:\Program Files\PuTTY
2017-07-19 10:59 - 2017-07-19 10:59 - 00000000 ____D C:\Program Files (x86)\Notepad++
2017-07-19 10:58 - 2017-07-19 10:59 - 00000000 ____D C:\Program Files\WinRAR
2017-07-19 10:58 - 2017-07-19 10:58 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-07-19 10:58 - 2017-07-19 10:58 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-07-19 10:58 - 2017-07-19 10:58 - 00002276 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-07-19 10:58 - 2017-07-19 10:58 - 00002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-07-19 10:58 - 2017-07-19 10:58 - 00001232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-07-19 10:58 - 2017-07-19 10:58 - 00001220 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-07-19 10:58 - 2017-07-19 10:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-07-19 10:58 - 2017-07-19 10:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-07-19 10:58 - 2017-07-19 10:58 - 00000000 ____D C:\Program Files (x86)\Google
2017-07-19 10:57 - 2017-07-20 13:42 - 00003970 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1500476263
2017-07-19 10:57 - 2017-07-20 13:42 - 00001124 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2017-07-19 10:57 - 2017-07-20 13:42 - 00000000 ____D C:\Program Files (x86)\Opera
2017-07-19 10:57 - 2017-07-19 10:57 - 00001208 _____ C:\Users\Public\Desktop\Opera Browser.lnk
2017-07-19 10:55 - 2017-07-19 10:55 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2017-07-19 10:54 - 2017-07-19 10:54 - 00001170 _____ C:\Users\Public\Desktop\Spybot Anti-Beacon.lnk
2017-07-19 10:54 - 2017-07-19 10:54 - 00000000 ____D C:\WINDOWS\SysWOW64\PolicyDefinitions
2017-07-19 10:54 - 2017-07-19 10:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot Anti-Beacon
2017-07-19 10:54 - 2017-07-19 10:54 - 00000000 ____D C:\Program Files (x86)\Spybot Anti-Beacon
2017-07-19 10:39 - 2017-07-20 14:06 - 00000000 ____D C:\Program Files\HitmanPro
2017-07-19 10:39 - 2017-07-19 10:41 - 00001966 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2017-07-19 10:39 - 2017-07-19 10:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2017-07-19 10:37 - 2017-07-19 10:38 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-07-19 10:37 - 2017-07-19 10:37 - 135225752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-07-19 10:36 - 2017-07-19 10:49 - 00000000 ____D C:\ProgramData\HitmanPro
2017-07-19 10:31 - 2017-07-21 18:50 - 01002844 _____ C:\WINDOWS\system32\Drivers\fvstore.dat
2017-07-19 10:31 - 2017-07-19 10:31 - 00000000 ____D C:\Program Files (x86)\COMODO
2017-07-19 10:31 - 2017-07-05 03:30 - 00256040 _____ (COMODO) C:\WINDOWS\system32\iseguard64.dll
2017-07-19 10:31 - 2017-07-05 03:29 - 00205536 _____ (COMODO) C:\WINDOWS\SysWOW64\iseguard32.dll
2017-07-19 10:31 - 2017-03-29 17:49 - 00062208 _____ (COMODO) C:\WINDOWS\system32\Drivers\isedrv.sys
2017-07-19 10:30 - 2017-07-19 10:30 - 00003140 _____ C:\WINDOWS\System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}
2017-07-19 10:30 - 2017-07-19 10:30 - 00000000 ____D C:\ProgramData\Comodo Downloader
2017-07-19 10:28 - 2017-07-19 10:33 - 00000000 ____D C:\WINDOWS\System32\Tasks\COMODO
2017-07-19 10:28 - 2017-07-19 10:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2017-07-19 10:28 - 2017-07-19 10:30 - 00001878 _____ C:\Users\Public\Desktop\COMODO Firewall 10.lnk
2017-07-19 10:27 - 2017-07-19 10:27 - 00000000 ____D C:\Program Files\COMODO
2017-07-19 10:26 - 2017-07-19 10:30 - 00000000 ____D C:\ProgramData\Comodo
2017-07-19 10:26 - 2017-07-19 10:26 - 00000000 ____D C:\ProgramData\Shared Space
2017-07-19 10:23 - 2017-07-19 10:22 - 00565416 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-07-19 10:21 - 2017-07-25 05:05 - 00253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-07-19 10:21 - 2017-07-19 12:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-07-19 08:34 - 2017-07-19 08:34 - 32688336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsRaw.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 31652264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsRaw.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 23681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 21353208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 20504576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 20373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 19335168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 17364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 13839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 12786176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 11870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 08331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 08318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-07-19 08:34 - 2017-07-19 08:34 - 08238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 08211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 07596544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 07336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 07325584 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 07149056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 06759512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 06554928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 06287360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 06123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 05961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 05892096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 05820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 05806048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 05719040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 05477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 04847424 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-07-19 08:34 - 2017-07-19 08:34 - 04730880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 04707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 04536320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 04469840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-07-19 08:34 - 2017-07-19 08:34 - 04447744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 04417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 04056576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 03803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 03784704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 03670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-07-19 08:34 - 2017-07-19 08:34 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 03656704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 03377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 03332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 03204096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 03139584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 03057664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 02956800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-07-19 08:34 - 2017-07-19 08:34 - 02938880 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 02829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 02814464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 02804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 02782720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 02750464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 02681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-07-19 08:34 - 2017-07-19 08:34 - 02679296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 02671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 02649600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 02645688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 02588160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 02475136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 02444696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-07-19 08:34 - 2017-07-19 08:34 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 02399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 02330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 02327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-07-19 08:34 - 2017-07-19 08:34 - 02298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 02259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 02211328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 02177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 02171392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 02165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 02132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-07-19 08:34 - 2017-07-19 08:34 - 02055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-07-19 08:34 - 2017-07-19 08:34 - 02021680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-07-19 08:34 - 2017-07-19 08:34 - 01930320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 01839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 01818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 01802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 01760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 01703424 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-07-19 08:34 - 2017-07-19 08:34 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 01670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 01640448 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 01620368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 01565184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 01564576 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 01529384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 01518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 01494016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 01492480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 01451008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 01448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 01425920 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-07-19 08:34 - 2017-07-19 08:34 - 01420800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 01403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdc.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 01396224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 01395152 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-07-19 08:34 - 2017-07-19 08:34 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 01355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 01339352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpmde.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 01337848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 01325968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 01305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 01301504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdc.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-07-19 08:34 - 2017-07-19 08:34 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 01242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-07-19 08:34 - 2017-07-19 08:34 - 01237504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 01220072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 01214880 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 01195240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 01186464 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-07-19 08:34 - 2017-07-19 08:34 - 01178528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 01177600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 01171968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-07-19 08:34 - 2017-07-19 08:34 - 01171032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 01150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 01147288 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-07-19 08:34 - 2017-07-19 08:34 - 01142272 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 01121928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 01106848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-07-19 08:34 - 2017-07-19 08:34 - 01077496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 01076736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 01065104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-07-19 08:34 - 2017-07-19 08:34 - 01057832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 01055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 01054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 01050624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 01024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-07-19 08:34 - 2017-07-19 08:34 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 01017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-07-19 08:34 - 2017-07-19 08:34 - 00988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2017-07-19 08:34 - 2017-07-19 08:34 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00969728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00965024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-07-19 08:34 - 2017-07-19 08:34 - 00952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00949920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2017-07-19 08:34 - 2017-07-19 08:34 - 00899824 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-07-19 08:34 - 2017-07-19 08:34 - 00899072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfuimanager.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00873472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00864240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00847872 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00833160 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00823296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-07-19 08:34 - 2017-07-19 08:34 - 00820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-07-19 08:34 - 2017-07-19 08:34 - 00809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\system32\certca.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00790016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00787712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-07-19 08:34 - 2017-07-19 08:34 - 00754592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-07-19 08:34 - 2017-07-19 08:34 - 00750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-07-19 08:34 - 2017-07-19 08:34 - 00734208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-07-19 08:34 - 2017-07-19 08:34 - 00722432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-07-19 08:34 - 2017-07-19 08:34 - 00696320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2017-07-19 08:34 - 2017-07-19 08:34 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2017-07-19 08:34 - 2017-07-19 08:34 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certca.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00629152 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-07-19 08:34 - 2017-07-19 08:34 - 00626176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00601088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00600064 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00583304 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2017-07-19 08:34 - 2017-07-19 08:34 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2017-07-19 08:34 - 2017-07-19 08:34 - 00563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00558920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgrSvc.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00554392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-07-19 08:34 - 2017-07-19 08:34 - 00551424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-07-19 08:34 - 2017-07-19 08:34 - 00544160 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00520704 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-07-19 08:34 - 2017-07-19 08:34 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00508416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2017-07-19 08:34 - 2017-07-19 08:34 - 00506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00502784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00472728 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00467504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00455680 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00443728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00438096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00433152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00426912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-07-19 08:34 - 2017-07-19 08:34 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00411992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00406072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00406032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-07-19 08:34 - 2017-07-19 08:34 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-07-19 08:34 - 2017-07-19 08:34 - 00372128 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2017-07-19 08:34 - 2017-07-19 08:34 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-07-19 08:34 - 2017-07-19 08:34 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-07-19 08:34 - 2017-07-19 08:34 - 00360960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Narrator.exe
2017-07-19 08:34 - 2017-07-19 08:34 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00354400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00346016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2017-07-19 08:34 - 2017-07-19 08:34 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00336320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-07-19 08:34 - 2017-07-19 08:34 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00335776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00334240 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-07-19 08:34 - 2017-07-19 08:34 - 00329216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-07-19 08:34 - 2017-07-19 08:34 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-07-19 08:34 - 2017-07-19 08:34 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-07-19 08:34 - 2017-07-19 08:34 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2017-07-19 08:34 - 2017-07-19 08:34 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-07-19 08:34 - 2017-07-19 08:34 - 00279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-07-19 08:34 - 2017-07-19 08:34 - 00278944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsExt.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00264192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbvideo.sys
2017-07-19 08:34 - 2017-07-19 08:34 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00255904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00254168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsExt.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdmaud.drv
2017-07-19 08:34 - 2017-07-19 08:34 - 00233376 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-07-19 08:34 - 2017-07-19 08:34 - 00228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-07-19 08:34 - 2017-07-19 08:34 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdmaud.drv
2017-07-19 08:34 - 2017-07-19 08:34 - 00208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sensrsvc.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipboardServer.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00203168 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00192416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00181656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00179608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00176032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\prntvpt.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00173568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ClipboardServer.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00147800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Clipc.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Profile.RetailInfo.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00142752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-07-19 08:34 - 2017-07-19 08:34 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMPushRouterCore.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00138656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\raschap.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2017-07-19 08:34 - 2017-07-19 08:34 - 00129184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00125344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Clipc.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00119384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00117664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2017-07-19 08:34 - 2017-07-19 08:34 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\raschap.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-07-19 08:34 - 2017-07-19 08:34 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Profile.RetailInfo.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00102312 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialUIBroker.exe
2017-07-19 08:34 - 2017-07-19 08:34 - 00096672 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-07-19 08:34 - 2017-07-19 08:34 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00096128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2017-07-19 08:34 - 2017-07-19 08:34 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinAUG.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgr.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dataclen.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00058488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-07-19 08:34 - 2017-07-19 08:34 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModelOOBE.exe
2017-07-19 08:34 - 2017-07-19 08:34 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dataclen.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00049656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msasn1.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00041376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininitext.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00035232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininitext.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00034720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-07-19 08:34 - 2017-07-19 08:34 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2017-07-19 08:34 - 2017-07-19 08:34 - 00031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-07-19 08:34 - 2017-07-19 08:34 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapprovp.dll
2017-07-19 08:34 - 2017-07-19 08:34 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapprovp.dll
2017-07-19 08:28 - 2017-07-19 08:28 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-07-19 08:26 - 2017-07-19 08:26 - 00000000 ____D C:\Users\Nate\AppData\Local\MicrosoftEdge
2017-07-19 08:25 - 2017-07-19 08:25 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2017-07-19 08:25 - 2017-07-19 07:59 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2017-07-19 08:24 - 2017-07-19 08:24 - 00000000 ____D C:\Users\Nate\AppData\Local\DBG
2017-07-19 08:23 - 2017-07-19 08:23 - 00001333 _____ C:\Users\Nate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HD Audio Manager.lnk
2017-07-19 08:23 - 2017-07-19 08:23 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2017-07-19 08:21 - 2017-07-19 08:21 - 00000020 ___SH C:\Users\Nate\ntuser.ini
2017-07-19 08:19 - 2017-07-19 08:19 - 00000000 ____D C:\ProgramData\USOShared
2017-07-19 08:16 - 2017-07-19 08:16 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2017-07-19 08:16 - 2017-07-19 08:16 - 00007623 _____ C:\WINDOWS\diagerr.xml
2017-07-19 08:15 - 2017-07-25 05:12 - 01580294 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-07-19 08:15 - 2017-07-25 05:03 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-19 08:15 - 2017-07-19 08:27 - 00003288 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-07-19 08:15 - 2017-07-19 08:15 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-07-19 08:13 - 2017-07-19 08:13 - 00000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER
2017-07-19 08:06 - 2017-07-19 08:06 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-07-19 08:05 - 2017-07-19 08:06 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-07-19 08:04 - 2017-07-25 04:25 - 00000000 ____D C:\Users\Nate
2017-07-19 08:03 - 2017-07-19 08:03 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2017-07-19 08:03 - 2017-07-19 08:03 - 00000000 ____D C:\Program Files\Intel
2017-07-19 08:03 - 2017-07-19 08:03 - 00000000 ____D C:\Program Files (x86)\Intel
2017-07-19 08:03 - 2017-07-19 08:03 - 00000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2017-07-19 08:03 - 2017-02-08 00:47 - 00122384 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2017-07-19 08:03 - 2017-02-08 00:47 - 00113176 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2017-07-19 08:02 - 2017-07-19 08:02 - 01805173 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2017-07-19 08:02 - 2017-07-19 08:02 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2017-07-19 08:02 - 2017-07-19 08:02 - 00000000 ____D C:\WINDOWS\system32\IntelSSTAPO
2017-07-19 08:02 - 2017-07-19 08:02 - 00000000 ____D C:\WINDOWS\system32\DAX2
2017-07-19 08:02 - 2017-07-19 08:02 - 00000000 ____D C:\ProgramData\rtkSSTSetting
2017-07-19 08:02 - 2017-03-18 16:56 - 02233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-07-19 08:02 - 2016-08-19 02:24 - 01920820 _____ C:\WINDOWS\system32\Drivers\rtkSSTSetting.zip
2017-07-19 08:01 - 2017-07-19 08:01 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-07-19 08:01 - 2017-07-19 08:01 - 00000000 ____D C:\Program Files\Realtek
2017-07-19 07:59 - 2017-07-25 08:06 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-07-19 07:59 - 2017-07-20 13:29 - 00221848 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-07-19 06:53 - 2017-07-19 08:20 - 00000000 ___DC C:\WINDOWS\Panther
2017-07-19 06:51 - 2017-07-19 06:53 - 00000036 _____ C:\WINDOWS\progress.ini
2017-07-19 06:51 - 2017-07-19 06:51 - 00000000 ____D C:\Users\Nate\AppData\Local\Comms
2017-07-19 06:45 - 2017-07-25 05:05 - 00000000 __SHD C:\Users\Nate\IntelGraphicsProfiles
2017-07-19 06:38 - 2017-07-19 06:38 - 00000000 ____D C:\Users\Nate\AppData\Roaming\Skype
2017-07-19 06:37 - 2017-07-19 08:27 - 00002364 _____ C:\Users\Nate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-07-19 06:37 - 2017-07-19 08:27 - 00000000 ___RD C:\Users\Nate\OneDrive
2017-07-19 06:36 - 2017-07-19 06:51 - 00000000 ___HD C:\$GetCurrent
2017-07-19 06:35 - 2017-07-19 07:10 - 00000000 ____D C:\Windows10Upgrade
2017-07-19 06:35 - 2017-07-19 06:35 - 00000821 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Upgrade Assistant.lnk
2017-07-19 06:35 - 2017-07-19 06:35 - 00000809 _____ C:\Users\Nate\Desktop\Windows 10 Upgrade Assistant.lnk
2017-07-19 06:34 - 2017-07-19 08:21 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-07-19 06:34 - 2017-07-19 06:34 - 00000000 ____D C:\Users\Nate\AppData\Local\Publishers
2017-07-19 06:33 - 2017-07-19 08:40 - 00000000 ____D C:\Users\Nate\AppData\Local\Packages
2017-07-19 06:33 - 2017-07-19 06:34 - 00000000 ____D C:\Users\Nate\AppData\Local\ConnectedDevicesPlatform
2017-07-19 06:33 - 2017-07-19 06:33 - 00000000 ____D C:\Users\Nate\AppData\Roaming\Adobe
2017-07-19 06:33 - 2017-07-19 06:33 - 00000000 ____D C:\Users\Nate\AppData\Local\VirtualStore
2017-07-19 06:33 - 2017-07-19 06:33 - 00000000 ____D C:\Users\Nate\AppData\Local\TileDataLayer
2017-07-19 06:28 - 2017-07-19 06:28 - 00000000 ___SD C:\WINDOWS\UpdateAssistantV2
2017-07-19 05:05 - 2017-07-19 05:05 - 00000000 ___HD C:\$SysReset
2017-07-18 19:57 - 2017-07-18 19:57 - 00000436 _____ C:\TDSSKiller.3.1.0.11_18.07.2017_19.57.36_log.txt
2017-07-12 15:58 - 2017-07-12 15:58 - 00049992 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-07-12 15:58 - 2017-07-12 15:58 - 00045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-07-12 15:58 - 2017-07-12 15:58 - 00045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-07-12 15:58 - 2017-07-12 15:58 - 00045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-25 04:27 - 2017-03-18 17:01 - 00000000 ____D C:\WINDOWS\INF
2017-07-25 01:03 - 2016-07-16 07:47 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-07-25 00:36 - 2017-03-18 07:40 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-07-25 00:36 - 2016-10-14 13:30 - 00127388 _____ C:\bdlog.txt
2017-07-24 23:55 - 2016-10-18 01:32 - 04922400 _____ (AO Kaspersky Lab) C:\Users\Nate\Desktop\tdsskiller.exe
2017-07-24 23:12 - 2016-10-18 04:16 - 00000000 ____D C:\Windows.old.000
2017-07-24 22:18 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\rescache
2017-07-24 22:03 - 2017-03-18 17:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-24 22:03 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-07-21 10:40 - 2016-12-03 14:44 - 00000000 ____D C:\Users\Nate\Documents\Websites
2017-07-21 10:25 - 2016-12-03 14:21 - 00000000 ____D C:\xampplite
2017-07-21 09:54 - 2016-11-28 14:31 - 00000000 ____D C:\Users\Nate\Desktop\Plugins!!!
2017-07-20 21:58 - 2017-03-18 17:03 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-07-20 14:22 - 2017-03-18 16:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-07-19 10:36 - 2016-10-18 02:25 - 11584088 _____ (SurfRight B.V.) C:\Users\Nate\Desktop\HitmanPro_x64.exe
2017-07-19 08:57 - 2017-03-18 17:03 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-07-19 08:55 - 2017-03-18 17:06 - 00000000 ____D C:\WINDOWS\Setup
2017-07-19 08:35 - 2017-03-18 17:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-07-19 08:35 - 2017-03-18 17:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-07-19 08:35 - 2017-03-18 17:03 - 00000000 ___RD C:\Program Files\Windows Defender
2017-07-19 08:35 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-07-19 08:35 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\migwiz
2017-07-19 08:35 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-07-19 08:35 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-07-19 08:35 - 2017-03-18 17:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-07-19 08:35 - 2017-03-18 17:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-07-19 08:35 - 2017-03-18 17:03 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-07-19 08:21 - 2017-03-18 17:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-07-19 08:19 - 2017-03-18 17:03 - 00000000 ____D C:\ProgramData\USOPrivate
2017-07-19 08:19 - 2017-03-18 17:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-07-19 08:17 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-07-19 08:17 - 2017-03-18 07:40 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-07-19 08:16 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\Registration
2017-07-19 08:12 - 2017-03-18 22:31 - 00000000 ____D C:\WINDOWS\HoloShell
2017-07-19 08:11 - 2017-03-18 17:03 - 00000000 __RHD C:\Users\Public\Libraries
2017-07-19 08:11 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-07-19 08:06 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\spool
2017-07-19 08:03 - 2017-03-18 07:40 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-07-14 12:45 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\ELAMBKUP
2017-07-11 07:44 - 2016-09-15 03:07 - 00942280 _____ (COMODO) C:\WINDOWS\system32\guard64.dll
2017-07-11 07:44 - 2016-09-15 03:07 - 00732944 _____ (COMODO) C:\WINDOWS\SysWOW64\guard32.dll
2017-07-11 07:44 - 2016-09-15 03:07 - 00051808 _____ (COMODO) C:\WINDOWS\system32\cmdcsr.dll
2017-07-11 07:41 - 2016-09-15 03:05 - 00457408 _____ (COMODO) C:\WINDOWS\system32\cmdvrt64.dll
2017-07-11 07:40 - 2016-09-15 03:02 - 00363712 _____ (COMODO) C:\WINDOWS\SysWOW64\cmdvrt32.dll
2017-06-30 10:47 - 2017-03-18 17:06 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-06-30 10:47 - 2017-03-18 17:06 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2017-07-19 11:06 - 2017-07-19 11:06 - 0048457 _____ () C:\ProgramData\agent.1500476793.bdinstall.bin
2017-07-19 11:15 - 2017-07-19 11:15 - 0030960 _____ () C:\ProgramData\agent.update.1500477336.bdinstall.bin
2017-07-19 11:13 - 2017-07-19 11:13 - 0484249 _____ () C:\ProgramData\cl.1500476944.bdinstall.bin
2017-07-19 11:13 - 2017-07-19 11:13 - 0074297 _____ () C:\ProgramData\cl.kit.1500476921.bdinstall.bin
2017-07-19 11:13 - 2017-07-19 11:13 - 0057040 _____ () C:\ProgramData\dm.1500477193.bdinstall.bin
2017-07-19 08:02 - 2017-07-19 08:02 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
2017-07-25 00:41 - 2017-07-19 08:34 - 1930320 _____ (Microsoft Corporation) C:\Users\Nate\AppData\Local\Temp\dllnt_dump.dll
2017-07-20 12:09 - 2017-07-20 12:09 - 11534624 _____ (VS Revo Group                                               ) C:\Users\Nate\AppData\Local\Temp\VSUSetup.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-19 07:58

==================== End of FRST.txt ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-07-2017
Ran by Nate (25-07-2017 08:22:25)
Running from C:\Users\Nate\Downloads
Windows 10 Home Version 1703 (X64) (2017-07-19 12:20:29)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3808504719-902934913-2112380188-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3808504719-902934913-2112380188-503 - Limited - Disabled)
Guest (S-1-5-21-3808504719-902934913-2112380188-501 - Limited - Disabled)
Nate (S-1-5-21-3808504719-902934913-2112380188-1001 - Administrator - Enabled) => C:\Users\Nate

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: Bitdefender Antivirus (Disabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antispyware (Disabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall (Enabled) {346ADFA5-A93A-68E5-1F1A-0C241B12C186}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AVS Audio Editor 8.2.1 (HKLM-x32\...\AVS Audio Editor_is1) (Version: 8.2.1.513 - Online Media Technologies Ltd.)
AVS Video Editor 7.4.1 (HKLM-x32\...\AVS Video Editor_is1) (Version: 7.4.1.281 - Online Media Technologies Ltd.)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 21.0.24.36 - Bitdefender)
Bitdefender Antivirus Plus (HKLM\...\Bitdefender) (Version: 22.0.8.118 - Bitdefender)
Bitdefender Device Management (HKLM\...\Bitdefender Device Management) (Version: 22.0.8.114 - Bitdefender)
bvcsoft3GP 2.5 (HKLM-x32\...\bvcsoft3GP) (Version:  - )
COMODO Firewall (HKLM\...\{C7C71F0C-4CC1-4B17-943C-96E5196DDA74}) (Version: 10.0.1.6258 - COMODO Security Solutions Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 30.4.22 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.65.1 - Dropbox, Inc.) Hidden
FileZilla Client 3.27.0.1 (HKLM-x32\...\FileZilla Client) (Version: 3.27.0.1 - Tim Kosse)
Glary Utilities 5.80 (HKLM-x32\...\Glary Utilities 5) (Version: 5.80.0.101 - Glarysoft Ltd)
Google Chrome (HKLM\...\{715E251E-9134-3D1D-BE19-1C6EE18F8D24}) (Version: 59.0.3071.115 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.20.286 - SurfRight B.V.)
HitmanPro.Alert 3 (HKLM\...\HitmanPro.Alert) (Version: 3.6.7.604 - SurfRight B.V.)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4534 - Intel Corporation)
Internet Security Essentials (HKLM-x32\...\ComodoIse) (Version: 1.2.422025.92 - Comodo)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-3808504719-902934913-2112380188-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0.1 - Mozilla)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.4.2 - Notepad++ Team)
Opera Stable 46.0.2597.57 (HKLM-x32\...\Opera 46.0.2597.57) (Version: 46.0.2597.57 - Opera Software)
PuTTY release 0.70 (64-bit) (HKLM\...\{45B3032F-22CC-40CD-9E97-4DA7095FA5A2}) (Version: 0.70.0.0 - Simon Tatham)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.15063.21299 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7910 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.9 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.9 - VS Revo Group, Ltd.)
RogueKiller version 12.11.8.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.8.0 - Adlice Software)
Spybot Anti-Beacon (HKLM-x32\...\{419A7FCF-93E1-474D-BFE9-987CF3F90C88}_is1) (Version: 1.5 - Safer-Networking Ltd.)
Tipard 3D Converter 6.1.10 (HKLM-x32\...\{4A974195-391A-4c58-BD56-B1C4553F09A0}_is1) (Version:  - )
Video Win Movie Maker 2016 (HKLM-x32\...\{3CC29C1A-B5FE-457B-8F22-32A2videowin}}_is1) (Version:  - videowinsoft.com)
VirusTotal Uploader 2.2 (HKLM-x32\...\VTUploader) (Version:  - )
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
WinAntiRansom (HKLM-x32\...\{D7C29DFD-DD4C-4C58-B79F-E2B576142AF8}) (Version: 2017.5.720 - WinPatrol)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22175 - Microsoft Corporation)
WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 35.5.2017.8 - Ruiware)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
ContextMenuHandlers01: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-06-18] ()
ContextMenuHandlers01: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2017-07-11] (COMODO)
ContextMenuHandlers01: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ContextMenuHandlers01: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2016-06-22] (Glarysoft Ltd)
ContextMenuHandlers01: [HitmanPro] -> {D7CF1AF8-E2AD-4DA4-ACE5-77F8A58AB71D} => C:\Program Files\HitmanPro\hmpshext.dll [2017-07-20] (SurfRight B.V.)
ContextMenuHandlers01: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers02: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2017-07-11] (COMODO)
ContextMenuHandlers02: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2016-06-22] (Glarysoft Ltd)
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers04: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ContextMenuHandlers04: [HitmanPro] -> {D7CF1AF8-E2AD-4DA4-ACE5-77F8A58AB71D} => C:\Program Files\HitmanPro\hmpshext.dll [2017-07-20] (SurfRight B.V.)
ContextMenuHandlers05: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers05: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igfxDTCM.dll [2017-02-08] (Intel Corporation)
ContextMenuHandlers06: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2017-07-11] (COMODO)
ContextMenuHandlers06: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2016-06-22] (Glarysoft Ltd)
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers06: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group)
ContextMenuHandlers06: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07FDDED1-599E-4A40-A40E-F30DF745682C} - System32\Tasks\Safer-Networking\Spybot Anti-Beacon\Refresh Anti-Beacon immunization => C:\Program Files (x86)\Spybot Anti-Beacon\SDAntiBeacon.exe [2015-10-19] (Safer-Networking Ltd.)
Task: {09625561-3A31-4845-9EBC-D1D2116F4D95} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2017-07-16] (Glarysoft Ltd)
Task: {4A9E4506-27CB-4682-8F96-AEB89421DABC} - System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C => C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe [2017-06-27] (Bitdefender)
Task: {4F65D6DA-387F-4784-99CC-22F90A15199E} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2017-04-11] (Bitdefender)
Task: {56836156-D13B-48EA-BB00-3A440A95EF95} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-19] (Google Inc.)
Task: {60DEC3C9-3F13-4CE5-8851-02DA1E2B34D4} - System32\Tasks\COMODO\COMODO Maintenance {947247B5-026A-4437-9371-770782BE839D} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-07-19] (COMODO)
Task: {67F8F6E5-2B7D-4772-8675-C477FD6E48BD} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-07-19] (Dropbox, Inc.)
Task: {7EF877EE-55AF-4175-B7DF-F3C0742A3CA5} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2017-07-16] (Glarysoft Ltd)
Task: {968817FB-BB6D-47C1-81D7-A3BA62446FB0} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-07-19] (COMODO)
Task: {9DC8E3CF-7A8E-4A8A-8AAD-12C967E9A3D4} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-07-19] (COMODO)
Task: {A3A65E6A-DE08-4C25-9770-97A72906124B} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-07-19] (Dropbox, Inc.)
Task: {A569A494-794E-4421-8CF3-D6B27FBB9B4F} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2017-07-19] (COMODO)
Task: {B8851DA7-5074-458F-B462-37312059B5A4} - System32\Tasks\Opera scheduled Autoupdate 1500476263 => C:\Program Files (x86)\Opera\launcher.exe [2017-07-18] (Opera Software)
Task: {C26168B6-3F1E-4DCB-8964-0F8B1BC25EC9} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-07-19] (COMODO)
Task: {E5CDDE3F-30D3-4159-ABF7-D7327BAB0279} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2017-07-19] (COMODO)
Task: {E642145E-045F-47C4-8739-7205CE87B38F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-19] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-07-19 11:10 - 2013-09-03 17:29 - 00111832 _____ () C:\Program Files\Bitdefender\Bitdefender Security\bdmetrics.dll
2017-07-19 11:10 - 2017-02-07 15:34 - 01008448 _____ () C:\Program Files\Bitdefender\Bitdefender Security\otengines_001_001\ashttpbr.mdl
2017-07-19 11:10 - 2017-02-07 15:34 - 00541952 _____ () C:\Program Files\Bitdefender\Bitdefender Security\otengines_001_001\ashttpdsp.mdl
2017-07-19 11:10 - 2017-02-07 15:34 - 03243920 _____ () C:\Program Files\Bitdefender\Bitdefender Security\otengines_001_001\ashttpph.mdl
2017-07-19 11:10 - 2017-02-07 15:34 - 01544568 _____ () C:\Program Files\Bitdefender\Bitdefender Security\otengines_001_001\ashttprbl.mdl
2016-09-15 03:03 - 2017-07-11 07:41 - 00244928 _____ () C:\Program Files\COMODO\COMODO Internet Security\cmdcomps.dll
2017-03-18 16:58 - 2017-03-18 16:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-06-18 17:44 - 2017-06-18 17:44 - 00230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2017-07-19 09:20 - 2017-07-19 09:21 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-07-19 09:20 - 2017-07-19 09:21 - 00203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-07-19 09:20 - 2017-07-19 09:21 - 43573248 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-07-19 09:20 - 2017-07-19 09:21 - 02435584 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\skypert.dll
2017-07-19 10:29 - 2017-07-11 07:42 - 00156352 _____ () C:\Program Files\COMODO\COMODO Internet Security\cmdwrhlp.dll
2016-09-15 03:02 - 2017-07-11 07:40 - 00107200 _____ () C:\Program Files\COMODO\COMODO Internet Security\cavwpps.dll
2017-03-18 16:59 - 2017-03-18 22:31 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-07-19 11:01 - 2017-07-12 15:58 - 00746816 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-07-19 11:01 - 2017-07-12 15:58 - 01787200 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2017-07-19 11:01 - 2017-07-12 15:58 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-07-19 11:01 - 2017-07-12 15:58 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-07-19 11:01 - 2017-07-12 16:01 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-07-19 11:01 - 2017-07-12 15:58 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-07-19 11:01 - 2017-07-12 15:59 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-07-19 11:01 - 2017-07-12 15:58 - 00125904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-07-19 11:01 - 2017-07-12 15:58 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-07-19 11:01 - 2017-07-12 15:59 - 01862992 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-07-19 11:01 - 2017-07-12 15:59 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-07-19 11:01 - 2017-07-12 15:58 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-07-19 11:01 - 2017-07-12 15:58 - 00020432 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-07-19 11:01 - 2017-07-12 15:58 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-07-19 11:01 - 2017-07-12 15:58 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-07-19 11:01 - 2017-07-12 16:01 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-07-19 11:01 - 2017-07-12 15:59 - 00062784 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-07-19 11:01 - 2017-07-12 15:59 - 00040248 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-07-19 11:01 - 2017-07-12 15:58 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-07-19 11:01 - 2017-07-12 15:58 - 00392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-07-19 11:01 - 2017-07-12 15:58 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-07-19 11:01 - 2017-07-12 15:58 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-07-19 11:01 - 2017-07-12 16:01 - 00392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-07-19 11:01 - 2017-07-12 15:58 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-07-19 11:01 - 2017-07-12 16:01 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-07-19 11:01 - 2017-07-12 15:58 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-07-19 11:01 - 2017-07-12 15:58 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-07-19 11:01 - 2017-07-12 15:58 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-07-19 11:01 - 2017-07-12 15:58 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-07-19 11:01 - 2017-07-12 15:58 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-07-19 11:01 - 2017-07-12 15:58 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-07-19 11:01 - 2017-07-12 15:58 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-07-19 11:01 - 2017-07-12 15:59 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-07-19 11:01 - 2017-07-12 16:01 - 00082264 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2017-07-19 11:01 - 2017-07-12 16:01 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-07-19 11:01 - 2017-07-12 15:59 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-07-19 11:01 - 2017-07-12 16:00 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-07-19 11:01 - 2017-07-12 15:58 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-07-19 11:01 - 2017-07-12 15:59 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-07-19 11:01 - 2017-07-12 16:00 - 01972024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-07-19 11:01 - 2017-07-12 15:58 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-07-19 11:01 - 2017-07-12 16:00 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-07-19 11:01 - 2017-07-12 16:00 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-07-19 11:01 - 2017-07-12 16:00 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-07-19 11:01 - 2017-07-12 16:00 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-07-19 11:01 - 2017-07-12 16:00 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-07-19 11:01 - 2017-07-12 16:00 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-07-19 11:01 - 2017-07-12 15:58 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-07-19 11:01 - 2017-07-12 16:01 - 00054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-07-19 11:01 - 2017-07-12 16:01 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-07-19 11:01 - 2017-07-12 16:01 - 00069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-07-19 11:01 - 2017-07-12 16:01 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-07-19 11:01 - 2017-07-12 16:01 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-07-19 11:01 - 2017-07-12 16:01 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-07-19 11:01 - 2017-07-12 15:58 - 00349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-07-19 11:01 - 2017-07-12 16:00 - 00103232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2017-07-19 11:01 - 2017-07-12 16:01 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-07-19 11:01 - 2017-07-12 15:59 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-07-19 11:01 - 2017-07-12 15:58 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-07-19 11:01 - 2017-07-12 15:59 - 00033112 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-07-19 11:01 - 2017-07-12 15:58 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-07-19 11:01 - 2017-07-12 15:59 - 00181056 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-07-19 11:01 - 2017-07-12 16:01 - 00030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-07-19 11:01 - 2017-07-12 15:59 - 00024368 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-07-19 11:01 - 2017-07-12 15:59 - 01637688 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-07-19 11:01 - 2017-07-12 16:01 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-07-19 11:01 - 2017-07-12 16:01 - 00023368 _____ () C:\Program Files (x86)\Dropbox\Client\wincrashpad.compiled._Crashpad.pyd
2017-07-16 21:37 - 2017-07-16 21:37 - 00087024 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Nate\Desktop\AppGuardSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Nate\Desktop\AppGuardSetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Nate\Desktop\backup-www_laboroflovetv1_dev-2016_12_03-07_14pm-full-z8np5hzym3.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Nate\Desktop\Belarc_Advisor_v8.5c.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Nate\Desktop\Belarc_Advisor_v8.5c.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Nate\Desktop\bitdefender_windows_PaidActivation.exe:BDU [0]
AlternateDataStreams: C:\Users\Nate\Desktop\ccsetup512_slim.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Nate\Desktop\ccsetup512_slim.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Nate\Desktop\elementor-pro-1.2.4.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Nate\Desktop\id_rsa (1).ppk:$CmdZnID [26]
AlternateDataStreams: C:\Users\Nate\Desktop\L-112_42.pdf:$CmdZnID [26]
 
 
 
==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 07:47 - 2017-07-25 08:07 - 00004918 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost
0.0.0.0    a.ads1.msn.com
0.0.0.0    a.ads2.msads.net
0.0.0.0    a.ads2.msn.com
0.0.0.0    a.rad.msn.com
0.0.0.0    a-0001.a-msedge.net
0.0.0.0    a-0002.a-msedge.net
0.0.0.0    a-0003.a-msedge.net
0.0.0.0    a-0004.a-msedge.net
0.0.0.0    a-0005.a-msedge.net
0.0.0.0    a-0006.a-msedge.net
0.0.0.0    a-0007.a-msedge.net
0.0.0.0    a-0008.a-msedge.net
0.0.0.0    a-0009.a-msedge.net
0.0.0.0    ac3.msn.com
0.0.0.0    ad.doubleclick.net
0.0.0.0    adnexus.net
0.0.0.0    adnxs.com
0.0.0.0    ads.msn.com
0.0.0.0    ads1.msads.net
0.0.0.0    ads1.msn.com
0.0.0.0    aidps.atdmt.com
0.0.0.0    aka-cdn-ns.adtech.de
0.0.0.0    a-msedge.net
0.0.0.0    apps.skype.com
0.0.0.0    az361816.vo.msecnd.net
0.0.0.0    az512334.vo.msecnd.net
0.0.0.0    b.ads1.msn.com
0.0.0.0    b.ads2.msads.net
0.0.0.0    b.rad.msn.com

There are 80 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3808504719-902934913-2112380188-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{6080D14F-D690-4E39-8495-10E8304A3F71}] => (Allow) C:\Program Files (x86)\Opera\46.0.2597.46\opera.exe
FirewallRules: [{A0E5EC1B-7A60-4B0C-9441-828E80E4C145}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F72F2A78-642C-4F22-AF8A-3686D6C17904}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AE661E94-9F3A-4BCC-A2A9-9344ABC6E23B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{9E0714D6-6455-44CE-98EF-2CACF302647B}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{452CEA29-213F-4203-BEA0-6C40168CEDBC}] => (Allow) C:\Program Files (x86)\Opera\46.0.2597.57\opera.exe
FirewallRules: [{2A0F0BAC-6661-4C1C-AE68-69F92E9D76D5}] => (Allow) C:\Program Files\Ruiware\WinAntiRansom\WARSvc.exe
FirewallRules: [{CE564871-0F08-4275-8B39-1EFC87EDFAD9}] => (Allow) C:\Program Files\Ruiware\WinAntiRansom\WARSvc.exe
FirewallRules: [{B7EE726B-31E7-40CD-B8DA-97B8CFDA384A}] => (Allow) C:\Program Files\Ruiware\WinAntiRansom\WARSvc.exe
FirewallRules: [{DDC9C668-0B61-472B-9D07-A2801CFA4C78}] => (Allow) C:\Program Files\Ruiware\WinAntiRansom\WARSvc.exe
FirewallRules: [{EE5ABC68-AC92-45AB-AB62-5D2FD1BBEEBC}] => (Allow) C:\Program Files\Ruiware\WinAntiRansom\WARSvc.exe
FirewallRules: [{98AA4D82-F5C3-4833-8B18-0F65363CB2B9}] => (Allow) C:\Program Files\Ruiware\WinAntiRansom\WARSvc.exe
FirewallRules: [TCP Query User{422FFC56-F9FE-471B-9224-602EF38A195B}C:\xampplite\apache\bin\httpd.exe] => (Allow) C:\xampplite\apache\bin\httpd.exe
FirewallRules: [UDP Query User{62252AF2-5B60-43B3-B401-D738447C04A0}C:\xampplite\apache\bin\httpd.exe] => (Allow) C:\xampplite\apache\bin\httpd.exe
FirewallRules: [TCP Query User{5324E9A5-805D-4D50-9F84-90E27FBEA246}C:\xampplite\mysql\bin\mysqld.exe] => (Allow) C:\xampplite\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{43BE1AAA-F4D4-4654-90C7-A44E5F5B1071}C:\xampplite\mysql\bin\mysqld.exe] => (Allow) C:\xampplite\mysql\bin\mysqld.exe

==================== Restore Points =========================

19-07-2017 13:08:19 1stNewBackup!!
20-07-2017 13:20:04 Windows Modules Installer
21-07-2017 19:18:40 Windows Backup
22-07-2017 00:57:48 Windows Backup
22-07-2017 01:15:23 Windows Backup
25-07-2017 05:26:25 LatestBackup!!!

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/25/2017 08:18:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 54.0.1.6388, time stamp: 0x5953d1f8
Faulting module name: ntdll.dll, version: 10.0.15063.447, time stamp: 0xd51d5c5e
Exception code: 0xc0000005
Fault offset: 0x00042dd5
Faulting process id: 0x520
Faulting application start time: 0x01d3053f7684b905
Faulting application path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: a25f0af5-f202-432f-b508-d55809447cd0
Faulting package full name:
Faulting package-relative application ID:

Error: (07/25/2017 06:56:14 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-628Q94M)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/25/2017 05:27:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ODSW.exe, version: 22.0.8.108, time stamp: 0x595bac0c
Faulting module name: sciter.dll, version: 4.0.0.7, time stamp: 0x59146bc0
Exception code: 0xc0000005
Fault offset: 0x000000000018da1b
Faulting process id: 0x68
Faulting application start time: 0x01d305283d25c6e8
Faulting application path: C:\Program Files\Bitdefender\Bitdefender Security\ODSW.exe
Faulting module path: C:\Program Files\Bitdefender\Bitdefender Security\sciter.dll
Report Id: e328af8b-31eb-4712-a78e-70f6caa2fa6b
Faulting package full name:
Faulting package-relative application ID:

Error: (07/25/2017 05:22:55 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-628Q94M)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/25/2017 05:14:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ODSW.exe, version: 22.0.8.108, time stamp: 0x595bac0c
Faulting module name: sciter.dll, version: 4.0.0.7, time stamp: 0x59146bc0
Exception code: 0xc0000005
Fault offset: 0x000000000018da1b
Faulting process id: 0x13a0
Faulting application start time: 0x01d30526603e92fa
Faulting application path: C:\Program Files\Bitdefender\Bitdefender Security\ODSW.exe
Faulting module path: C:\Program Files\Bitdefender\Bitdefender Security\sciter.dll
Report Id: 01d46e43-6773-4b9a-9299-df06ef83c19d
Faulting package full name:
Faulting package-relative application ID:

Error: (07/25/2017 04:39:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 54.0.1.6388, time stamp: 0x5953d1f8
Faulting module name: ntdll.dll, version: 10.0.15063.447, time stamp: 0xd51d5c5e
Exception code: 0xc0000005
Fault offset: 0x00042dd5
Faulting process id: 0x1934
Faulting application start time: 0x01d30520f5755f3c
Faulting application path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 7b7a5355-80f8-4195-a7d6-dac99430b9bd
Faulting package full name:
Faulting package-relative application ID:

Error: (07/25/2017 01:07:53 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\Nate\Desktop\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.

Error: (07/25/2017 01:07:51 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\Nate\Desktop\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.

Error: (07/25/2017 01:03:48 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (07/25/2017 01:03:48 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000


System errors:
=============
Error: (07/25/2017 06:56:14 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-628Q94M)
Description: The server Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca did not register with DCOM within the required timeout.

Error: (07/25/2017 05:22:55 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-628Q94M)
Description: The server Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca did not register with DCOM within the required timeout.

Error: (07/25/2017 05:05:05 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The IntelSSTSvc service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (07/25/2017 05:05:05 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the IntelSSTSvc service to connect.

Error: (07/25/2017 05:04:37 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/25/2017 05:04:37 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/25/2017 05:04:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error:
The request is not supported.

Error: (07/25/2017 05:04:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AppXSvc service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (07/25/2017 05:04:08 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the AppXSvc service to connect.

Error: (07/25/2017 05:03:48 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000d1 (0xfffff8039b84a010, 0x00000000000000ff, 0x0000000000000000, 0xfffff80180978bc8). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 9cc0bd07-b341-4c14-9ee9-ed3c818fa4de.


CodeIntegrity:
===================================
  Date: 2017-07-25 05:23:34.678
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-07-25 05:07:23.919
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-07-25 05:05:16.691
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender Security\vsservp.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender Security\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-25 05:05:16.167
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-07-25 05:05:16.028
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-07-25 05:04:35.475
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-07-25 05:04:24.456
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender Security\vsserv.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-07-25 05:04:24.431
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender Security\vsserv.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-07-25 05:04:24.412
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-07-25 04:51:17.631
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i5-6200U CPU @ 2.30GHz
Percentage of memory in use: 21%
Total physical RAM: 20353.9 MB
Available physical RAM: 15972.14 MB
Total Virtual: 23809.9 MB
Available Virtual: 20289.7 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:930.11 GB) (Free:692.39 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 24CF9AA6)

Partition: GPT.

==================== End of Addition.txt ============================

Edited by Al1000, 26 July 2017 - 08:46 AM.
fix formatting


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:17 PM

Posted 28 July 2017 - 09:48 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zoek tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.
===

Also, please provide an update on how the computer is behaving after running the above script.

===

#3 nevans07

nevans07
  • Topic Starter

  • Members
  • 311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:17 PM

Posted 29 July 2017 - 02:03 AM

Hi Nasdaq!!

 

 Thank you for your response! I'm not sure how to tell if the program has finished. It''s been idle for the past 30 minutes. I assume it is finished. Also comodo said- zoek is trying to access my keyboard directly. I allowed it.

 

Very Best Regards,

Nathaniel Evans

 

Here is a copy/paste of the zoek log-

 

Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Nate on Sat 07/29/2017 at  2:11:53.68.
Microsoft Windows 10 Home 10.0.15063  x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Nate\Desktop\zoek.exe [Scan all users] [Script inserted] 
 
===== Runcheck  2:12:52.08 =====
 
--- Create Environment Variables  2:12:54.48 
--- Create System Restore Point  2:13:04.94 
--- Checking Input  2:13:43.09 
--- AU AppData Check  2:14:06.83 
--- Remove From Windows Installer  2:14:11.67 
--- Empty Folders Check  2:16:22.46 
--- Registry HKLM Software Check  2:16:22.53 
--- Quick Launch Shortcut Check  2:16:45.87 
--- IE Startpage Check  2:16:52.20 
--- Program Files DB Check  2:17:11.38 
--- C:\Users\Default\AppData DB Check  2:18:23.79 
--- C:\Users\defaultuser0\AppData DB Check  2:18:23.79 
--- C:\Users\Nate\AppData DB Check  2:18:23.79 
--- C:\WINDOWS\SysNative\config\systemprofile\AppData DB Check  2:18:23.79 
--- C:\WINDOWS\sysWoW64\config\systemprofile\AppData DB Check  2:18:23.79 
--- C:\WINDOWS\serviceprofiles\networkservice\AppData DB Check  2:18:23.79 
--- C:\WINDOWS\serviceprofiles\Localservice\AppData DB Check  2:18:23.79 
--- C:\Users\Nate DB Check  2:21:54.65 
--- C:\PROGRA~3 DB Check  2:22:25.57 
--- C:\Users\Default\AppData\Local DB Check  2:22:32.11 
--- C:\Users\Default User\AppData\Local DB Check  2:22:32.11 
--- C:\Users\defaultuser0\AppData\Local DB Check  2:22:32.11 
--- C:\Users\Nate\AppData\Local DB Check  2:22:32.11 
--- C:\WINDOWS\SysNative\config\systemprofile\AppData\Local DB Check  2:22:32.11 
--- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local DB Check  2:22:32.11 
--- C:\WINDOWS\serviceprofiles\networkservice\AppData\Local DB Check  2:22:32.11 
--- C:\WINDOWS\serviceprofiles\Localservice\AppData\Local DB Check  2:22:32.11 
--- C:\ProgramData\Microsoft\Windows\Start Menu\Programs DB Check  2:25:17.48 
--- C:\Users\Nate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs DB Check  2:25:32.98 
--- Tasks DB Check  2:25:42.99 
--- C:\Users\Nate\AppData\LocalLow DB Check  2:25:49.42 
--- C:\WINDOWS\SysNative\config\systemprofile\AppData\LocalLow DB Check  2:25:49.42 
--- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\LocalLow DB Check  2:25:49.42 
--- C:\WINDOWS\serviceprofiles\networkservice\AppData\LocalLow DB Check  2:25:49.42 
--- C:\WINDOWS\serviceprofiles\Localservice\AppData\LocalLow DB Check  2:25:49.42 
--- Tasks2 DB Check  2:27:06.82 
--- Documents DB Check  2:27:53.59 
--- Documents2 DB Check  2:28:06.65 
--- C:\Users\Nate\AppData\Roaming\Mozilla\Firefox\Profiles\eha9epo1.default DB Check  2:28:08.87 
--- C:\Users\Public\Desktop DB Check  2:28:12.45 
--- C:\Users\Nate\Desktop DB Check  2:28:26.01 
--- Services DB Check  2:28:46.13 
--- FF prefs.js DB Check  2:29:45.73 
--- Emptyclsid  2:30:52.96 
--- Del by CLSID  2:30:57.15 
--- Delete Services  2:31:48.82 
--- Firefox Fix  2:31:53.85 


#4 nevans07

nevans07
  • Topic Starter

  • Members
  • 311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:17 PM

Posted 29 July 2017 - 02:26 AM

Also comodo says Zoekbat.run is rying to modify a protected registry key. I blocked it.

 

I restarted Windows 10.

 

Ok. Now I see in the C drive Zoek-results.log

 

 
Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Nate on Sat 07/29/2017 at  2:11:53.68.
Microsoft Windows 10 Home 10.0.15063  x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Nate\Desktop\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
7/29/2017 2:13:40 AM Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfully
C:\PROGRA~3\Shared Space deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\Users\defaultuser0\AppData\LocalLow deleted successfully
C:\Users\Nate\AppData\Local\DBG deleted successfully
C:\Users\Nate\AppData\Local\VirtualStore deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 


#5 nevans07

nevans07
  • Topic Starter

  • Members
  • 311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:17 PM

Posted 29 July 2017 - 02:42 AM

Also something I forgot. I first noticed something was really wrong when after the initial sluggishness I tried to do a system restore. Restore would never complete. I would get AppX Staging Error. I then did a windows 10 clean installation disc. Then copied programs from my external backup t present time. Like i said before when i would try to run Gmer and aswMBR I would see a bunch of red colored hidden processes running saying it's potentially a rootkit. Then shortly after. The computer would shut off. Never completing the scan. 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:17 PM

Posted 29 July 2017 - 07:30 AM


Comodo must be disabled to run Zoek.

#7 nevans07

nevans07
  • Topic Starter

  • Members
  • 311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:17 PM

Posted 29 July 2017 - 11:08 AM

Ok thanks nasdaq! I disabled the containment and hips except firewall. Disabling firewall now.

#8 nevans07

nevans07
  • Topic Starter

  • Members
  • 311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:17 PM

Posted 29 July 2017 - 12:36 PM

Thank you so much! Here it is Nasdaq.
 
Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Nate on Sat 07/29/2017 at 12:47:14.39.
Microsoft Windows 10 Home 10.0.15063  x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Nate\Desktop\zoek.exe [Scan all users] [Script inserted] 
 
==== Older Logs ======================
 
C:\zoek-results2017-07-29-063153.log 1015 bytes
 
==== System Restore Info ======================
 
7/29/2017 12:50:27 PM Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\Users\Nate\AppData\Local\DBG deleted successfully
C:\Users\Nate\AppData\Local\VirtualStore deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== FireFox Fix ======================
 
Deleted from C:\Users\Nate\AppData\Roaming\Mozilla\Firefox\Profiles\eha9epo1.default\prefs.js:
 
Added to C:\Users\Nate\AppData\Roaming\Mozilla\Firefox\Profiles\eha9epo1.default\prefs.js:
 
==== Batch Command(s) Run By Tool======================
 
 
==== Deleting Files \ Folders ======================
 
C:\SDTE66B.tmp deleted
C:\install dsp v383.exe deleted
C:\PROGRA~3\InstallMate deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\Users\Nate\Downloads\wpsetup (5).exe deleted
C:\Users\Nate\AppData\Roaming\WinPatrol\WinAntiRansom\Upgrade\winantiransom-setup.exe deleted
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"bdwtwe@bitdefender.com"="C:\Program Files\Bitdefender\Bitdefender Security\bdwteff" [07/14/2017 12:45 PM]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"bdwtwe@bitdefender.com"="C:\Program Files\Bitdefender\Bitdefender Security\bdwteff" [07/14/2017 12:45 PM]
 
==== Firefox Extensions ======================
 
ProfilePath: C:\Users\Nate\AppData\Roaming\Mozilla\Firefox\Profiles\eha9epo1.default
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
 
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
 
==== Firefox Plugins ======================
 
 
==== Chromium Look ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gannpgaobkkhmpomoijebaigcapoeebl - No path found[]
 
Chrome Media Router - Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
 
==== Reset Google Chrome ======================
 
C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D7C29DFD-DD4C-4C58-B79F-E2B576142AF8} deleted successfully
 
==== Empty IE Cache ======================
 
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Nate\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Nate\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
 
==== Empty FireFox Cache ======================
 
C:\Users\Nate\AppData\Local\Mozilla\Firefox\Profiles\eha9epo1.default\cache2 emptied successfully
 
==== Empty Chrome Cache ======================
 
C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
No Flash Cache Found
 
==== Empty All Java Cache ======================
 
No Java Cache Found
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=28 folders=11 59018822 bytes)
 
==== Empty Temp Folders ======================
 
C:\WINDOWS\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\WINDOWS\Temp successfully emptied
C:\Users\Nate\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== EOF on Sat 07/29/2017 at 13:24:41.10 ======================


#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:17 PM

Posted 30 July 2017 - 07:14 AM

Any remaining issues?

#10 nevans07

nevans07
  • Topic Starter

  • Members
  • 311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:17 PM

Posted 30 July 2017 - 03:14 PM

So far so good! Thank you. Thank you Nasdaq!!!! :)

#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:17 PM

Posted 31 July 2017 - 06:59 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

#12 nevans07

nevans07
  • Topic Starter

  • Members
  • 311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:17 PM

Posted 31 July 2017 - 04:12 PM

Vsserv.exe is trying to change the current settings of your browser settings.

 

It said it's from Bitdefender. But I still had comodo block it.

 

What should I do?

 

Very Best Regards,

Nathaniel Evans



#13 nevans07

nevans07
  • Topic Starter

  • Members
  • 311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:17 PM

Posted 31 July 2017 - 04:26 PM

I have 65 svchost.exe in process explorer. Is this normal?



#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:17 PM

Posted 01 August 2017 - 07:25 AM

Check the Bitdefender settings.

https://www.bitdefender.com/support/what-is-the-vsserv-exe-process-1116.html

Let me know what issues you presently have with this computer.

#15 nevans07

nevans07
  • Topic Starter

  • Members
  • 311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:17 PM

Posted 02 August 2017 - 04:36 AM

It lasts a little longer. When I run GMER after a while it says Warning GMER has found hidden rootkit activity. It shows 8-10 hidden processes running. Then I press scan. It scans. After a while it suddenly shuts down and reboots. And says something about error help code?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users