Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Task Manager Closes Immediately


  • Please log in to reply
11 replies to this topic

#1 tank_dogg06

tank_dogg06

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio, USA
  • Local time:02:30 PM

Posted 12 August 2017 - 12:37 AM

I've been battling with a malware outbreak on this laptop for three days now so I don't have much energy left for long-winded explanations. I will just list the symptoms and what I've done to fight back. Some issues have been resolved but the task manager getting nuked tells me that something nasty is still active.

 

Symptoms:

 

Phantom clicking noises in the background. - I believe this was a trojan.clicker and has since been removed.

Ad audio playing in the background with no apps or browsers open - Again this issue has seemingly been resolved.

General sluggishness - It's an ancient laptop with very little space on the HDD so this might not be related to malware.

Task Manager closes on it's own in 1-2 seconds - Persisting

 

What I've used:

 

Malwarebytes Anti-Malware

Malwarebytes Anti-Rootkit

RogueKiller

TDSSKiller

ADWCleaner

Junkware Removal Tool

Malicious Software Removal Tool

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-08-2017
Ran by Schloss (administrator) on SCHLOSS-HP (12-08-2017 01:15:56)
Running from C:\Users\Schloss\Downloads
Loaded Profiles: Schloss (Available Profiles: Schloss)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DiscSoftBusService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-20] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-04-28] (Synaptics Incorporated)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291096 2011-12-05] (Intel Corporation)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [1047000 2017-05-16] (DivX, LLC)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.)
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1517128 2013-10-18] (Seagate Technology LLC)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKU\S-1-5-21-4086252664-3032547279-1749346797-1000\...\Run: [Google Update] => C:\Users\Schloss\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-27] (Google Inc.)
HKU\S-1-5-21-4086252664-3032547279-1749346797-1000\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [122984 2013-10-18] (Seagate Technology LLC)
HKU\S-1-5-21-4086252664-3032547279-1749346797-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9818328 2017-06-30] (Piriform Ltd)
HKU\S-1-5-21-4086252664-3032547279-1749346797-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files (x86)\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-4086252664-3032547279-1749346797-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-4086252664-3032547279-1749346797-1000\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-21-4086252664-3032547279-1749346797-1000\...\MountPoints2: {6071ea6b-388c-11e5-9bc3-a0b3cc463555} - "H:\autorun.exe" 
Startup: C:\Users\Schloss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\personalized.lnk [2017-08-09]
ShortcutTarget: personalized.lnk -> C:\Program Files (x86)\Timelessly\swingers.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{4506072b-2a35-4af9-8ba3-ce0d69cd9097}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{4993b6ef-6a07-4e62-b2c7-c30acda5ecb2}: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{d38b1b55-f2db-4aa5-b052-609d059b3c28}: [DhcpNameServer] 206.51.128.55 206.51.143.55
 
Internet Explorer:
==================
HKU\S-1-5-21-4086252664-3032547279-1749346797-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1
HKU\S-1-5-21-4086252664-3032547279-1749346797-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {75CE0AC9-B809-4964-AD95-5740A182D534} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {8F56FE25-6056-4E48-8F9D-09D0BEEBF26D} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-4086252664-3032547279-1749346797-1000 -> DefaultScope {8F56FE25-6056-4E48-8F9D-09D0BEEBF26D} URL = hxxp://www.bing.com/search?FORM=U217CD&PC=U217C&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4086252664-3032547279-1749346797-1000 -> {8F56FE25-6056-4E48-8F9D-09D0BEEBF26D} URL = hxxp://www.bing.com/search?FORM=U217CD&PC=U217C&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4086252664-3032547279-1749346797-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-4086252664-3032547279-1749346797-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-4086252664-3032547279-1749346797-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-06-30] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-18] (Microsoft Corporation)
BHO: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-06-09] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-19] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-07-18] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-19] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-30] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-30] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-30] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-30] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
 
FireFox:
========
FF DefaultProfile: akex1bkf.default
FF DefaultProfile: q6sx7rf7.default
FF ProfilePath: C:\Users\Schloss\AppData\Roaming\Mozilla\Firefox\Profiles\akex1bkf.default [2017-08-10]
FF Homepage: Mozilla\Firefox\Profiles\akex1bkf.default -> hxxps://www.google.com/
FF Extension: (Adblock Plus) - C:\Users\Schloss\AppData\Roaming\Mozilla\Firefox\Profiles\akex1bkf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-12-13]
FF ProfilePath: C:\Users\Schloss\AppData\Roaming\8pecxstudios\Cyberfox\Profiles\q6sx7rf7.default [2017-08-01]
FF Extension: (No Name) - C:\Users\Schloss\Documents\Vuze Downloads\RoomMates\App\Cyberfox\browser\features\CTR@8pecxstudios.com.xpi [not found]
FF Extension: (TrueSuite Website Logon) - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\websitelogon@truesuite.com [2016-12-15] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-09] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll [2013-06-07] ( HP)
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2013-10-01] (Citrix Systems, Inc.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2017-05-15] (DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-19] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-06-09] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-06-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4086252664-3032547279-1749346797-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Schloss\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-4086252664-3032547279-1749346797-1000: @talk.google.com/O1DPlugin -> C:\Users\Schloss\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-4086252664-3032547279-1749346797-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Schloss\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin HKU\S-1-5-21-4086252664-3032547279-1749346797-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Schloss\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin HKU\S-1-5-21-4086252664-3032547279-1749346797-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Schloss\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-12-13] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-05-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-05-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-05-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-05-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-05-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012-06-28] (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Schloss\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Schloss\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2013-09-12] <==== ATTENTION
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Schloss\AppData\Local\Google\Chrome\User Data\Default [2017-08-12]
CHR Extension: (Google Slides) - C:\Users\Schloss\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-19]
CHR Extension: (Duolingo on the Web) - C:\Users\Schloss\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2016-03-01]
CHR Extension: (Google Docs) - C:\Users\Schloss\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-19]
CHR Extension: (Google Drive) - C:\Users\Schloss\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (Dark Skin for Youtube™) - C:\Users\Schloss\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfeknfgchonpnofdjokchhdhdnddhglm [2017-04-28]
CHR Extension: (YouTube) - C:\Users\Schloss\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Twitter Web - Night Mode) - C:\Users\Schloss\AppData\Local\Google\Chrome\User Data\Default\Extensions\cadmiljohldbooihfbkjkobepojailca [2017-07-30]
CHR Extension: (Fate Stay Night Theme 02 - 1600x900) - C:\Users\Schloss\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdfcgmplcnmnfllbmnlkbheknoikfikg [2017-07-18]
CHR Extension: (Adblock Plus) - C:\Users\Schloss\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-14]
CHR Extension: (Google Search) - C:\Users\Schloss\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Tampermonkey) - C:\Users\Schloss\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-06-15]
CHR Extension: (Adobe Acrobat) - C:\Users\Schloss\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-10]
CHR Extension: (Google Sheets) - C:\Users\Schloss\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-19]
CHR Extension: (Google Docs Offline) - C:\Users\Schloss\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Google Hangouts) - C:\Users\Schloss\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2017-05-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Schloss\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Riff) - C:\Users\Schloss\AppData\Local\Google\Chrome\User Data\Default\Extensions\oghainoehknoddojmgnknpilleijgnmc [2017-08-11] [UpdateUrl: hxxps://www.riff.tv/extension/updates.json] <==== ATTENTION
CHR Extension: (Gmail) - C:\Users\Schloss\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\Schloss\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-10]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fegekclkdhbnfdcmomlpegkkndgnmfmo] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2013-04-01]
CHR HKLM-x32\...\Chrome\Extension: [jaaieiajnhcnimjgfmjpccjmmfkploci] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2013-04-01]
CHR HKLM-x32\...\Chrome\Extension: [kanflfepiobnpjbljmngfgegijhdpljm] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2013-04-01]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2016-12-28] (BitRaider, LLC)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4412104 2017-07-18] (Microsoft Corporation)
R3 Disc Soft Lite Bus Service; C:\Program Files (x86)\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-06-07] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321896 2017-07-06] (HP Inc.)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-21] (Electronic Arts)
S2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2013-10-18] (Seagate Technology LLC)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [253960 2016-04-28] (Synaptics Incorporated)
S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2015-08-02] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77376 2017-06-27] ()
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [188352 2017-08-10] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [101784 2017-08-12] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [45472 2017-08-12] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [253856 2017-08-12] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93600 2017-08-12] (Malwarebytes)
R1 MpKsl16fc22a7; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DEB00509-180F-4C23-B546-37F184798A53}\MpKsl16fc22a7.sys [44928 2017-08-12] (Microsoft Corporation)
R3 netr28x; C:\WINDOWS\System32\drivers\netr28x.sys [2537984 2017-03-18] (MediaTek Inc.)
S4 rjaty; C:\WINDOWS\System32\drivers\imofugc.sys [79064 2017-08-10] (Malwarebytes Corporation)
S3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-12-15] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [52904 2016-04-28] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30368 2017-06-21] (HP)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-12 01:15 - 2017-08-12 01:17 - 000032212 _____ C:\Users\Schloss\Downloads\FRST.txt
2017-08-12 01:15 - 2017-08-12 01:15 - 002381824 _____ (Farbar) C:\Users\Schloss\Downloads\FRST64.exe
2017-08-12 01:15 - 2017-08-12 01:15 - 000000000 ____D C:\FRST
2017-08-11 23:57 - 2017-08-12 00:27 - 000227974 _____ C:\WINDOWS\ntbtlog.txt
2017-08-10 05:06 - 2017-08-11 14:20 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-08-10 05:05 - 2017-08-11 19:16 - 000000000 ____D C:\ProgramData\RogueKiller
2017-08-10 05:04 - 2017-08-10 05:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-08-10 05:04 - 2017-08-10 05:04 - 000000000 ____D C:\Program Files\RogueKiller
2017-08-10 03:55 - 2017-08-12 00:58 - 000093600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-08-10 03:55 - 2017-08-12 00:51 - 000101784 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-08-10 03:55 - 2017-08-12 00:51 - 000045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-08-10 03:55 - 2017-08-10 03:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-08-10 03:55 - 2017-06-27 12:06 - 000077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-08-10 03:54 - 2017-08-10 03:54 - 000000000 ____D C:\Program Files\Malwarebytes
2017-08-10 03:19 - 2017-08-10 03:19 - 000311564 _____ C:\WINDOWS\Tasks\qurcl
2017-08-10 03:19 - 2017-08-10 03:19 - 000079064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\imofugc.sys
2017-08-10 00:51 - 2017-08-10 03:58 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-08-10 00:50 - 2017-08-12 00:51 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-08-10 00:50 - 2017-08-10 03:55 - 000188352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-08-09 23:58 - 2017-08-09 23:58 - 000000020 _____ C:\WINDOWS\b69359923
2017-08-09 23:58 - 2017-08-09 23:58 - 000000000 ____D C:\Users\Schloss\AppData\Roaming\et
2017-08-09 23:58 - 2017-08-09 23:58 - 000000000 ____D C:\Users\Schloss\AppData\Local\wirrmeas
2017-08-09 23:57 - 2017-08-09 23:57 - 000000000 ____D C:\Program Files (x86)\oxidants
2017-08-09 21:44 - 2017-08-09 23:35 - 000000000 ____D C:\Users\Schloss\AppData\Local\tyranoscript
2017-08-09 21:14 - 2017-08-09 22:59 - 320278430 _____ C:\Users\Schloss\Downloads\GondovirTown 0-3-0d.rar
2017-08-09 08:23 - 2017-07-31 22:38 - 000406544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-08-09 08:23 - 2017-07-31 22:36 - 002165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-08-09 08:23 - 2017-07-31 22:36 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-08-09 08:23 - 2017-07-31 22:34 - 000349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-08-09 08:23 - 2017-07-31 22:20 - 002956288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-08-09 08:23 - 2017-07-31 22:18 - 013841408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-08-09 08:23 - 2017-07-31 22:18 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-08-09 08:23 - 2017-07-31 22:13 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-08-09 08:23 - 2017-07-31 22:07 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-08-09 08:23 - 2017-07-31 22:07 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-08-09 08:23 - 2017-07-31 22:03 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-08-09 08:23 - 2017-07-31 21:30 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-08-09 08:23 - 2017-07-28 01:07 - 000805816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-08-09 08:23 - 2017-07-28 00:48 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-08-09 08:23 - 2017-07-28 00:36 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-08-09 08:23 - 2017-07-28 00:36 - 002424024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-08-09 08:23 - 2017-07-28 00:36 - 001195760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-08-09 08:23 - 2017-07-28 00:36 - 000864248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-08-09 08:23 - 2017-07-28 00:35 - 000988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-08-09 08:23 - 2017-07-28 00:33 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-08-09 08:23 - 2017-07-28 00:20 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IpNatHlpClient.dll
2017-08-09 08:23 - 2017-07-28 00:18 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2017-08-09 08:23 - 2017-07-28 00:16 - 001291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-08-09 08:23 - 2017-07-28 00:15 - 005721600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-08-09 08:23 - 2017-07-28 00:14 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-08-09 08:23 - 2017-07-28 00:14 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-08-09 08:23 - 2017-07-28 00:13 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-08-09 08:23 - 2017-07-28 00:12 - 000337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-08-09 08:23 - 2017-07-28 00:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-08-09 08:23 - 2017-07-28 00:11 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-08-09 08:23 - 2017-07-28 00:10 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-08-09 08:23 - 2017-07-28 00:09 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-08-09 08:23 - 2017-07-28 00:08 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-08-09 08:23 - 2017-07-28 00:08 - 004056064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-08-09 08:23 - 2017-07-28 00:08 - 000760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-08-09 08:22 - 2017-07-31 22:36 - 000119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-08-09 08:22 - 2017-07-31 22:35 - 000280472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-08-09 08:22 - 2017-07-31 22:35 - 000133904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-08-09 08:22 - 2017-07-31 22:34 - 000610584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-08-09 08:22 - 2017-07-31 22:34 - 000359552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-08-09 08:22 - 2017-07-31 22:34 - 000168864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-08-09 08:22 - 2017-07-31 22:32 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-08-09 08:22 - 2017-07-31 22:31 - 000176024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-08-09 08:22 - 2017-07-31 22:20 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-08-09 08:22 - 2017-07-31 22:20 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-08-09 08:22 - 2017-07-31 22:17 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll
2017-08-09 08:22 - 2017-07-31 22:14 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sscore.dll
2017-08-09 08:22 - 2017-07-31 22:13 - 020504064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-08-09 08:22 - 2017-07-31 22:13 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll
2017-08-09 08:22 - 2017-07-31 22:12 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-08-09 08:22 - 2017-07-31 22:10 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-08-09 08:22 - 2017-07-31 22:09 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-08-09 08:22 - 2017-07-31 22:08 - 000267264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2017-08-09 08:22 - 2017-07-31 22:06 - 000798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-08-09 08:22 - 2017-07-31 21:34 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-08-09 08:22 - 2017-07-31 21:28 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-08-09 08:22 - 2017-07-31 18:45 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2017-08-09 08:22 - 2017-07-31 18:45 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswdat10.dll
2017-08-09 08:22 - 2017-07-31 18:45 - 000641536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-08-09 08:22 - 2017-07-31 18:45 - 000616448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrepl40.dll
2017-08-09 08:22 - 2017-07-31 18:45 - 000518144 _____ C:\WINDOWS\SysWOW64\msjetoledb40.dll
2017-08-09 08:22 - 2017-07-31 18:45 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2017-08-09 08:22 - 2017-07-31 18:45 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2017-08-09 08:22 - 2017-07-31 18:45 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2017-08-09 08:22 - 2017-07-31 18:45 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-08-09 08:22 - 2017-07-31 18:45 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2017-08-09 08:22 - 2017-07-31 18:45 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjtes40.dll
2017-08-09 08:22 - 2017-07-31 18:45 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstext40.dll
2017-08-09 08:22 - 2017-07-31 18:45 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2017-08-09 08:22 - 2017-07-31 18:45 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-08-09 08:22 - 2017-07-31 18:45 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjter40.dll
2017-08-09 08:22 - 2017-07-28 01:23 - 000723360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2017-08-09 08:22 - 2017-07-28 01:20 - 000279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-08-09 08:22 - 2017-07-28 01:15 - 000554400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-08-09 08:22 - 2017-07-28 01:10 - 002679200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-08-09 08:22 - 2017-07-28 00:48 - 000096648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-08-09 08:22 - 2017-07-28 00:47 - 002259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-08-09 08:22 - 2017-07-28 00:40 - 005820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-08-09 08:22 - 2017-07-28 00:40 - 000551200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2017-08-09 08:22 - 2017-07-28 00:38 - 004213656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2017-08-09 08:22 - 2017-07-28 00:37 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-08-09 08:22 - 2017-07-28 00:36 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-08-09 08:22 - 2017-07-28 00:36 - 006761568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-08-09 08:22 - 2017-07-28 00:36 - 000866808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2017-08-09 08:22 - 2017-07-28 00:36 - 000173104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2017-08-09 08:22 - 2017-07-28 00:36 - 000090464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.dll
2017-08-09 08:22 - 2017-07-28 00:35 - 000277432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shlwapi.dll
2017-08-09 08:22 - 2017-07-28 00:33 - 000967584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2017-08-09 08:22 - 2017-07-28 00:33 - 000414296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2017-08-09 08:22 - 2017-07-28 00:27 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2017-08-09 08:22 - 2017-07-28 00:26 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
2017-08-09 08:22 - 2017-07-28 00:24 - 000184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2017-08-09 08:22 - 2017-07-28 00:21 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-08-09 08:22 - 2017-07-28 00:21 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll
2017-08-09 08:22 - 2017-07-28 00:20 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-08-09 08:22 - 2017-07-28 00:19 - 000942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-08-09 08:22 - 2017-07-28 00:19 - 000417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-08-09 08:22 - 2017-07-28 00:19 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2017-08-09 08:22 - 2017-07-28 00:19 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2017-08-09 08:22 - 2017-07-28 00:17 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-08-09 08:22 - 2017-07-28 00:16 - 000470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-08-09 08:22 - 2017-07-28 00:16 - 000383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-08-09 08:22 - 2017-07-28 00:16 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qasf.dll
2017-08-09 08:22 - 2017-07-28 00:15 - 000586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2017-08-09 08:22 - 2017-07-28 00:14 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2017-08-09 08:22 - 2017-07-28 00:13 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2017-08-09 08:22 - 2017-07-28 00:13 - 000665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-08-09 08:22 - 2017-07-28 00:12 - 000952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-08-09 08:22 - 2017-07-28 00:12 - 000587776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-08-09 08:22 - 2017-07-28 00:12 - 000446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-08-09 08:22 - 2017-07-28 00:10 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-08-09 08:22 - 2017-07-28 00:10 - 000564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shsvcs.dll
2017-08-09 08:22 - 2017-07-28 00:08 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-08-09 08:22 - 2017-07-28 00:08 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2017-08-09 08:22 - 2017-07-28 00:07 - 002211840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-08-09 08:22 - 2017-07-28 00:05 - 001536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-08-09 08:22 - 2017-07-28 00:05 - 000892928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-08-09 08:22 - 2017-07-28 00:05 - 000538112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2017-08-09 08:22 - 2017-07-28 00:02 - 000877056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
2017-08-09 08:22 - 2017-07-28 00:02 - 000853504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe
2017-08-09 08:22 - 2017-07-28 00:02 - 000077312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spbcd.dll
2017-08-09 08:21 - 2017-07-31 22:39 - 008319392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-08-09 08:21 - 2017-07-31 22:38 - 000382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-08-09 08:21 - 2017-07-31 22:32 - 002444704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-08-09 08:21 - 2017-07-31 22:32 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-08-09 08:21 - 2017-07-31 22:31 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-08-09 08:21 - 2017-07-31 22:31 - 002645680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-08-09 08:21 - 2017-07-31 22:31 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-08-09 08:21 - 2017-07-31 22:30 - 000723680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-08-09 08:21 - 2017-07-31 22:30 - 000410160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-08-09 08:21 - 2017-07-31 22:30 - 000315288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-08-09 08:21 - 2017-07-31 22:30 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-08-09 08:21 - 2017-07-31 22:30 - 000143736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-08-09 08:21 - 2017-07-31 22:16 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-08-09 08:21 - 2017-07-31 22:12 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-08-09 08:21 - 2017-07-31 22:07 - 011870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-08-09 08:21 - 2017-07-31 22:04 - 006269440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-08-09 08:21 - 2017-07-31 22:04 - 003656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-08-09 08:21 - 2017-07-31 21:57 - 023677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-08-09 08:21 - 2017-07-31 21:45 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-08-09 08:21 - 2017-07-31 21:41 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-08-09 08:21 - 2017-07-31 21:40 - 017366528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-08-09 08:21 - 2017-07-31 21:37 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-08-09 08:21 - 2017-07-31 21:36 - 023681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-08-09 08:21 - 2017-07-31 21:35 - 000692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-08-09 08:21 - 2017-07-31 21:32 - 007336960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-08-09 08:21 - 2017-07-31 21:32 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-08-09 08:21 - 2017-07-31 21:31 - 012786176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-08-09 08:21 - 2017-07-31 21:31 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-08-09 08:21 - 2017-07-31 21:31 - 001396736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-08-09 08:21 - 2017-07-31 21:30 - 008209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-08-09 08:21 - 2017-07-31 21:30 - 001052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-08-09 08:21 - 2017-07-31 21:28 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-08-09 08:21 - 2017-07-31 21:27 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-08-09 08:21 - 2017-07-28 01:30 - 001068720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-08-09 08:21 - 2017-07-28 01:25 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-08-09 08:21 - 2017-07-28 01:24 - 002327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-08-09 08:21 - 2017-07-28 01:24 - 000455584 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2017-08-09 08:21 - 2017-07-28 01:24 - 000116280 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll
2017-08-09 08:21 - 2017-07-28 01:23 - 002969888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-08-09 08:21 - 2017-07-28 01:22 - 000923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-08-09 08:21 - 2017-07-28 01:17 - 000660680 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2017-08-09 08:21 - 2017-07-28 01:16 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-08-09 08:21 - 2017-07-28 01:15 - 005302968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2017-08-09 08:21 - 2017-07-28 01:14 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-08-09 08:21 - 2017-07-28 01:13 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-08-09 08:21 - 2017-07-28 01:13 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-08-09 08:21 - 2017-07-28 01:13 - 002604248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-08-09 08:21 - 2017-07-28 01:13 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-08-09 08:21 - 2017-07-28 01:13 - 001033544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2017-08-09 08:21 - 2017-07-28 01:12 - 001337856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-08-09 08:21 - 2017-07-28 01:12 - 001325968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-08-09 08:21 - 2017-07-28 01:09 - 000529992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2017-08-09 08:21 - 2017-07-28 01:09 - 000527976 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2017-08-09 08:21 - 2017-07-28 01:09 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-08-09 08:21 - 2017-07-28 00:48 - 000100232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcd.dll
2017-08-09 08:21 - 2017-07-28 00:29 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-08-09 08:21 - 2017-07-28 00:26 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2017-08-09 08:21 - 2017-07-28 00:26 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-08-09 08:21 - 2017-07-28 00:25 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2017-08-09 08:21 - 2017-07-28 00:25 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-08-09 08:21 - 2017-07-28 00:25 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-08-09 08:21 - 2017-07-28 00:24 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2017-08-09 08:21 - 2017-07-28 00:24 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-08-09 08:21 - 2017-07-28 00:23 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-08-09 08:21 - 2017-07-28 00:23 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2017-08-09 08:21 - 2017-07-28 00:23 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-08-09 08:21 - 2017-07-28 00:22 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2017-08-09 08:21 - 2017-07-28 00:22 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
2017-08-09 08:21 - 2017-07-28 00:22 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-08-09 08:21 - 2017-07-28 00:21 - 008333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-08-09 08:21 - 2017-07-28 00:21 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-08-09 08:21 - 2017-07-28 00:21 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-08-09 08:21 - 2017-07-28 00:20 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-08-09 08:21 - 2017-07-28 00:19 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-08-09 08:21 - 2017-07-28 00:19 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-08-09 08:21 - 2017-07-28 00:19 - 000687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-08-09 08:21 - 2017-07-28 00:19 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-08-09 08:21 - 2017-07-28 00:19 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2017-08-09 08:21 - 2017-07-28 00:19 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-08-09 08:21 - 2017-07-28 00:18 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-08-09 08:21 - 2017-07-28 00:18 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-08-09 08:21 - 2017-07-28 00:18 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-08-09 08:21 - 2017-07-28 00:18 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-08-09 08:21 - 2017-07-28 00:17 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-08-09 08:21 - 2017-07-28 00:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-08-09 08:21 - 2017-07-28 00:17 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-08-09 08:21 - 2017-07-28 00:16 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-08-09 08:21 - 2017-07-28 00:15 - 003204608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-08-09 08:21 - 2017-07-28 00:14 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-08-09 08:21 - 2017-07-28 00:14 - 001305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-08-09 08:21 - 2017-07-28 00:13 - 004535296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-08-09 08:21 - 2017-07-28 00:13 - 000809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-08-09 08:21 - 2017-07-28 00:12 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-08-09 08:21 - 2017-07-28 00:12 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-08-09 08:21 - 2017-07-28 00:12 - 002939392 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-08-09 08:21 - 2017-07-28 00:12 - 002444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-08-09 08:21 - 2017-07-28 00:12 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-08-09 08:21 - 2017-07-28 00:11 - 001357312 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-08-09 08:21 - 2017-07-28 00:10 - 001706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-08-09 08:21 - 2017-07-28 00:10 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-08-09 08:21 - 2017-07-28 00:07 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2017-08-09 08:21 - 2017-07-28 00:07 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2017-08-09 08:21 - 2017-07-28 00:07 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2017-08-09 08:21 - 2017-07-28 00:07 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
2017-08-09 08:21 - 2017-07-28 00:06 - 001833984 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2017-08-09 08:20 - 2017-07-31 22:33 - 000473240 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-08-09 08:20 - 2017-07-31 22:30 - 000411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-08-09 08:20 - 2017-07-31 22:30 - 000082336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2017-08-09 08:20 - 2017-07-31 22:26 - 000204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-08-09 08:20 - 2017-07-31 21:45 - 001275392 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-08-09 08:20 - 2017-07-31 21:45 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-08-09 08:20 - 2017-07-31 21:45 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-08-09 08:20 - 2017-07-31 21:44 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-08-09 08:20 - 2017-07-31 21:44 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2017-08-09 08:20 - 2017-07-31 21:44 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-08-09 08:20 - 2017-07-31 21:42 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-08-09 08:20 - 2017-07-31 21:41 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2017-08-09 08:20 - 2017-07-31 21:41 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
2017-08-09 08:20 - 2017-07-31 21:40 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2017-08-09 08:20 - 2017-07-31 21:39 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
2017-08-09 08:20 - 2017-07-31 21:38 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll
2017-08-09 08:20 - 2017-07-31 21:38 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvcext.dll
2017-08-09 08:20 - 2017-07-31 21:37 - 000582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2017-08-09 08:20 - 2017-07-31 21:37 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-08-09 08:20 - 2017-07-31 21:33 - 001269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-08-09 08:20 - 2017-07-31 21:33 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2017-08-09 08:20 - 2017-07-31 21:30 - 002055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-08-09 08:20 - 2017-07-31 21:30 - 000303104 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2017-08-09 08:20 - 2017-07-31 21:27 - 000574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2017-08-09 08:20 - 2017-07-31 21:27 - 000482816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2017-08-09 08:20 - 2017-07-31 21:26 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2017-08-09 08:20 - 2017-07-31 21:25 - 000249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
2017-08-09 08:20 - 2017-07-31 21:25 - 000194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2017-08-09 08:20 - 2017-07-31 21:25 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2017-08-09 08:20 - 2017-07-28 01:24 - 000119904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-08-09 08:20 - 2017-07-28 01:16 - 000961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-08-09 08:20 - 2017-07-28 01:15 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-08-09 08:20 - 2017-07-28 01:15 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-08-09 08:20 - 2017-07-28 01:14 - 000318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-08-09 08:20 - 2017-07-28 01:13 - 000192264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2017-08-09 08:20 - 2017-07-28 01:13 - 000104432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.dll
2017-08-09 08:20 - 2017-07-28 01:12 - 021353208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-08-09 08:20 - 2017-07-28 01:12 - 000323936 _____ (Microsoft Corporation) C:\WINDOWS\system32\shlwapi.dll
2017-08-09 08:20 - 2017-07-28 01:10 - 001114528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2017-08-09 08:20 - 2017-07-28 00:31 - 003995136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2017-08-09 08:20 - 2017-07-28 00:30 - 001722880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll
2017-08-09 08:20 - 2017-07-28 00:29 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-08-09 08:20 - 2017-07-28 00:26 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ofdeploy.exe
2017-08-09 08:20 - 2017-07-28 00:26 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\IpNatHlpClient.dll
2017-08-09 08:20 - 2017-07-28 00:25 - 003464704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2017-08-09 08:20 - 2017-07-28 00:24 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-08-09 08:20 - 2017-07-28 00:24 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-08-09 08:20 - 2017-07-28 00:22 - 000778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-08-09 08:20 - 2017-07-28 00:22 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-08-09 08:20 - 2017-07-28 00:22 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-08-09 08:20 - 2017-07-28 00:22 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2017-08-09 08:20 - 2017-07-28 00:22 - 000197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-08-09 08:20 - 2017-07-28 00:21 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2017-08-09 08:20 - 2017-07-28 00:21 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\qasf.dll
2017-08-09 08:20 - 2017-07-28 00:20 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2017-08-09 08:20 - 2017-07-28 00:19 - 000817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2017-08-09 08:20 - 2017-07-28 00:19 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2017-08-09 08:20 - 2017-07-28 00:18 - 001298432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2017-08-09 08:20 - 2017-07-28 00:18 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-08-09 08:20 - 2017-07-28 00:18 - 000777216 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-08-09 08:20 - 2017-07-28 00:17 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-08-09 08:20 - 2017-07-28 00:17 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2017-08-09 08:20 - 2017-07-28 00:15 - 000986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-08-09 08:20 - 2017-07-28 00:15 - 000612864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsvcs.dll
2017-08-09 08:20 - 2017-07-28 00:13 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-08-09 08:20 - 2017-07-28 00:13 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-08-09 08:20 - 2017-07-28 00:09 - 000971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-08-09 08:20 - 2017-07-28 00:09 - 000579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2017-08-09 08:20 - 2017-07-28 00:08 - 000600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-08-09 08:20 - 2017-07-28 00:06 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2017-08-09 08:20 - 2017-07-28 00:06 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\spbcd.dll
2017-08-09 08:20 - 2017-07-28 00:05 - 001525760 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-08-09 08:20 - 2017-07-28 00:05 - 001087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-08-09 08:20 - 2017-07-28 00:05 - 000954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2017-08-09 08:20 - 2017-07-28 00:05 - 000926208 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
2017-08-09 08:20 - 2017-07-28 00:05 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll
2017-08-05 23:24 - 2017-08-05 23:24 - 000000000 ____D C:\Users\Schloss\AppData\Local\DBG
2017-08-02 16:55 - 2017-08-02 16:55 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2017-07-29 12:51 - 2017-08-10 01:08 - 000000000 ____D C:\Program Files\PrincessEvangileWHappiness
2017-07-28 22:47 - 2017-07-28 22:58 - 000000000 ____D C:\Program Files\WagamamaHighSpecUncensored
2017-07-27 13:50 - 2017-07-27 13:50 - 000003372 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4086252664-3032547279-1749346797-1000
2017-07-13 15:40 - 2017-07-13 15:40 - 000000000 ____D C:\Users\Schloss\AppData\Local\Elisa
2017-07-13 15:40 - 2017-07-13 15:40 - 000000000 ____D C:\Users\Schloss\AppData\Local\Chromium
2017-07-13 15:38 - 2017-07-13 15:40 - 000000000 ____D C:\Program Files\ElisaTheInnkeeperUncensored
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-12 01:10 - 2013-12-26 20:31 - 000000000 ____D C:\Users\Schloss\Documents\Vuze Downloads
2017-08-12 01:04 - 2017-06-30 22:24 - 000003262 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForSchloss
2017-08-12 01:04 - 2017-05-19 23:50 - 000000362 _____ C:\WINDOWS\Tasks\HPCeeScheduleForSchloss.job
2017-08-12 01:03 - 2016-12-17 00:49 - 000000000 ____D C:\Users\Schloss\Downloads\Tools
2017-08-12 01:03 - 2012-10-04 05:22 - 000000000 ____D C:\Users\Schloss\AppData\Local\CrashDumps
2017-08-12 01:00 - 2017-06-30 22:24 - 000004162 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{133BCE4C-D2C0-493D-A3DE-477144553FE5}
2017-08-12 00:54 - 2012-09-01 12:29 - 000000000 ____D C:\Users\Schloss\Documents\Youcam
2017-08-12 00:52 - 2015-07-31 11:31 - 000000000 __SHD C:\Users\Schloss\IntelGraphicsProfiles
2017-08-12 00:51 - 2012-09-01 15:51 - 000000000 ____D C:\Users\Schloss\AppData\LocalLow\AuthenTec
2017-08-12 00:50 - 2017-06-30 22:24 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-08-12 00:49 - 2017-03-18 07:40 - 001572864 _____ C:\WINDOWS\system32\config\BBI
2017-08-12 00:48 - 2017-06-30 21:51 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-08-11 21:53 - 2014-09-19 18:06 - 000000000 ____D C:\Program Files (x86)\VMLaunch
2017-08-11 17:48 - 2017-03-18 17:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-08-11 17:48 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-08-11 13:13 - 2012-09-28 23:47 - 140394280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-08-11 06:35 - 2012-11-27 01:13 - 000000000 ____D C:\Users\Schloss\AppData\Roaming\vlc
2017-08-10 13:14 - 2017-06-30 22:22 - 001100664 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-08-10 12:35 - 2017-06-30 21:57 - 000000000 ____D C:\Users\Schloss
2017-08-10 06:48 - 2009-07-13 23:20 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-08-10 03:54 - 2013-07-01 17:51 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-08-10 03:21 - 2017-03-18 07:40 - 017039360 _____ C:\WINDOWS\system32\config\HARDWARE
2017-08-10 03:17 - 2016-10-06 05:41 - 000000000 ____D C:\Program Files (x86)\Medieval II - Total War
2017-08-10 01:04 - 2017-06-30 22:24 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-08-10 01:01 - 2015-11-02 17:43 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-08-10 00:22 - 2015-07-31 11:31 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-08-10 00:18 - 2017-03-18 17:01 - 000000000 ____D C:\WINDOWS\INF
2017-08-10 00:15 - 2017-06-30 21:51 - 000457744 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-08-10 00:15 - 2012-09-23 11:27 - 000000346 _____ C:\WINDOWS\Tasks\HPCeeScheduleForSCHLOSS-HP$.job
2017-08-10 00:10 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2017-08-10 00:09 - 2017-03-18 17:03 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-08-10 00:09 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2017-08-10 00:09 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-08-10 00:09 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-08-10 00:09 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-08-10 00:09 - 2017-03-18 17:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-08-10 00:09 - 2017-03-18 17:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-08-10 00:03 - 2013-12-26 20:39 - 000000000 ____D C:\Users\Schloss\AppData\Roaming\Azureus
2017-08-10 00:00 - 2013-06-29 05:24 - 000000000 ____D C:\Users\Schloss\AppData\Roaming\Skype
2017-08-09 21:40 - 2015-07-31 11:31 - 000000000 ____D C:\Users\Schloss\AppData\Local\Packages
2017-08-09 17:54 - 2012-02-17 20:08 - 000000000 ____D C:\ProgramData\Skype
2017-08-09 08:40 - 2017-03-18 16:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-08-09 08:34 - 2013-08-10 03:00 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-08-09 01:19 - 2017-06-30 22:24 - 000004546 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-08-09 01:19 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-08-09 01:19 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-08-07 14:36 - 2016-04-14 00:07 - 000002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-07 12:35 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-08-05 21:24 - 2017-06-30 22:24 - 000003272 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForSCHLOSS-HP$
2017-08-01 05:14 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-08-01 05:14 - 2016-04-04 21:50 - 000000000 ____D C:\Users\Schloss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nocturnal Illusion for Windows95
2017-08-01 05:14 - 2013-09-12 22:03 - 000000000 ____D C:\Users\Schloss\AppData\Roaming\DAEMON Tools Lite
2017-08-01 04:48 - 2016-05-29 08:01 - 000000000 ____D C:\Users\Schloss\AppData\Local\Facebook
2017-08-01 04:47 - 2012-02-17 19:58 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2017-08-01 04:45 - 2012-02-17 19:58 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eReaders and Document Viewers
2017-08-01 04:37 - 2016-01-22 17:31 - 000000000 ____D C:\Program Files (x86)\BioWare
2017-07-31 11:15 - 2017-03-18 17:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-07-31 11:15 - 2017-03-18 17:06 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-07-30 19:34 - 2016-09-21 17:53 - 000000000 ____D C:\Users\Schloss\Downloads\Torrents
2017-07-30 19:21 - 2017-05-09 08:24 - 000000000 ____D C:\Users\Schloss\Downloads\Hatsukoi
2017-07-29 18:31 - 2015-09-14 00:01 - 000000000 ____D C:\Users\Schloss\Desktop\VN
2017-07-28 19:03 - 2012-09-30 15:43 - 000000000 ____D C:\Users\Schloss\AppData\Local\Adobe
2017-07-28 18:26 - 2012-02-17 20:08 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-07-28 06:22 - 2017-03-18 17:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-07-27 13:50 - 2015-07-31 11:39 - 000002413 _____ C:\Users\Schloss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-07-27 13:50 - 2014-03-25 01:29 - 000000000 ___RD C:\Users\Schloss\OneDrive
2017-07-26 22:12 - 2017-05-04 02:03 - 000000000 ____D C:\Users\Schloss\Desktop\Star Wars Books
2017-07-25 06:42 - 2014-09-29 11:19 - 000000000 ____D C:\Users\Schloss\AppData\Roaming\RenPy
2017-07-24 05:04 - 2015-12-10 04:27 - 000000000 ____D C:\Users\Schloss\AppData\Roaming\CDisplayEx
2017-07-22 03:26 - 2017-02-05 02:30 - 000000000 ____D C:\Program Files\SakuraAgentUncensored
2017-07-20 23:51 - 2013-11-14 01:16 - 000000000 ____D C:\Users\Schloss\AppData\Local\ElevatedDiagnostics
2017-07-14 20:53 - 2015-08-21 18:08 - 000000000 ____D C:\Users\Schloss\Desktop\Games
2017-07-13 17:54 - 2017-05-27 04:09 - 000000000 ____D C:\Users\Schloss\AppData\Roaming\NEKO WORKs
2017-07-13 03:33 - 2016-01-22 16:19 - 000000000 ____D C:\Users\Schloss\Downloads\BtWS Stuff
 
==================== Files in the root of some directories =======
 
2017-06-03 04:36 - 2017-06-27 02:23 - 000046375 _____ () C:\Users\Schloss\AppData\Roaming\downloads.json
2016-11-24 20:06 - 2017-07-06 02:23 - 000010240 _____ () C:\Users\Schloss\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-06-05 23:51 - 2017-06-05 23:51 - 000000839 _____ () C:\Users\Schloss\AppData\Local\recently-used.xbel
2015-05-01 13:58 - 2015-05-01 13:58 - 000000008 _____ () C:\ProgramData\-
2016-09-21 05:12 - 2016-09-21 05:12 - 000000370 _____ () C:\ProgramData\defraggler_list.txt
 
Files to move or delete:
====================
C:\Users\Schloss\h2format.exe
 
 
Some files in TEMP:
====================
2017-08-10 05:05 - 2017-06-20 02:10 - 001930320 _____ (Microsoft Corporation) C:\Users\Schloss\AppData\Local\Temp\dllnt_dump.dll
2017-08-01 23:33 - 2017-08-08 04:27 - 000035680 _____ () C:\Users\Schloss\AppData\Local\Temp\i4jdel0.exe
2017-08-09 15:18 - 2017-08-09 15:19 - 058782680 _____ (Skype Technologies S.A.) C:\Users\Schloss\AppData\Local\Temp\SkypeSetup.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-08-03 01:02
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-08-2017
Ran by Schloss (12-08-2017 01:18:42)
Running from C:\Users\Schloss\Downloads
Windows 10 Home Version 1703 (X64) (2017-07-01 02:36:45)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4086252664-3032547279-1749346797-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4086252664-3032547279-1749346797-503 - Limited - Disabled)
Guest (S-1-5-21-4086252664-3032547279-1749346797-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4086252664-3032547279-1749346797-1035 - Limited - Enabled)
Schloss (S-1-5-21-4086252664-3032547279-1749346797-1000 - Administrator - Enabled) => C:\Users\Schloss
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AC3Filter 2.5b (HKLM-x32\...\AC3Filter_is1) (Version: 2.5b - Alexander Vigovsky)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20093 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Age of Empires II HD The African Kingdoms (HKLM-x32\...\Age of Empires II HD The African Kingdoms_is1) (Version:  - )
Agent Ransack x64 (HKLM\...\{FD8C1365-2229-4F37-A126-558DB2471CBE}) (Version: 7.0.828.1 - Mythicsoft Ltd)
Amorous Professor Cherry v1.0 (HKLM-x32\...\{3D817632-AEA0-4B8A-8713-8FFD79CDDCA0}_is1) (Version:  - G-Collections.com)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
AuthenTec TrueAPI 64-bit (HKLM\...\{EBC0CC3F-B7A1-4FC8-8014-4C7BFD3925E8}) (Version: 1.6.0.87 - AuthenTec, Inc.) Hidden
Bazooka Cafe (HKLM-x32\...\Bazooka Cafe) (Version:  - )
Bejeweled 3 (HKLM-x32\...\WTA-0b104c12-dbb1-4c79-8b38-6c6e4ce325e3) (Version: 2.2.0.97 - WildTangent) Hidden
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
Blackhawk Striker 2 (HKLM-x32\...\WTA-acb1bb99-4941-412e-bf9e-4fde81dccaa2) (Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.32 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6623 - CDBurnerXP)
CDisplayEx 1.10.29 (HKLM\...\CDisplayEx_is1) (Version:  - Progdigy Software S.A.R.L.)
Chuzzle Deluxe (HKLM-x32\...\WTA-9f667811-0732-4527-95f9-64d01ffbd0d2) (Version: 2.2.0.95 - WildTangent) Hidden
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.0.0 - Citrix Systems, Inc.)
Combined Community Codec Pack 64bit 2015-10-18 (HKLM\...\Combined Community Codec Pack 64bit_is1) (Version: 2015.10.19.0 - CCCP Project)
Core Temp 1.8.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.8.1 - ALCPU)
Cradle of Rome 2 (HKLM-x32\...\WTA-a9a99d24-ebfb-4ee3-96d0-9d3fb8bdaaa2) (Version: 2.2.0.98 - WildTangent) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2.3603 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)
Defraggler (HKLM\...\Defraggler) (Version: 2.20 - Piriform)
Delete Virtual-Mate Launcher (HKLM-x32\...\{56C64E81-FC93-4cb9-9EBF-953662950D3B}_is1) (Version: 1.0.3 - Interlex Inc.)
DivX Setup (HKLM\...\DivX Setup) (Version: 3.0.0.239 - DivX, LLC)
DomDomSoft Manga Downloader (remove only) (HKLM-x32\...\DomDomSoft Manga Downloader) (Version:  - )
Dora's World Adventure (HKLM-x32\...\WTA-c030e614-dbb5-452b-b470-2b9abfaa13d0) (Version: 2.2.0.95 - WildTangent) Hidden
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{768A6276-5822-489C-8A2B-67190F745655}) (Version: 4.1.2 - Hewlett-Packard)
Farm Frenzy (HKLM-x32\...\WTA-e15f4cb9-6c89-4d42-896a-f7c1a31d0723) (Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (HKLM-x32\...\WTA-6fe14483-83c6-4c56-8c40-89b0f6532064) (Version: 2.2.0.98 - WildTangent) Hidden
Final Drive Fury (HKLM-x32\...\WTA-107fe714-24a7-4fe4-965b-229b8bd24b44) (Version: 2.2.0.95 - WildTangent) Hidden
Flvto YouTube Downloader (HKLM-x32\...\Flvto YouTube Downloader) (Version: 1.0.9 - Hotger)
GIMP 2.8.20 (HKLM\...\GIMP-2_is1) (Version: 2.8.20 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.90 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (HKLM-x32\...\WTA-bf81c8cb-944a-4194-aa55-728f5318c4a4) (Version: 2.2.0.95 - WildTangent) Hidden
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{3F122044-172F-4DC6-96CA-0DD4300E9CD9}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Launch Box (HKLM\...\{5A847522-375C-4D05-BD3D-88C450CC047F}) (Version: 1.1.5 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Security Assistant (HKLM\...\{ED6CD3AC-616B-4B20-BCF3-6E637B92A5AD}) (Version: 3.0.4 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15109.3899 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company)
HP SimplePass (HKLM-x32\...\{4BACA3B8-F63A-44ED-9A8D-48B4D02AD268}) (Version: 6.0.100.276 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{1DFA0C99-6E2E-46F4-B242-51C7CF41DDE5}) (Version: 4.5.12.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.4.19.3 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.7.27.15 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6418.0 - IDT)
Intel Driver Update Utility (HKLM-x32\...\{a699b395-cd93-4135-85ec-828113841355}) (Version: 2.2.0.6 - Intel)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Driver Update Utility 2.2.0.6 (HKLM-x32\...\{7B8CD972-B958-48BC-8727-7EE591A88AA5}) (Version: 2.2.0.1 - Intel) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.0.199 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
IrfanView 4.44 (64-bit) (HKLM\...\IrfanView64) (Version: 4.44 - Irfan Skiljan)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Jewel Match 3 (HKLM-x32\...\WTA-8740d9d4-6418-4275-81f2-1458f28145d0) (Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (HKLM-x32\...\WTA-dd291106-2fab-4e1b-af65-4e164bc65827) (Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (HKLM-x32\...\WTA-15b06ce9-f456-48f5-a2ef-ba521d3561be) (Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Katawa Shoujo (HKLM-x32\...\Katawa Shoujo) (Version:  - )
Koichoco English Patch 1.0 (HKLM-x32\...\Koichoco English Patch) (Version: 1.0 - Basic Translations)
Letters from Nowhere 2 (HKLM-x32\...\WTA-718e4272-b5d5-4463-b3b2-2d3ec6cc951a) (Version: 2.2.0.97 - WildTangent) Hidden
Littlewitch Romanesque version 1.0.1 (HKLM\...\{B0A1F661-51F3-47A2-ADFF-D3030D6008F0}_is1) (Version: 1.0.1 - JAST USA)
Luxor HD (HKLM-x32\...\WTA-caec18f3-e7ff-4b5d-ae15-78daa661c85a) (Version: 2.2.0.98 - WildTangent) Hidden
M4-78 Enhancement Project (HKLM-x32\...\The Sith Lords Restored Content Mod_is1) (Version:  - )
Mah Jong Medley (HKLM-x32\...\WTA-93467d49-48ca-421c-a6db-660a69d19f3f) (Version: 2.2.0.95 - WildTangent) Hidden
Majikoi English (HKU\S-1-5-21-4086252664-3032547279-1749346797-1000\...\Majikoi English) (Version: 1.0.0.0 - Unlimited Chat Works)
Majikoi S English (HKU\S-1-5-21-4086252664-3032547279-1749346797-1000\...\Majikoi S English) (Version: 1.0.0.0 - Maji Translations)
Maki Fes! version 1.0 (HKLM-x32\...\{A202F398-FDA7-4A76-BC28-24B211D94CAC}_is1) (Version: 1.0 - ErogeDownload)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Medieval II - Total War (HKLM-x32\...\Medieval II - Total War_is1) (Version:  - )
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office Access Runtime (English) 2007 (HKLM-x32\...\{90120000-001C-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.8229.2103 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4086252664-3032547279-1749346797-1000\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
Mozilla Firefox 50.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.0.2 (x86 en-US)) (Version: 50.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.0.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Muv-Luv Alternative DVD Ver. 1.0 (HKLM-x32\...\Muv-Luv Alternative DVD Ver.) (Version: 1.0 - Amaterasu Translations)
Muv-Luv DVD Ver. 1.0 (HKLM-x32\...\Muv-Luv DVD Ver.) (Version: 1.0 - Amaterasu Translations)
My Girlfriend is the President Fandisc version 1.0 (HKLM\...\{3F2FBAF3-0D18-4C79-A2C8-9A5B511F41FA}_is1) (Version: 1.0 - JAST USA)
New Relic .NET Agent (64-bit) (HKLM\...\{33C6E1EA-A0A4-4CED-B35E-BDC5785E2E3B}) (Version: 2.16.164.0 - New Relic)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8229.2103 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2103 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2103 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8201.2075 - Microsoft Corporation) Hidden
Online Plug-in (HKLM-x32\...\{F390D923-76F1-458E-8218-8C0C156CDCFD}) (Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
opensource (HKLM-x32\...\{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}) (Version: 1.0.14960.3876 - Your Company Name) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.5.2.2829 - Electronic Arts, Inc.)
Penguins! (HKLM-x32\...\WTA-f6c08ff1-4368-4f09-8a4c-4e56944d20f9) (Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-696100e5-ed64-4699-8835-d937a8d12a46) (Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (HKLM-x32\...\WTA-1995e512-b779-47b5-acb3-d6566b3e6c4a) (Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (HKLM-x32\...\WTA-c465c5c9-aee0-4502-8b40-e55867e6ce6a) (Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (HKLM-x32\...\WTA-6c389dfa-f219-4b27-bff4-1a47254cfef1) (Version: 2.2.0.98 - WildTangent) Hidden
Quartett! Standard Edition (HKLM-x32\...\InstallShield_{133FA1F4-EEFC-4E25-B7D0-FB9DE2EB2B2E}) (Version: 1.00.0000 - Littlewitch / MONOCHROMA Inc.)
Ralink RT5390R 802.11b/g/n Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.37.0 - Mediatek)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.29005 - Realtek Semiconductor Corp.)
RogueKiller version 12.11.9.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.9.0 - Adlice Software)
RollerCoaster Tycoon 3: Platinum (HKLM-x32\...\WTA-341039b8-b6b3-4bde-96de-32fd1e414649) (Version: 2.2.0.98 - WildTangent) Hidden
RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
Saya no Uta - The Song of Saya version 1.0 (HKLM-x32\...\{54BFE519-3276-4B64-A747-E89AEF5D9337}_is1) (Version: 1.0 - JAST USA)
Seagate Dashboard 2.0 (HKLM-x32\...\{43C423D9-E6D6-4607-ADC9-EBB54F690C57}) (Version: 2.2.42.0 - Seagate)
Self-service Plug-in (HKLM-x32\...\{47117FCA-0D00-4B6D-9D68-00B763629463}) (Version: 4.1.0.41738 - Citrix Systems, Inc.) Hidden
Shiny Days (HKLM-x32\...\Shiny Days1.0) (Version: 1.0 - JAST USA)
Skype™ 7.39 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.39.102 - Skype Technologies S.A.)
Star Wars® Knights of the Old Republic® II: The Sith Lords™ (HKLM-x32\...\{629F65FB-7F3C-4D66-A1C0-20722744B7B6}) (Version: 1.00.0000 - Obsidian)
Star Warsョ: Knights of the Old Republic ™ (HKLM-x32\...\{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}) (Version:  - )
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.98 - Synaptics Incorporated)
System Requirements Lab (HKLM-x32\...\{8DCAB1D8-F20C-4733-9B5F-646DDFEB59C9}) (Version: 6.1.1.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{C0484F40-2137-4C45-B044-937668C45DF0}) (Version: 6.1.6.0 - Husdawg, LLC)
System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)
The Sims™ 3 Кино Каталог (HKLM-x32\...\{D0087539-3C57-44E0-BEE7-D779D546CBE1}) (Version: 20.0.53 - Electronic Arts)
The Treasures of Mystery Island: The Ghost Ship (HKLM-x32\...\WTA-97c0eaca-b57a-4537-b4ef-c1bb6bd2c0d9) (Version: 2.2.0.98 - WildTangent) Hidden
Tokimeki Check in! (HKLM-x32\...\Tokimeki Check in!) (Version:  - )
Torchlight (HKLM-x32\...\WTA-231000ec-3ac6-4848-9457-07940d093afa) (Version: 2.2.0.98 - WildTangent) Hidden
Unity Web Player (HKU\S-1-5-21-4086252664-3032547279-1749346797-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
uPlayer (HKLM-x32\...\{06810DC6-3501-40FE-BCB3-1A7BE6398A36}) (Version: 1.0.0 - Full Spectrum Interactive)
Validity WBF DDK (HKLM\...\{DA83578A-7DB2-4CF6-9453-CF24C7917AB8}) (Version: 4.3.301.0 - Validity Sensors, Inc.)
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
Virtual Villagers 4 - The Tree of Life (HKLM-x32\...\WTA-acfc8311-629b-4a38-aa0e-c9df138dd60a) (Version: 2.2.0.98 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.7.5.0 - Azureus Software, Inc.)
WhoCrashed 5.00 (HKLM\...\WhoCrashed_is1) (Version:  - Resplendence Software Projects Sp.)
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.5.32 - WildTangent) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-4086252664-3032547279-1749346797-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 5.00 beta 6 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.6 - win.rar GmbH)
X-Change (HKLM-x32\...\X-Change) (Version:  - )
X-Change 2 (HKLM-x32\...\X-Change 2) (Version:  - )
X-Change 3 (HKLM-x32\...\X-Change 3) (Version:  - )
Yin-Yang - X-Change Alternateive (HKLM-x32\...\Yin-Yang - X-Change Alternateive) (Version:  - )
Zuma's Revenge (HKLM-x32\...\WTA-55d63651-5bc9-41f7-bf5d-b79c15cdc5bd) (Version: 2.2.0.98 - WildTangent) Hidden
ピリオド (HKLM-x32\...\{5F6BD219-BF1F-4537-BC05-64D6825EBA9D}) (Version: 1.00.0000 - Littlewitch / MONOCHROMA Inc.) Hidden
ヨスガノソラ (HKLM-x32\...\{4F95D46E-19F0-467B-8332-745F3EBF3814}) (Version: 1.00.0000 - 有限会社CUFFS)
恋と選挙とチョコレート (HKLM-x32\...\{37F3A948-31C2-4C33-942D-775E47C9CE9A}) (Version: 1.00.0000 - sprite)
真剣で私に恋しなさい! (HKU\S-1-5-21-4086252664-3032547279-1749346797-1000\...\majikoi) (Version:  - みなとそふと)
真剣で私に恋しなさい!S (HKU\S-1-5-21-4086252664-3032547279-1749346797-1000\...\Majikoi_S) (Version:  - みなとそふと)
神採りアルケミーマイスター (HKLM-x32\...\{41810510-3CE0-425B-BE07-B9793731737F}) (Version: 1.00.0006 - Eushully) Hidden
神採りアルケミーマイスター (HKLM-x32\...\InstallShield_{41810510-3CE0-425B-BE07-B9793731737F}) (Version: 2.00.0019 - Eushully)
神採りアルケミーマイスター Append01 (HKLM-x32\...\{EFE563B0-DDDB-45AF-B49A-C109C93E5F35}) (Version: 1.00.0004 - Eushully) Hidden
神採りアルケミーマイスター Append01 (HKLM-x32\...\InstallShield_{EFE563B0-DDDB-45AF-B49A-C109C93E5F35}) (Version: 1.00.0004 - Eushully)
神採りアルケミーマイスター Append02 (HKLM-x32\...\{19B5CAAF-3E36-40F4-83F2-45E0D258000C}) (Version: 1.00.0003 - Eushully) Hidden
神採りアルケミーマイスター Append02 (HKLM-x32\...\InstallShield_{19B5CAAF-3E36-40F4-83F2-45E0D258000C}) (Version: 1.00.0003 - Eushully)
神採りアルケミーマイスター Ver2.00 Update (HKLM-x32\...\{C7B5C8A0-CE3F-4645-A0B6-B5515794076D}) (Version: 2.00.0019 - Eushully) Hidden
神採りアルケミーマイスター Ver2.00 Update (HKLM-x32\...\InstallShield_{C7B5C8A0-CE3F-4645-A0B6-B5515794076D}) (Version: 2.00.0019 - Eushully)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4086252664-3032547279-1749346797-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Schloss\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4086252664-3032547279-1749346797-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-4086252664-3032547279-1749346797-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Schloss\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-01-18] (Piriform Ltd)
ContextMenuHandlers1: [DivXShellExtensionItem] -> {48A8A3B0-57E8-4F2B-A49D-19E02B92377B} => C:\Program Files (x86)\Common Files\DivX Shared\DivXShellExtension64.dll [2017-05-01] (DivX, LLC)
ContextMenuHandlers1: [DivXShellExtensionItem64] -> {6B49A276-0DBA-43F4-BC96-A841AD11B40B} => C:\Program Files (x86)\Common Files\DivX Shared\DivXShellExtension64.dll [2017-05-01] (DivX, LLC)
ContextMenuHandlers1: [MRAICQCMenu] -> {7C9E7B90-88EC-4852-AC7A-C938268A5D04} =>  -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-06-21] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-06-21] (Alexander Roshal)
ContextMenuHandlers2: [AgentRansack] -> {2AE9D6D8-E348-4853-B266-C78844D31B97} => C:\Program Files\Mythicsoft\Agent Ransack\ShellExt.dll [2014-11-21] (Mythicsoft Ltd)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers4: [AgentRansack] -> {2AE9D6D8-E348-4853-B266-C78844D31B97} => C:\Program Files\Mythicsoft\Agent Ransack\ShellExt.dll [2014-11-21] (Mythicsoft Ltd)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Intel Corporation)
ContextMenuHandlers6: [AgentRansack] -> {2AE9D6D8-E348-4853-B266-C78844D31B97} => C:\Program Files\Mythicsoft\Agent Ransack\ShellExt.dll [2014-11-21] (Mythicsoft Ltd)
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-01-18] (Piriform Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-06-21] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-06-21] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {01DF7486-C23E-4168-9C37-23F54BBCE97A} - System32\Tasks\{7335BB62-5BD1-43C4-B308-5FB1B71BB5F1} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\C's ware\ADAM\SETUP.EXE" -c /unsetup
Task: {0303812D-DDFA-40FB-BECC-702FD0D03727} - System32\Tasks\{96F424B3-F011-4B85-BA38-AAD06203DA68} => C:\Windows\system32\pcalua.exe -a C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe -c /M{5F6BD219-BF1F-4537-BC05-64D6825EBA9D}
Task: {036B5D4B-7A4B-4887-B2B3-06317849364F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-08-03] (HP Inc.)
Task: {05EC497F-9868-4665-ABBE-51CCA3B1FABE} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {097B20F8-8F44-49D2-8982-39E2F90ACAA8} - System32\Tasks\{13AE4E7A-6412-4A48-BA7A-0ECA60412102} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Schloss\Downloads\SilverChaosFanbox\BOOT.exe -d C:\Users\Schloss\Downloads\SilverChaosFanbox
Task: {0E333F12-0953-470E-8E7B-18BCB556507C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {10F53E0D-34AE-4084-B736-80B688DC3527} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {16919E79-5B7B-4762-A71F-0A74B4CAF9FC} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {17C19B8F-260A-49AA-A499-D334306CB5B8} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {19D7F09A-97D2-4165-955A-3239E5887E77} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1A00B84D-CB62-4013-A350-971C4E7D6970} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1DBDA7AD-B256-4F48-B7BD-7C21B4CDBEDC} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {1F02221A-13F9-498F-A7C7-F5565B5E66F2} - System32\Tasks\{EEE0FE04-55AA-47F8-B495-C65F74CE8411} => C:\Windows\system32\pcalua.exe -a G:\Setup.exe -d G:\
Task: {248992EF-53EA-4286-9518-33D550835B13} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {248DD24E-C4D8-4FDB-AC65-6CCFC4CA5A30} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {24F05464-D9B5-48BB-A412-0B68A96FD491} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {25102BB2-EDC4-4F35-95D5-CCDB53CEA9C2} - System32\Tasks\{8194C353-AFD2-47C4-BBDE-01A254DF3C8D} => C:\Program Files\VividColor\SilverChaos\MainSystem.exe
Task: {26A140B0-DB14-4E94-BD21-33CFF71BF6C6} - System32\Tasks\HPCeeScheduleForSCHLOSS-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {26A448FC-CE8F-4D17-9E20-0C837A3D68AB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {286288C2-07BF-40C2-9CD2-DBB4FED21DF3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {28839D37-FA84-478F-B824-E97479D759DF} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2B6DCCF8-ED1B-433C-B682-C372B6C67EB5} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {2E3E1CB0-1F92-4ACF-A75E-CF506628666C} - System32\Tasks\{94652893-EAEB-4C1A-8F18-4D2C4DFFD540} => G:\SETUP.EXE
Task: {2E53043F-F819-4F16-9626-1C9929DD65E0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {2F963F39-F5EA-4522-ADFF-AD7FC63D1E20} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-06-30] ()
Task: {3101F2E8-1F52-4C10-8922-7652005EFD32} - System32\Tasks\{41C9FBD4-406E-444C-AA3C-2F51A04D5161} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\NitroplusCHiRAL\咎狗の血\togainunochi.exe" -d "C:\Program Files (x86)\NitroplusCHiRAL\咎狗の血"
Task: {3420393C-24A7-4379-8C26-5F252D8F0BCB} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3C928D31-FE43-486A-8714-F38C3659C972} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2013-12-03] (CyberLink Corp.)
Task: {3ECE2B49-B7A4-4209-8CC4-D9A9B5A3625F} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {3F9A796E-36AD-4664-9CB0-8F7A900671DA} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-06-30] ()
Task: {3FC908F2-0665-4484-B808-B0ACF01B929B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4086252664-3032547279-1749346797-1000UA => C:\Users\Schloss\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {3FDA7697-A3BA-4F33-9058-145DB631C9F9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-07-28] (Microsoft Corporation)
Task: {42A04334-5188-4E0B-A0A3-0252A74F1BD6} - System32\Tasks\DivXUpdate => C:\Program Files (x86)\Common Files\DivX Shared\DivX Update\DivXUpdate.exe [2017-05-01] (DivX, LLC)
Task: {42E79118-76C1-4C40-9D35-DB4E3AE48C1A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-14] (Google Inc.)
Task: {43EF589C-F039-414B-A8C8-9780E2C4685A} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4A41BEB1-9778-4882-8759-3D5EACC8C574} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {4F370B37-8FD9-4DD1-A423-277154EC650A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4086252664-3032547279-1749346797-1000UA1d257e31bb186fd => C:\Users\Schloss\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {5506286C-BB81-48BC-8181-1C6DD6FE5128} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2013-10-18] (Seagate Technology LLC)
Task: {5B9F9E52-6AF3-4033-959C-F5500642391D} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {5DFD6AEA-0820-4AD6-B9E9-EF833BE5CB2D} - System32\Tasks\{1BA864AA-AE6F-4BD7-BE99-811E94823C89} => C:\Program Files (x86)\NitroplusCHiRAL\DRAMAtical Murder reconnect\DMMdrc_crack.exe
Task: {6C6516F6-FCAB-44FE-AC46-D2056BE6F4B4} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {74750C7F-3E1B-4AC2-9700-D6B97E3A6A43} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4086252664-3032547279-1749346797-1000Core1d1e92761fbfda3 => C:\Users\Schloss\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {7AC52E4F-F7F5-4FA8-AD94-FD904EC85BA2} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2012-11-05] (Hewlett-Packard Development Company, L.P.)
Task: {7D9E9C3D-CDE8-4CFE-8385-A7BBAC9DDA1B} - System32\Tasks\{11B4335A-5B84-4A75-B3A5-9CA9E7A2D32C} => C:\Program Files\HinataBokko\HinataBokko.exe
Task: {80B31F7A-AE01-489D-A542-E34FDC0A9C1B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {87127365-823D-4FE7-957E-D94DE7C27526} - System32\Tasks\{74675295-3BC3-4B06-8678-08EA83BE682F} => C:\MeltingPot\Game.exe
Task: {883613A0-FA46-4D15-9639-B5A24CE8EFAD} - System32\Tasks\{97DB8109-A103-4600-BB70-3D4BE8F01DBF} => C:\Windows\system32\pcalua.exe -a G:\BUNNYUST.EXE -d G:\
Task: {8EA189C0-A886-404A-8265-09A83D45EEA8} - System32\Tasks\HPCeeScheduleForSchloss => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {9ACDD37D-C2E8-48E1-9048-62BBF9EAC8A9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {9B495B6A-DCDC-4AB3-A859-ABF60985AE74} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-07-28] (Microsoft Corporation)
Task: {9FB7E82D-2CE9-4B02-A506-88F164144DCB} - \AutoKMS -> No File <==== ATTENTION
Task: {A0174955-2D3B-4357-99AE-E09820CB7C71} - System32\Tasks\{F6518CA8-B4F8-4129-92DF-2FFBED8C64EF} => C:\Program Files\LucasArts\SWKotOR\swkotor.exe [2015-08-29] (BioWare Corp.)
Task: {A3912ED6-2ECF-4881-8DF9-6B727F07976B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-08-11] (Microsoft Corporation)
Task: {AA794AEE-1B75-4370-A1DF-AACF013EDA37} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-18] (Microsoft Corporation)
Task: {AB8FE3F5-E5C5-4EE2-ABA3-9EB6EB56F874} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {ACDA35CE-AF9F-41C8-8871-5F26CA858123} - System32\Tasks\{FC6B4362-5417-4D4B-89B0-9A93CE555084} => C:\Windows\system32\pcalua.exe -a C:\Windows\unvise32.exe -c C:\Program Files (x86)\Tokimeki Check in!\uninstal.log
Task: {AD649CC6-C859-45B0-9248-108EB9F70BAD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-30] (Piriform Ltd)
Task: {AED1A49F-3308-4BA6-A7C7-09222664C4F5} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-18] (Microsoft Corporation)
Task: {AF41585B-0FBF-40B1-990A-58E2417F8596} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {B27C262F-2776-44EE-9FF9-99139A734B3E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {B5764C0B-3BA0-414A-A3C8-D5FCFD4AB328} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BB0EB930-7327-47B0-B643-DCFFD17092A0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BDB2D584-4ED6-4139-9AFD-EB2B4BDE09F9} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_151_pepper.exe [2017-08-09] (Adobe Systems Incorporated)
Task: {BF2BA9D5-A7F2-4F2E-9718-FF170E2BE8A7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-09] (Adobe Systems Incorporated)
Task: {C325A682-1F5D-449D-9DAC-1EE3619D8CB3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C9415DBE-C3E9-4552-BB6F-F8E2FA1CE701} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {CA8CFECB-BFEF-4252-8BE1-7CBF6CB696C7} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {CAC9155D-3492-48F0-94D5-4AF0D4185F1C} - System32\Tasks\{73CA23AB-E47E-40AB-B876-EE564C855DB9} => C:\Program Files (x86)\GIGA\DuelSavior\Duel Savior (English).exe
Task: {D43F46DF-C50E-46AB-A6D9-4D955A8CA9B6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4086252664-3032547279-1749346797-1000UA1d0bf3bbca5f529 => C:\Users\Schloss\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {D6017D8C-FCF8-4FFB-B733-39FB6594AD07} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {D72D69F5-5F43-4B93-B353-FBD74D8A35EA} - System32\Tasks\{A3BA1882-1A38-44B2-8E69-2A1772AF6D1F} => C:\Windows\system32\pcalua.exe -a G:\setup.exe -d G:\
Task: {DBAE2DA7-DD9F-4F62-9EC9-CC280CF9478B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {DCBF9CE8-24B3-4525-83CD-2003A667A002} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E058161A-04A7-44E7-B249-CD6410FFC55B} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {E1438A61-F44A-4D69-A776-FD9BC4509408} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E3F096EB-933D-4A48-8804-073AAFDE355A} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {E5A9C3E1-B0E3-44AE-B835-34775ACF0196} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E92E2542-7679-4589-A3DB-EE7D337C5B46} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {EF492059-624E-4670-A16C-896295CDE645} - System32\Tasks\{4FB7592A-3B13-470A-8234-E788701CAA14} => C:\Windows\system32\pcalua.exe -a G:\StartSetup.exe -d G:\
Task: {F4CB9058-1FDC-46C0-9E34-18B63128907B} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F67F5502-1CF2-4F3B-A9E6-ACFD3D240B50} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-08-01] (HP Inc.)
Task: {F7089B7E-0ACA-4A5E-9B36-B72F92A98ABC} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {F7751CC6-892A-4379-A1F7-4ED43B48FAE2} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {FBB316BA-600B-4EB5-8403-1C6F6C5A7B8F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-14] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4086252664-3032547279-1749346797-1000UA.job => C:\Users\Schloss\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForSCHLOSS-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForSchloss.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\Schloss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl
 
==================== Loaded Modules (Whitelisted) ==============
 
2012-08-23 00:01 - 2011-12-16 16:37 - 000128280 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2017-08-10 03:55 - 2017-06-27 12:06 - 002260432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-02-23 05:08 - 2017-06-30 23:11 - 008932040 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-03-18 16:58 - 2017-03-18 16:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2013-06-07 05:16 - 2013-06-07 05:16 - 004073768 _____ () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
2017-03-18 16:59 - 2017-03-18 22:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-08-07 14:36 - 2017-08-02 03:39 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.90\libglesv2.dll
2017-08-07 14:36 - 2017-08-02 03:39 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.90\libegl.dll
2013-06-07 05:16 - 2013-06-07 05:16 - 000019240 _____ () C:\Program Files (x86)\HP SimplePass\DownloadManager.dll
2012-08-23 00:06 - 2011-11-30 00:00 - 000059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-08-23 00:01 - 2011-12-16 14:39 - 001198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\71957073.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\71957073.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-4086252664-3032547279-1749346797-1000\...\paychex.com -> hxxps://landing.paychex.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4086252664-3032547279-1749346797-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Schloss\Pictures\84-2-1419852234.jpg
DNS Servers: 209.18.47.62 - 209.18.47.61
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "autoauto"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "ConnectionCenter"
HKLM\...\StartupApproved\Run32: => "Redirector"
HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKLM\...\StartupApproved\Run32: => "DBAgent"
HKLM\...\StartupApproved\Run32: => "WinampAgent"
HKU\S-1-5-21-4086252664-3032547279-1749346797-1000\...\StartupApproved\StartupFolder: => "FacebookGamesNotifier.exe.lnk"
HKU\S-1-5-21-4086252664-3032547279-1749346797-1000\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk"
HKU\S-1-5-21-4086252664-3032547279-1749346797-1000\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-4086252664-3032547279-1749346797-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-4086252664-3032547279-1749346797-1000\...\StartupApproved\Run: => "Uploader"
HKU\S-1-5-21-4086252664-3032547279-1749346797-1000\...\StartupApproved\Run: => "Flvto YouTube Downloader"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{65D3CEF8-DE80-47CF-AAF4-DA6429D805AF}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [UDP Query User{E0E56F94-5362-482F-A359-C4B32677317D}C:\program files (x86)\toneworks\hatsukoi\siglusengine.exe] => (Block) C:\program files (x86)\toneworks\hatsukoi\siglusengine.exe
FirewallRules: [TCP Query User{D56F3F8E-B475-49CB-89D9-97B00C1286AE}C:\program files (x86)\toneworks\hatsukoi\siglusengine.exe] => (Block) C:\program files (x86)\toneworks\hatsukoi\siglusengine.exe
FirewallRules: [{5E9323FB-CA45-4963-905B-A83D68ACA9F3}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{F5F92A6C-0C2E-4692-A1B9-75BEA9255CF7}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{51F87A3D-030E-433E-8442-1A86C5AC81BC}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{AEE9DDA2-97F5-4930-B65D-4483F1499864}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D7C86562-E6C0-4B57-95BF-06B31F6E7A23}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BA59BA22-4EC8-4058-86A3-40FCE6659755}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FF0BF83F-B1CB-4C81-8282-461246E3BEDD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A68ED60B-2498-4DB3-A5A2-99D9B634D1FC}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{7B9AF875-FEB2-432A-9C54-1D2B715B8EF5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{28102D1A-D153-4720-BB55-817E6DC51194}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{5D410406-9D7E-415D-945C-74D364C134F7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{E94F0B72-DE36-4355-9BA1-B1F44ACDA346}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{629448E7-EF93-4363-A6AD-7AE70DF9D925}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{3D62A59E-02C6-4501-8E0A-9640B0A3637B}C:\users\schloss\documents\reigns.v1.23\reigns.exe] => (Block) C:\users\schloss\documents\reigns.v1.23\reigns.exe
FirewallRules: [TCP Query User{1B488A91-97A6-42FB-BB0A-ECB93A15C7FB}C:\users\schloss\documents\reigns.v1.23\reigns.exe] => (Block) C:\users\schloss\documents\reigns.v1.23\reigns.exe
FirewallRules: [UDP Query User{067124C1-A885-4288-8B25-A1E721E74A16}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{41539E80-48EB-4F01-86B1-213186FFBC67}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [{6EB946B9-6BF6-4A31-A674-4C763A2EF28A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{72E8BFD6-162F-46B5-9A09-335AF358FE01}] => (Allow) LPort=2869
FirewallRules: [{F262319D-6EED-4EF8-B07A-DA76218DC370}] => (Allow) LPort=1900
FirewallRules: [{36FEF9F1-EDD1-4E81-8F8A-B7E17084F3C7}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{4C366F0F-AF28-41B9-BC20-0169AEC9BBE3}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{77957EFA-7A8A-4A2E-AA01-ED3BFBD48A15}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{D03DEFBF-917A-4AA3-A9B2-3A1342F7C644}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{9B2F3D3F-F8CD-4155-B6AB-0622A12E5AEF}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
FirewallRules: [TCP Query User{818EC7BA-FB2E-4884-B05A-0F7AB64A2F83}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [UDP Query User{4C06687A-0B6A-4E66-941E-61728F1AC8D8}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [TCP Query User{9BDF1B5C-5800-4C1F-9319-888C22F42934}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{994C69C7-4EEC-4DD7-9929-275354789B81}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [TCP Query User{0F719223-089D-4A4E-8DFB-5F2B7B39211B}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{4B3D32D4-789A-4D61-B522-5F2ED0CC6800}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{DC39F455-EC22-4D4C-93E2-A2B78E8B8A7E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{EEB7C0F9-74BA-48F2-BF4D-4F4BC1439665}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{220A5B81-3F32-4D6A-834C-40A4A0CCA016}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{2A6BC046-9A5D-4179-AFDF-8AD5E510B4C3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{FC24E3AB-5E11-4D84-946F-69733E7A52BE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{D70EF613-E29C-4EC2-B151-B08559DD9140}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{931BA325-5568-4814-990C-CF90052BA19C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{328FA552-AD66-4A21-8754-0691D81ACDAE}] => (Allow) LPort=30419
FirewallRules: [{55791DF8-390F-4D57-ACD1-85CB5C3B28DD}] => (Allow) LPort=30419
FirewallRules: [TCP Query User{EF17A2F0-8BC7-4115-B84D-DCDF0ECBACFC}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [UDP Query User{5383C2C5-7C81-4225-9815-F16D8CE4ADDF}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [{07DCFC39-8565-4445-92E4-06E382EA0AAC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
29-07-2017 23:09:31 Scheduled Checkpoint
01-08-2017 04:41:41 Removed Bonjour
09-08-2017 08:24:22 Windows Update
09-08-2017 08:25:56 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/12/2017 01:03:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Taskmgr.exe, version: 10.0.15063.0, time stamp: 0xc87d580f
Faulting module name: Taskmgr.exe, version: 10.0.15063.0, time stamp: 0xc87d580f
Exception code: 0xc0000005
Fault offset: 0x0000000000028db6
Faulting process id: 0x2950
Faulting application start time: 0x01d313285545beaa
Faulting application path: C:\WINDOWS\System32\Taskmgr.exe
Faulting module path: C:\WINDOWS\System32\Taskmgr.exe
Report Id: ebca490a-9cd4-4f89-870e-8ace5d0c6c3a
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (08/12/2017 12:54:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Taskmgr.exe, version: 10.0.15063.0, time stamp: 0xc87d580f
Faulting module name: Taskmgr.exe, version: 10.0.15063.0, time stamp: 0xc87d580f
Exception code: 0xc0000005
Fault offset: 0x0000000000028db6
Faulting process id: 0x23a0
Faulting application start time: 0x01d31327007d6a53
Faulting application path: C:\WINDOWS\System32\Taskmgr.exe
Faulting module path: C:\WINDOWS\System32\Taskmgr.exe
Report Id: 4996c8f9-dc92-4c2b-a5a1-5587555d0247
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (08/11/2017 11:52:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Taskmgr.exe, version: 10.0.15063.0, time stamp: 0xc87d580f
Faulting module name: Taskmgr.exe, version: 10.0.15063.0, time stamp: 0xc87d580f
Exception code: 0xc0000005
Fault offset: 0x0000000000028db6
Faulting process id: 0x18c4
Faulting application start time: 0x01d3131e5a8df242
Faulting application path: C:\WINDOWS\System32\Taskmgr.exe
Faulting module path: C:\WINDOWS\System32\Taskmgr.exe
Report Id: cb20cb52-dc76-4acb-9c3a-65c774f27308
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (08/11/2017 04:41:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Taskmgr.exe, version: 10.0.15063.0, time stamp: 0xc87d580f
Faulting module name: Taskmgr.exe, version: 10.0.15063.0, time stamp: 0xc87d580f
Exception code: 0xc0000005
Fault offset: 0x0000000000028db6
Faulting process id: 0x26dc
Faulting application start time: 0x01d312e245549716
Faulting application path: C:\WINDOWS\System32\Taskmgr.exe
Faulting module path: C:\WINDOWS\System32\Taskmgr.exe
Report Id: a9c6b0af-ab55-4cdd-939b-43c7f85e2a7a
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (08/11/2017 04:30:11 PM) (Source: Microsoft Security Client) (EventID: 3002) (User: )
Description: 0x80041033
 
Error: (08/11/2017 01:12:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Taskmgr.exe, version: 10.0.15063.0, time stamp: 0xc87d580f
Faulting module name: Taskmgr.exe, version: 10.0.15063.0, time stamp: 0xc87d580f
Exception code: 0xc0000005
Fault offset: 0x0000000000028db6
Faulting process id: 0x2fa8
Faulting application start time: 0x01d312c505db1d4c
Faulting application path: C:\WINDOWS\System32\Taskmgr.exe
Faulting module path: C:\WINDOWS\System32\Taskmgr.exe
Report Id: f25bccb1-4e4a-4f2b-b6d8-bb6d59262dbc
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (08/11/2017 12:47:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1157
 
Error: (08/11/2017 12:47:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1157
 
Error: (08/11/2017 12:47:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/11/2017 06:13:23 AM) (Source: MsiInstaller) (EventID: 1002) (User: SCHLOSS-HP)
Description: Unexpected or missing value (name: 'PackageName', value: '') in key 'HKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList'
 
 
System errors:
=============
Error: (08/12/2017 12:59:00 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (08/12/2017 12:51:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (08/12/2017 12:51:37 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the FontCache3.0.0.0 service to connect.
 
Error: (08/12/2017 12:51:10 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (08/12/2017 12:50:59 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Seagate Dashboard Services service to connect.
 
Error: (08/12/2017 12:50:32 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (08/12/2017 12:50:29 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (08/12/2017 12:50:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The hpsrv service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (08/12/2017 12:50:27 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the hpsrv service to connect.
 
Error: (08/12/2017 12:50:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error: 
The request is not supported.
 
 
CodeIntegrity:
===================================
  Date: 2017-08-12 01:15:41.707
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-12 01:15:41.703
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-12 01:15:28.348
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-12 01:15:28.342
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-12 01:15:24.836
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-12 01:15:24.832
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-12 01:15:17.416
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-12 01:15:17.412
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-12 00:54:32.215
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-12 00:54:32.211
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3610QM CPU @ 2.30GHz
Percentage of memory in use: 47%
Total physical RAM: 6039.3 MB
Available physical RAM: 3147.94 MB
Total Virtual: 12183.3 MB
Available Virtual: 9298 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:574.53 GB) (Free:101.66 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery) (Fixed) (Total:21.34 GB) (Free:2.29 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.07 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 84CA151B)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=574.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=21.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:30 PM

Posted 12 August 2017 - 07:55 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove this program in bold via the Control Panel > Programs > Programs and Features.
Flvto YouTube Downloader (HKLM-x32\...\Flvto YouTube Downloader) (Version: 1.0.9 - Hotger)
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:


Startup: C:\Users\Schloss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\personalized.lnk [2017-08-09]
ShortcutTarget: personalized.lnk -> C:\Program Files (x86)\Timelessly\swingers.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-4086252664-3032547279-1749346797-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-4086252664-3032547279-1749346797-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
BHO: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
FF Extension: (No Name) - C:\Users\Schloss\Documents\Vuze Downloads\RoomMates\App\Cyberfox\browser\features\CTR@8pecxstudios.com.xpi [not found]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2013-09-12] <==== ATTENTION
CHR Extension: (Chrome Web Store Payments) - C:\Users\Schloss\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Chrome Media Router) - C:\Users\Schloss\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-10]
S4 rjaty; C:\WINDOWS\System32\drivers\imofugc.sys [79064 2017-08-10] (Malwarebytes Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [MRAICQCMenu] -> {7C9E7B90-88EC-4852-AC7A-C938268A5D04} =>  -> No File
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {1DBDA7AD-B256-4F48-B7BD-7C21B4CDBEDC} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {24F05464-D9B5-48BB-A412-0B68A96FD491} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {26A448FC-CE8F-4D17-9E20-0C837A3D68AB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {2B6DCCF8-ED1B-433C-B682-C372B6C67EB5} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {5B9F9E52-6AF3-4033-959C-F5500642391D} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {6C6516F6-FCAB-44FE-AC46-D2056BE6F4B4} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {9FB7E82D-2CE9-4B02-A506-88F164144DCB} - \AutoKMS -> No File <==== ATTENTION
Task: {AF41585B-0FBF-40B1-990A-58E2417F8596} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {B27C262F-2776-44EE-9FF9-99139A734B3E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {CA8CFECB-BFEF-4252-8BE1-7CBF6CB696C7} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {D6017D8C-FCF8-4FFB-B733-39FB6594AD07} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {E5A9C3E1-B0E3-44AE-B835-34775ACF0196} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E92E2542-7679-4589-A3DB-EE7D337C5B46} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
C:\Users\Schloss\AppData\Local\Temp\i4jdel0.exe
C:\WINDOWS\System32\drivers\imofugc.sys

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.
===

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old versions of Java via the Control Panel > Programs > Programs and Features.
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
===

Please post the Fixlog.txt and let me know what problem persists.

#3 tank_dogg06

tank_dogg06
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio, USA
  • Local time:02:30 PM

Posted 12 August 2017 - 11:21 PM

Thanks for the reply. I followed the steps listed in order. The task manager still refuses to stay open or even load all the way.

 

 
Fix result of Farbar Recovery Scan Tool (x64) Version: 12-08-2017
Ran by Schloss (12-08-2017 23:59:19) Run:1
Running from C:\Users\Schloss\Downloads
Loaded Profiles: Schloss (Available Profiles: Schloss)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
 
Startup: C:\Users\Schloss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\personalized.lnk [2017-08-09]
ShortcutTarget: personalized.lnk -> C:\Program Files (x86)\Timelessly\swingers.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-4086252664-3032547279-1749346797-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-4086252664-3032547279-1749346797-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
BHO: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
FF Extension: (No Name) - C:\Users\Schloss\Documents\Vuze Downloads\RoomMates\App\Cyberfox\browser\features\CTR@8pecxstudios.com.xpi [not found]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2013-09-12] <==== ATTENTION
CHR Extension: (Chrome Web Store Payments) - C:\Users\Schloss\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Chrome Media Router) - C:\Users\Schloss\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-10]
S4 rjaty; C:\WINDOWS\System32\drivers\imofugc.sys [79064 2017-08-10] (Malwarebytes Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [MRAICQCMenu] -> {7C9E7B90-88EC-4852-AC7A-C938268A5D04} =>  -> No File
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {1DBDA7AD-B256-4F48-B7BD-7C21B4CDBEDC} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {24F05464-D9B5-48BB-A412-0B68A96FD491} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {26A448FC-CE8F-4D17-9E20-0C837A3D68AB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {2B6DCCF8-ED1B-433C-B682-C372B6C67EB5} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {5B9F9E52-6AF3-4033-959C-F5500642391D} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {6C6516F6-FCAB-44FE-AC46-D2056BE6F4B4} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {9FB7E82D-2CE9-4B02-A506-88F164144DCB} - \AutoKMS -> No File <==== ATTENTION
Task: {AF41585B-0FBF-40B1-990A-58E2417F8596} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {B27C262F-2776-44EE-9FF9-99139A734B3E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {CA8CFECB-BFEF-4252-8BE1-7CBF6CB696C7} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {D6017D8C-FCF8-4FFB-B733-39FB6594AD07} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {E5A9C3E1-B0E3-44AE-B835-34775ACF0196} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E92E2542-7679-4589-A3DB-EE7D337C5B46} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
C:\Users\Schloss\AppData\Local\Temp\i4jdel0.exe
C:\WINDOWS\System32\drivers\imofugc.sys
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Users\Schloss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\personalized.lnk => moved successfully
C:\Program Files (x86)\Timelessly\swingers.exe => not found.
HKLM\SOFTWARE\Policies\Google => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key removed successfully
HKLM\Software\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key removed successfully
HKLM\Software\Classes\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found. 
HKU\S-1-5-21-4086252664-3032547279-1749346797-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key removed successfully
HKLM\Software\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found. 
HKU\S-1-5-21-4086252664-3032547279-1749346797-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key removed successfully
HKLM\Software\Classes\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} => key removed successfully
HKLM\Software\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} => key not found. 
C:\Users\Schloss\Documents\Vuze Downloads\RoomMates\App\Cyberfox\browser\features\CTR@8pecxstudios.com.xpi => path removed successfully
C:\Program Files (x86)\mozilla firefox\firefox.cfg => moved successfully
CHR Extension: (Chrome Web Store Payments) - C:\Users\Schloss\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10] => Error: No automatic fix found for this entry.
CHR Extension: (Chrome Media Router) - C:\Users\Schloss\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-10] => Error: No automatic fix found for this entry.
HKLM\System\CurrentControlSet\Services\rjaty => key removed successfully
rjaty => service removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\MRAICQCMenu => key removed successfully
HKLM\Software\Classes\CLSID\{7C9E7B90-88EC-4852-AC7A-C938268A5D04} => key not found. 
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avast => key removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets => key removed successfully
HKLM\Software\Classes\CLSID\{6B9228DA-9C15-419e-856C-19E768A13BDC} => key not found. 
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => key removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1DBDA7AD-B256-4F48-B7BD-7C21B4CDBEDC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1DBDA7AD-B256-4F48-B7BD-7C21B4CDBEDC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{24F05464-D9B5-48BB-A412-0B68A96FD491} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{24F05464-D9B5-48BB-A412-0B68A96FD491} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{26A448FC-CE8F-4D17-9E20-0C837A3D68AB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{26A448FC-CE8F-4D17-9E20-0C837A3D68AB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2B6DCCF8-ED1B-433C-B682-C372B6C67EB5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2B6DCCF8-ED1B-433C-B682-C372B6C67EB5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5B9F9E52-6AF3-4033-959C-F5500642391D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B9F9E52-6AF3-4033-959C-F5500642391D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6C6516F6-FCAB-44FE-AC46-D2056BE6F4B4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C6516F6-FCAB-44FE-AC46-D2056BE6F4B4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{9FB7E82D-2CE9-4B02-A506-88F164144DCB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9FB7E82D-2CE9-4B02-A506-88F164144DCB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AF41585B-0FBF-40B1-990A-58E2417F8596} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF41585B-0FBF-40B1-990A-58E2417F8596} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B27C262F-2776-44EE-9FF9-99139A734B3E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B27C262F-2776-44EE-9FF9-99139A734B3E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CA8CFECB-BFEF-4252-8BE1-7CBF6CB696C7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA8CFECB-BFEF-4252-8BE1-7CBF6CB696C7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D6017D8C-FCF8-4FFB-B733-39FB6594AD07} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D6017D8C-FCF8-4FFB-B733-39FB6594AD07} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E5A9C3E1-B0E3-44AE-B835-34775ACF0196} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5A9C3E1-B0E3-44AE-B835-34775ACF0196} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E92E2542-7679-4589-A3DB-EE7D337C5B46} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E92E2542-7679-4589-A3DB-EE7D337C5B46} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
C:\Users\Schloss\AppData\Local\Temp\i4jdel0.exe => moved successfully
C:\WINDOWS\System32\drivers\imofugc.sys => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 27440546 B
Java, Flash, Steam htmlcache => 1507 B
Windows/system/drivers => 64255141 B
Edge => 11605 B
Chrome => 798839802 B
Firefox => 8419701 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 6144 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 6242 B
NetworkService => 78152 B
Schloss => 335910613 B
 
RecycleBin => 2226938963 B
EmptyTemp: => 3.2 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 00:04:30 ====


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:30 PM

Posted 13 August 2017 - 07:55 AM

Hi,

Right click the start button and choose Command Prompt (Admin) from the context menu and in the command prompt window type
taskmgr.exe
Hit enter
IF that fails and or produces the same results as your other efforts then in the same command prompt window type
sfc /scannow
Hit enter
Let it run and see what it says when it completes.

Can you get the Task Manager to open?

#5 tank_dogg06

tank_dogg06
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio, USA
  • Local time:02:30 PM

Posted 13 August 2017 - 07:27 PM

All that came back was...

 

"Windows Resource Protection did not find any integrity violations".

 

Task Manager still broken.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:30 PM

Posted 14 August 2017 - 07:35 AM

Repair these services.

Boot with Safe Mode with Networking. Execute the following.

Please Download Tweaking.com - Windows Repair from Here
  • Install and then run the program
  • Execute the instructions on Step 1 Important
  • Click Next on Step 2 Optional, do the Pre Scan skip Step 3 and 4 Optional for now.
  • On Step 5 Backup System Restore Do a Registry backup. When you have completed this click Next
  • Click Repairs - Open Repairs in the bottom right corner
  • Uncheck the All repair button then select just the item(s) listed below

  • 01 - Repair Registry Permissions
    03 - Reset Service permissions
    04 - Register System Files
    05 - Repair WMI
    10 - Remove Policies Set By Infections
    17 - Repair Windows Updates
    21 - Repair MSI (Windows Installer)
    26 - Restore Important Windows Services
    27 - Set Windows Service to Default Startup
  • Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
  • Please copy and paste the Contents of this file on your next reply.
===

Restart the computer normally.

How is the Task Manager available?

#7 tank_dogg06

tank_dogg06
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio, USA
  • Local time:02:30 PM

Posted 14 August 2017 - 07:12 PM

I followed the the steps to the letter and it just seemed to make matters worse. Not only does the task manager still not work but now everything has been slowed to a crawl. I noticed a lot of errors in the cmd prompts during the repair stage of Tweaking. Many 'Access Denied' but nothing concrete from the Tweaking Log itself.

 

 
Log:
Tweaking.com - Windows Repair 2018 (v4.0.2)
────────────────────────────────────────────────────────────────────────────────
 
System Variables
────────────────────────────────────────────────────────────────────────────────
OS: Windows 10 Home
OS Architecture: 64-bit
OS Version: 10.0.15063.540
OS Service Pack: 
Computer Name: SCHLOSS-HP
Windows Drive: C:\
Windows Path: C:\WINDOWS
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\Schloss
Current Profile SID: S-1-5-21-4086252664-3032547279-1749346797-1000
Current Profile Classes: S-1-5-21-4086252664-3032547279-1749346797-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\WINDOWS\ServiceProfiles
Local Settings AppData: C:\Users\Schloss\AppData\Local
────────────────────────────────────────────────────────────────────────────────
 
System Information
────────────────────────────────────────────────────────────────────────────────
System Up Time: 0 Days 00:36:54
 
Process Count: 50
Commit Total: 1.30 GB
Commit Limit: 11.90 GB
Commit Peak: 1.43 GB
Handle Count: 16754
Kernel Total: 533.27 MB
Kernel Paged: 418.47 MB
Kernel Non Paged: 114.80 MB
System Cache: 1.34 GB
Thread Count: 548
────────────────────────────────────────────────────────────────────────────────
 
Memory Before Cleaning with CleanMem
────────────────────────────────────────────────────────────────────────────────
Memory Total: 5.90 GB
Memory Used: 1.63 GB(27.5545%)
Memory Avail.: 4.27 GB
────────────────────────────────────────────────────────────────────────────────
 
Cleaning Memory Before Starting Repairs...
 
Memory After Cleaning with CleanMem
────────────────────────────────────────────────────────────────────────────────
Memory Total: 5.90 GB
Memory Used: 1.22 GB(20.6315%)
Memory Avail.: 4.68 GB
────────────────────────────────────────────────────────────────────────────────
 
Starting Repairs...
   Started at (8/14/2017 7:41:44 PM)
 
Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 151
 
01 - Reset Registry Permissions
   Restore Windows 7/8/10 Default Registry Permissions
   Start (8/14/2017 7:41:46 PM)
 
 
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\hku.7z
Done,  0.39 seconds.
 
 
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\hklm.7z
Done,  4.88 seconds.
 
   Running Repair Under System Account
   Done (8/14/2017 7:42:38 PM)
 
03 - Reset Service Permissions
   Start (8/14/2017 7:42:38 PM)
 
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (8/14/2017 7:42:49 PM)
 
04 - Register System Files
   Start (8/14/2017 7:42:49 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (8/14/2017 7:43:35 PM)
 
05 - Repair WMI
   Start (8/14/2017 7:43:35 PM)
 
   Starting Security Center So We Can Export The Security Info.
 
   Exporting Antivirus Info...
   Exporting 3rd Party Firewall Info...
   Running Repair Under Current User Account
   Done (8/14/2017 7:47:08 PM)
 
10 - Remove Policies Set By Infections
   Start (8/14/2017 7:47:08 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (8/14/2017 7:47:12 PM)
 
16 - Repair Windows Updates
   Start (8/14/2017 7:47:12 PM)
 
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\services.7z
Done,  0.16 seconds.
 
   Running Repair Under Current User Account
   Running Repair Under System Account
   Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
   Done (8/14/2017 7:47:51 PM)
 
20 - Repair MSI (Windows Installer)
   Start (8/14/2017 7:47:51 PM)
 
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\services.7z
Done,  0.16 seconds.
 
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (8/14/2017 7:48:01 PM)
 
25 - Restore Important Windows Services
   Start (8/14/2017 7:48:01 PM)
 
Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\services.7z
Done,  0.16 seconds.
 
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (8/14/2017 7:48:08 PM)
 
26 - Set Windows Services To Default Startup
   Start (8/14/2017 7:48:08 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (8/14/2017 7:48:14 PM)
 
Cleaning up empty logs...
 
All Selected Repairs Done.
   Done at (8/14/2017 7:48:14 PM)
   Total Repair Time: 00:06:31
 
 
...YOU MUST RESTART YOUR SYSTEM...
 
 
===Pre Scan Log===
 
┌────────────────────────────────────────────────────────────────────────────────┐
│ Tweaking.com - Windows Repair 2018 (v4.0.2) - Pre-Scan
│ Computer: SCHLOSS-HP (Windows 10 Home 10.0.15063.540 ) (64-bit)
│ [Started Scan - 8/14/2017 7:11:58 PM]
└────────────────────────────────────────────────────────────────────────────────┘
┌────────────────────────────────────────────────────────────────────────────────┐
│ Scanning Windows Packages Files.
│ Started at (8/14/2017 7:11:58 PM)
│ 
│ These Files Are Possibly Corrupt (Bad Digital Signature): (Total: 1)
C:\WINDOWS\servicing\Packages\Microsoft-Windows-TestRoot-and-FlightSigning-Package~31bf3856ad364e35~amd64~~10.0.15063.0.mum
│ 
1 Combined Problems were found with the packages files, these files need to be replaced (These mainly only effect installing Windows Updates.)
│ The SFC (System File Checker) doesn't scan and replace some of these files, so you may need to replace them manually.
│ 
│ THESE FILES DO NOT KEEP THE REPAIRS FROM WORKING; YOU MAY STILL RUN THE REPAIRS IN THE PROGRAM.
│ 
│ Files Checked & Verified: 5,492
│ 
│ Done Scanning Windows Packages Files.(8/14/2017 7:23:04 PM)
└────────────────────────────────────────────────────────────────────────────────┘
┌────────────────────────────────────────────────────────────────────────────────┐
│ Scanning Reparse Points.
│ Started at (8/14/2017 7:23:04 PM)
│ 
Reparse Point: (Type: SYMLINK) (Name: AppvIsvStream64.dll) (Original Path: C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\AppvIsvStream64.dll) (Target Path: C:\Program Files\Common Files\Microsoft Shared\ClickToRun\Updates\16.0.6366.2056\AppvIsvStream64.dll) (Creation Time: 1/22/2016 6:27:49 AM)
Target Path doesn't exist!
 
Reparse Point: (Type: SYMLINK) (Name: AppvIsvSubsystems64.dll) (Original Path: C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\AppvIsvSubsystems64.dll) (Target Path: C:\Program Files\Common Files\Microsoft Shared\ClickToRun\Updates\16.0.6366.2056\AppvIsvSubsystems64.dll) (Creation Time: 1/22/2016 6:27:49 AM)
Target Path doesn't exist!
 
Reparse Point: (Type: SYMLINK) (Name: C2R64.dll) (Original Path: C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\C2R64.dll) (Target Path: C:\Program Files\Common Files\Microsoft Shared\ClickToRun\Updates\16.0.6366.2056\C2R64.dll) (Creation Time: 1/22/2016 6:27:49 AM)
Target Path doesn't exist!
 
│ Missing Default Reparse Point: (Original Path: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\INetCache\Content.IE5) (Target Path: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\INetCache\IE)
│ A Default Reparse Point is missing and this can cause problems on the system.
│ 
│ Missing Default Reparse Point: (Original Path: C:\Users\hedev\AppData\Local\Application Data) (Target Path: C:\Users\hedev\AppData\Local)
│ A Default Reparse Point is missing and this can cause problems on the system.
│ 
│ Missing Default Reparse Point: (Original Path: C:\Users\hedev\AppData\Local\History) (Target Path: C:\Users\hedev\AppData\Local\Microsoft\Windows\History)
│ A Default Reparse Point is missing and this can cause problems on the system.
│ 
│ Missing Default Reparse Point: (Original Path: C:\Users\hedev\AppData\Local\Microsoft\Windows\Temporary Internet Files) (Target Path: C:\Users\hedev\AppData\Local\Microsoft\Windows\INetCache)
│ A Default Reparse Point is missing and this can cause problems on the system.
│ 
│ Missing Default Reparse Point: (Original Path: C:\Users\hedev\AppData\Local\Temporary Internet Files) (Target Path: C:\Users\hedev\AppData\Local\Microsoft\Windows\INetCache)
│ A Default Reparse Point is missing and this can cause problems on the system.
│ 
│ Missing Default Reparse Point: (Original Path: C:\Users\hedev\AppData\Local\Microsoft\Windows\INetCache\Content.IE5) (Target Path: C:\Users\hedev\AppData\Local\Microsoft\Windows\INetCache\IE)
│ A Default Reparse Point is missing and this can cause problems on the system.
│ 
│ Missing Default Reparse Point: (Original Path: C:\Users\hedev\Cookies) (Target Path: C:\Users\hedev\AppData\Local\Microsoft\Windows\INetCookies)
│ A Default Reparse Point is missing and this can cause problems on the system.
│ 
│ Missing Default Reparse Point: (Original Path: C:\Users\hedev\Application Data) (Target Path: C:\Users\hedev\AppData\Roaming)
│ A Default Reparse Point is missing and this can cause problems on the system.
│ 
│ Missing Default Reparse Point: (Original Path: C:\Users\hedev\Documents\My Music) (Target Path: C:\Users\hedev\Music)
│ A Default Reparse Point is missing and this can cause problems on the system.
│ 
│ Missing Default Reparse Point: (Original Path: C:\Users\hedev\Documents\My Pictures) (Target Path: C:\Users\hedev\Pictures)
│ A Default Reparse Point is missing and this can cause problems on the system.
│ 
│ Missing Default Reparse Point: (Original Path: C:\Users\hedev\Documents\My Videos) (Target Path: C:\Users\hedev\Videos)
│ A Default Reparse Point is missing and this can cause problems on the system.
│ 
│ Missing Default Reparse Point: (Original Path: C:\Users\hedev\Local Settings) (Target Path: C:\Users\hedev\AppData\Local)
│ A Default Reparse Point is missing and this can cause problems on the system.
│ 
│ Missing Default Reparse Point: (Original Path: C:\Users\hedev\My Documents) (Target Path: C:\Users\hedev\Documents)
│ A Default Reparse Point is missing and this can cause problems on the system.
│ 
│ Missing Default Reparse Point: (Original Path: C:\Users\hedev\NetHood) (Target Path: C:\Users\hedev\AppData\Roaming\Microsoft\Windows\Network Shortcuts)
│ A Default Reparse Point is missing and this can cause problems on the system.
│ 
│ Missing Default Reparse Point: (Original Path: C:\Users\hedev\PrintHood) (Target Path: C:\Users\hedev\AppData\Roaming\Microsoft\Windows\Printer Shortcuts)
│ A Default Reparse Point is missing and this can cause problems on the system.
│ 
│ Missing Default Reparse Point: (Original Path: C:\Users\hedev\Recent) (Target Path: C:\Users\hedev\AppData\Roaming\Microsoft\Windows\Recent)
│ A Default Reparse Point is missing and this can cause problems on the system.
│ 
│ Missing Default Reparse Point: (Original Path: C:\Users\hedev\SendTo) (Target Path: C:\Users\hedev\AppData\Roaming\Microsoft\Windows\SendTo)
│ A Default Reparse Point is missing and this can cause problems on the system.
│ 
│ Missing Default Reparse Point: (Original Path: C:\Users\hedev\Start Menu) (Target Path: C:\Users\hedev\AppData\Roaming\Microsoft\Windows\Start Menu)
│ A Default Reparse Point is missing and this can cause problems on the system.
│ 
│ Missing Default Reparse Point: (Original Path: C:\Users\hedev\Templates) (Target Path: C:\Users\hedev\AppData\Roaming\Microsoft\Windows\Templates)
│ A Default Reparse Point is missing and this can cause problems on the system.
│ 
│ Problems were found with the Reparse Points.
│ You can use the Repair Reparse Points Tool at the bottom of this Window to try and fix these problems.
│ 
│ Files & Folders Searched: 427,149
│ Reparse Points Found: 139
│ 
│ Done Scanning Reparse Points.(8/14/2017 7:30:02 PM)
└────────────────────────────────────────────────────────────────────────────────┘
┌────────────────────────────────────────────────────────────────────────────────┐
│ Checking Environment Variables.
│ Started at (8/14/2017 7:30:02 PM)
│ 
│ This folder in the 'Path' variable doesn't exist: 
│ 
│ This folder in the 'Path' variable doesn't exist: C:\Program Files (x86)\Common Files\Roxio Shared\12.0\DLLShared\
│ 
│ Problems were found with the Environment Variables.
│ You can use the Repair Environment Variables Tool at the bottom of this Window to try and fix these problems.
│ 
│ Done Checking Environment Variables. (8/14/2017 7:30:02 PM)
└────────────────────────────────────────────────────────────────────────────────┘
┌────────────────────────────────────────────────────────────────────────────────┐
│ [Finished Scan - 8/14/2017 7:30:02 PM]
│ 
│ [x] Scan Complete - Problems Found!
│ [x] 
│ [x] You can use the Repair Reparse Points or Repair Environment Variables tools at the bottom of this Window if needed.
│ [x] 
│ [x] While problems have been found, you can still run the repairs in the program.
│ [x] But for the best results it is recommended to fix the problems reported in this scan if possible.
└────────────────────────────────────────────────────────────────────────────────┘


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:30 PM

Posted 15 August 2017 - 07:25 AM

Hi,

Try this first.

Copy the text IN THE QUOTE BOX below to notepad. Save it as fixme.reg to your desktop.
Be sure the "Save as" type is set to "all files" Once you have saved Right click the .reg file and allow it to merge with the registry.
 

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pcw]
"Start"=-

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pcw]
"Start"=dword:00000000


Restart the computer when completed.

You can delete the fixme.reg file when done.
===

If the problem persists please continue.

You already have the tool. Just repair the Reparse points.

Tweaking.com - Windows Repair All-In-One (Portable)

- Download Windows Repair All-In-One (Portable Version) from here

- Extract tweaking.com_windows_repair_aio.zip to your Desktop.

- Disable all your antivirus and antimalware software - see how to do that from here

- Right click on QfBzvq1.png and select Run as Administrator (XP users just double click) to start Windows Repair All-In-One.
(Windows Vista/7/8 users: Accept UAC warning if it is enabled.)

- A window will appear. Click Step 2.
2f8o60N.png

- Click the Open Pre-Scan button, then click Start Scan. Wait for Windows Repair to finish scanning.

- Depending on which error Windows Repair found, click Repair, Repair Reparse Point or Repair Environment Variable accordingly. When the button changes to "Done!", click the close button to return to Windows Repair.

- Go to Step 3, then click Check in the See If Check Disk Is Needed.
Ymy7crZ.png

- If Windows Repair stated that errors are found, click Open Check Disk At Next Boot. Choose (/R) Fixes errors on the disk also locate bad sectors and recovers readable information, then click Add To Next Boot. Reboot the computer to let Windows check the disk. https://i.imgur.com/Ymy7crZ.png

- Go to Step 4, then click Do It.
zDtdN75.png

- Go to Step 5. Under System Restore click Create.
f7lEe1N.png

- Go to Repairs and click Open Repairs. Leave all checkmarks as they are, then click Start Repairs.
PGv2vtD.png

- By default Windows Repair All-In-One will create a "Logs" folder in its folder on the Desktop. Please post the contents of the log in your next reply.

Edited by nasdaq, 15 August 2017 - 01:09 PM.


#9 tank_dogg06

tank_dogg06
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio, USA
  • Local time:02:30 PM

Posted 15 August 2017 - 05:21 PM

Thanks again for the help nasdaq.

 

I ran the chkdsk before I edited the registry with 'fixme', I'm not sure which did the trick but the task manager works now. I had an issue with Disk Usage stuck at 100%. Superfetch was the culprit and I disabled it via cmd prompt.

 

Should I continue with Steps 4-5 anyway? I also want to double check and make sure logs are clean and there's no traces left of the initial infection.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:30 PM

Posted 16 August 2017 - 06:54 AM

Hi,

Good news. Do not do the Tweaking tool suggested fix.

===

Please download Sophos Virus Removal Tool and save it to your computer's Desktop.
  • Right-click the icon and select Run as administrator.
  • Click Yes to accept any security warnings that may appear.
  • Click the Next button.
  • Select 'I accept the terms in the license agreement', then click Next twice.
  • Click the Install button and wait until the installation is complete.
  • Click the Finish button. The tool created a shortcut icon on the Desktop of your computer.
  • Now, double-click the Sophos Virus Removal Tool shortcut icon to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • After it updates and a "Start Scanning" button appears in the lower right:
    • Disconnect from the Internet or physically unplug your Internet cable connection.
    • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
    • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • Click the "Start Scanning" button in the lower right to start the scan.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, if it detected anything there will be a "Start Clean-up" button, click it and allow it to finish.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
  • If any threats are found click Details, then View Log file (bottom left-hand corner).
  • Copy and paste its contents in your next reply and note any errors encountered.
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup.
  • Click Exit to close the program.
  • If no threats were found, please confirm that result.
Note: Whenever necessary, the log will be in the following location:

Windows Vista and above:
C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log
 
Please post the contents of the log in your next reply and note any errors encountered.
===

#11 tank_dogg06

tank_dogg06
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio, USA
  • Local time:02:30 PM

Posted 16 August 2017 - 11:46 PM

Sophos only found 1 threat but it was a false positive. It was a cracked file for a visual novel. I cleaned it anyway and deleted the VN.

 

 
2017-08-17 01:48:15.927 Sophos Virus Removal Tool version 2.6.1
2017-08-17 01:48:15.927 Copyright © 2009-2017 Sophos Limited. All rights reserved.
 
2017-08-17 01:48:15.927 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.
 
2017-08-17 01:48:15.927 Windows version 6.2 SP 0.0  build 9200 SM=0x300 PT=0x1 WOW64
2017-08-17 01:48:15.927 Checking for updates...
2017-08-17 01:48:16.021 Update progress: proxy server not available
2017-08-17 01:48:34.710 Downloading updates...
2017-08-17 01:48:34.710 Update progress: [I96736] sdds.svrt_10: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1
2017-08-17 01:48:34.710 Update progress: [I95020] sdds.svrt_10: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-08-17 01:48:34.710 Update progress: [I22529] sdds.svrt_10: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-08-17 01:48:34.710 Update progress: [I49502] sdds.savi0910.xml: found supplement SAVIW32 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=]
2017-08-17 01:48:34.710 Update progress: [I95020] sdds.savi0910.xml: looking for packages included from product SAVIW32 LATEST path=
2017-08-17 01:48:34.710 Update progress: [I22529] sdds.savi0910.xml: looking for supplements included from product SAVIW32 LATEST path=
2017-08-17 01:48:34.710 Update progress: [I49502] sdds.data0910.xml: found supplement IDE541 LATEST path= baseVersion= [included from product SAVIW32 LATEST path=]
2017-08-17 01:48:34.710 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE541 LATEST path=
2017-08-17 01:48:34.710 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE541 LATEST path=
2017-08-17 01:48:34.710 Update progress: [I49502] sdds.data0910.xml: found supplement IDE542 LATEST path= baseVersion= [included from product IDE541 LATEST path=]
2017-08-17 01:48:34.710 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE542 LATEST path=
2017-08-17 01:48:34.710 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE542 LATEST path=
2017-08-17 01:48:34.710 Update progress: [I49502] sdds.data0910.xml: found supplement IDE543 LATEST path= baseVersion= [included from product IDE542 LATEST path=]
2017-08-17 01:48:34.710 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE543 LATEST path=
2017-08-17 01:48:34.710 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE543 LATEST path=
2017-08-17 01:48:34.710 Update progress: [I49502] sdds.data0910.xml: found supplement IDE544 LATEST path= baseVersion= [included from product IDE543 LATEST path=]
2017-08-17 01:48:34.710 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE544 LATEST path=
2017-08-17 01:48:34.710 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE544 LATEST path=
2017-08-17 01:48:34.710 Update progress: [I49502] sdds.data0910.xml: found supplement IDE545 LATEST path= baseVersion= [included from product IDE544 LATEST path=]
2017-08-17 01:48:34.710 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE545 LATEST path=
2017-08-17 01:48:34.710 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE545 LATEST path=
2017-08-17 01:48:34.710 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-08-17 01:48:35.117 Update progress: [I19463] Syncing product SAVIW32 LATEST path=
2017-08-17 01:48:35.117 Update progress: [I19463] Product download size 166581621 bytes
2017-08-17 01:48:37.070 Option all = no
2017-08-17 01:48:37.070 Option recurse = yes
2017-08-17 01:48:37.070 Option archive = no
2017-08-17 01:48:37.070 Option service = yes
2017-08-17 01:48:37.070 Option confirm = yes
2017-08-17 01:48:37.070 Option sxl = yes
2017-08-17 01:48:37.070 Option max-data-age = 35
2017-08-17 01:48:37.070 Option vdl-logging = yes
2017-08-17 01:48:37.070 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2017-08-17 01:48:37.070 Machine ID: 757820f34d37462295f2f4594de334e6
2017-08-17 01:48:37.085 Component SVRTcli.exe version 2.6.1
2017-08-17 01:48:37.085 Component control.dll version 2.6.1
2017-08-17 01:48:37.085 Component SVRTservice.exe version 2.6.1
2017-08-17 01:48:37.085 Component engine\osdp.dll version 1.44.1.2286
2017-08-17 01:48:37.085 Component engine\veex.dll version 3.68.6.2286
2017-08-17 01:48:37.085 Component engine\savi.dll version 9.0.7.2286
2017-08-17 01:48:37.085 Component rkdisk.dll version 1.5.31.1
2017-08-17 01:48:37.085 Version info: Product version 2.6.1
2017-08-17 01:48:37.085 Version info: Detection engine 3.68.6
2017-08-17 01:48:37.085 Version info: Detection data 5.40
2017-08-17 01:48:37.085 Version info: Build date 2017/05/30
2017-08-17 01:48:37.085 Version info: Data files added 521
2017-08-17 01:48:37.085 Version info: Last successful update (not yet updated)
2017-08-17 01:48:40.070 Update progress: [I19463] Syncing product IDE541 LATEST path=
2017-08-17 01:48:40.070 Update progress: [I19463] Product download size 2265483 bytes
2017-08-17 01:48:42.430 Update progress: [I19463] Syncing product IDE542 LATEST path=
2017-08-17 01:48:42.430 Update progress: [I19463] Product download size 2018230 bytes
2017-08-17 01:48:45.899 Update progress: [I19463] Syncing product IDE543 LATEST path=
2017-08-17 01:48:45.899 Update progress: [I19463] Product download size 2650459 bytes
2017-08-17 01:48:50.587 Update progress: [I19463] Syncing product IDE544 LATEST path=
2017-08-17 01:48:50.587 Update progress: [I19463] Product download size 1657933 bytes
2017-08-17 01:49:04.150 Update progress: [I19463] Syncing product IDE545 LATEST path=
2017-08-17 01:49:04.213 Installing updates...
2017-08-17 01:49:05.244 Error level 1
2017-08-17 01:49:39.201 Update successful
2017-08-17 01:50:00.687 Option all = no
2017-08-17 01:50:00.687 Option recurse = yes
2017-08-17 01:50:00.687 Option archive = no
2017-08-17 01:50:00.687 Option service = yes
2017-08-17 01:50:00.687 Option confirm = yes
2017-08-17 01:50:00.687 Option sxl = yes
2017-08-17 01:50:00.687 Option max-data-age = 35
2017-08-17 01:50:00.687 Option vdl-logging = yes
2017-08-17 01:50:00.687 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2017-08-17 01:50:00.687 Machine ID: 757820f34d37462295f2f4594de334e6
2017-08-17 01:50:00.687 Component SVRTcli.exe version 2.6.1
2017-08-17 01:50:00.687 Component control.dll version 2.6.1
2017-08-17 01:50:00.687 Component SVRTservice.exe version 2.6.1
2017-08-17 01:50:00.687 Component engine\osdp.dll version 1.44.1.2286
2017-08-17 01:50:00.687 Component engine\veex.dll version 3.68.6.2286
2017-08-17 01:50:00.687 Component engine\savi.dll version 9.0.7.2286
2017-08-17 01:50:00.703 Component rkdisk.dll version 1.5.31.1
2017-08-17 01:50:00.703 Version info: Product version 2.6.1
2017-08-17 01:50:00.703 Version info: Detection engine 3.68.6
2017-08-17 01:50:00.703 Version info: Detection data 5.40
2017-08-17 01:50:00.703 Version info: Build date 2017/05/30
2017-08-17 01:50:00.703 Version info: Data files added 522
2017-08-17 01:50:00.703 Version info: Last successful update 2017/08/16 21:49:39
 
2017-08-17 01:50:24.783 Couldn't apply option 'SXLLiveProtection' to the detection engine.
2017-08-17 02:33:21.997 Could not open C:\hiberfil.sys
2017-08-17 02:33:31.826 Could not open C:\pagefile.sys
2017-08-17 02:37:30.772 >>> Virus 'Mal/VMProtBad-A' found in file C:\Program Files\Grisaia Series\TheLeisureOfGrisaia\steam_api.dll
2017-08-17 03:12:26.837 Could not open C:\swapfile.sys
2017-08-17 03:15:54.896 Could not open C:\System Volume Information\{28926608-8205-11e7-9c31-a0b3cc463555}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-08-17 03:15:54.896 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-08-17 03:15:54.896 Could not open C:\System Volume Information\{ae1daf9f-822b-11e7-9c31-a0b3cc463555}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-08-17 03:37:30.206 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2017-08-17 03:37:38.909 Could not open C:\Windows\System32\config\BBI
2017-08-17 03:37:39.379 Could not open C:\Windows\System32\config\RegBack\DEFAULT
2017-08-17 03:37:39.393 Could not open C:\Windows\System32\config\RegBack\SAM
2017-08-17 03:37:39.393 Could not open C:\Windows\System32\config\RegBack\SECURITY
2017-08-17 03:37:39.408 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2017-08-17 03:37:39.424 Could not open C:\Windows\System32\config\RegBack\SYSTEM
2017-08-17 04:06:57.925 Could not open LOGICAL:0004:00000000
2017-08-17 04:06:57.925 Could not open E:\
2017-08-17 04:06:58.465 The following items will be cleaned up:
2017-08-17 04:06:58.465 Mal/VMProtBad-A
2017-08-17 04:34:49.032 Threat 'Mal/VMProtBad-A' has been cleaned up.
2017-08-17 04:34:49.032 File "C:\Program Files\Grisaia Series\TheLeisureOfGrisaia\steam_api.dll" belongs to malware 'Mal/VMProtBad-A'.
2017-08-17 04:34:49.032 File "C:\Program Files\Grisaia Series\TheLeisureOfGrisaia\steam_api.dll" has been cleaned up.
2017-08-17 04:34:49.032 Removal successful
2017-08-17 04:34:49.928 Error level 0


#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:30 PM

Posted 17 August 2017 - 07:11 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users