Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with SmartService and possibly others


  • This topic is locked This topic is locked
13 replies to this topic

#1 RaritanAnon

RaritanAnon

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 22 August 2017 - 08:20 PM

Hello, my system is infected with what I've figured is SmartService (the 'resource is in use' virus) plus possibly others. I've tried just about every software that I've seen suggested for others and while I've been able to get rid of some of the AdWare, I've not been able to get rid of this one. The ones that have been successful at all are 'Zemana Portable' 'RogueKiller' and to a lesser extent, 'Spybot - S&D'. It has also rendered going into safe mode only by hard resetting and interrupting Windows after a few attempts. Any assistance is appreciated.



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:51 PM

Posted 23 August 2017 - 02:53 PM

Welcome :)

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another log (Addition.txt ). Please attach this to your reply.

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 RaritanAnon

RaritanAnon
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 23 August 2017 - 03:06 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by Gary (administrator) on GARY-PC (23-08-2017 15:00:45)
Running from C:\Users\Gary\Desktop\Downloads
Loaded Profiles: Gary (Available Profiles: Gary)
Platform: Windows 10 Pro Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Users\Gary\AppData\Local\ntuserlitelist\dataup\dataup.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
() C:\Windows\System32\tprdpw64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.13510.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-05-09] (Apple Inc.)
HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe [5128904 2016-09-12] (O&O Software GmbH)
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1310720 2009-08-05] (Analog Devices, Inc.)
HKLM-x32\...\Run: [cpx] => "C:\Users\Gary\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <==== ATTENTION
HKLM-x32\...\Run: [svcvmx] => "C:\Users\Gary\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe" -starup
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5885352 2017-06-29] (LogMeIn Inc.)
HKU\S-1-5-21-25100226-3621016874-1399633930-1001\...\Run: [MusicManager] => C:\Users\Gary\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7646208 2015-05-29] (Google Inc.)
HKU\S-1-5-21-25100226-3621016874-1399633930-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [5077792 2017-05-16] (Nota Inc.)
HKU\S-1-5-21-25100226-3621016874-1399633930-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-05-09] (Apple Inc.)
HKU\S-1-5-21-25100226-3621016874-1399633930-1001\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1092920 2017-02-16] (Apple Inc.)
HKU\S-1-5-21-25100226-3621016874-1399633930-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-05-09] (Apple Inc.)
HKU\S-1-5-21-25100226-3621016874-1399633930-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2017-05-09] (Apple Inc.)
HKU\S-1-5-21-25100226-3621016874-1399633930-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-05-09] (Apple Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\O&O Defrag Tray.lnk [2017-07-09]
ShortcutTarget: O&O Defrag Tray.lnk -> C:\Windows\Installer\{A2D1D1B3-2C94-4E3A-BCD3-268F93010169}\app_icon.ico ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Universal Media Server.lnk [2017-04-10]
ShortcutTarget: Universal Media Server.lnk -> C:\Program Files (x86)\Universal Media Server\UMS.exe (Universal Media Server)
Startup: C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\importantupdates.vbs [2017-07-09] ()
Startup: C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\windowsupdates.vbs [2017-07-13] ()
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{07c968ca-3a73-404d-bd1d-bada6019dcc1}: [DhcpNameServer] 75.75.76.76 75.75.75.75
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKU\S-1-5-21-25100226-3621016874-1399633930-1001 -> {570D2540-ADB1-4EA8-8F59-3AF8CEC9F3BB} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-08-23] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_141\bin\ssv.dll [2017-08-22] (Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-08-23] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_141\bin\jp2ssv.dll [2017-08-22] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-08-23] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-08-23] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-08-23] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-08-23] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-08-23] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-08-23] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Gary\AppData\Roaming\TomTom\HOME\Profiles\j2hb9nm9.default [2015-09-02]
FF Extension: (No Name) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [not found]
FF ProfilePath: C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\4f5hop5n.default [2017-08-23]
FF Extension: (Cisco WebEx Extension) - C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\4f5hop5n.default\Extensions\ciscowebexstart1@cisco.com.xpi [2017-07-15]
FF Extension: (uBlock Origin) - C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\4f5hop5n.default\Extensions\uBlock0@raymondhill.net.xpi [2017-07-20]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-08] ()
FF Plugin: @java.com/DTPlugin,version=11.141.2 -> C:\Program Files\Java\jre1.8.0_141\bin\dtplugin\npDeployJava1.dll [2017-08-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.141.2 -> C:\Program Files\Java\jre1.8.0_141\bin\plugin2\npjp2.dll [2017-08-22] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-08] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-08-23] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-08-23] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-08-09] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-08-09] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll [2016-07-22] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Gary\AppData\Roaming\mozilla\plugins\npatgpc.dll [2017-04-27] (Cisco WebEx LLC)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default [2017-08-23]
CHR Extension: (Google Slides) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-02]
CHR Extension: (Theme Creator) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpelnjfckgfiplcikojhomllgombffc [2016-05-10]
CHR Extension: (Google Docs) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-02]
CHR Extension: (Google Drive) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (Honey) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2017-08-22]
CHR Extension: (uBlock Origin) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-07-23]
CHR Extension: (Google Search) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Google Sheets) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-02]
CHR Extension: (Gyazo) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdaeeijbbijklfcpahbghahojgfgebo [2017-07-30]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2017-07-22]
CHR Extension: (Google Docs Offline) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (History) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga [2017-08-09]
CHR Extension: (Downloads) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfchnphgogjhineanplmfkofljiagjfb [2016-10-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-21]
CHR Extension: (Gmail) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-02]
CHR Extension: (Chrome Media Router) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-13]
CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
"drmkpro64" => service could not be unlocked. <==== ATTENTION
 
S4 AEADIFilters; C:\WINDOWS\system32\AEADISRV.EXE [111616 2009-08-05] (Andrea Electronics Corporation)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\60.0.3112.25\remoting_host.exe [71512 2017-06-08] (Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4424392 2017-08-12] (Microsoft Corporation)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2015-09-02] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2015-09-02] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed]
R2 Dataup; C:\Users\Gary\AppData\Local\ntuserlitelist\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
S4 Ds3Service; C:\Program Files (x86)\Scarlet.Crush Productions\bin\ScpService.exe [388352 2013-05-05] (Scarlet.Crush Productions)
S4 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3418024 2017-06-29] (LogMeIn Inc.)
S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc.)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5449136 2016-05-16] (INCA Internet Co., Ltd.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-08-17] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-08-17] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-08-09] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-08-17] (NVIDIA Corporation)
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [1735368 2016-09-12] (O&O Software GmbH)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-18] (Microsoft Corporation)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
S4 MBAMService; "C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe" [X]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [X]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [X]
S2 windowsmanagementservice; C:\Users\Gary\AppData\Local\etzslfj\mnchbnv\ct.exe [X] <==== ATTENTION
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 DigiartyVirtualCDBus; C:\WINDOWS\System32\drivers\DigiartyVirtualCDBus.sys [276256 2017-06-03] (Digiarty Software, Inc.)
S3 dtlitescsibus; C:\WINDOWS\System32\DRIVERS\dtlitescsibus.sys [30264 2015-09-02] (Disc Soft Ltd)
R3 ElcMouLFlt; C:\WINDOWS\System32\drivers\ElcMouLFlt.sys [28648 2015-09-11] (ELECOM)
R3 ElcMouUFlt; C:\WINDOWS\System32\drivers\ElcMouUFlt.sys [27624 2015-09-11] (ELECOM)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77376 2017-05-25] ()
S3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2016-08-31] (LogMeIn Inc.)
R1 MpKsl8f8f76d3; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1DC8573A-DB35-4D8D-8493-4A17A98674D5}\MpKsl8f8f76d3.sys [44928 2017-08-23] (Microsoft Corporation)
R1 MpKsledebc9c4; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F487D1C3-C13E-4698-8FB9-CB639AE8B433}\MpKsledebc9c4.sys [44928 2017-08-23] (Microsoft Corporation)
R3 MTsensor; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_9ab613610b40aa98\nvlddmkm.sys [15610296 2017-08-10] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-08-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48064 2017-07-26] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-06-21] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-08-22] ()
R3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-08-22] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-08-22] (Zemana Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-23 14:00 - 2017-08-23 14:00 - 000000085 _____ C:\WINDOWS\wininit.ini
2017-08-23 14:00 - 2017-08-23 14:00 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2017-08-22 19:59 - 2017-08-23 15:00 - 000000000 ____D C:\FRST
2017-08-22 18:34 - 2017-08-22 20:52 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-08-22 18:34 - 2017-08-22 20:47 - 000001080 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-08-22 18:34 - 2017-08-22 19:58 - 000000000 ____D C:\ProgramData\RogueKiller
2017-08-22 18:34 - 2017-08-22 18:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-08-22 18:34 - 2017-08-22 18:34 - 000000000 ____D C:\Program Files\RogueKiller
2017-08-22 18:33 - 2017-08-22 18:33 - 035772800 _____ (Adlice Software ) C:\Users\Gary\Desktop\RogueKiller_setup_ref3.exe
2017-08-22 18:31 - 2017-08-22 20:52 - 000138180 _____ C:\WINDOWS\ntbtlog.txt
2017-08-22 16:40 - 2017-08-23 15:01 - 000095170 _____ C:\WINDOWS\ZAM.krnl.trace
2017-08-22 16:40 - 2017-08-23 15:01 - 000069514 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-08-22 16:40 - 2017-08-22 16:40 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-08-22 16:40 - 2017-08-22 16:40 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-08-22 16:39 - 2017-08-22 16:39 - 015808656 _____ (Copyright 2017.) C:\Users\Gary\Desktop\Zemana.AntiMalware.Portable.exe
2017-08-22 14:54 - 2017-08-22 14:54 - 000000000 ____D C:\WINDOWS\Sun
2017-08-22 14:54 - 2017-08-22 14:53 - 000110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2017-08-22 14:53 - 2017-08-22 14:53 - 000000000 ____D C:\Users\Gary\.oracle_jre_usage
2017-08-22 14:53 - 2017-08-22 14:53 - 000000000 ____D C:\Program Files\Java
2017-08-22 12:44 - 2017-08-22 12:44 - 000000000 ____D C:\ProgramData\Sophos
2017-08-22 11:48 - 2016-07-14 02:14 - 000171664 _____ (Ray Hinchliffe) C:\WINDOWS\system32\Drivers\SIVX64.sys
2017-08-22 11:46 - 2017-07-22 13:12 - 000000000 ____D C:\Users\Gary\Desktop\integrity_verification
2017-08-22 11:46 - 2017-07-22 08:53 - 000000000 ____D C:\Users\Gary\Desktop\tron
2017-08-22 11:43 - 2017-08-22 11:45 - 666481140 _____ (Igor Pavlov) C:\Users\Gary\Desktop\Tron v10.2.1 (2017-07-22).exe
2017-08-22 10:51 - 2017-08-23 14:00 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-08-22 10:51 - 2017-08-22 10:51 - 000000656 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2017-08-22 10:51 - 2017-08-22 10:51 - 000000628 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2017-08-22 10:51 - 2017-08-22 10:51 - 000000458 _____ C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2017-08-22 10:39 - 2017-08-22 10:39 - 005766464 _____ (Zemana Ltd. ) C:\Users\Gary\Desktop\hg.exe
2017-08-22 10:38 - 2017-08-22 10:38 - 000000000 ____D C:\Users\Gary\AppData\Local\Zemana
2017-08-22 10:28 - 2017-08-22 18:32 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-08-22 02:40 - 2017-08-23 14:01 - 112459776 _____ C:\WINDOWS\system32\config\SOFTWARE
2017-08-21 23:45 - 2017-08-21 23:45 - 000000000 ____D C:\Users\Gary\AppData\Roaming\VS Revo Group
2017-08-21 22:44 - 2017-08-21 23:11 - 000000000 ____D C:\Users\Gary\Downloads\Hitman Pro 3.5.9 Build 125 (x64) incl crack
2017-08-20 20:58 - 2017-08-09 17:21 - 000135616 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-08-20 20:55 - 2017-08-20 20:56 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2017-08-20 20:52 - 2017-08-09 19:34 - 040239552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2017-08-20 20:52 - 2017-08-09 19:34 - 035846080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-08-20 20:52 - 2017-08-09 19:34 - 035314296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-08-20 20:52 - 2017-08-09 19:34 - 028961912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-08-20 20:52 - 2017-08-09 19:34 - 023074832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-08-20 20:52 - 2017-08-09 19:34 - 018805160 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-08-20 20:52 - 2017-08-09 19:34 - 013649808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-08-20 20:52 - 2017-08-09 19:34 - 012133296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-08-20 20:52 - 2017-08-09 19:34 - 011585736 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-08-20 20:52 - 2017-08-09 19:34 - 009982968 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-08-20 20:52 - 2017-08-09 19:34 - 004164032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-08-20 20:52 - 2017-08-09 19:34 - 003596224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-08-20 20:52 - 2017-08-09 19:34 - 001988216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438528.dll
2017-08-20 20:52 - 2017-08-09 19:34 - 001598072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438528.dll
2017-08-20 20:52 - 2017-08-09 19:34 - 001067968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-08-20 20:52 - 2017-08-09 19:34 - 001005176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-08-20 20:52 - 2017-08-09 19:34 - 000972736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-08-20 20:52 - 2017-08-09 19:34 - 000924096 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-08-20 20:52 - 2017-08-09 19:34 - 000689808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-08-20 20:52 - 2017-08-09 19:34 - 000578056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-08-20 20:52 - 2017-08-09 19:34 - 000046463 _____ C:\WINDOWS\system32\nvinfo.pb
2017-08-20 20:14 - 2017-08-20 20:14 - 000005028 _____ C:\Users\Gary\Downloads\errorlog.txt
2017-08-20 20:14 - 2017-08-20 20:14 - 000001412 _____ C:\Users\Gary\Downloads\ffmpeg_video_title0_source0.txt
2017-08-20 20:12 - 2017-08-20 20:14 - 000072304 _____ C:\Users\Gary\Downloads\mkvtemp
2017-08-20 20:12 - 2017-08-20 20:14 - 000058525 _____ C:\Users\Gary\Downloads\mkvextract.txt
2017-08-20 17:09 - 2017-08-20 17:09 - 000000000 ____D C:\Users\Gary\Downloads\dvd
2017-08-20 16:39 - 2017-08-20 16:43 - 000000000 ____D C:\Users\Gary\Downloads\Wonder.Woman.2017.1080p.HC.HDRip.x264.AAC-Ozlem
2017-08-20 16:29 - 2017-08-20 16:40 - 000000000 ____D C:\Users\Gary\Downloads\Transformers The Last Knight 2017 720p HD-TC x264-TRUMP
2017-08-20 14:26 - 2017-08-20 14:26 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-08-20 14:26 - 2017-08-20 14:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-08-20 14:25 - 2017-08-20 14:26 - 000000000 ____D C:\Program Files\CCleaner
2017-08-18 11:21 - 2017-08-21 16:59 - 000000000 ____D C:\Program Files (x86)\SpeedFan
2017-08-18 11:21 - 2017-08-18 11:21 - 000001076 _____ C:\Users\Gary\Desktop\SpeedFan.lnk
2017-08-18 11:21 - 2017-08-18 11:21 - 000000045 _____ C:\WINDOWS\SysWOW64\initdebug.nfo
2017-08-18 11:21 - 2017-08-18 11:21 - 000000000 ____D C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2017-08-08 15:11 - 2017-07-31 21:38 - 000406544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-08-08 15:11 - 2017-07-31 21:36 - 002165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-08-08 15:11 - 2017-07-31 21:36 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-08-08 15:11 - 2017-07-31 21:36 - 000119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-08-08 15:11 - 2017-07-31 21:35 - 000280472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-08-08 15:11 - 2017-07-31 21:35 - 000133904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-08-08 15:11 - 2017-07-31 21:34 - 000610584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-08-08 15:11 - 2017-07-31 21:34 - 000359552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-08-08 15:11 - 2017-07-31 21:34 - 000349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-08-08 15:11 - 2017-07-31 21:34 - 000168864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-08-08 15:11 - 2017-07-31 21:31 - 000176024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-08-08 15:11 - 2017-07-31 21:20 - 002956288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-08-08 15:11 - 2017-07-31 21:20 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-08-08 15:11 - 2017-07-31 21:20 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-08-08 15:11 - 2017-07-31 21:18 - 013841408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-08-08 15:11 - 2017-07-31 21:18 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-08-08 15:11 - 2017-07-31 21:17 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll
2017-08-08 15:11 - 2017-07-31 21:14 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sscore.dll
2017-08-08 15:11 - 2017-07-31 21:13 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-08-08 15:11 - 2017-07-31 21:13 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll
2017-08-08 15:11 - 2017-07-31 21:12 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-08-08 15:11 - 2017-07-31 21:09 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-08-08 15:11 - 2017-07-31 21:08 - 000267264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2017-08-08 15:11 - 2017-07-31 21:07 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-08-08 15:11 - 2017-07-31 21:07 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-08-08 15:11 - 2017-07-31 21:06 - 000798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-08-08 15:11 - 2017-07-31 21:03 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-08-08 15:11 - 2017-07-31 20:30 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-08-08 15:11 - 2017-07-31 20:28 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-08-08 15:11 - 2017-07-31 17:45 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2017-08-08 15:11 - 2017-07-31 17:45 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswdat10.dll
2017-08-08 15:11 - 2017-07-31 17:45 - 000641536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-08-08 15:11 - 2017-07-31 17:45 - 000616448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrepl40.dll
2017-08-08 15:11 - 2017-07-31 17:45 - 000518144 _____ C:\WINDOWS\SysWOW64\msjetoledb40.dll
2017-08-08 15:11 - 2017-07-31 17:45 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2017-08-08 15:11 - 2017-07-31 17:45 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2017-08-08 15:11 - 2017-07-31 17:45 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2017-08-08 15:11 - 2017-07-31 17:45 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-08-08 15:11 - 2017-07-31 17:45 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2017-08-08 15:11 - 2017-07-31 17:45 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjtes40.dll
2017-08-08 15:11 - 2017-07-31 17:45 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstext40.dll
2017-08-08 15:11 - 2017-07-31 17:45 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2017-08-08 15:11 - 2017-07-31 17:45 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-08-08 15:11 - 2017-07-31 17:45 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjter40.dll
2017-08-08 15:11 - 2017-07-28 00:23 - 000723360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2017-08-08 15:11 - 2017-07-28 00:20 - 000279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-08-08 15:11 - 2017-07-28 00:15 - 000554400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-08-08 15:11 - 2017-07-28 00:10 - 002679200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-08-08 15:11 - 2017-07-28 00:07 - 000805816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-08-08 15:11 - 2017-07-27 23:48 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-08-08 15:11 - 2017-07-27 23:48 - 000096648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-08-08 15:11 - 2017-07-27 23:47 - 002259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-08-08 15:11 - 2017-07-27 23:40 - 005820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-08-08 15:11 - 2017-07-27 23:40 - 000551200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2017-08-08 15:11 - 2017-07-27 23:38 - 004213656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2017-08-08 15:11 - 2017-07-27 23:37 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-08-08 15:11 - 2017-07-27 23:36 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-08-08 15:11 - 2017-07-27 23:36 - 006761568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-08-08 15:11 - 2017-07-27 23:36 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-08-08 15:11 - 2017-07-27 23:36 - 002424024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-08-08 15:11 - 2017-07-27 23:36 - 001195760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-08-08 15:11 - 2017-07-27 23:36 - 000866808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2017-08-08 15:11 - 2017-07-27 23:36 - 000864248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-08-08 15:11 - 2017-07-27 23:36 - 000173104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2017-08-08 15:11 - 2017-07-27 23:36 - 000090464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.dll
2017-08-08 15:11 - 2017-07-27 23:35 - 000988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-08-08 15:11 - 2017-07-27 23:35 - 000277432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shlwapi.dll
2017-08-08 15:11 - 2017-07-27 23:33 - 000967584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2017-08-08 15:11 - 2017-07-27 23:33 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-08-08 15:11 - 2017-07-27 23:33 - 000414296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2017-08-08 15:11 - 2017-07-27 23:27 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2017-08-08 15:11 - 2017-07-27 23:26 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
2017-08-08 15:11 - 2017-07-27 23:21 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll
2017-08-08 15:11 - 2017-07-27 23:20 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-08-08 15:11 - 2017-07-27 23:20 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IpNatHlpClient.dll
2017-08-08 15:11 - 2017-07-27 23:19 - 000942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-08-08 15:11 - 2017-07-27 23:19 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2017-08-08 15:11 - 2017-07-27 23:19 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2017-08-08 15:11 - 2017-07-27 23:18 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2017-08-08 15:11 - 2017-07-27 23:17 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-08-08 15:11 - 2017-07-27 23:16 - 001291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-08-08 15:11 - 2017-07-27 23:16 - 000470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-08-08 15:11 - 2017-07-27 23:16 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qasf.dll
2017-08-08 15:11 - 2017-07-27 23:15 - 005721600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-08-08 15:11 - 2017-07-27 23:15 - 000586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2017-08-08 15:11 - 2017-07-27 23:14 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-08-08 15:11 - 2017-07-27 23:14 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-08-08 15:11 - 2017-07-27 23:14 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2017-08-08 15:11 - 2017-07-27 23:13 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2017-08-08 15:11 - 2017-07-27 23:13 - 000665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-08-08 15:11 - 2017-07-27 23:13 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-08-08 15:11 - 2017-07-27 23:12 - 000952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-08-08 15:11 - 2017-07-27 23:12 - 000587776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-08-08 15:11 - 2017-07-27 23:12 - 000446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-08-08 15:11 - 2017-07-27 23:12 - 000337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-08-08 15:11 - 2017-07-27 23:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-08-08 15:11 - 2017-07-27 23:11 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-08-08 15:11 - 2017-07-27 23:10 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-08-08 15:11 - 2017-07-27 23:10 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-08-08 15:11 - 2017-07-27 23:10 - 000564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shsvcs.dll
2017-08-08 15:11 - 2017-07-27 23:09 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-08-08 15:11 - 2017-07-27 23:08 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-08-08 15:11 - 2017-07-27 23:08 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-08-08 15:11 - 2017-07-27 23:08 - 004056064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-08-08 15:11 - 2017-07-27 23:08 - 000760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-08-08 15:11 - 2017-07-27 23:08 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2017-08-08 15:11 - 2017-07-27 23:07 - 002211840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-08-08 15:11 - 2017-07-27 23:05 - 001536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-08-08 15:11 - 2017-07-27 23:05 - 000892928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-08-08 15:11 - 2017-07-27 23:05 - 000538112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2017-08-08 15:11 - 2017-07-27 23:02 - 000877056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
2017-08-08 15:11 - 2017-07-27 23:02 - 000853504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe
2017-08-08 15:11 - 2017-07-27 23:02 - 000077312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spbcd.dll
2017-08-08 15:10 - 2017-07-31 21:39 - 008319392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-08-08 15:10 - 2017-07-31 21:38 - 000382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-08-08 15:10 - 2017-07-31 21:32 - 002444704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-08-08 15:10 - 2017-07-31 21:32 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-08-08 15:10 - 2017-07-31 21:32 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-08-08 15:10 - 2017-07-31 21:31 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-08-08 15:10 - 2017-07-31 21:31 - 002645680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-08-08 15:10 - 2017-07-31 21:31 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-08-08 15:10 - 2017-07-31 21:30 - 000723680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-08-08 15:10 - 2017-07-31 21:30 - 000411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-08-08 15:10 - 2017-07-31 21:30 - 000410160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-08-08 15:10 - 2017-07-31 21:30 - 000315288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-08-08 15:10 - 2017-07-31 21:30 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-08-08 15:10 - 2017-07-31 21:30 - 000143736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-08-08 15:10 - 2017-07-31 21:16 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-08-08 15:10 - 2017-07-31 21:13 - 020504064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-08-08 15:10 - 2017-07-31 21:12 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-08-08 15:10 - 2017-07-31 21:10 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-08-08 15:10 - 2017-07-31 21:07 - 011870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-08-08 15:10 - 2017-07-31 21:04 - 006269440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-08-08 15:10 - 2017-07-31 21:04 - 003656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-08-08 15:10 - 2017-07-31 20:57 - 023677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-08-08 15:10 - 2017-07-31 20:45 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-08-08 15:10 - 2017-07-31 20:42 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-08-08 15:10 - 2017-07-31 20:41 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-08-08 15:10 - 2017-07-31 20:40 - 017366528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-08-08 15:10 - 2017-07-31 20:37 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-08-08 15:10 - 2017-07-31 20:36 - 023681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-08-08 15:10 - 2017-07-31 20:35 - 000692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-08-08 15:10 - 2017-07-31 20:34 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-08-08 15:10 - 2017-07-31 20:32 - 007336960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-08-08 15:10 - 2017-07-31 20:32 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-08-08 15:10 - 2017-07-31 20:31 - 012786176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-08-08 15:10 - 2017-07-31 20:31 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-08-08 15:10 - 2017-07-31 20:31 - 001396736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-08-08 15:10 - 2017-07-31 20:30 - 008209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-08-08 15:10 - 2017-07-31 20:30 - 002055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-08-08 15:10 - 2017-07-31 20:30 - 001052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-08-08 15:10 - 2017-07-31 20:28 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-08-08 15:10 - 2017-07-31 20:27 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-08-08 15:10 - 2017-07-28 00:30 - 001068720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-08-08 15:10 - 2017-07-28 00:25 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-08-08 15:10 - 2017-07-28 00:24 - 002327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-08-08 15:10 - 2017-07-28 00:24 - 000455584 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2017-08-08 15:10 - 2017-07-28 00:24 - 000116280 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll
2017-08-08 15:10 - 2017-07-28 00:23 - 002969888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-08-08 15:10 - 2017-07-28 00:22 - 000923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-08-08 15:10 - 2017-07-28 00:17 - 000660680 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2017-08-08 15:10 - 2017-07-28 00:16 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-08-08 15:10 - 2017-07-28 00:15 - 005302968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2017-08-08 15:10 - 2017-07-28 00:15 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-08-08 15:10 - 2017-07-28 00:14 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-08-08 15:10 - 2017-07-28 00:13 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-08-08 15:10 - 2017-07-28 00:13 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-08-08 15:10 - 2017-07-28 00:13 - 002604248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-08-08 15:10 - 2017-07-28 00:13 - 001033544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2017-08-08 15:10 - 2017-07-28 00:12 - 021353208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-08-08 15:10 - 2017-07-28 00:12 - 001325968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-08-08 15:10 - 2017-07-28 00:09 - 000529992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2017-08-08 15:10 - 2017-07-28 00:09 - 000527976 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2017-08-08 15:10 - 2017-07-28 00:09 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-08-08 15:10 - 2017-07-27 23:48 - 000100232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcd.dll
2017-08-08 15:10 - 2017-07-27 23:29 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-08-08 15:10 - 2017-07-27 23:26 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2017-08-08 15:10 - 2017-07-27 23:26 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-08-08 15:10 - 2017-07-27 23:25 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-08-08 15:10 - 2017-07-27 23:24 - 000184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2017-08-08 15:10 - 2017-07-27 23:24 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2017-08-08 15:10 - 2017-07-27 23:24 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-08-08 15:10 - 2017-07-27 23:23 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-08-08 15:10 - 2017-07-27 23:23 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-08-08 15:10 - 2017-07-27 23:22 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2017-08-08 15:10 - 2017-07-27 23:22 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
2017-08-08 15:10 - 2017-07-27 23:22 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-08-08 15:10 - 2017-07-27 23:22 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-08-08 15:10 - 2017-07-27 23:22 - 000197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-08-08 15:10 - 2017-07-27 23:21 - 008333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-08-08 15:10 - 2017-07-27 23:21 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-08-08 15:10 - 2017-07-27 23:21 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-08-08 15:10 - 2017-07-27 23:21 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-08-08 15:10 - 2017-07-27 23:20 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-08-08 15:10 - 2017-07-27 23:19 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-08-08 15:10 - 2017-07-27 23:19 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-08-08 15:10 - 2017-07-27 23:19 - 000687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-08-08 15:10 - 2017-07-27 23:19 - 000417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-08-08 15:10 - 2017-07-27 23:19 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-08-08 15:10 - 2017-07-27 23:19 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2017-08-08 15:10 - 2017-07-27 23:18 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-08-08 15:10 - 2017-07-27 23:18 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-08-08 15:10 - 2017-07-27 23:18 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-08-08 15:10 - 2017-07-27 23:18 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-08-08 15:10 - 2017-07-27 23:17 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-08-08 15:10 - 2017-07-27 23:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-08-08 15:10 - 2017-07-27 23:17 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-08-08 15:10 - 2017-07-27 23:16 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-08-08 15:10 - 2017-07-27 23:16 - 000383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-08-08 15:10 - 2017-07-27 23:15 - 003204608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-08-08 15:10 - 2017-07-27 23:15 - 000986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-08-08 15:10 - 2017-07-27 23:14 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-08-08 15:10 - 2017-07-27 23:14 - 001305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-08-08 15:10 - 2017-07-27 23:13 - 004535296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-08-08 15:10 - 2017-07-27 23:13 - 000809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-08-08 15:10 - 2017-07-27 23:12 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-08-08 15:10 - 2017-07-27 23:12 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-08-08 15:10 - 2017-07-27 23:12 - 002939392 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-08-08 15:10 - 2017-07-27 23:12 - 002444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-08-08 15:10 - 2017-07-27 23:12 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-08-08 15:10 - 2017-07-27 23:10 - 001706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-08-08 15:10 - 2017-07-27 23:08 - 000600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-08-08 15:10 - 2017-07-27 23:07 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2017-08-08 15:10 - 2017-07-27 23:07 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2017-08-08 15:10 - 2017-07-27 23:07 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2017-08-08 15:10 - 2017-07-27 23:07 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
2017-08-08 15:10 - 2017-07-27 23:06 - 001833984 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2017-08-08 15:09 - 2017-07-31 21:33 - 000473240 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-08-08 15:09 - 2017-07-31 21:30 - 000082336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2017-08-08 15:09 - 2017-07-31 21:26 - 000204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-08-08 15:09 - 2017-07-31 20:45 - 001275392 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-08-08 15:09 - 2017-07-31 20:45 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-08-08 15:09 - 2017-07-31 20:45 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-08-08 15:09 - 2017-07-31 20:44 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-08-08 15:09 - 2017-07-31 20:44 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2017-08-08 15:09 - 2017-07-31 20:44 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-08-08 15:09 - 2017-07-31 20:41 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2017-08-08 15:09 - 2017-07-31 20:41 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
2017-08-08 15:09 - 2017-07-31 20:40 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2017-08-08 15:09 - 2017-07-31 20:39 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
2017-08-08 15:09 - 2017-07-31 20:38 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll
2017-08-08 15:09 - 2017-07-31 20:38 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvcext.dll
2017-08-08 15:09 - 2017-07-31 20:37 - 000582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2017-08-08 15:09 - 2017-07-31 20:37 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-08-08 15:09 - 2017-07-31 20:33 - 001269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-08-08 15:09 - 2017-07-31 20:33 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2017-08-08 15:09 - 2017-07-31 20:30 - 000303104 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2017-08-08 15:09 - 2017-07-31 20:27 - 000574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2017-08-08 15:09 - 2017-07-31 20:27 - 000482816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2017-08-08 15:09 - 2017-07-31 20:26 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2017-08-08 15:09 - 2017-07-31 20:25 - 000249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
2017-08-08 15:09 - 2017-07-31 20:25 - 000194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2017-08-08 15:09 - 2017-07-31 20:25 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2017-08-08 15:09 - 2017-07-28 00:24 - 000119904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-08-08 15:09 - 2017-07-28 00:16 - 000961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-08-08 15:09 - 2017-07-28 00:15 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-08-08 15:09 - 2017-07-28 00:14 - 000318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-08-08 15:09 - 2017-07-28 00:13 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-08-08 15:09 - 2017-07-28 00:13 - 000192264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2017-08-08 15:09 - 2017-07-28 00:13 - 000104432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.dll
2017-08-08 15:09 - 2017-07-28 00:12 - 001337856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-08-08 15:09 - 2017-07-28 00:12 - 000323936 _____ (Microsoft Corporation) C:\WINDOWS\system32\shlwapi.dll
2017-08-08 15:09 - 2017-07-28 00:10 - 001114528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2017-08-08 15:09 - 2017-07-27 23:31 - 003995136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2017-08-08 15:09 - 2017-07-27 23:30 - 001722880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll
2017-08-08 15:09 - 2017-07-27 23:29 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-08-08 15:09 - 2017-07-27 23:26 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ofdeploy.exe
2017-08-08 15:09 - 2017-07-27 23:26 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\IpNatHlpClient.dll
2017-08-08 15:09 - 2017-07-27 23:25 - 003464704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2017-08-08 15:09 - 2017-07-27 23:25 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2017-08-08 15:09 - 2017-07-27 23:25 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-08-08 15:09 - 2017-07-27 23:24 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-08-08 15:09 - 2017-07-27 23:24 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-08-08 15:09 - 2017-07-27 23:23 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2017-08-08 15:09 - 2017-07-27 23:22 - 000778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-08-08 15:09 - 2017-07-27 23:22 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-08-08 15:09 - 2017-07-27 23:22 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2017-08-08 15:09 - 2017-07-27 23:21 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2017-08-08 15:09 - 2017-07-27 23:21 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\qasf.dll
2017-08-08 15:09 - 2017-07-27 23:20 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2017-08-08 15:09 - 2017-07-27 23:19 - 000817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2017-08-08 15:09 - 2017-07-27 23:19 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2017-08-08 15:09 - 2017-07-27 23:19 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-08-08 15:09 - 2017-07-27 23:18 - 001298432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2017-08-08 15:09 - 2017-07-27 23:18 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-08-08 15:09 - 2017-07-27 23:18 - 000777216 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-08-08 15:09 - 2017-07-27 23:17 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-08-08 15:09 - 2017-07-27 23:17 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2017-08-08 15:09 - 2017-07-27 23:15 - 000612864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsvcs.dll
2017-08-08 15:09 - 2017-07-27 23:13 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-08-08 15:09 - 2017-07-27 23:13 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-08-08 15:09 - 2017-07-27 23:11 - 001357312 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-08-08 15:09 - 2017-07-27 23:10 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-08-08 15:09 - 2017-07-27 23:09 - 000971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-08-08 15:09 - 2017-07-27 23:09 - 000579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2017-08-08 15:09 - 2017-07-27 23:06 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2017-08-08 15:09 - 2017-07-27 23:06 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\spbcd.dll
2017-08-08 15:09 - 2017-07-27 23:05 - 001525760 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-08-08 15:09 - 2017-07-27 23:05 - 001087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-08-08 15:09 - 2017-07-27 23:05 - 000954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2017-08-08 15:09 - 2017-07-27 23:05 - 000926208 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
2017-08-08 15:09 - 2017-07-27 23:05 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll
2017-08-06 16:07 - 2017-08-07 08:16 - 000000000 ____D C:\Users\Gary\Downloads\The.Mummy.2017.1080p.WEB-DL.H264.AC3-EVO[EtHD]
2017-08-05 08:40 - 2017-08-12 09:18 - 000000000 ____D C:\Users\Gary\Desktop\dad flash
2017-08-02 18:22 - 2017-08-02 18:24 - 000000000 ____D C:\Users\Gary\Downloads\The Mummy 2017 1080p HC HDRip x264-M2Tv
2017-08-01 11:55 - 2017-07-18 19:40 - 001988216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438494.dll
2017-08-01 11:55 - 2017-07-18 19:40 - 001598072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438494.dll
2017-07-29 13:55 - 2017-07-29 13:55 - 000003356 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-25100226-3621016874-1399633930-1001
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-23 14:59 - 2017-05-23 22:29 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-08-23 14:55 - 2017-03-18 16:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-08-23 14:54 - 2017-05-23 22:54 - 000004146 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{68B2718D-03C5-49C5-AC90-EDD267FEF0B2}
2017-08-23 14:53 - 2017-07-09 14:26 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-08-23 14:08 - 2017-05-23 22:32 - 000000000 ____D C:\ProgramData\NVIDIA
2017-08-23 14:07 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-08-23 14:03 - 2017-05-23 22:54 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-08-23 14:01 - 2017-05-23 22:34 - 000000000 ____D C:\Users\Gary
2017-08-23 14:01 - 2017-03-18 06:40 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2017-08-23 11:55 - 2015-09-02 04:31 - 000000000 ____D C:\Users\Gary\AppData\Local\Glyph
2017-08-23 11:06 - 2015-09-02 13:12 - 000000000 ____D C:\Program Files (x86)\Glyph
2017-08-23 09:27 - 2016-11-18 08:46 - 000000000 ____D C:\Users\Gary\AppData\LocalLow\Mozilla
2017-08-23 08:50 - 2017-07-08 11:46 - 000000000 ____D C:\Users\Gary\AppData\Local\ntuserlitelist
2017-08-22 19:52 - 2015-09-02 03:55 - 000000000 ____D C:\Users\Gary\AppData\Roaming\Yahoo!
2017-08-22 18:24 - 2017-07-08 11:46 - 000000000 ____D C:\Users\Gary\AppData\Local\etzslfj
2017-08-22 18:14 - 2017-07-08 11:46 - 000000000 ____D C:\Users\Gary\AppData\Local\llssoft
2017-08-22 16:33 - 2017-05-23 22:29 - 000399792 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-08-22 14:53 - 2015-09-02 03:46 - 000000000 ____D C:\Program Files (x86)\Java
2017-08-22 14:51 - 2015-09-02 16:30 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-08-22 14:51 - 2015-09-02 16:30 - 000002124 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2017-08-22 14:30 - 2017-03-18 15:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-08-22 12:44 - 2017-03-18 16:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-08-22 12:44 - 2016-10-29 21:54 - 000000000 ____D C:\Users\Gary\AppData\Local\Packages
2017-08-22 12:01 - 2016-01-17 13:13 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2017-08-22 12:01 - 2016-01-17 12:56 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2017-08-22 12:00 - 2016-11-11 19:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2017-08-22 12:00 - 2016-01-17 13:05 - 000000000 ____D C:\Program Files (x86)\HP
2017-08-22 12:00 - 2016-01-17 13:03 - 000000000 ____D C:\ProgramData\HP
2017-08-22 12:00 - 2015-09-02 04:34 - 000000000 ____D C:\Users\Gary\AppData\Local\Hewlett-Packard
2017-08-22 11:57 - 2017-04-04 09:49 - 000000000 ____D C:\Users\Gary\Downloads\Monster.Trucks.2016.480p.HDRip.XViD.AC3-ETRG
2017-08-22 11:57 - 2017-03-24 14:17 - 000000000 ____D C:\Users\Gary\Downloads\Moana.2016.BRRip.XViD-ETRG
2017-08-22 11:57 - 2017-02-12 12:36 - 000000000 ____D C:\Users\Gary\Downloads\Passengers.2016.HC.HDRip.XViD.AC3-ETRG
2017-08-22 11:56 - 2015-09-02 04:51 - 000000000 ____D C:\Users\Gary\AppData\Local\Skyrim
2017-08-22 11:56 - 2015-09-02 04:39 - 000000000 ____D C:\Users\Gary\AppData\Local\LogMeIn Hamachi
2017-08-22 11:51 - 2017-05-23 22:32 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-08-22 11:41 - 2015-09-02 04:16 - 000000000 ____D C:\Users\Gary\AppData\Local\ElevatedDiagnostics
2017-08-22 02:38 - 2017-05-24 20:10 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2017-08-21 23:18 - 2017-05-23 22:32 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-08-21 23:18 - 2016-04-18 22:29 - 000000344 _____ C:\WINDOWS\Tasks\HPCeeScheduleForGary.job
2017-08-21 23:17 - 2016-01-18 14:53 - 000000000 ____D C:\Program Files (x86)\Steam
2017-08-21 23:11 - 2015-09-02 03:54 - 000000000 ____D C:\Users\Gary\AppData\Roaming\transmission
2017-08-21 11:45 - 2015-12-23 21:46 - 000000000 ____D C:\Users\Gary\AppData\Local\CrashDumps
2017-08-20 21:02 - 2017-05-23 22:33 - 001365332 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-08-20 20:59 - 2017-05-23 22:32 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-08-20 20:59 - 2017-03-18 16:01 - 000000000 ____D C:\WINDOWS\INF
2017-08-20 20:59 - 2015-09-02 04:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-08-20 20:58 - 2016-03-11 22:37 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-08-20 20:45 - 2017-05-23 22:54 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-20 20:45 - 2017-05-23 22:54 - 000004000 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-20 20:45 - 2017-05-23 22:54 - 000003994 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-20 20:45 - 2017-05-23 22:54 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-20 20:45 - 2017-05-23 22:54 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-20 20:45 - 2017-05-23 22:54 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-20 20:45 - 2017-05-23 22:54 - 000003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-20 20:45 - 2017-05-23 22:54 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-20 20:45 - 2016-10-08 14:47 - 000001485 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-08-20 20:42 - 2015-09-02 03:50 - 000000000 ____D C:\Users\Gary\AppData\Roaming\DVD Flick
2017-08-20 20:06 - 2016-12-15 12:36 - 000000000 ____D C:\Users\Gary\AppData\Roaming\vlc
2017-08-20 17:00 - 2017-05-23 22:54 - 000003232 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForGary
2017-08-18 11:22 - 2010-11-20 22:27 - 000544424 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-08-18 09:34 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-08-17 23:37 - 2016-10-08 14:47 - 001923008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2017-08-17 23:37 - 2016-10-08 14:47 - 001755072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2017-08-17 23:37 - 2016-10-08 14:47 - 001505728 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2017-08-17 23:37 - 2016-10-08 14:47 - 001317312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2017-08-17 23:37 - 2016-10-08 14:47 - 000121280 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2017-08-17 23:36 - 2017-07-09 13:41 - 000179136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2017-08-17 23:36 - 2017-07-09 13:41 - 000146368 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2017-08-17 11:26 - 2017-04-06 14:53 - 000001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2017-08-09 23:23 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\rescache
2017-08-09 19:34 - 2017-04-06 14:45 - 004209520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-08-09 19:34 - 2017-04-06 14:45 - 003711328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-08-09 17:53 - 2017-05-23 22:32 - 006463608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-08-09 17:53 - 2017-05-23 22:32 - 002479224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-08-09 17:53 - 2017-05-23 22:32 - 001762936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-08-09 17:53 - 2017-05-23 22:32 - 000549496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-08-09 17:53 - 2017-05-23 22:32 - 000392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-08-09 17:53 - 2017-05-23 22:32 - 000081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-08-09 17:53 - 2017-05-23 22:32 - 000069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-08-09 17:47 - 2017-05-23 22:32 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-08-09 12:59 - 2016-10-29 21:55 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-08-08 22:19 - 2017-03-18 16:03 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-08-08 22:19 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2017-08-08 22:19 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2017-08-08 22:19 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-08-08 22:19 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-08-08 22:19 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-08-08 22:19 - 2017-03-18 16:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-08-08 22:19 - 2017-03-18 16:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-08-08 18:30 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-08-08 18:30 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-08-08 15:17 - 2015-09-02 18:15 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-08-08 15:13 - 2015-07-18 17:46 - 140394280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-08-08 14:41 - 2016-07-22 10:01 - 000000000 ____D C:\Users\Gary\AppData\LocalLow\WebEx
2017-08-08 04:39 - 2017-05-23 22:32 - 008112721 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-08-07 11:19 - 2016-12-15 12:36 - 000001139 _____ C:\Users\Public\Desktop\VLC media player.lnk
2017-08-05 13:12 - 2015-09-02 03:52 - 000000000 ____D C:\Users\Gary\AppData\Roaming\RIFT
2017-08-03 16:12 - 2015-12-18 10:22 - 000000997 _____ C:\Users\Gary\Desktop\Glyph.lnk
2017-07-31 10:15 - 2017-03-18 16:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-07-31 10:15 - 2017-03-18 16:06 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-07-29 13:54 - 2016-10-29 22:07 - 000002397 _____ C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-07-29 13:54 - 2015-09-02 06:48 - 000000000 ___RD C:\Users\Gary\OneDrive
2017-07-27 23:52 - 2015-09-02 05:48 - 000395232 __RSH C:\bootmgr
2017-07-26 12:09 - 2017-05-22 18:36 - 000048064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
 
==================== Files in the root of some directories =======
 
2016-02-10 02:29 - 2015-01-27 12:40 - 000000226 _____ () C:\Program Files (x86)\update-DyingLight.bat
2016-02-10 02:29 - 2014-05-25 15:38 - 000000732 _____ () C:\Program Files (x86)\visit-www.nosteam.ro.html
2015-09-02 03:47 - 2010-09-03 21:03 - 000109248 _____ (Microsoft Corporation) C:\Users\Gary\AppData\Roaming\MSWINSCK.OCX
2015-09-02 03:47 - 2014-05-02 16:35 - 000002233 _____ () C:\Users\Gary\AppData\Roaming\Rim.Desktop.Exception.log
2015-09-02 03:47 - 2014-11-28 12:31 - 000006437 _____ () C:\Users\Gary\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2015-09-02 03:47 - 2014-05-02 16:35 - 000002002 _____ () C:\Users\Gary\AppData\Roaming\Rim.DesktopHelper.Exception.log
2015-09-02 03:47 - 2012-07-21 23:00 - 000000308 _____ () C:\Users\Gary\AppData\Roaming\Rim.Transcoder.Exception.log
2015-09-02 03:47 - 2012-11-27 00:42 - 000377856 ___SH () C:\Users\Gary\AppData\Roaming\Thumbs.db
2017-06-23 08:40 - 2017-06-23 08:40 - 000033193 _____ () C:\Users\Gary\AppData\Roaming\UserTile.png
2015-09-02 03:47 - 2013-09-10 00:10 - 000000096 _____ () C:\Users\Gary\AppData\Roaming\WB.CFG
2015-09-02 03:47 - 2013-07-27 15:10 - 000000005 _____ () C:\Users\Gary\AppData\Roaming\WBPU-TTL.DAT
2015-09-02 04:14 - 2011-12-25 14:57 - 000008886 ___SH () C:\Users\Gary\AppData\Local\86574621t2t8
2015-09-02 04:14 - 2015-07-02 01:40 - 000037376 _____ () C:\Users\Gary\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-09-02 04:14 - 2012-06-14 03:51 - 000000092 _____ () C:\Users\Gary\AppData\Local\fusioncache.dat
2017-05-17 11:32 - 2017-05-17 11:32 - 000125952 _____ () C:\Users\Gary\AppData\Local\report
2015-09-02 04:14 - 2016-03-12 09:39 - 000007596 _____ () C:\Users\Gary\AppData\Local\resmon.resmoncfg
2016-01-17 13:03 - 2017-01-12 21:19 - 000021630 _____ () C:\ProgramData\hpzinstall.log
2016-05-27 13:02 - 2016-05-27 13:02 - 000000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
 
Files to move or delete:
====================
C:\Users\Gary\7za.exe
C:\Users\Gary\ScpMonitor.exe
C:\Users\Gary\UnRar.exe
 
 
Some files in TEMP:
====================
2017-08-22 12:01 - 2017-04-20 09:17 - 000050720 _____ (HP Inc.) C:\Users\Gary\AppData\Local\Temp\ACLMInstaller.exe
2017-08-22 18:34 - 2017-06-20 01:10 - 001930320 _____ (Microsoft Corporation) C:\Users\Gary\AppData\Local\Temp\dllnt_dump.dll
2017-08-22 12:01 - 2017-08-10 01:46 - 000213704 _____ (Microsoft Corporation) C:\Users\Gary\AppData\Local\Temp\ose00000.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-08-16 15:21
 
==================== End of FRST.txt ============================

Attached Files


Edited by RaritanAnon, 23 August 2017 - 03:10 PM.


#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:51 PM

Posted 23 August 2017 - 03:24 PM

  • Please download Malwarebytes Anti-Rootkit and save the file to your Desktop.
  • Right-Click MBAR.exe and select AVOiBNU.jpgRun as administrator to run the installer.
  • Select your Desktop as the location to extract the contents and click OK. The programme should open upon completion.
  • Click Next, followed by Update. Upon update completion, click Next.
  • Ensure Drivers, Sectors & System are checked and click Scan.
  • Note: Do not use your computer during the scan.
  • Upon completion:
    • If no infection is found, close the MBAR window.
    • If an infection is found, ensure Create Restore Point is checked and click Cleanup. Reboot when prompted.
  • Two logs (mbar-log.txt and system-log.txt) will be created. Copy the contents of both logs and paste in your next reply. Both logs can be found in the MBAR folder.
Be patient. Do not use the computer while scanning.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 RaritanAnon

RaritanAnon
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 23 August 2017 - 04:07 PM

Malwarebytes Anti-Rootkit BETA 1.9.4.1001
www.malwarebytes.org
 
Database version:
  main:    v2017.08.23.07
  rootkit: v2017.08.02.01
 
Windows 10 x64 NTFS
Internet Explorer 11.540.15063.0
Gary :: GARY-PC [administrator]
 
8/23/2017 3:27:15 PM
mbar-log-2017-08-23 (15-27-15).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 371059
Time elapsed: 34 minute(s), 6 second(s)
 
Memory Processes Detected: 2
C:\Users\Gary\AppData\Local\ntuserlitelist\dataup\dataup.exe (Adware.Yelloader) -> 3564 -> Delete on reboot. [7e45a8e8e5c42d09b19907cbd32d867a]
c:\windows\system32\tprdpw64.exe (Trojan.SmartService) -> 6872 -> Delete on reboot. [10b3a1ef4d5c0b2b165b338c17ea3dc3]
 
Memory Modules Detected: 1
C:\Users\Gary\AppData\Local\ntuserlitelist\dataup\help_dll.dll (Trojan.Clicker) -> Delete on reboot. [942f048cbfea6dc9107052095ba6ee12]
 
Registry Keys Detected: 18
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Dataup (Adware.Yelloader) -> Delete on reboot. [7e45a8e8e5c42d09b19907cbd32d867a]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\drmkpro64 (Rootkit.Agent.PUA) -> Delete on reboot. [e1e2c0d0c4e5ec4aa3fc788805fc54ac]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Dataup (Trojan.Clicker) -> Delete on reboot. [7e458c043376b97daded9243ed1346ba]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDOWSMANAGEMENTSERVICE (Trojan.Clicker) -> Delete on reboot. [645f117f436601350fe8b2b7926fc838]
HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [942f048cbfea6dc9107052095ba6ee12]
HKLM\SOFTWARE\CLASSES\TYPELIB\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [942f048cbfea6dc9107052095ba6ee12]
HKLM\SOFTWARE\CLASSES\INTERFACE\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [942f048cbfea6dc9107052095ba6ee12]
HKLM\SOFTWARE\CLASSES\INTERFACE\{E7BC34A2-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [942f048cbfea6dc9107052095ba6ee12]
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [942f048cbfea6dc9107052095ba6ee12]
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E7BC34A2-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [942f048cbfea6dc9107052095ba6ee12]
HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [942f048cbfea6dc9107052095ba6ee12]
HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E7BC34A2-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [942f048cbfea6dc9107052095ba6ee12]
HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [942f048cbfea6dc9107052095ba6ee12]
HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [942f048cbfea6dc9107052095ba6ee12]
HKLM\SOFTWARE\CLASSES\NTService.Control.1 (Trojan.Clicker) -> Delete on reboot. [942f048cbfea6dc9107052095ba6ee12]
HKLM\SOFTWARE\WOW6432NODE\CLASSES\NTService.Control.1 (Trojan.Clicker) -> Delete on reboot. [942f048cbfea6dc9107052095ba6ee12]
HKLM\SOFTWARE\CLASSES\WOW6432NODE\NTService.Control.1 (Trojan.Clicker) -> Delete on reboot. [942f048cbfea6dc9107052095ba6ee12]
HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [942f048cbfea6dc9107052095ba6ee12]
 
Registry Values Detected: 4
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|cpx (Trojan.Clicker) -> Data: "C:\Users\Gary\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup -> Delete on reboot. [4e75236d8e1bab8b985696d4d72a56aa]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|svcvmx (Trojan.Clicker) -> Data: "C:\Users\Gary\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe" -starup -> Delete on reboot. [93308f012386f83efd3af28707f93fc1]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DATAUP|ImagePath (Trojan.Clicker) -> Data: C:\Users\Gary\AppData\Local\ntuserlitelist\dataup\dataup.exe -> Delete on reboot. [b3106b250a9fdd59171c9f37b34d55ab]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDOWSMANAGEMENTSERVICE|ImagePath (Trojan.Clicker) -> Data: C:\Users\Gary\AppData\Local\etzslfj\mnchbnv\ct.exe -> Delete on reboot. [645f117f436601350fe8b2b7926fc838]
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 8
C:\Users\Gary\AppData\Local\llssoft\winvmx (Trojan.Clicker.D) -> Delete on reboot. [af14147ceabfde58ae12bac7cf31fb05]
C:\Users\Gary\AppData\Local\llssoft\winvmx\data635 (Trojan.Clicker.D) -> Delete on reboot. [af14147ceabfde58ae12bac7cf31fb05]
C:\Users\Gary\AppData\Local\ntuserlitelist (Trojan.Clicker) -> Delete on reboot. [942f048cbfea6dc9107052095ba6ee12]
C:\Users\Gary\AppData\Local\ntuserlitelist\dataup (Trojan.Clicker) -> Delete on reboot. [942f048cbfea6dc9107052095ba6ee12]
C:\Users\Gary\AppData\Local\ntuserlitelist\regtool (Trojan.Clicker) -> Delete on reboot. [942f048cbfea6dc9107052095ba6ee12]
C:\Users\Gary\AppData\Local\ntuserlitelist\svcvmx (Trojan.Clicker) -> Delete on reboot. [942f048cbfea6dc9107052095ba6ee12]
C:\Users\Gary\AppData\Local\ntuserlitelist\svcvmx\locales (Trojan.Clicker) -> Delete on reboot. [942f048cbfea6dc9107052095ba6ee12]
C:\Users\Gary\AppData\Local\ntuserlitelist\winscr (Trojan.Clicker) -> Delete on reboot. [942f048cbfea6dc9107052095ba6ee12]
 
Files Detected: 33
C:\WINDOWS\SYSTEM32\drivers\ndistpr64.sys (Rootkit.Agent.PUA) -> Delete on reboot. [a1184d89fddc3c481bce6ecc1384a192]
C:\Users\Gary\AppData\Local\ntuserlitelist\dataup\dataup.exe (Adware.Yelloader) -> Delete on reboot. [7e45a8e8e5c42d09b19907cbd32d867a]
c:\windows\system32\tprdpw64.exe (Trojan.SmartService) -> Delete on reboot. [10b3a1ef4d5c0b2b165b338c17ea3dc3]
C:\Users\Gary\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe (Trojan.Agent) -> Delete on reboot. [ccf7afe1aaff0432266db97434cd4eb2]
C:\Users\Gary\AppData\Local\xwrbov\pdesg (Adware.Yelloader) -> Delete on reboot. [378c464a9316e254dd1d990bf20f728e]
C:\ProgramData\RogueKiller\Quarantine\467BAFCDB2F254FC.vir (Adware.Yelloader) -> Delete on reboot. [566d830dcddcdf5785c5ddf53ec2cb35]
C:\ProgramData\RogueKiller\Quarantine\67243D75F6EAD52C.vir (Adware.Agent) -> Delete on reboot. [8340c4cc7c2d0d29c0ddafa27a8711ef]
C:\ProgramData\RogueKiller\Quarantine\786EDA5E68B9F078.vir (Trojan.Clicker) -> Delete on reboot. [b40f1d7382273df9e88806b9c43d57a9]
C:\Windows\hosts (Trojan.Agent.E.Generic) -> Delete on reboot. [982b810faaff211560abf3673bc5c33d]
C:\Windows\Temp\dataup.zip (Trojan.Clicker) -> Delete on reboot. [0cb7e5abfeab2115d10315c0a35d9c64]
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\importantupdates.vbs (Trojan.BitCoinMiner) -> Delete on reboot. [f8cbc2ce00a984b235a78dfd09f8669a]
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\windowsupdates.vbs (RiskWare.BitCoinMiner) -> Delete on reboot. [b60d127e307933035ccf0f814ab703fd]
C:\Users\Gary\AppData\Local\ntuserlitelist\dataup\dataup.ini (Trojan.Clicker) -> Delete on reboot. [942f048cbfea6dc9107052095ba6ee12]
C:\Users\Gary\AppData\Local\ntuserlitelist\dataup\help_dll.dll (Trojan.Clicker) -> Delete on reboot. [942f048cbfea6dc9107052095ba6ee12]
C:\Users\Gary\AppData\Local\ntuserlitelist\dataup\NTSVC.ocx (Trojan.Clicker) -> Delete on reboot. [942f048cbfea6dc9107052095ba6ee12]
C:\Users\Gary\AppData\Local\ntuserlitelist\regtool\regtool.exe (Trojan.Clicker) -> Delete on reboot. [942f048cbfea6dc9107052095ba6ee12]
C:\Users\Gary\AppData\Local\ntuserlitelist\svcvmx\cef.pak (Trojan.Clicker) -> Delete on reboot. [942f048cbfea6dc9107052095ba6ee12]
C:\Users\Gary\AppData\Local\ntuserlitelist\svcvmx\cef_100_percent.pak (Trojan.Clicker) -> Delete on reboot. [942f048cbfea6dc9107052095ba6ee12]
C:\Users\Gary\AppData\Local\ntuserlitelist\svcvmx\cef_200_percent.pak (Trojan.Clicker) -> Delete on reboot. [942f048cbfea6dc9107052095ba6ee12]
C:\Users\Gary\AppData\Local\ntuserlitelist\svcvmx\cef_extensions.pak (Trojan.Clicker) -> Delete on reboot. [942f048cbfea6dc9107052095ba6ee12]
C:\Users\Gary\AppData\Local\ntuserlitelist\svcvmx\d3dcompiler_47.dll (Trojan.Clicker) -> Delete on reboot. [942f048cbfea6dc9107052095ba6ee12]
C:\Users\Gary\AppData\Local\ntuserlitelist\svcvmx\dbghelp.dll (Trojan.Clicker) -> Delete on reboot. [942f048cbfea6dc9107052095ba6ee12]
C:\Users\Gary\AppData\Local\ntuserlitelist\svcvmx\icudtl.dat (Trojan.Clicker) -> Delete on reboot. [942f048cbfea6dc9107052095ba6ee12]
C:\Users\Gary\AppData\Local\ntuserlitelist\svcvmx\libcef.dll (Trojan.Clicker) -> Delete on reboot. [942f048cbfea6dc9107052095ba6ee12]
C:\Users\Gary\AppData\Local\ntuserlitelist\svcvmx\libEGL.dll (Trojan.Clicker) -> Delete on reboot. [942f048cbfea6dc9107052095ba6ee12]
C:\Users\Gary\AppData\Local\ntuserlitelist\svcvmx\libGLESv2.dll (Trojan.Clicker) -> Delete on reboot. [942f048cbfea6dc9107052095ba6ee12]
C:\Users\Gary\AppData\Local\ntuserlitelist\svcvmx\natives_blob.bin (Trojan.Clicker) -> Delete on reboot. [942f048cbfea6dc9107052095ba6ee12]
C:\Users\Gary\AppData\Local\ntuserlitelist\svcvmx\pepflashplayer.dll (Trojan.Clicker) -> Delete on reboot. [942f048cbfea6dc9107052095ba6ee12]
C:\Users\Gary\AppData\Local\ntuserlitelist\svcvmx\snapshot_blob.bin (Trojan.Clicker) -> Delete on reboot. [942f048cbfea6dc9107052095ba6ee12]
C:\Users\Gary\AppData\Local\ntuserlitelist\svcvmx\widevinecdm.dll (Trojan.Clicker) -> Delete on reboot. [942f048cbfea6dc9107052095ba6ee12]
C:\Users\Gary\AppData\Local\ntuserlitelist\svcvmx\widevinecdmadapter.dll (Trojan.Clicker) -> Delete on reboot. [942f048cbfea6dc9107052095ba6ee12]
C:\Users\Gary\AppData\Local\ntuserlitelist\svcvmx\locales\en-US.pak (Trojan.Clicker) -> Delete on reboot. [942f048cbfea6dc9107052095ba6ee12]
C:\Users\Gary\AppData\Local\ntuserlitelist\svcvmx\locales\zh-CN.pak (Trojan.Clicker) -> Delete on reboot. [942f048cbfea6dc9107052095ba6ee12]
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.4.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 10.0.15063 Windows 10 x64
 
Account is Administrative
 
Internet Explorer version: 11.540.15063.0
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.412000 GHz
Memory total: 8588021760, free: 5485809664
 
Downloaded database version: v2017.08.23.07
Downloaded database version: v2017.08.02.01
Downloaded database version: v2017.08.18.01
=======================================
Initializing...
Driver version: 0.3.0.4
------------ Kernel report ------------
     08/23/2017 15:27:06
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\SleepStudyHelper.sys
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\system32\drivers\ndistpr64.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\system32\drivers\NDIS.SYS
\SystemRoot\system32\drivers\TDI.SYS
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\pciide.sys
\SystemRoot\System32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\atapi.sys
\SystemRoot\System32\drivers\ataport.SYS
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\drivers\WdFilter.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\drivers\AtiPcie.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\vmbkmclr.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\csc.sys
\??\C:\WINDOWS\System32\drivers\zamguard64.sys
\??\C:\WINDOWS\System32\drivers\zam64.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F487D1C3-C13E-4698-8FB9-CB639AE8B433}\MpKsledebc9c4.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\??\C:\WINDOWS\system32\drivers\mbae64.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\SysWow64\drivers\AsIO.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_de4c68ea4fb1be53\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\drivers\amdppm.sys
\SystemRoot\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_9ab613610b40aa98\nvlddmkm.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\rt640x64.sys
\SystemRoot\System32\drivers\1394ohci.sys
\SystemRoot\System32\drivers\usbohci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\system32\DRIVERS\ASACPI.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\System32\drivers\nvvhci.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ScpVBus.sys
\SystemRoot\System32\drivers\BazisVirtualCDBus.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\ADIHdAud.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\system32\DRIVERS\t_mouse.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\System32\drivers\ElcMouLFlt.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\ElcMouUFlt.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\drivers\rdpvideominiport.sys
\SystemRoot\System32\drivers\rdpdr.sys
\SystemRoot\system32\drivers\tsusbhub.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\System32\drivers\registry.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\mqac.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\??\C:\WINDOWS\SysWOW64\speedfan.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\drivers\tunnel.sys
\SystemRoot\system32\Drivers\WdNisDrv.sys
\SystemRoot\System32\drivers\condrv.sys
\??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1DC8573A-DB35-4D8D-8493-4A17A98674D5}\MpKsl8f8f76d3.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2017.08.23.07
  rootkit: v2017.08.02.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffb603479aa060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffb603478b39f0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffb603479aa060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffb603478a39b0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffb60347999060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File C:\WINDOWS\SYSTEM32\drivers\ndistpr64.sys will be destroyed
Infected: C:\WINDOWS\SYSTEM32\drivers\ndistpr64.sys --> [Rootkit.Agent.PUA]
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 8DFE7B76
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 1952595968
    Partition is bootable
    Partition file system is NTFS
 
    Partition 1 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1952598016  Numsec = 921600
    Partition is not bootable
    Partition file system is NTFS
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...
Done!
File "C:\Windows\System32\KERNELBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\KERNELBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\apphelp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\apphelp.dll" is sparse (flags = 32768)
File "C:\Windows\AppPatch\AcLayers.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msvcrt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\user32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\user32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\win32u.dll" is sparse (flags = 32768)
File "C:\Windows\System32\win32u.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gdi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gdi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\GDI32FULL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\GDI32FULL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCP_WIN.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCP_WIN.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ucrtbase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ucrtbase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shell32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shell32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cfgmgr32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SHCore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rpcrt4.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rpcrt4.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sspicli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sspicli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CRYPTBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\CRYPTBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BCRYPTPRIMITIVES.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BCRYPTPRIMITIVES.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\sechost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\combase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\combase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STORAGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STORAGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\advapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shlwapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shlwapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\KERNEL.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\powrprof.dll" is sparse (flags = 32768)
File "C:\Windows\System32\profapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\profapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleaut32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleaut32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\setupapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mpr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winspool.drv" is sparse (flags = 32768)
File "C:\Windows\System32\winspool.drv" is sparse (flags = 32768)
File "C:\Windows\System32\bcrypt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sfc_os.dll" is sparse (flags = 32768)
File "C:\Windows\System32\imm32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\imagehlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ole32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ole32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\version.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wintrust.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msasn1.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msasn1.dll" is sparse (flags = 32768)
File "C:\Windows\System32\crypt32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\psapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wininet.dll" is sparse (flags = 32768)
File "C:\Windows\System32\netapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\userenv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\netutils.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ws2_32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\comdlg32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\comdlg32.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_55bc94a37c2a2854\comctl32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winmm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINMMBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\cryptsp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rsaenh.dll" is sparse (flags = 32768)
File "C:\Windows\System32\uxtheme.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msctf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msctf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dwmapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dwmapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wkscli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cscapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iertutil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iertutil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ONDEMANDCONNROUTEHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ONDEMANDCONNROUTEHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\IPHLPAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\winhttp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mswsock.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winnsi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nsi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\urlmon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msIso.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dnsapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasadhlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FWPUCLNT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\srvcli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntmarta.dll" is sparse (flags = 32768)
File "C:\Windows\System32\clbcatq.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TEXTINPUTFRAMEWORK.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TEXTINPUTFRAMEWORK.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\COREUICOMPONENTS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\COREUICOMPONENTS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\COREMESSAGING.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\COREMESSAGING.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WinTypes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WinTypes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\USERMGRCLI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wtsapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winsta.dll" is sparse (flags = 32768)
File "C:\Windows\System32\propsys.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STATEREPOSITORY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STATEREPOSITORY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\STATEREPOSITORY.CORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\STATEREPOSITORY.CORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\mssprxy.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mssprxy.dll" is sparse (flags = 32768)
File "C:\Windows\System32\coml2.dll" is sparse (flags = 32768)
File "C:\Windows\System32\linkinfo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntshrui.dll" is sparse (flags = 32768)
File "C:\Windows\System32\smss.exe" is sparse (flags = 32768)
File "C:\Windows\System32\csrss.exe" is sparse (flags = 32768)
File "C:\Windows\System32\wininit.exe" is sparse (flags = 32768)
File "C:\Windows\System32\wininit.exe" is sparse (flags = 32768)
File "C:\Windows\System32\services.exe" is sparse (flags = 32768)
File "C:\Windows\System32\services.exe" is sparse (flags = 32768)
File "C:\Windows\System32\lsass.exe" is sparse (flags = 32768)
File "C:\Windows\System32\lsass.exe" is sparse (flags = 32768)
File "C:\Windows\System32\winlogon.exe" is sparse (flags = 32768)
File "C:\Windows\System32\winlogon.exe" is sparse (flags = 32768)
File "C:\Windows\System32\svchost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\FONTDRVHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\FONTDRVHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\dwm.exe" is sparse (flags = 32768)
File "C:\Windows\System32\dsound.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleacc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\spoolsv.exe" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\svchost.exe" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9279_none_50939ec6bcb7c97c\msvcp90.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9279_none_50939ec6bcb7c97c\msvcr90.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wldp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sxs.dll" is sparse (flags = 32768)
File "C:\Windows\System32\devobj.dll" is sparse (flags = 32768)
Infected: C:\Users\Gary\AppData\Local\ntuserlitelist\dataup\dataup.exe --> [Adware.Yelloader]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Dataup --> [Adware.Yelloader]
Infected: C:\Users\Gary\AppData\Local\ntuserlitelist\dataup\dataup.exe --> [Adware.Yelloader]
File "C:\Windows\System32\mfc42.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DHCPCSVC6.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DHCPCSVC6.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\webio.dll" is sparse (flags = 32768)
File "C:\Windows\System32\schannel.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSKEYPROTECT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSKEYPROTECT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ncrypt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntasn1.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NCRYPTSSLP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NCRYPTSSLP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SECURITYHEALTHSERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SECURITYHEALTHSERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\mqsvc.exe" is sparse (flags = 32768)
File "C:\Program Files\Windows Defender\MsMpEng.exe" is sparse (flags = 32768)
File "C:\Windows\System32\dasHost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\WmiPrvSE.exe" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSVCHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSVCHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\shfolder.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nlaapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NapiNSP.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pnrpnsp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winrnr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dxgi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dxgi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\d3d11.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sihost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\TASKHOSTW.EXE" is sparse (flags = 32768)
File "C:\Windows\explorer.exe" is sparse (flags = 32768)
File "C:\Windows\explorer.exe" is sparse (flags = 32768)
Infected: c:\windows\system32\tprdpw64.exe --> [Trojan.SmartService]
Infected: c:\windows\system32\tprdpw64.exe --> [Trojan.SmartService]
File "C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\SHELLEXPERIENCEHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\SHELLEXPERIENCEHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" is sparse (flags = 32768)
File "C:\Windows\System32\RUNTIMEBROKER.EXE" is sparse (flags = 32768)
File "C:\Program Files\Windows Defender\NisSrv.exe" is sparse (flags = 32768)
File "C:\Program Files\Windows Defender\MSASCuiL.exe" is sparse (flags = 32768)
File "C:\Program Files\Windows Defender\MSASCuiL.exe" is sparse (flags = 32768)
File "C:\Windows\System32\Wldap32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\normaliz.dll" is sparse (flags = 32768)
File "C:\Windows\System32\secur32.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.15063.483_none_9e9856e456d5e776\GdiPlus.dll" is sparse (flags = 32768)
File "C:\Windows\System32\drvstore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\conhost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\INSTALLAGENT.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\INSTALLAGENT.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\INSTALLAGENTUSERBROKER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\INSTALLAGENTUSERBROKER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\APPLICATIONFRAMEHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\ImmersiveControlPanel\SYSTEMSETTINGS.EXE" is sparse (flags = 32768)
File "C:\Windows\ImmersiveControlPanel\SYSTEMSETTINGS.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHINDEXER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHINDEXER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHPROTOCOLHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHPROTOCOLHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SMARTSCREEN.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SMARTSCREEN.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\audiodg.exe" is sparse (flags = 32768)
File "C:\Windows\System32\audiodg.exe" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8\comctl32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWSCODECS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWSCODECS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\THUMBCACHE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\THUMBCACHE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\POLICYMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\POLICYMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCP110_WIN.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\EXPLORERFRAME.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\EXPLORERFRAME.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\edputil.dll" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\cmd.exe" is sparse (flags = 32768)
File "C:\Windows\System32\cmdext.dll" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\rundll32.exe" is sparse (flags = 32768)
File "C:\Windows\System32\BACKGROUNDTASKHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHFILTERHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHFILTERHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\rundll32.exe" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\ONEDRIVESETUP.EXE" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\ONEDRIVESETUP.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\credssp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\userinit.exe" is sparse (flags = 32768)
File "C:\Windows\System32\scecli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msv1_0.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msv1_0.dll" is sparse (flags = 32768)
File "C:\Windows\System32\kerberos.dll" is sparse (flags = 32768)
File "C:\Windows\System32\kerberos.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wdigest.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TSpkg.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pku2u.dll" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\appid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\1394ohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\1394ohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mspclock.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpiex.sys" is sparse (flags = 32768)
File "C:\Windows\System32\Locator.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mpsdrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\afd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ahcache.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\asyncmac.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\alg.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICRENDER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICRENDER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\irenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\APPLOCKERFLTR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\APPLOCKERFLTR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\APPVCLIENT.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\APPVCLIENT.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\AppVStrm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\AppVStrm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\AppvVfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\AppvVfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\APPVVEMGR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\APPVVEMGR.SYS" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASPNET_STATE.EXE" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASPNET_STATE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wcnfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wcifs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srv2.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\atapi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\atapi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICDISPLAY.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICDISPLAY.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bowser.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cng.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\csc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cdfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\clfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cdrom.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cdrom.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cldflt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\registry.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mup.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\CNGHWASSIST.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\CNGHWASSIST.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\dllhost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\condrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dam.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dfsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mssecflt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\DiagSvcs\DIAGNOSTICSHUB.STANDARDCOLLECTOR.SERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\DiagSvcs\DIAGNOSTICSHUB.STANDARDCOLLECTOR.SERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ipfltdrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILETRACE.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILETRACE.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dxgkrnl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tcpip.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORCLASS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SPATIALGRAPHFILTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fileinfo.sys" is sparse (flags = 32768)
File "C:\Windows\System32\FXSSVC.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILECRYPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILECRYPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fltMgr.sys" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PRESENTATIONFONTCACHE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FSDEPENDS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FSDEPENDS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\STORQOSFLT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\STORQOSFLT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fvevol.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndisuio.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSGPIOCLX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSGPIOCLX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\GPUENERGYDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\GPUENERGYDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rasl2tp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rassstp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdbss.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hdaudbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hdaudbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidusb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidusb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\http.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HVSERVICE.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HVSERVICE.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hwpolicy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndproxy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pacer.sys" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\perfhost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WPDUPFLTR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WPDUPFLTR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\INDIRECTKMD.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\INDIRECTKMD.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdFilter.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\iorate.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\scfilter.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\scfilter.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ipnat.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\irda.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\kbdclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\kbdclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\kbdhid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\kbdhid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksecdd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksecdd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksecpkg.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksthunk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\lltdio.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UCMTCPCICX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UCMTCPCICX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\luafv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mmcss.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mskssrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wimmount.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxdav.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\modem.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mspqm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouhid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouhid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mountmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mqac.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb10.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb20.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Ucx01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ufx01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bridge.sys" is sparse (flags = 32768)
File "C:\Windows\System32\VSSVC.exe" is sparse (flags = 32768)
File "C:\Windows\System32\msdtc.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDKMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDKMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDUMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDUMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mstee.sys" is sparse (flags = 32768)
File "C:\Windows\System32\msiexec.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mslldp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mssmbios.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mssmbios.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\nwifi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\nwifi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\netbios.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndis.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndiscap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISIMPLATFORM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISIMPLATFORM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tunnel.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndistapi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISVIRTUALBUS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISVIRTUALBUS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndiswan.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Ndu.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NETADAPTERCX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NETADAPTERCX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\netbt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\nsiproxy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\partmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pcw.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pdc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UEVAGENTDRIVER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UEVAGENTDRIVER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\PEAuth.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\RDPVIDEOMINIPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\RDPVIDEOMINIPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\qwavedrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\raspptp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rasacd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\agilevpn.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\raspppoe.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdpbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdpbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdpdr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdyboost.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rspndr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\AGENTSERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\AGENTSERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\swenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\swenum.sys" is sparse (flags = 32768)
File "C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe" is sparse (flags = 32768)
File "C:\Windows\System32\SENSORDATASERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SENSORDATASERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SerCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SpbCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SerCx2.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\URSCX01000.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\URSCX01000.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\snmptrap.exe" is sparse (flags = 32768)
File "C:\Windows\System32\snmptrap.exe" is sparse (flags = 32768)
File "C:\Windows\System32\Spectrum.exe" is sparse (flags = 32768)
File "C:\Windows\System32\sppsvc.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srvnet.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tcpipreg.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tdx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\TIERINGENGINESERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\TIERINGENGINESERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\servicing\TRUSTEDINSTALLER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\TsUsbFlt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UcmCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Udecx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\udfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\UI0DETECT.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\UI0DETECT.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\vds.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VERIFIEREXT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VERIFIEREXT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vhf.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volmgrx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volsnap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vwifibus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vwififlt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WUDFRd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wanarp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\wbengine.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdBoot.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Wdf01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdiWiFi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdNisDrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wfplwfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WINDOWSTRUSTEDRT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WINDOWSTRUSTEDRT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\winnat.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wmiacpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wmiacpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\WmiApSrv.exe" is sparse (flags = 32768)
File "C:\Program Files\Windows Media Player\wmpnetwk.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ws2ifsl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WUDFPf.sys" is sparse (flags = 32768)
File "C:\Windows\System32\AJRouter.dll" is sparse (flags = 32768)
File "C:\Windows\System32\AUDIOENDPOINTBUILDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\AUDIOENDPOINTBUILDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WALLETSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WALLETSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APPXDEPLOYMENTSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APPXDEPLOYMENTSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\EMBEDDEDMODESVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\EMBEDDEDMODESVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\inetsrv\APPHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\inetsrv\APPHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NATURALAUTH.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NATURALAUTH.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\umpnpmgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rpcss.dll" is sparse (flags = 32768)
File "C:\Windows\System32\appinfo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\appidsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\audiosrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\audiosrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\appmgmts.dll" is sparse (flags = 32768)
File "C:\Windows\System32\APPREADINESS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APPREADINESS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\AxInstSv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RpcEpMap.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CDPUSERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\CDPUSERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bdesvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BFE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XBLAUTHMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XBLAUTHMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\netman.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DEVICESETUPMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVICESETUPMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\cdpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cscsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\umpo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\qmgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lltdsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ListSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bisrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\browser.dll" is sparse (flags = 32768)
File "C:\Windows\System32\profsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pnrpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bthserv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\provsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\das.dll" is sparse (flags = 32768)
File "C:\Windows\System32\certprop.dll" is sparse (flags = 32768)
File "C:\Windows\System32\certprop.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DMWAPPUSHSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DMWAPPUSHSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ClipSVC.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ClipSVC.dll" is sparse (flags = 32768)
File "C:\Windows\System32\XBOXGIPSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XBOXGIPSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\cryptsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TETHERINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TETHERINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEFRAGSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEFRAGSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVICESFLOWBROKER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVICESFLOWBROKER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVQUERYBROKER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVQUERYBROKER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.INTERNAL.MANAGEMENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.INTERNAL.MANAGEMENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\fdPHost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fdPHost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dnsrslvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wscsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WsmSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wersvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wecsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wcmsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wkssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dot3svc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dusmsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dps.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WERCPLSUPPORT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WERCPLSUPPORT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\eapsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\efssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ENTERPRISEAPPMGMTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FntCache.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FntCache.dll" is sparse (flags = 32768)
File "C:\Windows\System32\es.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sdrsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FRAMESERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FRAMESERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\srvsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\xbgmsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FDResPub.dll" is sparse (flags = 32768)
File "C:\Windows\System32\upnphost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fhsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\hidserv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\HVHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\IKEEXT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\iphlpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\IPXLATCFG.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\IPXLATCFG.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\irmon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\keyiso.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msdtckrm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lfsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\LICENSEMANAGERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\LICENSEMANAGERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\lpasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lmhsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ipnathlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lsm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\moshost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\moshost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MESSAGINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MESSAGINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MPSSVC.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iscsiexe.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nsisvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nlasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ngcsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NcaSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NCDAUTOSETUP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NCDAUTOSETUP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NCBSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NCBSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\netlogon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\netlogon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\trkwks.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NETPROFMSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETPROFMSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETSETUPSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETSETUPSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\icsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NGCCTNRSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NGCCTNRSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APHOSTSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APHOSTSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\pcasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\p2psvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\PEERDISTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PEERDISTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PHONESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PHONESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PIMINDEXMAINTENANCE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PIMINDEXMAINTENANCE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\pla.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pnrpauto.dll" is sparse (flags = 32768)
File "C:\Windows\System32\icsvcext.dll" is sparse (flags = 32768)
File "C:\Windows\System32\IPSECSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\qwave.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasauto.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasmans.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mprdim.dll" is sparse (flags = 32768)
File "C:\Windows\System32\regsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RMapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\schedsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SCardSvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SCardSvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\XBLGAMESAVE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XBLGAMESAVE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SCDEVICEENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SCDEVICEENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\seclogon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sensrsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sensrsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SEMgrSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Sens.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SENSORSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SENSORSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SessEnv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shsvcs.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.SHAREDPC.ACCOUNTMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.SHAREDPC.ACCOUNTMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TILEOBJSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TILEOBJSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\smphost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SMSROUTERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SMSROUTERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\StorSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sstpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ssdpsrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wiaservc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\svsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\swprv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\inetsrv\iisw3adm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sysmain.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SYSTEMEVENTSBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SYSTEMEVENTSBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TabSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\termsrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\tapisrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\THEMESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\THEMESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TIMEBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TIMEBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TOKENBROKER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TOKENBROKER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TZAUTOUPDATE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TZAUTOUPDATE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\umrdp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Unistore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Unistore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\USERDATASERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\USERDATASERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\usermgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\usocore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\vaultsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\w32time.dll" is sparse (flags = 32768)
File "C:\Windows\System32\inetsrv\w3logsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbiosrvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbiosrvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wwansvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WUDFSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlidsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlansvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wcncsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wdi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WebClnt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WEPHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WEPHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WFDSCONMGRSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WFDSCONMGRSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wiarpc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\WMIsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FLIGHTSETTINGS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FLIGHTSETTINGS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WORKFOLDERSSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WORKFOLDERSSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPDBUSENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPDBUSENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNUSERSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNUSERSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wuaueng.dll" is sparse (flags = 32768)
File "C:\Windows\System32\XBOXNETAPISVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XBOXNETAPISVC.DLL" is sparse (flags = 32768)
File "C:\Program Files\Windows Mail\WinMail.exe" is sparse (flags = 32768)
File "C:\Windows\System32\unregmp2.exe" is sparse (flags = 32768)
File "C:\Windows\System32\ie4uinit.exe" is sparse (flags = 32768)
Infected: C:\Users\Gary\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe --> [Trojan.Agent]
Infected: C:\Users\Gary\AppData\Local\xwrbov\pdesg --> [Adware.Yelloader]
File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-F1034BF3907B4C66B061054C9F4B1240583AA0E5.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-F1034BF3907B4C66B061054C9F4B1240583AA0E5.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-F1034BF3907B4C66B061054C9F4B1240583AA0E5.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-F1034BF3907B4C66B061054C9F4B1240583AA0E5.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-F1034BF3907B4C66B061054C9F4B1240583AA0E5.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-F1034BF3907B4C66B061054C9F4B1240583AA0E5.bin.7C" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-F1034BF3907B4C66B061054C9F4B1240583AA0E5.bin.83" is compressed (flags = 1)
Infected: C:\ProgramData\RogueKiller\Quarantine\467BAFCDB2F254FC.vir --> [Adware.Yelloader]
Infected: C:\ProgramData\RogueKiller\Quarantine\67243D75F6EAD52C.vir --> [Adware.Agent]
Infected: C:\ProgramData\RogueKiller\Quarantine\786EDA5E68B9F078.vir --> [Trojan.Clicker]
Infected: C:\Windows\hosts --> [Trojan.Agent.E.Generic]
Infected: C:\Windows\Temp\dataup.zip --> [Trojan.Clicker]
Infected: C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\importantupdates.vbs --> [Trojan.BitCoinMiner]
Infected: C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\windowsupdates.vbs --> [RiskWare.BitCoinMiner]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|cpx --> [Trojan.Clicker]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|svcvmx --> [Trojan.Clicker]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\drmkpro64 --> [Rootkit.Agent.PUA]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DATAUP|ImagePath --> [Trojan.Clicker]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Dataup --> [Trojan.Clicker]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDOWSMANAGEMENTSERVICE|ImagePath --> [Trojan.Clicker]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDOWSMANAGEMENTSERVICE --> [Trojan.Clicker]
Infected: C:\Users\Gary\AppData\Local\llssoft\winvmx --> [Trojan.Clicker.D]
Infected: C:\Users\Gary\AppData\Local\llssoft\winvmx\data635 --> [Trojan.Clicker.D]
Infected: C:\Users\Gary\AppData\Local\ntuserlitelist --> [Trojan.Clicker]
Infected: C:\Users\Gary\AppData\Local\ntuserlitelist\dataup --> [Trojan.Clicker]
Infected: C:\Users\Gary\AppData\Local\ntuserlitelist\dataup\dataup.ini --> [Trojan.Clicker]
Infected: C:\Users\Gary\AppData\Local\ntuserlitelist\dataup\help_dll.dll --> [Trojan.Clicker]
Infected: C:\Users\Gary\AppData\Local\ntuserlitelist\dataup\help_dll.dll --> [Trojan.Clicker]
Infected: C:\Users\Gary\AppData\Local\ntuserlitelist\dataup\NTSVC.ocx --> [Trojan.Clicker]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C} --> [Trojan.Clicker]
Infected: HKLM\SOFTWARE\CLASSES\TYPELIB\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C} --> [Trojan.Clicker]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C} --> [Trojan.Clicker]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{E7BC34A2-BA86-11CF-84B1-CBC2DA68BF6C} --> [Trojan.Clicker]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C} --> [Trojan.Clicker]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E7BC34A2-BA86-11CF-84B1-CBC2DA68BF6C} --> [Trojan.Clicker]
Infected: HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C} --> [Trojan.Clicker]
Infected: HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E7BC34A2-BA86-11CF-84B1-CBC2DA68BF6C} --> [Trojan.Clicker]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C} --> [Trojan.Clicker]
Infected: HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C} --> [Trojan.Clicker]
Infected: HKLM\SOFTWARE\CLASSES\NTService.Control.1 --> [Trojan.Clicker]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\NTService.Control.1 --> [Trojan.Clicker]
Infected: HKLM\SOFTWARE\CLASSES\WOW6432NODE\NTService.Control.1 --> [Trojan.Clicker]
Infected: HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C} --> [Trojan.Clicker]
Infected: C:\Users\Gary\AppData\Local\ntuserlitelist\regtool --> [Trojan.Clicker]
Infected: C:\Users\Gary\AppData\Local\ntuserlitelist\regtool\regtool.exe --> [Trojan.Clicker]
Infected: C:\Users\Gary\AppData\Local\ntuserlitelist\svcvmx --> [Trojan.Clicker]
Infected: C:\Users\Gary\AppData\Local\ntuserlitelist\svcvmx\cef.pak --> [Trojan.Clicker]
Infected: C:\Users\Gary\AppData\Local\ntuserlitelist\svcvmx\cef_100_percent.pak --> [Trojan.Clicker]
Infected: C:\Users\Gary\AppData\Local\ntuserlitelist\svcvmx\cef_200_percent.pak --> [Trojan.Clicker]
Infected: C:\Users\Gary\AppData\Local\ntuserlitelist\svcvmx\cef_extensions.pak --> [Trojan.Clicker]
Infected: C:\Users\Gary\AppData\Local\ntuserlitelist\svcvmx\d3dcompiler_47.dll --> [Trojan.Clicker]
Infected: C:\Users\Gary\AppData\Local\ntuserlitelist\svcvmx\dbghelp.dll --> [Trojan.Clicker]
Infected: C:\Users\Gary\AppData\Local\ntuserlitelist\svcvmx\icudtl.dat --> [Trojan.Clicker]
Infected: C:\Users\Gary\AppData\Local\ntuserlitelist\svcvmx\libcef.dll --> [Trojan.Clicker]
Infected: C:\Users\Gary\AppData\Local\ntuserlitelist\svcvmx\libEGL.dll --> [Trojan.Clicker]
Infected: C:\Users\Gary\AppData\Local\ntuserlitelist\svcvmx\libGLESv2.dll --> [Trojan.Clicker]
Infected: C:\Users\Gary\AppData\Local\ntuserlitelist\svcvmx\natives_blob.bin --> [Trojan.Clicker]
Infected: C:\Users\Gary\AppData\Local\ntuserlitelist\svcvmx\pepflashplayer.dll --> [Trojan.Clicker]
Infected: C:\Users\Gary\AppData\Local\ntuserlitelist\svcvmx\snapshot_blob.bin --> [Trojan.Clicker]
Infected: C:\Users\Gary\AppData\Local\ntuserlitelist\svcvmx\widevinecdm.dll --> [Trojan.Clicker]
Infected: C:\Users\Gary\AppData\Local\ntuserlitelist\svcvmx\widevinecdmadapter.dll --> [Trojan.Clicker]
Infected: C:\Users\Gary\AppData\Local\ntuserlitelist\svcvmx\locales --> [Trojan.Clicker]
Infected: C:\Users\Gary\AppData\Local\ntuserlitelist\svcvmx\locales\en-US.pak --> [Trojan.Clicker]
Infected: C:\Users\Gary\AppData\Local\ntuserlitelist\svcvmx\locales\zh-CN.pak --> [Trojan.Clicker]
Infected: C:\Users\Gary\AppData\Local\ntuserlitelist\winscr --> [Trojan.Clicker]
Scan finished
Creating System Restore point...
Cleaning up...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================
 
 


#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:51 PM

Posted 23 August 2017 - 05:45 PM

  • Highlight the entire content of the quote box below.

Start::  
S4 MBAMService; "C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe" [X]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [X]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [X]
S2 windowsmanagementservice; C:\Users\Gary\AppData\Local\etzslfj\mnchbnv\ct.exe [X] <==== ATTENTION
HKLM-x32\...\Run: [cpx] => "C:\Users\Gary\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
C:\Windows\System32\Drivers\drmkpro64
C:\Users\Gary\AppData\Local\etzslfj
C:\Users\Gary\AppData\Local\ntuserlitelist
C:\Users\Gary\7za.exe
C:\Users\Gary\ScpMonitor.exe
C:\Users\Gary\UnRar.exe
2017-08-22 12:01 - 2017-04-20 09:17 - 000050720 _____ (HP Inc.) C:\Users\Gary\AppData\Local\Temp\ACLMInstaller.exe
2017-08-22 18:34 - 2017-06-20 01:10 - 001930320 _____ (Microsoft Corporation) C:\Users\Gary\AppData\Local\Temp\dllnt_dump.dll
2017-08-22 12:01 - 2017-08-10 01:46 - 000213704 _____ (Microsoft Corporation) C:\Users\Gary\AppData\Local\Temp\ose00000.exe
R2 Dataup; C:\Users\Gary\AppData\Local\ntuserlitelist\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
S2 windowsmanagementservice; C:\Users\Gary\AppData\Local\etzslfj\mnchbnv\ct.exe [X] <==== ATTENTION
Task: {2428D688-7AD9-493E-92BB-11C07DFAE6B1} - \Adobe Flash Player PPAPI Notifier -> No File <==== ATTENTION
Task: {2448B7D2-5BDD-4908-8439-333FAF76CFCB} - \Adobe Flash Player Updater -> No File <==== ATTENTION
Task: {6E798F2B-F19D-41B1-AB28-CC5B70475BB9} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {82E5E978-CE63-4463-AAC9-F1B7C74EDC7D} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {BF582582-5C3E-4021-9152-8205DA9C9902} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe <==== ATTENTION
Task: {D2113491-5892-4AE4-A320-5FF5A963F18D} - \Adobe Acrobat Update Task -> No File <==== ATTENTION
ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} =>  -> No File
ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} =>  -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} =>  -> No File
Task: {2428D688-7AD9-493E-92BB-11C07DFAE6B1} - \Adobe Flash Player PPAPI Notifier -> No File <==== ATTENTION
Task: {2448B7D2-5BDD-4908-8439-333FAF76CFCB} - \Adobe Flash Player Updater -> No File <==== ATTENTION
Task: {6E798F2B-F19D-41B1-AB28-CC5B70475BB9} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {82E5E978-CE63-4463-AAC9-F1B7C74EDC7D} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {D2113491-5892-4AE4-A320-5FF5A963F18D} - \Adobe Acrobat Update Task -> No File <==== ATTENTION
C:\Users\Gary\AppData\Local\ntuserlitelist\dataup\dataup.exe
HKLM-x32\...\Run: [cpx] => "C:\Users\Gary\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <==== ATTENTION
HKLM-x32\...\Run: [svcvmx] => "C:\Users\Gary\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe" -starup
R2 Dataup; C:\Users\Gary\AppData\Local\ntuserlitelist\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
2017-08-23 08:50 - 2017-07-08 11:46 - 000000000 ____D C:\Users\Gary\AppData\Local\ntuserlitelist
2017-01-05 17:36 - 2017-01-05 17:36 - 000077824 _____ () C:\Users\Gary\AppData\Local\ntuserlitelist\dataup\dataup.exe
2017-05-04 11:13 - 2017-05-04 11:13 - 000235520 _____ () C:\Users\Gary\AppData\Local\ntuserlitelist\dataup\help_dll.dll
2017-08-22 12:01 - 2017-04-20 09:17 - 000050720 _____ (HP Inc.) C:\Users\Gary\AppData\Local\Temp\ACLMInstaller.exe
2017-08-22 18:34 - 2017-06-20 01:10 - 001930320 _____ (Microsoft Corporation) C:\Users\Gary\AppData\Local\Temp\dllnt_dump.dll
2017-08-22 12:01 - 2017-08-10 01:46 - 000213704 _____ (Microsoft Corporation) C:\Users\Gary\AppData\Local\Temp\ose00000.exe
Task: {2C7D3459-4516-4F2B-89A7-DDDE02CBD8C2} - System32\Tasks\{65FED3E8-E162-464E-9B64-CC2E8CB86CAD} => C:\Windows\system32\pcalua.exe -a "C:\Users\Gary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFRBAWW8\CodecFixTool[1].exe" -d "C:\Program Files (x86)\Windows Media Player"
2017-08-18 11:22 - 2010-11-20 22:27 - 000544424 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-05-03 17:11 - 2017-05-03 17:11 - 000619008 ____N () C:\windows\system32\tprdpw64.exe
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. (FRST will process the information you copied automatically from the Clipboard)
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

Please download Junkware Removal Tool to your Desktop.

  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.

Download AdwCleaner from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8/10 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

65MBhLLb.png


  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this

adwcleaner_delete_restart.jpg


  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 RaritanAnon

RaritanAnon
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 23 August 2017 - 06:12 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by Gary (23-08-2017 17:51:12) Run:3
Running from C:\Users\Gary\Desktop\Downloads
Loaded Profiles: Gary (Available Profiles: Gary)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
  
S4 MBAMService; "C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe" [X]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [X]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [X]
S2 windowsmanagementservice; C:\Users\Gary\AppData\Local\etzslfj\mnchbnv\ct.exe [X] <==== ATTENTION
HKLM-x32\...\Run: [cpx] => "C:\Users\Gary\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
C:\Windows\System32\Drivers\drmkpro64
C:\Users\Gary\AppData\Local\etzslfj
C:\Users\Gary\AppData\Local\ntuserlitelist
C:\Users\Gary\7za.exe
C:\Users\Gary\ScpMonitor.exe
C:\Users\Gary\UnRar.exe
2017-08-22 12:01 - 2017-04-20 09:17 - 000050720 _____ (HP Inc.) C:\Users\Gary\AppData\Local\Temp\ACLMInstaller.exe
2017-08-22 18:34 - 2017-06-20 01:10 - 001930320 _____ (Microsoft Corporation) C:\Users\Gary\AppData\Local\Temp\dllnt_dump.dll
2017-08-22 12:01 - 2017-08-10 01:46 - 000213704 _____ (Microsoft Corporation) C:\Users\Gary\AppData\Local\Temp\ose00000.exe
R2 Dataup; C:\Users\Gary\AppData\Local\ntuserlitelist\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
S2 windowsmanagementservice; C:\Users\Gary\AppData\Local\etzslfj\mnchbnv\ct.exe [X] <==== ATTENTION
Task: {2428D688-7AD9-493E-92BB-11C07DFAE6B1} - \Adobe Flash Player PPAPI Notifier -> No File <==== ATTENTION
Task: {2448B7D2-5BDD-4908-8439-333FAF76CFCB} - \Adobe Flash Player Updater -> No File <==== ATTENTION
Task: {6E798F2B-F19D-41B1-AB28-CC5B70475BB9} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {82E5E978-CE63-4463-AAC9-F1B7C74EDC7D} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {BF582582-5C3E-4021-9152-8205DA9C9902} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe <==== ATTENTION
Task: {D2113491-5892-4AE4-A320-5FF5A963F18D} - \Adobe Acrobat Update Task -> No File <==== ATTENTION
ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} =>  -> No File
ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} =>  -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} =>  -> No File
Task: {2428D688-7AD9-493E-92BB-11C07DFAE6B1} - \Adobe Flash Player PPAPI Notifier -> No File <==== ATTENTION
Task: {2448B7D2-5BDD-4908-8439-333FAF76CFCB} - \Adobe Flash Player Updater -> No File <==== ATTENTION
Task: {6E798F2B-F19D-41B1-AB28-CC5B70475BB9} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {82E5E978-CE63-4463-AAC9-F1B7C74EDC7D} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {D2113491-5892-4AE4-A320-5FF5A963F18D} - \Adobe Acrobat Update Task -> No File <==== ATTENTION
C:\Users\Gary\AppData\Local\ntuserlitelist\dataup\dataup.exe
HKLM-x32\...\Run: [cpx] => "C:\Users\Gary\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <==== ATTENTION
HKLM-x32\...\Run: [svcvmx] => "C:\Users\Gary\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe" -starup
R2 Dataup; C:\Users\Gary\AppData\Local\ntuserlitelist\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
2017-08-23 08:50 - 2017-07-08 11:46 - 000000000 ____D C:\Users\Gary\AppData\Local\ntuserlitelist
2017-01-05 17:36 - 2017-01-05 17:36 - 000077824 _____ () C:\Users\Gary\AppData\Local\ntuserlitelist\dataup\dataup.exe
2017-05-04 11:13 - 2017-05-04 11:13 - 000235520 _____ () C:\Users\Gary\AppData\Local\ntuserlitelist\dataup\help_dll.dll
2017-08-22 12:01 - 2017-04-20 09:17 - 000050720 _____ (HP Inc.) C:\Users\Gary\AppData\Local\Temp\ACLMInstaller.exe
2017-08-22 18:34 - 2017-06-20 01:10 - 001930320 _____ (Microsoft Corporation) C:\Users\Gary\AppData\Local\Temp\dllnt_dump.dll
2017-08-22 12:01 - 2017-08-10 01:46 - 000213704 _____ (Microsoft Corporation) C:\Users\Gary\AppData\Local\Temp\ose00000.exe
Task: {2C7D3459-4516-4F2B-89A7-DDDE02CBD8C2} - System32\Tasks\{65FED3E8-E162-464E-9B64-CC2E8CB86CAD} => C:\Windows\system32\pcalua.exe -a "C:\Users\Gary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFRBAWW8\CodecFixTool[1].exe" -d "C:\Program Files (x86)\Windows Media Player"
2017-08-18 11:22 - 2010-11-20 22:27 - 000544424 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-05-03 17:11 - 2017-05-03 17:11 - 000619008 ____N () C:\windows\system32\tprdpw64.exe
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
 
*****************
 
MBAMService => Unable to stop service.
HKLM\System\CurrentControlSet\Services\MBAMService => key removed successfully
MBAMService => service removed successfully
HKLM\System\CurrentControlSet\Services\Net Driver HPZ12 => key removed successfully
Net Driver HPZ12 => service removed successfully
HKLM\System\CurrentControlSet\Services\Pml Driver HPZ12 => key removed successfully
Pml Driver HPZ12 => service removed successfully
windowsmanagementservice => service not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\cpx => value not found.
HKLM\SOFTWARE\Policies\Google => key removed successfully
"C:\Windows\System32\Drivers\drmkpro64" => not found.
C:\Users\Gary\AppData\Local\etzslfj => moved successfully
"C:\Users\Gary\AppData\Local\ntuserlitelist" => not found.
C:\Users\Gary\7za.exe => moved successfully
C:\Users\Gary\ScpMonitor.exe => moved successfully
C:\Users\Gary\UnRar.exe => moved successfully
C:\Users\Gary\AppData\Local\Temp\ACLMInstaller.exe => moved successfully
C:\Users\Gary\AppData\Local\Temp\dllnt_dump.dll => moved successfully
C:\Users\Gary\AppData\Local\Temp\ose00000.exe => moved successfully
Dataup => service not found.
windowsmanagementservice => service not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2428D688-7AD9-493E-92BB-11C07DFAE6B1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2428D688-7AD9-493E-92BB-11C07DFAE6B1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player PPAPI Notifier => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2448B7D2-5BDD-4908-8439-333FAF76CFCB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2448B7D2-5BDD-4908-8439-333FAF76CFCB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6E798F2B-F19D-41B1-AB28-CC5B70475BB9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E798F2B-F19D-41B1-AB28-CC5B70475BB9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{82E5E978-CE63-4463-AAC9-F1B7C74EDC7D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{82E5E978-CE63-4463-AAC9-F1B7C74EDC7D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BF582582-5C3E-4021-9152-8205DA9C9902} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF582582-5C3E-4021-9152-8205DA9C9902} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D2113491-5892-4AE4-A320-5FF5A963F18D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D2113491-5892-4AE4-A320-5FF5A963F18D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task => key removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\MagicISO => key removed successfully
HKLM\Software\Classes\CLSID\{DB85C504-C730-49DD-BEC1-7B39C6103B7A} => key not found. 
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\MagicISO => key removed successfully
HKLM\Software\Classes\CLSID\{DB85C504-C730-49DD-BEC1-7B39C6103B7A} => key not found. 
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets => key removed successfully
HKLM\Software\Classes\CLSID\{6B9228DA-9C15-419e-856C-19E768A13BDC} => key not found. 
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\MagicISO => key removed successfully
HKLM\Software\Classes\CLSID\{DB85C504-C730-49DD-BEC1-7B39C6103B7A} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2428D688-7AD9-493E-92BB-11C07DFAE6B1} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player PPAPI Notifier => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2448B7D2-5BDD-4908-8439-333FAF76CFCB} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E798F2B-F19D-41B1-AB28-CC5B70475BB9} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{82E5E978-CE63-4463-AAC9-F1B7C74EDC7D} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D2113491-5892-4AE4-A320-5FF5A963F18D} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task => key not found. 
"C:\Users\Gary\AppData\Local\ntuserlitelist\dataup\dataup.exe" => not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\cpx => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\svcvmx => value not found.
Dataup => service not found.
"C:\Users\Gary\AppData\Local\ntuserlitelist" => not found.
"C:\Users\Gary\AppData\Local\ntuserlitelist\dataup\dataup.exe" => not found.
"C:\Users\Gary\AppData\Local\ntuserlitelist\dataup\help_dll.dll" => not found.
"C:\Users\Gary\AppData\Local\Temp\ACLMInstaller.exe" => not found.
"C:\Users\Gary\AppData\Local\Temp\dllnt_dump.dll" => not found.
"C:\Users\Gary\AppData\Local\Temp\ose00000.exe" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2C7D3459-4516-4F2B-89A7-DDDE02CBD8C2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C7D3459-4516-4F2B-89A7-DDDE02CBD8C2} => key removed successfully
C:\WINDOWS\System32\Tasks\{65FED3E8-E162-464E-9B64-CC2E8CB86CAD} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{65FED3E8-E162-464E-9B64-CC2E8CB86CAD} => key removed successfully
C:\WINDOWS\system32\MpSigStub.exe => moved successfully
"C:\windows\system32\tprdpw64.exe" => not found.
Hosts restored successfully.
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-25100226-3621016874-1399633930-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-25100226-3621016874-1399633930-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
========= netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset C:\resettcpip.txt =========
 
Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
 
Failed to clear log Microsoft-Windows-LiveId/Analytic. Access is denied.
Failed to clear log Microsoft-Windows-LiveId/Operational. Access is denied.
 
========= End of CMD: =========
 
 
========= Bitsadmin /Reset /Allusers =========
 
 
BITSADMIN version 3.0
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
{10AF64D3-2246-4CF1-B684-0B2F79D7CABA} canceled.
1 out of 1 jobs canceled.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 7364608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 32979068 B
Java, Flash, Steam htmlcache => 372722245 B
Windows/system/drivers => 47838522 B
Edge => 17686400 B
Chrome => 71143675 B
Firefox => 359716188 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 39432 B
NetworkService => 24294011 B
Gary => 155678868 B
 
RecycleBin => 16910850 B
EmptyTemp: => 1 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 17:53:18 ====

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Pro x64 
Ran by Gary (Administrator) on Wed 08/23/2017 at 17:59:12.96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 158 
 
Successfully deleted: C:\Users\Gary\AppData\Local\{03DA0B65-1542-4609-B6F2-668424676BF0} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{03E640FB-4717-4F65-B9D8-3C17F90FBC13} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{044CE692-706B-4F12-9C62-7C311DEE7818} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{04CD4CE9-F7F2-4C40-AFCE-C43042E78AA6} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{051F39C9-E8B4-4A8A-9100-8CBF5DE38C28} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{07A0136F-E69E-4AB3-BF1F-52697E3BF636} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{0954DCCF-3651-49EA-8D58-B645328CCF43} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{0CDA5512-C8C4-4F9B-AC4C-DAEF83C5A09E} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{0DFF02C4-66A9-4B4D-93AA-B04205040A40} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{1102A8C7-78A1-4509-8A7B-43F2F7C41D36} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{12B84987-F446-40B0-B5A1-F0DDD7E1E16A} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{13E218BF-875D-484F-AF13-97D1E73FCE43} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{1700434F-B33C-4D5C-AB81-9F5B307E9E36} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{1758C6ED-03A7-4CDB-A849-28617DFA6D67} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{177C0F03-F9FF-4F6A-81B6-7880E0A10006} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{182FAD66-9827-4F3C-85B4-FB8AD3F8FB4A} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{1A037D21-33C3-40BC-96C7-F7F62A8373B9} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{1C1A3A2B-FEF4-48BB-9016-095AB7498E7D} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{1CF126AF-D5CD-4B86-97F8-3507E8B672B6} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{209739BD-04AC-489D-B675-227308A27712} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{21D15798-DC48-4FB1-9387-A32979B4B0A1} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{258424B5-5F65-49EE-A020-406C022BB19E} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{261D1CCF-8688-4CDC-95D4-BAB1E947905B} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{274C53E6-D41F-494B-9853-A21F84EEED84} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{27782C7C-4EF1-4B55-AF8F-4AB1CE6CDEF5} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{2A046A70-83CA-46DA-9592-D9DB8DD4C549} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{2A4CCAE2-BF90-4C2D-8F2D-66875846FB32} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{2A54E570-8567-4F6C-A155-600EAD2CED1C} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{2C6D37C6-65F5-4B62-B7C4-C7E6C3DEB6FF} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{2D1C6DFA-8C70-45B0-A415-A59A377C6491} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{2D7BDBCB-54FE-47FC-95EA-3AC5998CB8F8} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{2F22DFA8-5BC2-4E28-BB74-3F7822552A84} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{31DF9CB1-051A-4E57-9542-6FDF13D04B2A} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{35A0394B-2A08-4A0E-BEFE-2486E83ED3C1} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{3AFF18BC-C9AB-4F0C-901F-45AF705C2108} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{3BD42987-C488-42DC-930C-263B47A9AB02} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{3CDF2775-5ECA-4D3D-86C2-5FA13D2CB8F6} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{3E509CA7-7A70-4708-B10C-25112B2B0001} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{4202A570-96AF-4687-AD20-EF23D05DD003} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{43363028-B056-4C1C-B391-C11CF337145F} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{438E82D2-96FF-44C9-9B87-4728C6BD66CB} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{46DA3EBC-9109-4783-A6C7-6B2935C3FB38} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{479FAF97-2F56-4468-B09A-B7A83AE93A54} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{4A2AE7BA-FB95-4E9E-9B7A-81D2BB795905} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{4ABF36F6-C73C-4F4B-8B97-6E6F89ECB096} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{4B18E191-9D85-43CC-AAF8-96E1DB290697} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{4C6AC085-9D8C-42DB-9777-FA2E31DBC644} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{4E281D63-5C25-48AC-9296-99785523F9B3} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{5119D5F2-0F45-4248-93BF-EBBBD946B30F} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{52F14A92-F7F0-49BF-AD67-41E09E7A261A} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{555050C8-9059-4666-957F-AFBC442E6646} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{57F37ED3-7DD4-44CB-A56A-B90E98EFA6F0} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{58131493-9AAA-44E2-816F-D7553F4D116B} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{58712A59-38D5-4AD9-A944-0A509D56EEF4} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{5996D730-922D-48CF-9A81-FC72AC83603B} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{5AEAF266-313C-48C6-8CE7-99D46397440E} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{5C837676-DA8E-489D-A1CD-469ED6D2AEE2} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{5C9F0328-A09D-4A1C-84AE-364059C2A72C} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{5DD5A387-5D64-4F8E-BBBD-12DC871BEFCC} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{5E562274-252F-45F5-9459-28749DA96324} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{5ECCACBB-DD12-4B3F-9B4A-FEAC5DE582C9} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{5F72513D-848B-4158-A39B-A5D4BB70CD08} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{603839C4-DAFF-4D59-AE76-0ED11F475B16} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{61BBBCEE-E0BB-450C-AD71-3A4BCA46B904} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{61D9FFA2-44AA-402A-9C03-5C03D4232119} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{62B6A25E-255B-4831-BFAF-6CDA1A4712C3} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{63F13956-7DA9-4541-A728-68CDE951985C} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{6476DD41-B5E7-4F96-8C48-D493BBCF671C} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{64920A5B-101C-4E58-A115-DA2B29EDB8AB} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{670AE97D-13E7-4C36-9952-A1C5D50FDC19} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{6BF40FEE-0629-4FAE-8CA3-F0BBA39CA1A2} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{6DEC2DEC-8140-49BE-9115-C71444E7683B} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{6E08AEFC-D79C-42DF-A672-A8BF12478862} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{6EC2E3CD-0471-40DA-B909-44BBC8F7AB3C} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{70126690-94C3-4938-AF7F-BA2D6F12F0B7} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{70250706-4874-4297-B2AC-ABD98B94DC8D} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{733DD018-8AF2-4969-8E13-1FFBC6BDB08E} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{7562121A-5FB4-468D-BBCB-B598A4B22F9C} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{76DC4CA5-6B35-417D-8F28-AF55D3563787} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{7975FAD2-5F11-4E1B-AAEE-E37AFFE3691A} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{7989464C-50B5-4038-B6AF-F09ED4555843} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{7BCF6D3A-04F2-4F96-86D7-AD3A14BB06C1} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{7F2036FF-3123-4AA3-B87C-3EE4EC3126B9} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{8052AA7B-CD8B-46B2-90F4-6A181EAB6DF7} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{80996A8A-AB2D-4BDC-997D-93EF5AC28621} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{8379AC04-682E-4719-B57A-A81A0EB133AC} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{837C80D2-6E82-4E33-A082-50D558577816} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{86B38504-1960-41F1-8BB1-80F88394D31B} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{8E44D91F-290F-473E-8161-06A8D5A234C3} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{9034C810-8859-4E01-9066-78A6099D1028} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{930FA0A8-A434-48DA-871B-12EEA6178DE9} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{9373634C-8CE8-4F23-87E5-F16687567E36} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{9622A4B4-971D-4914-A787-CEFD84E2FF31} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{99A9EB61-DC84-4323-8CFB-6508013B8877} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{9D41F62B-0322-486F-8489-D5A386FF1BB5} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{A0983B86-4774-4694-BA53-AC5FF32D21E5} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{A5C86EB4-2A52-4E76-AF7E-316A570F4D87} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{A5D653E6-013B-4F48-80F4-B08AAE766689} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{A9C698BF-EE19-459F-8296-213BDFE53AF7} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{AAE15C7B-649F-409C-B984-D734F806C53B} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{AB4A2E70-E9A6-47FA-86BB-5DA318D6C293} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{ABDCDBF8-D551-44F5-B28D-2E50ECE7F166} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{AD7D8149-1667-459E-AFC5-E2DC7F2360AA} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{ADEA419C-365F-49CD-9C98-F4D93B41D86D} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{B02BB9AF-008F-474D-BAAA-89B1B219E8F1} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{B0767A7E-EB81-41EF-BA8E-455302637539} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{B3C6935B-7A01-4760-8A88-D7C7B054FD0F} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{BB17E845-ECCD-4CA9-9585-219A46AD9AC6} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{BB5528E7-35CA-427D-8AC5-7839C4793188} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{BE5F3ADF-E2B8-4791-A659-5824D6A738C3} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{BEE0C045-37BA-4557-8A2A-61B34DC1828E} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{C036FFF4-481A-4382-99F9-A9691ECAE0A2} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{C19081E4-EA1C-4A7F-B949-F45968CE7A5A} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{C2312850-ACA3-42EA-A179-6D9A66216B2C} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{C371CA81-B506-45AC-947C-6E3DB391832B} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{C6C7BDB6-E8CE-44B7-A347-2FB125F6BF0C} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{C78AEFED-D1D4-49F9-B284-C63F01DEF371} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{C7ADB7D2-C995-4465-8D41-9FBB8DA200BC} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{C82D0BBC-9C95-4E18-BD10-C95D7B90B47D} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{CB3CFA87-0FEF-473C-A153-7CC0E70BD7B8} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{CC9D4605-7BA6-42C3-98B8-7A3FDE02B493} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{CF83166D-00FE-456B-A2C8-08FBD9FFCA5A} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{D042C18D-8ABB-4BC4-8EBF-6F482F68E88F} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{D1686B2A-251B-48E9-A12B-22199C05D77F} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{D7BDFD26-EC58-4D87-92A2-99E869023F2D} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{D7CF53D7-5628-4721-A295-C559BE291E55} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{DB0EB04F-7F84-418F-BE71-4D531ACA48C8} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{DCB462CD-B094-4146-91AC-7FB46BD25215} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{DD361557-BD9C-4D6F-A431-4F7730EFF810} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{E0765ED4-4373-49D6-B390-8595C1F9BA23} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{E19C321D-00CA-4BEB-9BAE-64464863C663} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{E2C4E66D-F39E-44EA-8C36-82EE5D1D54C1} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{E486D202-B49E-4F66-AF6E-D67C142F2EDC} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{E96FAA6C-C78F-4E2D-BC95-B2C5B9AD6F64} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{EA7E4934-9390-4B10-A77A-290832457686} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{EAE11CD1-5895-4939-A809-E46A2E3317D7} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{ED35251B-1B48-424D-909C-F4E02006C173} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{EE5109CC-2898-4949-B186-6C935BF47234} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{EFD879F6-3632-4756-A63E-9C41B84587F5} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{EFDA9B63-F522-4729-8C52-E155FA78185D} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{F2BF8F70-6C24-4DC9-BC8F-9F4DAB53CEBD} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{F3E2D839-8D28-428A-B54C-27F0B20EA2B1} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{F4EAB3F3-0C4D-4FF9-A09A-170C64FAFF3B} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{F654FE7C-E595-43F9-B568-328CFF3EB8A8} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{F6B0F9CF-DCA9-482B-812B-AA9C0B836BF1} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{F7A831FF-0352-4ADF-A347-2FCB87B13CBC} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{FA218D45-7471-41F5-95D2-E80144FF6226} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{FA8675D0-8BBB-4BB0-A9B5-770549535A75} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{FCA4925B-F16C-49F2-B27B-8B402F2E74C6} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{FDC16DB6-2FB1-43BC-BD42-7AB119672E73} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\{FFFE38B5-D501-4B33-BD61-21B5E0D949C5} (Empty Folder)
Successfully deleted: C:\Users\Gary\AppData\Local\28050 (Folder) 
Successfully deleted: C:\Users\Gary\AppData\Local\adawarebp (Folder) 
Successfully deleted: C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\0fsq58k2.default\extensions\staged (Folder) 
Successfully deleted: C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\staged (Folder) 
Successfully deleted: C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\izwokv40.default-1370470056391\extensions\staged (Folder) 
Successfully deleted: C:\Users\Gary\Documents\add-in express (Folder) 
Successfully deleted: C:\WINDOWS\wininit.ini (File) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 08/23/2017 at 18:02:58.11
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner 7.0.1.0 - Logfile created on Wed Aug 23 23:06:35 2017
# Updated on 2017/05/08 by Malwarebytes 
# Running on Windows 10 Pro (X64)
# Mode: clean
 
***** [ Services ] *****
 
No malicious services deleted.
 
***** [ Folders ] *****
 
Deleted: C:\Users\Gary\AppData\LocalLow\HPAppData
Deleted: C:\Users\Gary\AppData\Local\llssoft
 
 
***** [ Files ] *****
 
No malicious files deleted.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks deleted.
 
***** [ Registry ] *****
 
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
Deleted: [Value] - HKU\S-1-5-21-25100226-3621016874-1399633930-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|importantupdates
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries deleted.
 
***** [ Chromium (and derivatives) ] *****
 
SearchProvider deleted: Search - search
SearchProvider deleted: Conduit - search.conduit.com_
SearchProvider deleted: Conduit - search.conduit.com
 
 
*************************
 
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
 
 
 
*************************
 
C:/AdwCleaner/AdwCleaner[S0].txt - [2021 B] - [2017/8/23 23:5:57]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########


#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:51 PM

Posted 23 August 2017 - 07:36 PM

How is the computer doing?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 RaritanAnon

RaritanAnon
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 23 August 2017 - 07:49 PM

I believe I still have a few issues. I have gotten a few clicker ads when I attempt to click anywhere on a page and I am unable to run Malwarebytes and get a "Unable to connect the Service" message. CCleaner gives me a 'unable to run on this version of windows' when it was working just fine prior to infection. Given that there were 66 items removed from the Rootkit, I can only assume it might take a few more cleanings to get fully fixed, I guess? Trying to be optimistic.



#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:51 PM

Posted 23 August 2017 - 08:06 PM

:step1:

 

favicon-32x32.png Please download Malwarebytes to your desktop.

  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • Once the program has fully updated, Proceed with the Scan options and select "Threat Scan".
  • The Scan Pane is the introduction to scan-related options in the program. When you click Scan in the Menu Pane, you will see the screen shown below.

02-malwarebytes-premium-scan-methods.jpg

  • After a scan has been executed, scan results are displayed.
  • Put a checkmark on all detected and click on "Quarantine Selected"
  • Selected reports may be viewed on screen, or exported to a text file for later viewing. Please note that only manual (on demand) scans are available for users of the free version of Malwarebytes.

You may export to your clipboard or to a text (TXT) file. Export to a .txt file and post its contents.
 
  :step2:

Temporarily disable your AntiVirus and AntiSpyware protection - instructions here.

  • Please visit the ESET Online Scanner website
  • Click the SCAN NOW button to download the esetonlinescanner_enu.exe file to the Desktop
  • Double click esetonlinescanner_enu.exe. Accept the Terms of Use
  • Select Enable detection of potentially unwanted applications
  • In Advanced Settings: make sure that Clean threats automatically is unchecked
  • And Enable detection of potentially unsafe applications, Enable detection of suspicious applications, Scan archives, and Enable Anti-Stealth technology are all checked.
  • Click Scan
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When completed it'll show a list of "Threats found", click beneath it on Save to text file.... and save it as ESET log.txt on your Desktop.
  • Then click Do not clean. Place a checkmark at Delete application's data on close, click Finish and close the program.

Post the ESET log.txt report.

Don't forget to re-enable previously switched-off protection software!


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 RaritanAnon

RaritanAnon
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 24 August 2017 - 01:20 AM

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 8/23/17
Scan Time: 8:12 PM
Logfile: Mbytes.txt
Administrator: Yes
 
-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.75
Update Package Version: 1.0.2647
License: Free
 
-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: Gary-PC\Gary
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 408969
Time Elapsed: 19 min, 14 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 1
PUP.Optional.SpyHunter, C:\USERS\GARY\DESKTOP\DOWNLOADS\SPYHUNTER-INSTALLER.EXE, Quarantined, [925], [345850],1.0.2647
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)

C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe a variant of Win32/Systweak.L potentially unwanted application cleaned by deleting
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll a variant of Win32/Systweak.N potentially unwanted application cleaned by deleting
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe a variant of Win32/Systweak.L potentially unwanted application cleaned by deleting
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe a variant of Win32/Systweak.L potentially unwanted application cleaned by deleting
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe a variant of Win32/Systweak.L potentially unwanted application cleaned by deleting
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe a variant of Win32/Systweak.L potentially unwanted application cleaned by deleting
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ckiahbcmlmkpfiijecbpflfahoimklke\169\content.js JS/Adware.MultiPlug.M application cleaned by deleting
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ckiahbcmlmkpfiijecbpflfahoimklke\169\lsdb.js JS/Adware.MultiPlug.N application cleaned by deleting
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ckiahbcmlmkpfiijecbpflfahoimklke\169\content.js JS/Adware.MultiPlug.M application cleaned by deleting
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ckiahbcmlmkpfiijecbpflfahoimklke\169\lsdb.js JS/Adware.MultiPlug.N application cleaned by deleting
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ckiahbcmlmkpfiijecbpflfahoimklke\169\content.js JS/Adware.MultiPlug.M application cleaned by deleting
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ckiahbcmlmkpfiijecbpflfahoimklke\169\lsdb.js JS/Adware.MultiPlug.N application cleaned by deleting
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ckiahbcmlmkpfiijecbpflfahoimklke\169\content.js JS/Adware.MultiPlug.M application cleaned by deleting
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ckiahbcmlmkpfiijecbpflfahoimklke\169\lsdb.js JS/Adware.MultiPlug.N application cleaned by deleting
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ckiahbcmlmkpfiijecbpflfahoimklke\169\content.js JS/Adware.MultiPlug.M application cleaned by deleting
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ckiahbcmlmkpfiijecbpflfahoimklke\169\lsdb.js JS/Adware.MultiPlug.N application cleaned by deleting
C:\Users\Gary\AppData\Roaming\uTorrent\updates\3.4.2_32506.exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application cleaned by deleting
C:\Users\Gary\AppData\Roaming\uTorrent\updates\3.4.2_38913.exe a variant of Win32/OpenCandy.A potentially unsafe application cleaned by deleting
C:\Users\Gary\Desktop\dad flash\Drive_F.zip Win32/Toolbar.Widgi potentially unwanted application deleted
C:\Users\Gary\Desktop\dad flash\ASCO-INFO\asco\asortment\ccsetup309.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application cleaned by deleting
C:\Users\Gary\Desktop\dad flash\ASCO-INFO\Documents\pscan13.exe Win32/NetTool.Portscan.AC potentially unsafe application cleaned by deleting
C:\Users\Gary\Desktop\dad flash\ASCO-INFO\gary notes\bruce\Advanced Port Scanner- v1.3\pscan13.exe Win32/NetTool.Portscan.AC potentially unsafe application cleaned by deleting
C:\Users\Gary\Desktop\Downloads\CCleaner Professional+Business 4.05.4250(x86x64) - Cyclonoid\ccsetup405.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
C:\Users\Gary\Desktop\Downloads\HP Downloads\HP Photosmart Full Feature Software and Drivers - PS_AIO_07_D110_USW_Full_Win_WW_140_126-4.exe a variant of Win32/Adware.Coupons.AA application cleaned by deleting
C:\Users\Gary\Desktop\Downloads\Privacy_Safeguard-BitTorrent-d\Privacy_Safeguard.exe a variant of Win32/Bunndle potentially unsafe application cleaned by deleting
C:\Users\Gary\Music\Downloads\Adobe_Flash_Player.exe Win32/SearchApps.B potentially unwanted application cleaned by deleting
C:\Users\Gary\Music\Downloads\Call.of.Juarez.Gunslinger-RELOADED\rld-cojgs.iso a variant of Win32/HackTool.Crack.BQ potentially unsafe application deleted
C:\Windows\Installer\16f5be1.msi a variant of Win32/Systweak.L potentially unwanted application,a variant of Win32/Systweak.N potentially unwanted application deleted
C:\Windows\System32\SppExtComObjHook.dll a variant of Win64/HackKMS.I potentially unsafe application cleaned by deleting
C:\Windows\System32\SppExtComObjPatcher.exe a variant of Win64/HackKMS.C potentially unsafe application cleaned by deleting
 


#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:51 PM

Posted 24 August 2017 - 10:31 AM

How is it doing now?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:51 PM

Posted 26 August 2017 - 11:40 AM

Are you still with us?

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:51 PM

Posted 31 August 2017 - 03:11 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users