Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have been infected by a Virus and i can't seem to get it off


  • This topic is locked This topic is locked
8 replies to this topic

#1 wale4love24

wale4love24

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 24 August 2017 - 07:56 PM

I have been infected by a virus which i really don't know the name and i can't seem to get it off. I have scanned my computer with Mawarebyte and windows defender and i got nothing.

 

I keep getting privacy issues on chrome browser, comodo browser, internet explorer and can't connect to remote desktop and also can't connect to a vpn service.

 

I opened a topic on this link https://www.bleepingcomputer.com/forums/t/654760/i-have-been-infected-by-a-virus-and-i-cant-seem-to-get-it-off/ and someone did ask me to do some scanning and try other tools and also post logs...after the helper reviewed everything he sent me this link https://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/ to follow the instruction which i have done already and i will post the logs below

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by UltraMarine (administrator) on UMPC (25-08-2017 00:03:38)
Running from C:\Users\adeni\Downloads\Programs
Loaded Profiles: UltraMarine (Available Profiles: UltraMarine & Administrator)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
these are the images of the response i get from chrome when i to visit https websites
 
 
FRST.txt
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
(COMODO) C:\Program Files (x86)\Comodo\Internet Security Essentials\isesrv.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
() C:\Program Files (x86)\freeSSHd\FreeSSHDService.exe
(Scarlet.Crush Productions) C:\Program Files\ScpServer\bin\ScpService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Locktime Software) C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Copyright © 2017 Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
() C:\Users\adeni\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\KingoSoftService.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Validity Sensors, Inc.) C:\Windows\System32\valWBFPolicyService.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Golden Frog, GmbH.) C:\Program Files (x86)\VyprVPN\VyprVPNService.exe
(Bitvise Limited) C:\Program Files\Bitvise SSH Server\BvSshServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(iolo technologies, LLC) C:\Program Files (x86)\System Mechanic\ioloGovernor64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Spotify Ltd) C:\Users\adeni\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
() C:\Program Files (x86)\DFX\DFX.exe
() C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp32.exe
() C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\No-IP\ducservice.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Visicom Media Inc.) C:\Program Files (x86)\ManyCam\ManyCam.exe
(The Pidgin developer community) C:\Program Files (x86)\Pidgin\pidgin.exe
(Xellsoft) C:\Program Files (x86)\TurboMailer\turbomailer.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17062.14111.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Microsoft® Windows® Operating System) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\mstsc.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Adobe Systems, Incorporated) C:\Program Files\Adobe\Adobe Photoshop CC 2017\Photoshop.exe
() C:\Program Files\Adobe\Adobe Photoshop CC 2017\Required\Plug-Ins\Spaces\Adobe Spaces Helper.exe
() C:\Program Files\Adobe\Adobe Photoshop CC 2017\Required\Plug-Ins\Spaces\Adobe Spaces Helper.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Photoshop CC 2017\Required\CEP\CEPHtmlEngine\CEPHtmlEngine.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Photoshop CC 2017\Required\CEP\CEPHtmlEngine\CEPHtmlEngine.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Photoshop CC 2017\Required\CEP\CEPHtmlEngine\CEPHtmlEngine.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Photoshop CC 2017\Required\CEP\CEPHtmlEngine\CEPHtmlEngine.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Photoshop CC 2017\Required\CEP\CEPHtmlEngine\CEPHtmlEngine.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Photoshop CC 2017\Required\CEP\CEPHtmlEngine\CEPHtmlEngine.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Photoshop CC 2017\Required\CEP\CEPHtmlEngine\CEPHtmlEngine.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Photoshop CC 2017\Required\CEP\CEPHtmlEngine\CEPHtmlEngine.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Photoshop CC 2017\Required\CEP\CEPHtmlEngine\CEPHtmlEngine.exe
() C:\Users\adeni\AppData\Roaming\ICQ\bin\icq.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-12-04] (IDT, Inc.)
HKLM\...\Run: [tvncontrol] => C:\Program Files\TightVNC\tvnserver.exe [1725408 2017-03-14] (GlavSoft LLC.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-27] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PlaysTV] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [51416 2017-05-10] (Copyright © 2017 Plays.tv, LLC)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [104128 2016-04-14] (VMware, Inc.)
HKLM-x32\...\Run: [Bitvise SSH Server Activation State Checker] => C:\Program Files\Bitvise SSH Server\BssActStateCheck.exe [283432 2017-06-14] (Bitvise Limited)
HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [3632848 2017-06-30] (COMODO)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395616 2014-09-03] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153952 2014-09-03] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [DFX] => C:\Program Files (x86)\DFX\DFX.exe [1596920 2016-10-13] ()
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2014-11-19] (Cisco Systems, Inc.)
HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\...\Run: [icq.desktop] => C:\Users\adeni\AppData\Roaming\ICQ\bin\icq.exe [26976392 2017-07-24] ()
HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\...\Run: [NetLimiter] => C:\Program Files\Locktime Software\NetLimiter 4\nlclientapp.exe [58416 2017-03-28] (Locktime Software)
HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [799376 2016-12-14] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\...\Run: [Epic Privacy Browser Installer] => C:\Users\adeni\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe [509096 2017-04-29] (Epic Privacy Browser)
HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9532120 2017-04-10] (Piriform Ltd)
HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4084848 2016-12-15] (Tonec Inc.)
HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\...\Run: [Discord] => C:\Users\adeni\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\...\Run: [SmartSwitchPDLR.exe] => C:\Program Files (x86)\Samsung\Smart Switch PC\SmartSwitchPDLR.exe [1037984 2017-05-20] (Samsung)
HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\...\Run: [ManyCam] => C:\Program Files (x86)\ManyCam\ManyCam.exe [9726760 2015-01-26] (Visicom Media Inc.)
HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\...\Run: [Spotify Web Helper] => C:\Users\adeni\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1649776 2017-08-23] (Spotify Ltd)
HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\...\Run: [uTorrent] => C:\Users\adeni\AppData\Roaming\uTorrent\uTorrent.exe [2220992 2017-08-23] (BitTorrent Inc.)
HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [4674872 2017-07-12] (Microsoft Corporation) <==== ATTENTION
Lsa: [Authentication Packages] msv1_0 BvLsaEx
BootExecute: autocheck autochk * bootdelete
AlternateShell: 
GroupPolicy: Restriction <==== ATTENTION
GroupPolicyScripts: Restriction <==== ATTENTION
GroupPolicyScripts\User: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 01 C:\WINDOWS\SysWOW64\PrxerNsp.dll [92328 2016-11-22] ()
Winsock: Catalog5-x64 01 C:\Windows\system32\PrxerNsp.dll [105128 2016-11-22] ()
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{7703a70f-677b-4e27-8b77-af8adce6bec9}: [NameServer] 131.215.254.100,131.215.139.100
Tcpip\..\Interfaces\{977dd135-9c9d-4ce1-bbcc-91ca829b2afa}: [NameServer] 10.4.0.1
Tcpip\..\Interfaces\{cd845f3e-8179-4e3a-9b4e-b520c03d3b15}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{e5ad7135-2bdb-4e37-ac93-721635ab4588}: [DhcpNameServer] 192.168.1.1 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2017-03-28] (IObit)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-04-30] (Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2017-02-22] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-30] (Oracle Corporation)
BHO-x32: No Name -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05] (Adobe Systems Incorporated)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2017-02-22] (Microsoft Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
 
Edge: 
======
Edge HomeButtonPage: HKU\S-1-5-21-1286292690-3867387504-3010431711-1001 -> hxxp://www.google.com
 
FireFox:
========
FF DefaultProfile: jjkfi5y8.default
FF ProfilePath: C:\Users\adeni\AppData\Roaming\Mozilla\Firefox\Profiles\jjkfi5y8.default [2017-08-24]
FF NewTab: Mozilla\Firefox\Profiles\jjkfi5y8.default -> 
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\jjkfi5y8.default -> Google
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\jjkfi5y8.default -> Google
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\jjkfi5y8.default -> 
FF Homepage: Mozilla\Firefox\Profiles\jjkfi5y8.default -> hxxps://us.yahoo.com/?fr=fp-comodo&type=42_25050030004_1.12.419801.531_i_hp_sp
FF Session Restore: Mozilla\Firefox\Profiles\jjkfi5y8.default -> is enabled.
FF NetworkProxy: Mozilla\Firefox\Profiles\jjkfi5y8.default -> socks", "127.0.0.1"
FF NetworkProxy: Mozilla\Firefox\Profiles\jjkfi5y8.default -> socks_port", 9959
FF NetworkProxy: Mozilla\Firefox\Profiles\jjkfi5y8.default -> socks_remote_dns", true
FF Extension: (Adguard AdBlocker) - C:\Users\adeni\AppData\Roaming\Mozilla\Firefox\Profiles\jjkfi5y8.default\Extensions\adguardadblocker@adguard.com.xpi [2017-08-04]
FF Extension: (anonymoX) - C:\Users\adeni\AppData\Roaming\Mozilla\Firefox\Profiles\jjkfi5y8.default\Extensions\client@anonymox.net.xpi [2017-05-27]
FF Extension: (ZenMate Security, Privacy & Unblock VPN) - C:\Users\adeni\AppData\Roaming\Mozilla\Firefox\Profiles\jjkfi5y8.default\Extensions\firefox@zenmate.com.xpi [2017-08-21]
FF Extension: (User Agent Switcher) - C:\Users\adeni\AppData\Roaming\Mozilla\Firefox\Profiles\jjkfi5y8.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2017-08-20]
FF SearchPlugin: C:\Users\adeni\AppData\Roaming\Mozilla\Firefox\Profiles\jjkfi5y8.default\searchplugins\AdTrustMediaCCAV.xml [2017-06-20]
FF HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-11-16]
FF HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\adeni\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found
FF HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\adeni\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\adeni\AppData\Roaming\IDM\idmmzcc5 [2017-08-24] [not signed]
FF HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-30] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\Microsoft Office\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-12] (Adobe Systems)
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2014-09-03] (Citrix Systems, Inc.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\Microsoft Office\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-08] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2011-09-05] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-12] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1286292690-3867387504-3010431711-1001: @acestream.net/acestreamplugin,version=3.1.16.1 -> C:\Users\adeni\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File]
FF Plugin HKU\S-1-5-21-1286292690-3867387504-3010431711-1001: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=3 -> C:\Users\adeni\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2017-04-29] (Epic Privacy Browser)
FF Plugin HKU\S-1-5-21-1286292690-3867387504-3010431711-1001: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=9 -> C:\Users\adeni\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2017-04-29] (Epic Privacy Browser)
 
Chrome: 
=======
CHR DefaultProfile: Profile 4
CHR HomePage: Profile 4 -> hxxp://www.luckystarting.com/
CHR StartupUrls: Profile 4 -> "hxxp://websearch.oversearch.info/?pid=512&r=2013/09/25&hid=18313136183427387136&lg=EN&cc=NG&unqvl=36","hxxp://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=GB&userid=9e7ca856-cac3-c8ea-b8de-bf7520b218e5&searchtype=hp&installDate=31/10/2013","hxxp://search.conduit.com/?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPFB4108D4-2E01-4069-987E-B52EEACC8300&SSPV=","hxxp://websearch.exitingsearch.info/?pid=2145&r=2014/03/05&hid=5449419334015381407&lg=EN&cc=NG&unqvl=50","hxxp://websearch.searchsun.info/?pid=1091&r=2014/05/23&hid=1419352764299628880&lg=EN&cc=US&unqvl=52","hxxp://searchy.easylifeapp.com/","www.google.com","hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP","hxxp://home.torchbrowser.com","hxxp://www.startpageing123.com/?type=hp&ts=1490008265&z=bb12bc8fba9a54f5210ab88gdz6t2e8eee6b7ofqdb&from=che0812&uid=HGSTXHTS541075A9E680_JD12001WG67K3AG67K3AX","hxxp://www.initialpage123.com/?z=1f401e0817af151cc9e1964g4zatez0w0oacftfq0z&from=amz&uid=HGSTXHTS541075A9E680_JD12001WG67K3AG67K3AX&type=hp"
CHR Session Restore: Profile 4 -> is enabled.
CHR Profile: C:\Users\adeni\AppData\Local\Google\Chrome\User Data\Profile 4 [2017-08-25]
CHR Extension: (Google Slides) - C:\Users\adeni\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-06-20]
CHR Extension: (Google Docs) - C:\Users\adeni\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2017-06-20]
CHR Extension: (Google Drive) - C:\Users\adeni\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-06-20]
CHR Extension: (YouTube) - C:\Users\adeni\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-20]
CHR Extension: (DownAlbum) - C:\Users\adeni\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\cgjnhhjpfcdhbhlcmmjppicjmgfkppok [2017-08-18]
CHR Extension: (WebRTC Leak Prevent) - C:\Users\adeni\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\eiadekoaikejlgdbkbdfeijglgfdalml [2017-06-20]
CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\adeni\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2017-08-04]
CHR Extension: (Google Sheets) - C:\Users\adeni\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-06-20]
CHR Extension: (EditThisCookie) - C:\Users\adeni\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2017-06-20]
CHR Extension: (Google Docs Offline) - C:\Users\adeni\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-06-20]
CHR Extension: (AdBlock) - C:\Users\adeni\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-08-18]
CHR Extension: (J2TeaM Security) - C:\Users\adeni\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\hmlcjjclebjnfohgmgikjfnbmfkigocc [2017-08-24]
CHR Extension: (Shodan) - C:\Users\adeni\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\jjalcfnidlmpjhdfepjhjbhnhkbgleap [2017-07-18]
CHR Extension: (Google Hangouts) - C:\Users\adeni\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2017-06-20]
CHR Extension: (IDM Integration Module) - C:\Users\adeni\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2017-07-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\adeni\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (imo free video calls and text) - C:\Users\adeni\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ocaebkdojpikfmhmnekiflipcicedobi [2017-06-20]
CHR Extension: (Gmail) - C:\Users\adeni\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-06-20]
CHR Extension: (Chrome Media Router) - C:\Users\adeni\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-18]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hcjjaajflhellmcfcecojihhmdbjmmlm] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Bangtony\Application\chrome.exe <==== ATTENTION
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-12] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
R2 BvSshServer; C:\Program Files\Bitvise SSH Server\BvSshServer.exe [13908856 2017-06-14] (Bitvise Limited)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2273432 2017-04-28] (Comodo)
R2 Ds3Service; C:\Program Files\ScpServer\bin\ScpService.exe [381952 2014-03-13] (Scarlet.Crush Productions) [File not signed]
S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1583488 2017-04-16] (Echobit LLC)
R2 FreeSSHDService; C:\Program Files (x86)\freeSSHd\FreeSSHDService.exe [1513072 2015-02-02] ()
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135488 2017-08-20] (SurfRight B.V.)
R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2016-04-18] (HP Inc.)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [319096 2017-04-02] (Intel Corporation)
R2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [360736 2017-03-28] (IObit)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21184 2016-07-28] (Microsoft Corporation)
R2 isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [133840 2017-06-30] (COMODO)
R2 KingoSoftService; C:\Users\adeni\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\checkupdate.exe [367592 2017-03-18] ()
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 nlsvc; C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe [323632 2017-03-28] (Locktime Software)
R2 NoIPDUCService4; C:\Program Files (x86)\No-IP\ducservice.exe [12288 2015-07-20] () [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2124296 2017-04-06] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2185232 2017-04-06] (Electronic Arts)
R2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [55000 2017-05-10] (Copyright © 2017 Plays.tv, LLC)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [197776 2016-12-14] (Sandboxie Holdings, LLC)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889888 2017-08-01] (Microsoft Corporation)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (DEVGURU Co., LTD.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [340480 2013-12-04] (IDT, Inc.) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [266848 2016-10-05] (Synaptics Incorporated)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10885360 2017-05-31] (TeamViewer GmbH)
R2 tvnserver; C:\Program Files\TightVNC\tvnserver.exe [1725408 2017-03-14] (GlavSoft LLC.)
R2 valWBFPolicyService; C:\WINDOWS\system32\valWBFPolicyService.exe [35328 2013-10-30] (Validity Sensors, Inc.) [File not signed]
S2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12471368 2016-04-14] ()
R2 VyprVPN; C:\Program Files (x86)\VyprVPN\VyprVPNService.exe [270336 2016-10-07] (Golden Frog, GmbH.) [File not signed]
S3 wampapache64; c:\wamp64\bin\apache\apache2.4.23\bin\httpd.exe [29696 2016-07-01] (Apache Software Foundation) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-28] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-08-01] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 adgnetworkwfpdrv; C:\WINDOWS\System32\drivers\adgnetworkwfpdrv.sys [81000 2017-03-27] ()
S0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [82664 2015-12-16] (Advanced Micro Devices, Inc.)
S3 DFX11_1; C:\WINDOWS\system32\drivers\dfx11_1x64.sys [28008 2015-08-31] (Windows ® Win 7 DDK provider)
R3 DFX12; C:\WINDOWS\system32\drivers\dfx12x64.sys [39048 2015-11-14] (Windows ® Win 7 DDK provider)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77376 2017-06-27] ()
R3 HpqKbFiltr; C:\WINDOWS\System32\drivers\HpqKbFiltr64.sys [37112 2015-06-17] (Hewlett-Packard Company)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-03-20] (REALiX™)
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
R1 isedrv; C:\WINDOWS\system32\drivers\isedrv.sys [62208 2017-03-29] (COMODO)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.)
R3 kmloop; C:\WINDOWS\System32\drivers\loop.sys [16384 2016-07-16] (Microsoft Corporation)
R3 ManyCam; C:\WINDOWS\system32\DRIVERS\mcvidrv.sys [49272 2014-12-29] (Visicom Media Inc.)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [101784 2017-08-24] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [45472 2017-08-24] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [253856 2017-08-24] (Malwarebytes)
R3 mcaudrv_simple; C:\WINDOWS\system32\drivers\mcaudrv_x64.sys [36000 2014-11-10] (Visicom Media Inc.)
R1 MpKsl4cf3e6a7; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{222E2EA0-9CA4-494A-9F83-68FC01D34E57}\MpKsl4cf3e6a7.sys [44928 2017-08-24] (Microsoft Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew01.sys [3354384 2017-03-20] (Intel Corporation)
R0 nldrv; C:\WINDOWS\System32\drivers\nldrv.sys [149880 2017-03-28] (Locktime Software)
R1 npcap; C:\WINDOWS\system32\DRIVERS\npcap.sys [81192 2017-06-12] (Insecure.Com LLC.)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [984032 2017-08-11] (Realtek )
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [205968 2016-12-14] (Sandboxie Holdings, LLC)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S1 sdtmqput; no ImagePath
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation)
S3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [72800 2016-10-05] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 tapexpressvpn; C:\WINDOWS\System32\drivers\tapexpressvpn.sys [45048 2017-06-05] (The OpenVPN Project)
S3 taphss6; C:\WINDOWS\System32\drivers\taphss6.sys [42064 2017-03-21] (Anchorfree Inc.)
S3 tapipvanish; C:\WINDOWS\System32\drivers\tapipvanish.sys [45552 2016-09-22] (The OpenVPN Project)
S3 tapvyprvpn; C:\WINDOWS\System32\drivers\tapvyprvpn.sys [44896 2016-10-07] (The OpenVPN Project)
R3 vpnva; C:\WINDOWS\System32\drivers\vpnva64-6.sys [52592 2014-11-19] (Cisco Systems, Inc.)
R0 vsock; C:\WINDOWS\System32\drivers\vsock.sys [75512 2015-11-05] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [34520 2015-07-09] (VMware, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [151184 2016-07-16] (MBB)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\system32\DRIVERS\WirelessButtonDriver64.sys [32832 2016-08-01] (HP)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-25 00:02 - 2017-08-25 00:03 - 000000000 ____D C:\FRST
2017-08-24 21:21 - 2017-08-24 21:21 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsign201ff4b18cba71f8
2017-08-24 20:56 - 2017-08-24 20:56 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsigna0bbe6b628150751
2017-08-24 20:56 - 2017-08-24 20:56 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsign8189ccfe837b1eb6
2017-08-24 15:09 - 2017-08-24 15:09 - 000000000 ____D C:\Users\adeni\AppData\Local\Cisco
2017-08-24 15:09 - 2017-08-24 15:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
2017-08-24 15:09 - 2017-08-24 15:09 - 000000000 ____D C:\ProgramData\Cisco
2017-08-24 15:09 - 2017-08-24 15:09 - 000000000 ____D C:\Program Files (x86)\Cisco
2017-08-24 15:09 - 2014-11-19 15:09 - 000112496 ____R (Cisco Systems, Inc.) C:\WINDOWS\system32\Drivers\acsock64.sys
2017-08-24 13:43 - 2017-08-24 13:43 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsigne3344892dcb0c4a6
2017-08-24 13:43 - 2017-08-24 13:43 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsign9e29d6a95aedcdc1
2017-08-24 13:43 - 2017-08-24 13:43 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsign16ee4a3eb8c88fe1
2017-08-24 13:31 - 2017-08-24 13:31 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsignc92857b635aef771
2017-08-24 13:05 - 2017-08-24 13:05 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsignf9c3d7611025a73c
2017-08-24 13:05 - 2017-08-24 13:05 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsign5f19990cfa879dc5
2017-08-24 03:56 - 2017-08-24 03:56 - 070516321 _____ C:\Users\adeni\Downloads\Shutterstock Leaks for PS.zip
2017-08-24 03:12 - 2017-08-24 03:13 - 013704535 _____ C:\Users\adeni\Downloads\AnimaFactory01.abr
2017-08-24 01:33 - 2017-08-24 01:33 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsign80ca3d390243c942
2017-08-24 01:12 - 2017-08-24 01:12 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsign5c9d6263c9d48e19
2017-08-24 01:11 - 2017-08-24 01:11 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsignfea682bc007d0c7e
2017-08-24 01:11 - 2017-08-24 01:11 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsignaeb1a7e465961486
2017-08-24 01:11 - 2017-08-24 01:11 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsignaab0390c7bb4211f
2017-08-24 00:30 - 2017-08-24 00:31 - 000007379 _____ C:\Users\adeni\Desktop\photoshop tut.txt
2017-08-23 12:32 - 2017-08-23 12:32 - 000000000 ____D C:\ProgramData\ProductData
2017-08-23 11:27 - 2017-08-23 11:27 - 000000000 ____D C:\ProgramData\Sophos
2017-08-23 11:25 - 2017-08-23 11:25 - 000002841 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-08-23 11:25 - 2017-08-23 11:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-08-23 11:25 - 2017-08-23 11:25 - 000000000 ____D C:\Program Files (x86)\Sophos
2017-08-23 10:48 - 2017-08-23 10:48 - 000009263 _____ C:\Users\adeni\Desktop\JRT.txt
2017-08-23 10:01 - 2017-08-23 10:24 - 000000000 ____D C:\AdwCleaner
2017-08-23 09:59 - 2017-08-23 10:00 - 008185288 _____ (Malwarebytes) C:\Users\adeni\Downloads\AdwCleaner.exe
2017-08-23 09:29 - 2017-08-23 09:29 - 000039337 _____ C:\Users\adeni\Downloads\WEST-LITE.pdf
2017-08-23 02:05 - 2017-08-23 02:05 - 000000218 _____ C:\Users\adeni\.recently-used.xbel
2017-08-23 00:24 - 2017-08-23 00:24 - 000041000 _____ C:\Users\adeni\Desktop\much man.txt
2017-08-22 11:40 - 2017-08-24 06:13 - 000000000 ____D C:\Users\adeni\Desktop\log
2017-08-22 11:39 - 2017-08-24 19:52 - 000221399 _____ C:\Users\adeni\Desktop\new lin.txt
2017-08-22 11:38 - 2017-08-22 11:39 - 000180152 _____ C:\Users\adeni\Desktop\new line.txt
2017-08-22 10:51 - 2017-08-22 10:51 - 000003046 _____ C:\Users\adeni\Desktop\1floridainsurancecenter.txt
2017-08-21 16:08 - 2017-08-22 11:11 - 000000000 ____D C:\Users\adeni\AppData\LocalLow\uTorrent
2017-08-21 16:08 - 2017-08-21 16:08 - 000000896 _____ C:\Users\adeni\Desktop\µTorrent.lnk
2017-08-21 16:08 - 2017-08-21 16:08 - 000000876 _____ C:\Users\adeni\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2017-08-21 16:05 - 2017-08-21 16:05 - 000001425 _____ C:\Users\adeni\Desktop\Topaz Texture Effects 2 (64-bit).lnk
2017-08-21 16:04 - 2017-08-21 17:20 - 000000000 ____D C:\Users\adeni\AppData\Local\Topaz Labs
2017-08-21 16:04 - 2017-08-21 16:04 - 000001362 _____ C:\Users\adeni\Desktop\Topaz Impression 2 (64-bit).lnk
2017-08-21 16:04 - 2017-08-21 16:04 - 000001278 _____ C:\Users\adeni\Desktop\Topaz Glow 2 (64-bit).lnk
2017-08-21 16:03 - 2017-08-21 16:03 - 000001417 _____ C:\Users\adeni\Desktop\photoFXlab (64-bit).lnk
2017-08-21 16:00 - 2017-08-21 16:05 - 000000000 ____D C:\Users\adeni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Topaz Labs
2017-08-21 16:00 - 2017-08-21 16:00 - 000001314 _____ C:\Users\adeni\Desktop\Topaz DeNoise 6 (64-bit).lnk
2017-08-21 16:00 - 2017-08-21 16:00 - 000001306 _____ C:\Users\adeni\Desktop\Topaz ReMask 5 (64-bit).lnk
2017-08-21 15:59 - 2017-08-21 16:04 - 000000000 ____D C:\Program Files (x86)\Topaz Labs
2017-08-21 15:59 - 2017-08-21 16:03 - 000000000 ____D C:\Program Files\Common Files\Topaz Labs
2017-08-21 13:15 - 2017-08-21 13:15 - 000000370 _____ C:\Users\adeni\Desktop\hsbc.txt
2017-08-21 13:15 - 2017-08-21 13:15 - 000000170 _____ C:\Users\adeni\Desktop\error.txt
2017-08-21 13:08 - 2017-08-21 13:17 - 000004066 _____ C:\Users\adeni\Desktop\Rkill.txt
2017-08-21 13:06 - 2017-08-21 13:08 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\adeni\Downloads\rkill.exe
2017-08-21 12:51 - 2017-08-21 12:51 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsign353360f164b825da
2017-08-21 12:46 - 2017-08-21 12:46 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsign0d8b4991080ba4f5
2017-08-21 12:42 - 2017-08-21 12:42 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsigne6a59c7384cf9244
2017-08-21 12:41 - 2017-08-21 12:41 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsigndcb94de4f5e1b2f0
2017-08-21 12:41 - 2017-08-21 12:41 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsign320b04eade32213a
2017-08-21 10:59 - 2017-08-21 10:59 - 000001253 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CC 2017.lnk
2017-08-21 10:44 - 2017-08-21 10:44 - 000000000 ____D C:\Users\Public\Documents\AdobeInstalledCodecs
2017-08-21 10:18 - 2017-08-21 10:19 - 012767061 _____ C:\Users\adeni\Downloads\videohive-19859675-simple-glitch-logo.zip
2017-08-21 09:43 - 2017-08-21 09:43 - 000002394 _____ C:\Users\adeni\Desktop\FSS.txt
2017-08-21 09:40 - 2017-08-22 10:54 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-08-21 09:35 - 2017-08-21 12:32 - 000000000 ____D C:\Users\adeni\Desktop\mbar
2017-08-21 09:30 - 2017-08-21 09:30 - 000031037 _____ C:\Users\adeni\Desktop\MTB.txt
2017-08-21 09:23 - 2017-08-21 09:24 - 000892416 _____ (Farbar) C:\Users\adeni\Desktop\MiniToolBox.exe
2017-08-21 09:22 - 2017-08-21 09:22 - 000899584 _____ (Farbar) C:\Users\adeni\Downloads\FSS.exe
2017-08-21 09:18 - 2017-08-21 09:19 - 000852798 _____ C:\Users\adeni\Downloads\SecurityCheck.exe
2017-08-20 15:08 - 2017-08-20 15:08 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsignc8f11ad91f48e377
2017-08-20 15:07 - 2017-08-20 15:07 - 005513201 _____ C:\Users\adeni\Downloads\BackUrFace.psd
2017-08-20 15:04 - 2017-08-20 15:04 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsign7c1dc4bf17825237
2017-08-20 15:04 - 2017-08-20 15:04 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsign6b91c4f57f14b610
2017-08-20 15:04 - 2017-08-20 15:04 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsign38693f1d5cc3b818
2017-08-20 15:00 - 2017-08-20 15:44 - 256155000 _____ C:\Users\adeni\Downloads\1AOrgasmPack.psd
2017-08-20 14:57 - 2017-08-20 14:57 - 000105594 _____ C:\Users\adeni\Downloads\xirod.zip
2017-08-20 14:55 - 2017-08-20 14:56 - 003493578 _____ C:\Users\adeni\Downloads\Actions.zip
2017-08-20 12:05 - 2017-08-20 12:05 - 000003064 _____ C:\Users\adeni\Desktop\floridainsurancecenter.com
2017-08-20 09:04 - 2017-08-21 12:46 - 000000511 _____ C:\Users\adeni\Desktop\rdp test.txt
2017-08-20 08:33 - 2017-08-20 08:33 - 000272726 _____ C:\WINDOWS\system32\.crusader
2017-08-20 01:13 - 2017-08-20 01:15 - 000001926 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2017-08-20 01:13 - 2017-08-20 01:15 - 000000000 ____D C:\Program Files\HitmanPro
2017-08-20 01:13 - 2017-08-20 01:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2017-08-20 01:12 - 2017-08-20 08:33 - 000000000 ____D C:\ProgramData\HitmanPro
2017-08-20 01:10 - 2017-08-20 01:10 - 022997819 _____ C:\Users\adeni\Downloads\x64.zip
2017-08-20 00:55 - 2017-08-20 00:55 - 000003186 _____ C:\WINDOWS\System32\Tasks\iolo Process Governor
2017-08-20 00:01 - 2017-08-20 00:01 - 000000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-08-19 19:13 - 2017-08-19 19:13 - 000000000 ____D C:\Program Files\AirVPN
2017-08-19 00:14 - 2017-08-19 00:15 - 000000000 ____D C:\Program Files\UNP
2017-08-19 00:14 - 2017-08-19 00:14 - 000000000 ____D C:\WINDOWS\system32\UNP
2017-08-19 00:13 - 2017-08-19 00:13 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsigna582daf967905a83
2017-08-19 00:12 - 2017-08-19 00:12 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsignc192e36ba9fa5dca
2017-08-19 00:12 - 2017-08-19 00:12 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsign8db8413b84a61b50
2017-08-18 10:47 - 2017-08-18 10:47 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsign0367770cd3fcc54d
2017-08-18 10:41 - 2017-08-18 10:41 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsignf912deb5bd41ca52
2017-08-18 10:41 - 2017-08-18 10:41 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsignb5442f0ca34263d5
2017-08-18 10:41 - 2017-08-18 10:41 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsign827609c69588b59b
2017-08-18 10:27 - 2017-08-18 14:15 - 000020854 _____ C:\Users\adeni\Desktop\new mobile UM.txt
2017-08-18 10:25 - 2017-08-18 10:25 - 000001099 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2017.lnk
2017-08-18 10:16 - 2017-08-18 10:16 - 000001320 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2017-08-18 10:16 - 2017-08-18 10:16 - 000001308 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2017-08-17 14:07 - 2017-08-17 14:08 - 000000000 ____D C:\Users\adeni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 2.6
2017-08-17 14:06 - 2017-08-17 14:08 - 000000000 ____D C:\Python26
2017-08-17 14:02 - 2017-08-17 14:03 - 006659180 _____ C:\Users\adeni\Downloads\pywin32-212.win-amd64-py2.6.exe
2017-08-17 13:25 - 2017-08-17 13:25 - 000026624 _____ C:\Users\adeni\Desktop\1111.xls
2017-08-17 13:17 - 2017-08-17 13:52 - 000000000 ____D C:\Users\adeni\Documents\MOBILedit! Forensic
2017-08-17 13:17 - 2017-08-17 13:20 - 000000000 ____D C:\Users\adeni\AppData\Roaming\MOBILeditForensic
2017-08-17 13:15 - 2017-08-17 13:17 - 000000000 ____D C:\Program Files (x86)\MOBILedit Forensic
2017-08-17 13:15 - 2017-08-17 13:15 - 000001165 _____ C:\Users\Public\Desktop\MOBILedit Forensic.lnk
2017-08-17 13:15 - 2017-08-17 13:15 - 000000000 ____D C:\Users\Public\Documents\MobilEdit! Forensic
2017-08-17 13:15 - 2017-08-17 13:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MOBILedit Forensic
2017-08-17 12:03 - 2017-08-17 12:03 - 000000000 ____D C:\Program Files (x86)\COMPELSON Labs
2017-08-17 11:34 - 2017-08-19 00:26 - 000000000 ____D C:\Users\adeni\AppData\Local\CyberGhost
2017-08-17 11:19 - 2017-08-19 21:05 - 000000000 ____D C:\Program Files (x86)\CyberGhost
2017-08-16 20:04 - 2017-08-16 20:04 - 004013739 _____ C:\Users\adeni\Downloads\EFI(for Kaby Lake by Techposts.org).zip
2017-08-16 17:45 - 2017-08-16 17:45 - 001771979 _____ C:\Users\adeni\Desktop\Outgoing Wire.jpeg
2017-08-16 13:32 - 2017-08-16 15:13 - 000000000 ____D C:\Users\adeni\Downloads\Hackintosh Sierra Zone
2017-08-16 13:28 - 2017-08-16 13:28 - 000049479 _____ C:\Users\adeni\Downloads\Hackintosh-Sierra-Zone.torrent.zip
2017-08-15 02:43 - 2017-08-15 02:43 - 000000215 _____ C:\Users\adeni\Desktop\1111111111111111.txt
2017-08-15 01:39 - 2017-08-15 01:39 - 000005308 _____ C:\Users\adeni\Downloads\vjt.html
2017-08-15 01:10 - 2017-08-22 02:27 - 000007253 _____ C:\Users\adeni\Desktop\goldcoastacura1.txt
2017-08-15 01:10 - 2017-08-15 01:10 - 000016284 _____ C:\Users\adeni\Desktop\goldcoastacura2.txt
2017-08-14 16:13 - 2017-08-14 16:14 - 2088526157 _____ C:\Users\adeni\Downloads\zoosk.com.rar
2017-08-14 11:15 - 2017-08-14 11:15 - 000000019 _____ C:\Users\adeni\AppData\Local\llftool.license
2017-08-14 11:15 - 2017-08-14 11:15 - 000000001 _____ C:\Users\adeni\AppData\Local\llftool.4.40.agreement
2017-08-14 11:14 - 2017-08-14 11:14 - 002046464 _____ C:\Users\adeni\Downloads\HDDLLF.4.40.exe
2017-08-14 02:41 - 2017-08-14 02:41 - 000000436 _____ C:\Users\adeni\Desktop\goldcoastacura.txt
2017-08-13 22:42 - 2017-08-13 22:42 - 000223054 _____ C:\Users\adeni\Downloads\ballpark_weiner.zip
2017-08-13 12:59 - 2017-08-13 12:59 - 000032682 _____ C:\Users\adeni\Downloads\burntilldead_victoriandeco-regular.zip
2017-08-13 12:58 - 2017-08-13 12:58 - 000822411 _____ C:\Users\adeni\Downloads\david-kerkhoff_don-quixote.zip
2017-08-13 12:56 - 2017-08-13 12:56 - 001060751 _____ C:\Users\adeni\Downloads\uncurvetype_greaturedemo.zip
2017-08-13 12:54 - 2017-08-13 12:54 - 000383319 _____ C:\Users\adeni\Downloads\nymphont_aver.zip
2017-08-13 12:52 - 2017-08-13 12:53 - 002637997 _____ C:\Users\adeni\Downloads\sharkshock_ring-of-kerry.zip
2017-08-13 12:51 - 2017-08-13 12:51 - 000400754 _____ C:\Users\adeni\Downloads\artone-digital_fonarto.zip
2017-08-13 04:02 - 2017-08-13 04:02 - 000074752 _____ C:\Users\adeni\Downloads\template.xls
2017-08-13 02:58 - 2017-08-13 02:58 - 000047104 _____ C:\Users\adeni\Downloads\invoice_data.xls
2017-08-12 19:57 - 2017-08-12 19:57 - 000080546 _____ C:\Users\adeni\Downloads\doc00350020170810092359.pdf
2017-08-12 18:35 - 2017-08-12 18:35 - 000280962 _____ C:\Users\adeni\Downloads\Oswald.zip
2017-08-12 18:08 - 2017-08-12 18:08 - 000021713 _____ C:\Users\adeni\Downloads\exposure-empire-presets-and-actions.zip
2017-08-12 10:12 - 2017-08-12 10:13 - 006964853 _____ C:\Users\adeni\Downloads\PDF EXPLOIT CRYPTER TUTORIAL.zip
2017-08-12 09:32 - 2017-08-18 22:40 - 000000000 __SHD C:\Users\adeni\AppData\Roaming\Z0BAZwxx
2017-08-12 09:32 - 2017-08-12 09:32 - 000000000 ____D C:\Users\adeni\AppData\Roaming\5B3CF20C-F481-4FEE-9392-1D8104241277
2017-08-12 09:32 - 2017-05-04 23:49 - 000655714 ___SH C:\Users\adeni\AppData\Local\CSIDL_X
2017-08-12 09:32 - 2017-05-04 23:49 - 000655714 ___SH C:\Users\adeni\AppData\Local\CSIDL_
2017-08-11 17:03 - 2017-08-11 17:03 - 000338400 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RtsBaStor.sys
2017-08-11 16:41 - 2017-08-11 16:41 - 000984032 _____ (Realtek ) C:\WINDOWS\system32\Drivers\rt640x64.sys
2017-08-11 03:57 - 2017-08-11 03:57 - 007571158 _____ C:\Users\adeni\Downloads\hgl02.csv
2017-08-10 19:06 - 2017-08-12 19:39 - 000000132 _____ C:\Users\adeni\AppData\Roaming\Adobe PNG Format CS6 Prefs
2017-08-10 18:33 - 2017-08-10 18:34 - 002651401 _____ C:\Users\adeni\Downloads\awesome2.zip
2017-08-10 18:33 - 2017-08-10 18:33 - 000662970 _____ C:\Users\adeni\Downloads\MyriadPro.zip
2017-08-10 16:21 - 2017-08-10 16:21 - 000000704 _____ C:\Users\adeni\Downloads\spoofer.vbs
2017-08-10 16:10 - 2017-08-10 16:10 - 506179507 _____ C:\Users\adeni\Downloads\Antidetect_7_R1__ed_by_Blazing_Soul.zip
2017-08-10 13:16 - 2017-08-10 13:16 - 300611565 _____ C:\Users\adeni\Downloads\BNetz.7z
2017-08-10 12:53 - 2017-08-10 12:53 - 000000000 ____D C:\Users\adeni\AppData\Local\52Tech
2017-08-10 12:52 - 2017-08-10 12:52 - 000000052 _____ C:\Users\adeni\Documents\New Text Document.txt
2017-08-10 12:45 - 2017-08-10 12:45 - 000000000 ____D C:\Users\adeni\Desktop\mail explosion
2017-08-10 12:44 - 2017-08-10 12:45 - 1227778869 _____ C:\Users\adeni\Downloads\Leaks.rar
2017-08-10 12:44 - 2017-08-10 12:44 - 000905374 _____ C:\Users\adeni\Downloads\Mail Explosion.rar
2017-08-09 12:22 - 2017-08-09 12:22 - 000066143 _____ C:\Users\adeni\Downloads\Data List.xlsx
2017-08-09 06:56 - 2017-07-31 15:14 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-08-09 06:56 - 2017-07-31 15:14 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-08-09 06:38 - 2017-08-01 19:32 - 000133984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-08-09 06:38 - 2017-08-01 19:27 - 000118112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-08-09 06:38 - 2017-08-01 19:22 - 001860288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-08-09 06:38 - 2017-08-01 19:21 - 000857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-08-09 06:38 - 2017-08-01 19:20 - 000557408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2017-08-09 06:38 - 2017-08-01 19:18 - 008169536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-08-09 06:38 - 2017-08-01 19:18 - 004260064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-08-09 06:38 - 2017-08-01 19:18 - 001983408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-08-09 06:38 - 2017-08-01 19:18 - 001702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-08-09 06:38 - 2017-08-01 19:18 - 000092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-08-09 06:38 - 2017-08-01 19:17 - 022220856 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-08-09 06:38 - 2017-08-01 19:17 - 001072248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-08-09 06:38 - 2017-08-01 19:17 - 000244816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-08-09 06:38 - 2017-08-01 19:13 - 002532192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-08-09 06:38 - 2017-08-01 19:13 - 000387872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-08-09 06:38 - 2017-08-01 18:58 - 000299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinit.exe
2017-08-09 06:38 - 2017-08-01 18:57 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe
2017-08-09 06:38 - 2017-08-01 18:57 - 000372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-08-09 06:38 - 2017-08-01 18:53 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-08-09 06:38 - 2017-08-01 18:52 - 000237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2017-08-09 06:38 - 2017-08-01 18:51 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll
2017-08-09 06:38 - 2017-08-01 18:48 - 000211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-08-09 06:38 - 2017-08-01 18:47 - 000748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-08-09 06:38 - 2017-08-01 18:46 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-08-09 06:38 - 2017-08-01 18:46 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-08-09 06:38 - 2017-08-01 18:46 - 000260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-08-09 06:38 - 2017-08-01 18:45 - 000561664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll
2017-08-09 06:38 - 2017-08-01 18:45 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-08-09 06:38 - 2017-08-01 18:44 - 000642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll
2017-08-09 06:38 - 2017-08-01 18:43 - 000963584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebcamUi.dll
2017-08-09 06:38 - 2017-08-01 18:42 - 006288384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-08-09 06:38 - 2017-08-01 18:38 - 013441536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-08-09 06:38 - 2017-08-01 18:35 - 001908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-08-09 06:38 - 2017-08-01 18:32 - 004596224 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2017-08-09 06:38 - 2017-08-01 18:32 - 003401216 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-08-09 06:38 - 2017-08-01 18:27 - 008076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-08-09 06:38 - 2017-08-01 18:27 - 004149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-08-09 06:38 - 2017-08-01 18:27 - 002538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-08-09 06:38 - 2017-08-01 18:27 - 001984000 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-08-09 06:38 - 2017-08-01 18:27 - 000903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-08-09 06:38 - 2017-08-01 18:27 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2017-08-09 06:38 - 2017-08-01 18:26 - 001949696 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistSvc.dll
2017-08-09 06:38 - 2017-08-01 18:24 - 003299840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2017-08-09 06:38 - 2017-08-01 18:24 - 000998912 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-08-09 06:38 - 2017-08-01 17:20 - 002264344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-08-09 06:38 - 2017-08-01 17:20 - 001431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-08-09 06:38 - 2017-08-01 17:20 - 000781144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-08-09 06:38 - 2017-08-01 17:20 - 000116576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-08-09 06:38 - 2017-08-01 17:19 - 001980776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2017-08-09 06:38 - 2017-08-01 17:19 - 000577976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-08-09 06:38 - 2017-08-01 17:19 - 000339896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-08-09 06:38 - 2017-08-01 17:19 - 000266080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-08-09 06:38 - 2017-08-01 17:19 - 000120416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-08-09 06:38 - 2017-08-01 17:18 - 000139104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-08-09 06:38 - 2017-08-01 17:16 - 006665952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-08-09 06:38 - 2017-08-01 17:16 - 004023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-08-09 06:38 - 2017-08-01 17:16 - 001845512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-08-09 06:38 - 2017-08-01 17:15 - 020967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-08-09 06:38 - 2017-08-01 17:15 - 001360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-08-09 06:38 - 2017-08-01 17:15 - 001277856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-08-09 06:38 - 2017-08-01 17:15 - 000981888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-08-09 06:38 - 2017-08-01 17:10 - 000306800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2017-08-09 06:38 - 2017-08-01 17:07 - 005686784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-08-09 06:38 - 2017-08-01 16:59 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll
2017-08-09 06:38 - 2017-08-01 16:58 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-08-09 06:38 - 2017-08-01 16:56 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2017-08-09 06:38 - 2017-08-01 16:56 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll
2017-08-09 06:38 - 2017-08-01 16:55 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll
2017-08-09 06:38 - 2017-08-01 16:54 - 000505856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-08-09 06:38 - 2017-08-01 16:54 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2017-08-09 06:38 - 2017-08-01 16:54 - 000180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-08-09 06:38 - 2017-08-01 16:53 - 000557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-08-09 06:38 - 2017-08-01 16:52 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSCOMEX.dll
2017-08-09 06:38 - 2017-08-01 16:52 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBroker.dll
2017-08-09 06:38 - 2017-08-01 16:51 - 000483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll
2017-08-09 06:38 - 2017-08-01 16:51 - 000426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll
2017-08-09 06:38 - 2017-08-01 16:51 - 000388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2017-08-09 06:38 - 2017-08-01 16:51 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-08-09 06:38 - 2017-08-01 16:51 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-08-09 06:38 - 2017-08-01 16:50 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-08-09 06:38 - 2017-08-01 16:50 - 000284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2017-08-09 06:38 - 2017-08-01 16:50 - 000260096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2017-08-09 06:38 - 2017-08-01 16:50 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2017-08-09 06:38 - 2017-08-01 16:49 - 004615168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-08-09 06:38 - 2017-08-01 16:48 - 000297472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-08-09 06:38 - 2017-08-01 16:48 - 000267776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2017-08-09 06:38 - 2017-08-01 16:47 - 000846336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebcamUi.dll
2017-08-09 06:38 - 2017-08-01 16:47 - 000787968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sbe.dll
2017-08-09 06:38 - 2017-08-01 16:47 - 000525824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintDialogs.dll
2017-08-09 06:38 - 2017-08-01 16:47 - 000396288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-08-09 06:38 - 2017-08-01 16:47 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2017-08-09 06:38 - 2017-08-01 16:45 - 002333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2017-08-09 06:38 - 2017-08-01 16:45 - 001985536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certmgr.dll
2017-08-09 06:38 - 2017-08-01 16:41 - 000248832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2017-08-09 06:38 - 2017-08-01 16:39 - 007626240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-08-09 06:38 - 2017-08-01 16:39 - 001255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-08-09 06:38 - 2017-08-01 16:38 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2017-08-09 06:38 - 2017-08-01 16:37 - 012349440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-08-09 06:38 - 2017-08-01 16:37 - 003520512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2017-08-09 06:38 - 2017-08-01 16:37 - 002641920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-08-09 06:38 - 2017-08-01 16:37 - 000647168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comuid.dll
2017-08-09 06:38 - 2017-08-01 16:37 - 000468992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll
2017-08-09 06:38 - 2017-08-01 16:36 - 007468544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-08-09 06:38 - 2017-08-01 16:35 - 000675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2017-08-09 06:38 - 2017-08-01 16:34 - 001170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2017-08-09 06:38 - 2017-08-01 16:34 - 000886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-08-09 06:38 - 2017-08-01 16:34 - 000709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2017-08-09 06:38 - 2017-08-01 16:33 - 000589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2017-08-09 06:38 - 2017-08-01 16:32 - 002682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2017-08-09 06:38 - 2017-08-01 16:32 - 002648576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-08-09 06:38 - 2017-08-01 16:31 - 001988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-08-09 06:38 - 2017-08-01 16:31 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-08-09 06:38 - 2017-08-01 16:31 - 000690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-08-09 06:38 - 2017-08-01 16:31 - 000598528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2017-08-09 06:38 - 2017-08-01 16:31 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-08-09 06:38 - 2017-08-01 16:31 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2017-08-09 06:38 - 2017-08-01 16:30 - 002997248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-08-09 06:38 - 2017-08-01 16:30 - 002482688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-08-09 06:38 - 2017-08-01 16:30 - 001886720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-08-09 06:38 - 2017-08-01 16:30 - 001556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-08-09 06:38 - 2017-08-01 16:30 - 001013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2017-08-09 06:38 - 2017-08-01 16:30 - 000751104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2017-08-09 06:38 - 2017-08-01 16:30 - 000711168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2017-08-09 06:38 - 2017-08-01 16:29 - 003106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2017-08-09 06:38 - 2017-08-01 16:28 - 000783360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2017-08-09 06:38 - 2017-08-01 14:15 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2017-08-09 06:38 - 2017-08-01 14:15 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswdat10.dll
2017-08-09 06:38 - 2017-08-01 14:15 - 000641536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-08-09 06:38 - 2017-08-01 14:15 - 000616448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrepl40.dll
2017-08-09 06:38 - 2017-08-01 14:15 - 000518144 _____ C:\WINDOWS\SysWOW64\msjetoledb40.dll
2017-08-09 06:38 - 2017-08-01 14:15 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2017-08-09 06:38 - 2017-08-01 14:15 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2017-08-09 06:38 - 2017-08-01 14:15 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2017-08-09 06:38 - 2017-08-01 14:15 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-08-09 06:38 - 2017-08-01 14:15 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2017-08-09 06:38 - 2017-08-01 14:15 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjtes40.dll
2017-08-09 06:38 - 2017-08-01 14:15 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstext40.dll
2017-08-09 06:38 - 2017-08-01 14:15 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2017-08-09 06:38 - 2017-08-01 14:15 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-08-09 06:38 - 2017-08-01 14:15 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjter40.dll
2017-08-09 06:38 - 2017-07-12 06:17 - 000081760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2017-08-09 06:38 - 2017-07-12 06:15 - 002213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-08-09 06:38 - 2017-07-12 06:15 - 000496872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-08-09 06:38 - 2017-07-12 06:12 - 001706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-08-09 06:38 - 2017-07-12 06:12 - 001573280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-08-09 06:38 - 2017-07-12 06:09 - 001181024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-08-09 06:38 - 2017-07-12 06:01 - 000715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-08-09 06:38 - 2017-07-12 06:00 - 000095584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2017-08-09 06:38 - 2017-07-12 05:59 - 000857952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2017-08-09 06:38 - 2017-07-12 05:59 - 000148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2017-08-09 06:38 - 2017-07-12 05:56 - 000277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-08-09 06:38 - 2017-07-12 05:55 - 000607072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2017-08-09 06:38 - 2017-07-12 05:55 - 000111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2017-08-09 06:38 - 2017-07-12 05:52 - 004312760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-08-09 06:38 - 2017-07-12 05:35 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dabapi.dll
2017-08-09 06:38 - 2017-07-12 05:32 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2017-08-09 06:38 - 2017-07-12 05:32 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\frprov.dll
2017-08-09 06:38 - 2017-07-12 05:31 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll
2017-08-09 06:38 - 2017-07-12 05:31 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfnet.dll
2017-08-09 06:38 - 2017-07-12 05:30 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshhttp.dll
2017-08-09 06:38 - 2017-07-12 05:29 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-08-09 06:38 - 2017-07-12 05:29 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\httpapi.dll
2017-08-09 06:38 - 2017-07-12 05:25 - 000364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2017-08-09 06:38 - 2017-07-12 05:24 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scmdisk0101.sys
2017-08-09 06:38 - 2017-07-12 05:23 - 000671232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-08-09 06:38 - 2017-07-12 05:23 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-08-09 06:38 - 2017-07-12 05:23 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-08-09 06:38 - 2017-07-12 05:23 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-08-09 06:38 - 2017-07-12 05:21 - 000711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-08-09 06:38 - 2017-07-12 05:21 - 000250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthLEEnum.sys
2017-08-09 06:38 - 2017-07-12 05:19 - 006474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-08-09 06:38 - 2017-07-12 05:18 - 000525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-08-09 06:38 - 2017-07-12 05:17 - 000552960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-08-09 06:38 - 2017-07-12 05:15 - 000893440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-08-09 06:38 - 2017-07-12 05:15 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsium.dll
2017-08-09 06:38 - 2017-07-12 05:14 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2017-08-09 06:38 - 2017-07-12 05:13 - 000855040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe
2017-08-09 06:38 - 2017-07-12 05:12 - 002750464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2017-08-09 06:38 - 2017-07-12 05:11 - 002154496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2017-08-09 06:38 - 2017-07-12 05:10 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
2017-08-09 06:38 - 2017-07-12 05:10 - 000546304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2017-08-09 06:38 - 2017-07-12 05:09 - 000641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-08-09 06:38 - 2017-07-12 05:07 - 001572352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-08-09 06:38 - 2017-07-12 05:06 - 000549376 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-08-09 06:38 - 2017-07-12 05:05 - 000565248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-08-09 06:38 - 2017-07-12 05:03 - 000779776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll
2017-08-09 06:38 - 2017-07-12 05:01 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2017-08-09 06:38 - 2017-07-12 05:00 - 002370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2017-08-09 06:38 - 2017-07-12 04:58 - 001130496 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-08-09 06:38 - 2017-07-12 04:58 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-08-09 06:38 - 2017-07-12 02:49 - 000448629 _____ C:\WINDOWS\system32\ApnDatabase.xml
2017-08-09 06:38 - 2017-03-04 06:05 - 000134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll
2017-08-09 06:38 - 2016-09-07 05:24 - 000057400 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-08-09 06:37 - 2017-08-01 19:31 - 007780192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-08-09 06:37 - 2017-08-01 19:29 - 000376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-08-09 06:37 - 2017-08-01 19:25 - 000168800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2017-08-09 06:37 - 2017-08-01 19:22 - 000360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-08-09 06:37 - 2017-08-01 19:21 - 002759712 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-08-09 06:37 - 2017-08-01 19:21 - 000624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-08-09 06:37 - 2017-08-01 19:21 - 000295264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-08-09 06:37 - 2017-08-01 19:21 - 000146784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-08-09 06:37 - 2017-08-01 19:21 - 000124072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-08-09 06:37 - 2017-08-01 19:21 - 000026976 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2017-08-09 06:37 - 2017-08-01 19:20 - 002446704 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2017-08-09 06:37 - 2017-08-01 19:20 - 000684344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-08-09 06:37 - 2017-08-01 19:20 - 000383776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-08-09 06:37 - 2017-08-01 19:20 - 000144736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-08-09 06:37 - 2017-08-01 19:20 - 000079712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2017-08-09 06:37 - 2017-08-01 19:17 - 001600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-08-09 06:37 - 2017-08-01 19:17 - 000241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-08-09 06:37 - 2017-08-01 19:13 - 001102176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-08-09 06:37 - 2017-08-01 19:01 - 007218176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-08-09 06:37 - 2017-08-01 18:54 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
2017-08-09 06:37 - 2017-08-01 18:52 - 022569472 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-08-09 06:37 - 2017-08-01 18:52 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2017-08-09 06:37 - 2017-08-01 18:50 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-08-09 06:37 - 2017-08-01 18:48 - 000289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-08-09 06:37 - 2017-08-01 18:48 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-08-09 06:37 - 2017-08-01 18:47 - 000691200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-08-09 06:37 - 2017-08-01 18:47 - 000651264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll
2017-08-09 06:37 - 2017-08-01 18:47 - 000268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2017-08-09 06:37 - 2017-08-01 18:47 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.HostName.dll
2017-08-09 06:37 - 2017-08-01 18:47 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-08-09 06:37 - 2017-08-01 18:46 - 000379904 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2017-08-09 06:37 - 2017-08-01 18:46 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2017-08-09 06:37 - 2017-08-01 18:46 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2017-08-09 06:37 - 2017-08-01 18:46 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-08-09 06:37 - 2017-08-01 18:46 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-08-09 06:37 - 2017-08-01 18:46 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-08-09 06:37 - 2017-08-01 18:45 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-08-09 06:37 - 2017-08-01 18:45 - 000472064 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2017-08-09 06:37 - 2017-08-01 18:45 - 000451072 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-08-09 06:37 - 2017-08-01 18:45 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-08-09 06:37 - 2017-08-01 18:45 - 000171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-08-09 06:37 - 2017-08-01 18:44 - 001010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-08-09 06:37 - 2017-08-01 18:43 - 000966144 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbe.dll
2017-08-09 06:37 - 2017-08-01 18:43 - 000945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2017-08-09 06:37 - 2017-08-01 18:43 - 000156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-08-09 06:37 - 2017-08-01 18:42 - 000775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-08-09 06:37 - 2017-08-01 18:41 - 002222080 _____ (Microsoft Corporation) C:\WINDOWS\system32\certmgr.dll
2017-08-09 06:37 - 2017-08-01 18:40 - 002716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2017-08-09 06:37 - 2017-08-01 18:40 - 000945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-08-09 06:37 - 2017-08-01 18:40 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2017-08-09 06:37 - 2017-08-01 18:39 - 009129984 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-08-09 06:37 - 2017-08-01 18:39 - 001281536 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-08-09 06:37 - 2017-08-01 18:39 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2017-08-09 06:37 - 2017-08-01 18:39 - 000323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2017-08-09 06:37 - 2017-08-01 18:38 - 001589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2017-08-09 06:37 - 2017-08-01 18:37 - 013091328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-08-09 06:37 - 2017-08-01 18:36 - 023677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-08-09 06:37 - 2017-08-01 18:36 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2017-08-09 06:37 - 2017-08-01 18:34 - 001837056 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2017-08-09 06:37 - 2017-08-01 18:33 - 004749824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-08-09 06:37 - 2017-08-01 18:33 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowslivelogin.dll
2017-08-09 06:37 - 2017-08-01 18:33 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2017-08-09 06:37 - 2017-08-01 18:32 - 008114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-08-09 06:37 - 2017-08-01 18:32 - 000821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\comuid.dll
2017-08-09 06:37 - 2017-08-01 18:30 - 002916864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-08-09 06:37 - 2017-08-01 18:30 - 001643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2017-08-09 06:37 - 2017-08-01 18:30 - 000913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2017-08-09 06:37 - 2017-08-01 18:30 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2017-08-09 06:37 - 2017-08-01 18:29 - 004743680 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-08-09 06:37 - 2017-08-01 18:29 - 002852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-08-09 06:37 - 2017-08-01 18:29 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-08-09 06:37 - 2017-08-01 18:28 - 002895360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-08-09 06:37 - 2017-08-01 18:28 - 001490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-08-09 06:37 - 2017-08-01 18:27 - 002695680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-08-09 06:37 - 2017-08-01 18:27 - 000774656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2017-08-09 06:37 - 2017-08-01 18:27 - 000716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-08-09 06:37 - 2017-08-01 18:26 - 001513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-08-09 06:37 - 2017-08-01 18:26 - 000701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2017-08-09 06:37 - 2017-08-01 18:25 - 001726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-08-09 06:37 - 2017-08-01 18:24 - 001121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-08-09 06:37 - 2017-08-01 18:24 - 000924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2017-08-09 06:37 - 2017-08-01 18:23 - 003615744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-08-09 06:37 - 2017-08-01 18:23 - 000886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2017-08-09 06:37 - 2017-08-01 16:51 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-08-09 06:37 - 2017-08-01 16:47 - 000661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-08-09 06:37 - 2017-08-01 16:42 - 018364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-08-09 06:37 - 2017-08-01 16:40 - 019415040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-08-09 06:37 - 2017-08-01 16:40 - 012187136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-08-09 06:37 - 2017-08-01 16:33 - 006031872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-08-09 06:37 - 2017-08-01 16:31 - 003664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-08-09 06:37 - 2017-07-12 06:16 - 000646688 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-08-09 06:37 - 2017-07-12 06:15 - 000101216 _____ (Microsoft Corporation) C:\WINDOWS\system32\apisetschema.dll
2017-08-09 06:37 - 2017-07-12 06:14 - 001886896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-08-09 06:37 - 2017-07-12 06:13 - 002253664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-08-09 06:37 - 2017-07-12 06:02 - 002186592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-08-09 06:37 - 2017-07-12 06:02 - 000402776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-08-09 06:37 - 2017-07-12 06:01 - 000156000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2017-08-09 06:37 - 2017-07-12 06:00 - 000223072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-08-09 06:37 - 2017-07-12 06:00 - 000160608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pacer.sys
2017-08-09 06:37 - 2017-07-12 05:59 - 001100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-08-09 06:37 - 2017-07-12 05:59 - 000989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-08-09 06:37 - 2017-07-12 05:59 - 000947040 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-08-09 06:37 - 2017-07-12 05:55 - 004674872 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-08-09 06:37 - 2017-07-12 05:25 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2017-08-09 06:37 - 2017-07-12 05:24 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfnet.dll
2017-08-09 06:37 - 2017-07-12 05:24 - 000013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\dabapi.dll
2017-08-09 06:37 - 2017-07-12 05:23 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2017-08-09 06:37 - 2017-07-12 05:23 - 000216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpRelayTransport.dll
2017-08-09 06:37 - 2017-07-12 05:23 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\frprov.dll
2017-08-09 06:37 - 2017-07-12 05:22 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2017-08-09 06:37 - 2017-07-12 05:21 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-08-09 06:37 - 2017-07-12 05:21 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2017-08-09 06:37 - 2017-07-12 05:21 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshhttp.dll
2017-08-09 06:37 - 2017-07-12 05:20 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpapi.dll
2017-08-09 06:37 - 2017-07-12 05:19 - 000488960 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2017-08-09 06:37 - 2017-07-12 05:19 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-08-09 06:37 - 2017-07-12 05:19 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll
2017-08-09 06:37 - 2017-07-12 05:17 - 000252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2017-08-09 06:37 - 2017-07-12 05:16 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-08-09 06:37 - 2017-07-12 05:16 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvcext.dll
2017-08-09 06:37 - 2017-07-12 05:15 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-08-09 06:37 - 2017-07-12 05:13 - 001478656 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-08-09 06:37 - 2017-07-12 05:12 - 000970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-08-09 06:37 - 2017-07-12 05:12 - 000091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-08-09 06:37 - 2017-07-12 05:12 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsium.dll
2017-08-09 06:37 - 2017-07-12 05:11 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2017-08-09 06:37 - 2017-07-12 05:10 - 000927232 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
2017-08-09 06:37 - 2017-07-12 05:09 - 003291136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-08-09 06:37 - 2017-07-12 05:08 - 002861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2017-08-09 06:37 - 2017-07-12 05:07 - 000954880 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2017-08-09 06:37 - 2017-07-12 05:07 - 000629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2017-08-09 06:37 - 2017-07-12 05:06 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-08-09 06:37 - 2017-07-12 05:06 - 000937984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-08-09 06:37 - 2017-07-12 05:03 - 001692160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-08-09 06:37 - 2017-07-12 05:03 - 000826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-08-09 06:37 - 2017-07-12 05:02 - 000869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-08-09 06:37 - 2017-07-12 05:01 - 002279424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-08-09 06:37 - 2017-07-12 04:59 - 006664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-08-09 06:37 - 2017-07-12 04:59 - 002318336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-08-09 06:37 - 2017-07-12 04:59 - 000632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-08-09 06:37 - 2017-07-12 04:58 - 001231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-08-09 06:37 - 2017-07-12 04:57 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-08-09 06:37 - 2017-07-12 04:56 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-08-09 06:37 - 2017-03-04 06:57 - 000372432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2017-08-09 06:37 - 2017-03-04 06:16 - 000187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialclient.dll
2017-08-09 06:37 - 2017-03-04 06:14 - 000588288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2017-08-09 06:37 - 2017-03-04 06:07 - 000909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2017-08-09 06:37 - 2017-03-04 06:05 - 001328640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2017-08-09 06:37 - 2016-08-02 08:13 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-08-08 11:28 - 2017-04-21 21:53 - 000029376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2017-08-08 11:28 - 2017-04-21 21:53 - 000018600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr100_clr0400.dll
2017-08-08 11:28 - 2017-04-21 21:50 - 000030912 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2017-08-08 11:28 - 2017-04-21 21:50 - 000018592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100_clr0400.dll
2017-08-07 13:19 - 2017-08-20 08:33 - 000000000 ____D C:\Users\adeni\Desktop\vip
2017-08-06 20:04 - 2017-08-06 20:04 - 000001292 _____ C:\Users\Public\Desktop\Resident Evil 7 Biohazard.lnk
2017-08-06 20:04 - 2017-08-06 20:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Resident Evil 7 Biohazard
2017-08-06 19:51 - 2017-08-06 20:06 - 000000000 ____D C:\Program Files (x86)\Resident Evil 7 Biohazard
2017-08-06 12:57 - 2017-08-06 12:57 - 000074827 _____ C:\Users\adeni\Downloads\hero.zip
2017-08-05 23:21 - 2017-08-05 23:21 - 000051513 _____ C:\Users\adeni\Downloads\pacifico (1).zip
2017-08-05 23:16 - 2017-08-05 23:16 - 000030731 _____ C:\Users\adeni\Downloads\pacifico.zip
2017-08-05 23:16 - 2017-08-05 23:16 - 000020186 _____ C:\Users\adeni\Downloads\bebas_neue.zip
2017-08-05 23:06 - 2017-08-05 23:06 - 000000000 ____D C:\Users\adeni\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2017-08-05 22:25 - 2017-08-05 22:25 - 000065450 _____ C:\Users\adeni\Downloads\mvsans.zip
2017-08-05 22:23 - 2017-08-05 22:23 - 000036079 _____ C:\Users\adeni\Downloads\jane_austen.zip
2017-08-05 21:13 - 2017-08-05 21:13 - 000967071 _____ C:\Users\adeni\Downloads\Beautiful-business-brochure.zip
2017-08-05 12:32 - 2017-08-05 12:32 - 003835635 _____ C:\Users\adeni\Downloads\ALLCCFEB.pdf
2017-08-04 20:56 - 2017-08-04 20:57 - 000724268 _____ C:\Users\adeni\Downloads\Application.pdf
2017-08-04 20:56 - 2017-08-04 20:57 - 000413252 _____ C:\Users\adeni\Downloads\Scan0007.pdf
2017-08-04 20:56 - 2017-08-04 20:57 - 000311286 _____ C:\Users\adeni\Downloads\RenterApplication.pdf
2017-08-04 20:45 - 2017-08-04 20:45 - 000052299 _____ C:\Users\adeni\Downloads\Adeel%2csForm.pdf
2017-08-04 20:42 - 2017-08-04 20:42 - 000223050 _____ C:\Users\adeni\Downloads\Zubair-PayStub 1-1-2017.pdf
2017-08-04 20:42 - 2017-08-04 20:42 - 000219270 _____ C:\Users\adeni\Downloads\Zubair-PayStub 2-1-2017.pdf
2017-08-04 20:42 - 2017-08-04 20:42 - 000147920 _____ C:\Users\adeni\Downloads\Zubair-W2-2016.pdf
2017-08-04 20:41 - 2017-08-04 20:41 - 000043313 _____ C:\Users\adeni\Downloads\ZubairWellsfargo.pdf
2017-08-04 20:41 - 2017-08-04 20:41 - 000022693 _____ C:\Users\adeni\Downloads\zubair-WellsFargo.pdf
2017-08-04 20:40 - 2017-08-04 20:40 - 000317309 _____ C:\Users\adeni\Downloads\zubair-401K.pdf
2017-08-04 20:32 - 2017-08-04 20:32 - 001385638 _____ C:\Users\adeni\Downloads\TAX2016.zip
2017-08-04 20:28 - 2017-08-04 20:29 - 000753011 _____ C:\Users\adeni\Downloads\Adeel%27STR-2016.pdf
2017-08-04 20:26 - 2017-08-04 20:27 - 000673705 _____ C:\Users\adeni\Downloads\pdfprint.do_891.pdf
2017-08-04 20:25 - 2017-08-04 20:25 - 000319189 _____ C:\Users\adeni\Downloads\AllStat.pdf
2017-08-04 20:21 - 2017-08-04 20:21 - 000100471 _____ C:\Users\adeni\Downloads\Iqbal.Estimate.pdf
2017-08-04 20:20 - 2017-08-04 20:20 - 000086958 _____ C:\Users\adeni\Downloads\TaxForms.pdf
2017-08-04 20:16 - 2017-08-04 20:16 - 000007825 _____ C:\Users\adeni\Downloads\SeemaFeb15.pdf
2017-08-04 20:12 - 2017-08-04 20:12 - 000547015 _____ C:\Users\adeni\Downloads\water_invoice.7166615_051217.2017-05-12.pdf
2017-08-04 18:31 - 2017-08-04 18:31 - 000062696 _____ C:\Users\adeni\Downloads\Insurence.pdf
2017-08-04 17:32 - 2017-08-04 17:32 - 001772339 _____ C:\Users\adeni\Downloads\fire memorandum.pdf 1.pdf
2017-08-04 17:32 - 2017-08-04 17:32 - 001753907 _____ C:\Users\adeni\Downloads\fire memorandum.pdf 2.pdf
2017-08-04 17:32 - 2017-08-04 17:32 - 001741733 _____ C:\Users\adeni\Downloads\fire memorandum.pdf
2017-08-04 17:18 - 2017-08-04 17:20 - 001578370 _____ C:\Users\adeni\Downloads\Scan 1.tiff
2017-08-04 14:53 - 2017-08-04 14:54 - 002133044 _____ C:\Users\adeni\Downloads\re-loaderbyr@1n.zip
2017-08-04 11:16 - 2017-08-20 08:33 - 000000000 ____D C:\Users\adeni\Desktop\Sanmao SMTP Mail Cracker v1.6.1
2017-08-04 01:32 - 2017-08-04 01:32 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\46EF62A2.sys
2017-08-04 01:32 - 2017-08-04 01:32 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\2F536246.sys
2017-08-04 00:41 - 2017-08-20 08:33 - 000000000 ____D C:\Users\adeni\Desktop\MailCracker(1)
2017-08-04 00:25 - 2017-08-04 00:25 - 003457675 _____ C:\Users\adeni\Downloads\MailCracker(1).zip
2017-08-03 00:48 - 2017-08-03 00:49 - 002364435 _____ C:\Users\adeni\Downloads\Proofpoint Threat Discover User Guide.pdf
2017-08-03 00:48 - 2017-08-03 00:48 - 000189728 _____ C:\Users\adeni\Downloads\Proofpoint-Threat-Discover-for-Email-Datasheet.pdf
2017-08-02 23:30 - 2017-08-02 23:30 - 001686348 _____ C:\Users\adeni\Downloads\ielts-information-for-candidates-english-uk.ashx
2017-08-02 23:28 - 2017-08-02 23:29 - 000274360 _____ C:\Users\adeni\Downloads\application-form.ashx
2017-08-02 00:45 - 2017-08-02 00:45 - 000320829 _____ C:\Users\adeni\Downloads\PhoneBill.pdf
2017-08-02 00:43 - 2017-08-02 00:43 - 000160570 _____ C:\Users\adeni\Downloads\Temp Parking Decal.pdf
2017-08-02 00:40 - 2017-08-02 00:40 - 000578395 _____ C:\Users\adeni\Downloads\351-2-London%40savi.com_20090729_231111.pdf
2017-08-02 00:40 - 2017-08-02 00:40 - 000578395 _____ C:\Users\adeni\Downloads\351-2-London%40savi.com_20090729_231111 (1).pdf
2017-08-02 00:39 - 2017-08-02 00:39 - 000091682 _____ C:\Users\adeni\Downloads\351-2-London%40savi.com_20090811_203742.pdf
2017-08-01 22:24 - 2017-08-01 22:24 - 000067370 _____ C:\Users\adeni\Downloads\Statement_2017MTH06_174523737.pdf
2017-08-01 01:22 - 2017-08-19 21:05 - 000000000 ____D C:\Users\adeni\Desktop\Pastebin D3vSpider
2017-08-01 00:23 - 2017-08-01 00:24 - 015471116 _____ C:\Users\adeni\Downloads\Instadub 3.2.1.0 Latest Version (Cracked).rar
2017-08-01 00:12 - 2017-08-05 03:37 - 000000000 ____D C:\Program Files (x86)\HMA! Pro VPN
2017-07-31 23:53 - 2017-07-31 23:53 - 057024285 _____ C:\Users\adeni\Downloads\Hide_My_Ass.3.5.57.0.rar
2017-07-31 18:41 - 2017-07-31 18:41 - 000195107 _____ C:\Users\adeni\Downloads\IncomeX.pdf
2017-07-31 15:55 - 2017-07-31 15:55 - 007245601 _____ C:\Users\adeni\Downloads\ca.zip
2017-07-31 02:16 - 2017-07-31 02:16 - 002806000 _____ C:\Users\adeni\Downloads\kolosso (1).zip
2017-07-30 16:21 - 2017-07-30 16:21 - 000000400 __RSH C:\ProgramData\ntuser.pol
2017-07-28 21:32 - 2017-07-28 21:32 - 000006236 _____ C:\Users\adeni\Downloads\UserExport.xls
2017-07-28 19:56 - 2017-07-28 19:56 - 001461168 _____ C:\Users\adeni\Downloads\DBC2-master.zip
2017-07-28 19:56 - 2017-07-28 19:56 - 000000000 ____D C:\Users\adeni\Desktop\DBC2-master
2017-07-28 07:55 - 2017-07-28 07:55 - 000984040 _____ (Realtek ) C:\WINDOWS\system32\Drivers\SET6B63.tmp
2017-07-28 07:49 - 2017-07-28 07:49 - 000062711 _____ C:\Users\adeni\Downloads\FAX_001.pdf
2017-07-27 05:24 - 2017-07-27 05:25 - 844577501 _____ C:\Users\adeni\Downloads\metasploit.zip
2017-07-27 04:22 - 2017-07-27 04:22 - 529344322 _____ C:\Users\adeni\Downloads\Archive-07b9.zip
2017-07-27 03:48 - 2017-08-04 01:29 - 000000000 ____D C:\Users\adeni\Desktop\metasploit
2017-07-27 03:47 - 2017-07-27 03:47 - 242505473 _____ C:\Users\adeni\Downloads\Archive-48c6.zip
2017-07-27 03:28 - 2017-07-27 03:28 - 003559891 _____ C:\Users\adeni\Downloads\metasploit_tutorial.pdf
2017-07-26 13:17 - 2017-08-24 00:23 - 000101784 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-07-26 13:16 - 2017-08-24 00:23 - 000093600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-07-26 13:16 - 2017-08-24 00:23 - 000045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-07-26 13:16 - 2017-08-12 11:13 - 000188352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-07-26 13:10 - 2017-07-26 13:10 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-07-26 13:10 - 2017-07-26 13:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-07-26 13:10 - 2017-06-27 12:06 - 000077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-24 23:47 - 2017-06-21 16:05 - 000000000 ____D C:\Users\adeni\AppData\Roaming\.purple
2017-08-24 23:46 - 2017-03-19 20:04 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-08-24 23:00 - 2017-03-28 21:23 - 000000000 ____D C:\Users\adeni\AppData\Roaming\vlc
2017-08-24 20:45 - 2017-03-18 02:19 - 000000000 ____D C:\Users\adeni\Downloads\Video
2017-08-24 15:19 - 2017-03-18 04:01 - 000000000 ____D C:\Users\adeni\AppData\LocalLow\Mozilla
2017-08-24 15:09 - 2016-07-16 11:45 - 000000000 ____D C:\WINDOWS\INF
2017-08-24 13:42 - 2017-05-26 15:15 - 000000000 ____D C:\Users\adeni\AppData\Local\CrashDumps
2017-08-24 10:37 - 2016-07-16 11:47 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-08-24 07:32 - 2016-07-16 11:47 - 000000000 ___HD C:\Program Files\WindowsApps
2017-08-24 06:34 - 2017-03-18 02:19 - 000000000 ____D C:\Users\adeni\AppData\Roaming\DMCache
2017-08-24 03:56 - 2017-04-13 23:26 - 000000000 ____D C:\Users\adeni\Downloads\Compressed
2017-08-24 02:19 - 2017-03-24 12:25 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-08-24 00:23 - 2017-03-19 20:12 - 000000000 ____D C:\Users\adeni
2017-08-24 00:22 - 2017-05-12 04:16 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-08-24 00:21 - 2017-05-02 05:30 - 1245271470 _____ C:\WINDOWS\MEMORY.DMP
2017-08-24 00:21 - 2017-04-25 09:48 - 000000000 ____D C:\WINDOWS\Minidump
2017-08-24 00:21 - 2017-03-19 20:25 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-08-24 00:21 - 2017-03-18 08:15 - 000000000 ____D C:\ProgramData\VMware
2017-08-23 18:45 - 2017-07-23 11:07 - 000946520 _____ (Kresimir Petric ) C:\Users\adeni\Downloads\freeSSHd.exe
2017-08-23 18:45 - 2017-07-22 14:49 - 005288456 _____ C:\Users\adeni\Downloads\eddie-ui_2.12.4_windows-10_x64_installer.exe
2017-08-23 18:45 - 2017-07-08 10:20 - 006979747 _____ C:\Users\adeni\Downloads\pywin32-219.win32-py2.6.exe
2017-08-23 10:25 - 2016-07-16 06:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2017-08-23 10:22 - 2017-04-14 07:41 - 000000000 ____D C:\WINDOWS\system32\log
2017-08-23 10:22 - 2017-03-18 13:00 - 000000000 ____D C:\ProgramData\IObit
2017-08-23 10:21 - 2017-03-18 13:03 - 000000000 ____D C:\Users\adeni\AppData\LocalLow\IObit
2017-08-23 10:21 - 2017-03-18 13:01 - 000000000 ____D C:\Users\adeni\AppData\Roaming\IObit
2017-08-23 10:21 - 2017-03-18 13:00 - 000000000 ____D C:\Program Files (x86)\IObit
2017-08-23 09:42 - 2017-04-20 21:52 - 000000000 ____D C:\Users\adeni\AppData\Temp
2017-08-23 02:01 - 2017-03-24 10:18 - 000000000 ____D C:\Users\adeni\AppData\Local\Adobe
2017-08-23 00:47 - 2017-07-02 04:03 - 000000000 ____D C:\Users\adeni\AppData\Local\gtk-2.0
2017-08-23 00:25 - 2017-03-18 04:03 - 000000000 ____D C:\Users\adeni\AppData\Roaming\uTorrent
2017-08-22 17:13 - 2017-06-24 00:35 - 000000000 ____D C:\Users\adeni\Desktop\TEXT FILES
2017-08-22 16:16 - 2017-06-10 14:10 - 000000000 ____D C:\Users\adeni\.musixmatch
2017-08-22 15:38 - 2017-03-18 01:37 - 000000000 ____D C:\Users\adeni\AppData\Local\Packages
2017-08-22 11:19 - 2017-03-18 09:20 - 000000000 ____D C:\Users\adeni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Advanced Mass Sender
2017-08-22 11:19 - 2017-03-18 09:20 - 000000000 ____D C:\Program Files (x86)\MassSender
2017-08-22 05:18 - 2016-07-16 11:47 - 000000000 ____D C:\WINDOWS\rescache
2017-08-21 20:45 - 2017-05-11 05:53 - 000000000 ____D C:\Users\adeni\Downloads\ICQ
2017-08-21 14:35 - 2017-05-08 14:26 - 000000000 ____D C:\ProgramData\iolo
2017-08-21 13:22 - 2017-04-30 17:21 - 009926424 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-08-21 13:21 - 2016-07-16 11:47 - 000000000 ____D C:\WINDOWS\Help
2017-08-21 11:09 - 2017-03-24 23:00 - 000000000 ____D C:\Users\adeni\Documents\Adobe
2017-08-21 11:08 - 2017-03-18 01:37 - 000000000 ____D C:\Users\adeni\AppData\Roaming\Adobe
2017-08-21 10:59 - 2017-03-24 10:50 - 000000000 ____D C:\Program Files\Adobe
2017-08-21 10:59 - 2017-03-24 10:49 - 000000000 ____D C:\Program Files\Common Files\Adobe
2017-08-21 09:40 - 2017-05-11 23:54 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-08-20 08:33 - 2017-07-18 04:27 - 000000000 ____D C:\Users\adeni\Desktop\Icons8 v.5.6.0.8
2017-08-20 08:33 - 2017-07-02 23:59 - 000000000 ____D C:\Users\adeni\Desktop\mini
2017-08-20 08:33 - 2017-06-30 00:36 - 000000000 ____D C:\Users\adeni\Desktop\c&A
2017-08-20 08:33 - 2017-06-07 12:48 - 000000000 ____D C:\Users\adeni\AppData\Roaming\Spotify
2017-08-20 08:33 - 2017-05-07 16:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Strawberry Perl
2017-08-20 08:33 - 2017-05-07 16:24 - 000000000 ____D C:\Strawberry
2017-08-20 08:33 - 2017-03-28 09:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2017-08-20 01:14 - 2017-04-03 05:58 - 011584088 _____ (SurfRight B.V.) C:\Users\adeni\Desktop\HitmanPro_x64.exe
2017-08-20 00:39 - 2017-03-31 12:55 - 000002482 _____ C:\WINDOWS\Sandboxie.ini
2017-08-19 23:49 - 2017-04-21 16:18 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-08-19 23:43 - 2017-05-06 17:11 - 000000000 ____D C:\Users\adeni\AppData\Local\ElevatedDiagnostics
2017-08-19 19:33 - 2017-07-22 15:34 - 000000000 ____D C:\Users\adeni\AppData\Local\AirVPN
2017-08-19 19:25 - 2017-06-07 14:44 - 000000000 ____D C:\Users\adeni\AppData\Local\Spotify
2017-08-19 19:13 - 2017-07-22 14:50 - 000000000 ____D C:\Users\adeni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AirVPN
2017-08-19 19:13 - 2015-10-30 07:24 - 000000255 _____ C:\WINDOWS\system.ini
2017-08-19 18:36 - 2017-03-18 01:42 - 000000000 ____D C:\Users\adeni\AppData\Local\MicrosoftEdge
2017-08-19 00:11 - 2016-07-16 11:47 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-08-19 00:05 - 2017-03-18 01:30 - 001650058 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-08-18 23:44 - 2017-03-24 10:24 - 000000000 ____D C:\ProgramData\Adobe
2017-08-18 22:47 - 2017-03-18 09:03 - 000544424 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-08-18 22:39 - 2017-06-20 03:20 - 001282014 _____ C:\WINDOWS\system32\Drivers\ccavsfi.dat
2017-08-18 22:35 - 2016-07-16 14:29 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2017-08-18 22:35 - 2016-07-16 11:47 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-08-18 22:35 - 2016-07-16 11:47 - 000000000 ___RD C:\Program Files\Windows Defender
2017-08-18 22:35 - 2016-07-16 11:47 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-08-18 22:35 - 2016-07-16 11:47 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-08-18 22:35 - 2016-07-16 11:47 - 000000000 ____D C:\WINDOWS\Provisioning
2017-08-18 22:35 - 2016-07-16 11:47 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2017-08-18 22:35 - 2016-07-16 11:47 - 000000000 ____D C:\WINDOWS\bcastdvr
2017-08-18 22:35 - 2016-07-16 11:47 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-08-18 22:35 - 2016-07-16 11:47 - 000000000 ____D C:\Program Files\Common Files\System
2017-08-18 22:35 - 2016-07-16 11:47 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-08-18 22:35 - 2016-07-16 11:47 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2017-08-18 10:15 - 2017-03-18 16:08 - 000000000 ____D C:\ProgramData\Package Cache
2017-08-18 10:13 - 2017-03-24 10:52 - 000000000 ____D C:\Program Files (x86)\Adobe
2017-08-17 13:30 - 2017-07-23 11:12 - 000001057 _____ C:\Users\adeni\Desktop\FreeSSHd.lnk
2017-08-17 13:30 - 2017-07-18 21:52 - 000001123 _____ C:\Users\adeni\Desktop\1st Mass Mailer.lnk
2017-08-17 13:30 - 2017-07-18 16:24 - 000001056 _____ C:\Users\adeni\Desktop\UltraVNC Launcher.lnk
2017-08-17 13:30 - 2017-07-18 16:24 - 000001044 _____ C:\Users\adeni\Desktop\UltraVNC Viewer.lnk
2017-08-17 13:30 - 2017-07-18 16:24 - 000001039 _____ C:\Users\adeni\Desktop\UltraVNC Repeater.lnk
2017-08-17 13:30 - 2017-07-18 16:24 - 000001027 _____ C:\Users\adeni\Desktop\UltraVNC Server.lnk
2017-08-17 13:30 - 2017-07-18 01:22 - 000001092 _____ C:\Users\adeni\Desktop\Proxifier.lnk
2017-08-17 13:30 - 2017-06-30 00:52 - 000001852 _____ C:\Users\adeni\Desktop\Cain.lnk
2017-08-17 13:30 - 2017-06-14 20:54 - 000001174 _____ C:\Users\adeni\Desktop\Realterm.lnk
2017-08-17 13:30 - 2017-06-14 14:33 - 000001849 _____ C:\Users\adeni\Desktop\Miracle Box Support.lnk
2017-08-17 13:30 - 2017-06-14 14:33 - 000000937 _____ C:\Users\adeni\Desktop\Miracle_Box Truly for China Mobile.lnk
2017-08-17 13:30 - 2017-06-13 03:39 - 000001730 _____ C:\Users\adeni\Desktop\EmailExtractor-Cracked.exe.lnk
2017-08-17 13:30 - 2017-06-13 01:59 - 000002380 _____ C:\Users\adeni\Desktop\Discord.lnk
2017-08-17 13:30 - 2017-06-08 20:31 - 000000957 _____ C:\Users\adeni\Desktop\IP List Generator 2 (x64).lnk
2017-08-17 13:30 - 2017-05-31 23:15 - 000001954 _____ C:\Users\adeni\Desktop\AtomicEmailHunter_crack.exe.lnk
2017-08-17 13:30 - 2017-05-12 03:56 - 000001971 _____ C:\Users\adeni\Desktop\Cryptic VPN.lnk
2017-08-17 13:30 - 2017-05-11 21:57 - 000001120 _____ C:\Users\adeni\Desktop\TurboMailer.lnk
2017-08-17 13:30 - 2017-05-08 14:01 - 000002428 _____ C:\Users\adeni\Desktop\ZenMate.lnk
2017-08-17 13:30 - 2017-04-29 12:53 - 000002603 _____ C:\Users\adeni\Desktop\Epic Privacy Browser.lnk
2017-08-17 13:30 - 2017-04-29 02:05 - 000002385 _____ C:\Users\adeni\Desktop\WhatsApp.lnk
2017-08-17 13:30 - 2017-04-21 04:10 - 000001383 _____ C:\Users\adeni\Desktop\MediaHuman YouTube to MP3 Converter.lnk
2017-08-17 13:30 - 2017-04-17 01:48 - 000001283 _____ C:\Users\adeni\Desktop\Call of Duty Advanced Warfare.lnk
2017-08-17 13:30 - 2017-04-14 22:44 - 000001018 _____ C:\Users\adeni\Desktop\Evaer.lnk
2017-08-17 13:30 - 2017-03-31 12:55 - 000001043 _____ C:\Users\adeni\Desktop\Sandboxed Web Browser.lnk
2017-08-17 13:30 - 2017-03-30 08:51 - 000001881 _____ C:\Users\adeni\Desktop\MK10.exe - Shortcut.lnk
2017-08-17 13:30 - 2017-03-29 02:21 - 000001571 _____ C:\Users\adeni\Desktop\ScpServer.exe - Shortcut.lnk
2017-08-17 13:30 - 2017-03-25 02:08 - 000001036 _____ C:\Users\adeni\Desktop\Nmap - Zenmap GUI.lnk
2017-08-17 13:30 - 2017-03-24 21:51 - 000001061 _____ C:\Users\adeni\Desktop\Adobe Lightroom.lnk
2017-08-17 13:30 - 2017-03-23 03:13 - 000002103 _____ C:\Users\adeni\Desktop\ICQ.lnk
2017-08-17 13:30 - 2017-03-21 12:22 - 000001128 _____ C:\Users\adeni\Desktop\VPNCheck Pro.lnk
2017-08-17 13:30 - 2017-03-19 15:11 - 000001595 _____ C:\Users\adeni\Desktop\Skype.lnk
2017-08-17 13:30 - 2017-03-18 02:48 - 000001511 _____ C:\Users\adeni\Desktop\Opera.lnk
2017-08-17 13:30 - 2017-03-18 02:19 - 000001082 _____ C:\Users\adeni\Desktop\Internet Download Manager.lnk
2017-08-16 13:31 - 2017-04-01 05:47 - 000049637 _____ C:\Users\adeni\Downloads\Hackintosh-Sierra-Zone.torrent
2017-08-16 01:20 - 2017-03-23 03:13 - 000000000 ____D C:\Users\adeni\AppData\Roaming\ICQ
2017-08-15 13:46 - 2017-04-26 15:25 - 000002312 ____H C:\Users\adeni\Documents\Default.rdp
2017-08-14 12:10 - 2017-07-10 11:01 - 000000000 ____D C:\Users\adeni\Desktop\cc image
2017-08-14 01:51 - 2017-03-18 08:30 - 000000000 ____D C:\Users\adeni\AppData\Roaming\VMware
2017-08-14 01:51 - 2017-03-18 08:30 - 000000000 ____D C:\Users\adeni\AppData\Local\VMware
2017-08-11 17:03 - 2017-05-05 13:44 - 000002359 _____ C:\Users\Public\Desktop\Driver Booster 4.lnk
2017-08-11 15:00 - 2017-03-18 04:00 - 000000000 ____D C:\Users\adeni\AppData\Roaming\Mozilla
2017-08-11 01:17 - 2017-03-18 16:11 - 000000000 ____D C:\Users\adeni\AppData\Roaming\Kodi
2017-08-09 06:56 - 2016-07-16 11:36 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-08-09 06:45 - 2017-03-19 05:42 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-08-09 06:40 - 2017-03-19 05:41 - 140394280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-08-08 12:18 - 2017-05-30 22:51 - 000000000 ____D C:\Users\adeni\Documents\Tencent Files
2017-08-06 22:15 - 2016-07-16 11:47 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-08-06 19:48 - 2017-06-20 03:16 - 000000000 ____D C:\ProgramData\COMODO
2017-08-06 19:48 - 2017-06-20 03:07 - 000000000 ____D C:\Program Files (x86)\Comodo
2017-08-06 19:48 - 2017-04-23 11:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2017-08-04 17:12 - 2017-07-09 11:10 - 000000000 ____D C:\Users\adeni\Documents\Outlook Files
2017-08-04 17:06 - 2017-07-09 10:58 - 000000000 ____D C:\Users\adeni\Desktop\bank
2017-08-03 15:06 - 2016-07-16 11:47 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2017-08-01 18:26 - 2017-03-23 03:13 - 000001961 _____ C:\Users\adeni\AppData\Roaming\Microsoft\Windows\Start Menu\ICQ.lnk
2017-07-30 16:10 - 2016-07-16 11:47 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-07-28 23:49 - 2017-05-16 19:47 - 000000000 ____D C:\Users\adeni\AppData\Roaming\FileZilla
2017-07-28 07:11 - 2016-07-16 11:47 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-07-27 03:57 - 2017-06-14 14:33 - 000000000 ____D C:\Program Files\Miracle Box
2017-07-27 03:24 - 2017-03-18 08:40 - 000000000 ____D C:\Users\adeni\Documents\Kali
2017-07-26 14:10 - 2017-04-17 01:00 - 000000000 ____D C:\Program Files (x86)\Call of Duty Advanced Warfare
2017-07-26 13:12 - 2017-05-11 23:54 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-07-26 09:11 - 2017-05-11 22:45 - 000000000 ____D C:\Users\adeni\AppData\Roaming\TeamViewer
 
==================== Files in the root of some directories =======
 
2011-11-07 07:14 - 2011-11-07 07:14 - 000099436 _____ () C:\Program Files (x86)\Common Files\Engines.lnl
2017-08-10 19:06 - 2017-08-12 19:39 - 000000132 _____ () C:\Users\adeni\AppData\Roaming\Adobe PNG Format CS6 Prefs
2017-03-21 12:26 - 2017-03-21 12:26 - 000000000 _____ () C:\Users\adeni\AppData\Roaming\programs.vc
2017-03-21 12:27 - 2017-03-21 12:27 - 000000031 _____ () C:\Users\adeni\AppData\Roaming\resetid.vc
2011-11-07 07:14 - 2011-11-07 07:14 - 000137347 _____ () C:\Users\adeni\AppData\Roaming\se.txt
2017-01-21 02:01 - 2017-01-21 02:01 - 000987136 _____ (SkinSoft) C:\Users\adeni\AppData\Roaming\SkinSoft.VisualStyler.dll
2017-05-13 14:19 - 2017-05-13 14:19 - 000012504 _____ () C:\Users\adeni\AppData\Roaming\StartProfileRdpNew
2017-05-23 17:10 - 2017-05-23 17:13 - 000023951 _____ () C:\Users\adeni\AppData\Roaming\undying_legend.js
2017-08-12 09:32 - 2017-05-04 23:49 - 000655714 ___SH () C:\Users\adeni\AppData\Local\CSIDL_
2017-08-12 09:32 - 2017-05-04 23:49 - 000655714 ___SH () C:\Users\adeni\AppData\Local\CSIDL_X
2017-08-14 11:15 - 2017-08-14 11:15 - 000000001 _____ () C:\Users\adeni\AppData\Local\llftool.4.40.agreement
2017-08-14 11:15 - 2017-08-14 11:15 - 000000019 _____ () C:\Users\adeni\AppData\Local\llftool.license
2017-06-30 01:26 - 2017-07-18 03:41 - 000000600 _____ () C:\Users\adeni\AppData\Local\PUTTY.RND
2017-03-19 14:11 - 2017-03-21 01:06 - 000000168 _____ () C:\Users\adeni\AppData\Local\uts.ini
2017-03-25 02:14 - 2017-07-01 19:54 - 000000286 _____ () C:\Users\adeni\AppData\Local\zenmap.exe.log
2017-04-18 22:02 - 2017-04-18 22:02 - 000049083 _____ () C:\ProgramData\agent.1492552961.bdinstall.bin
2017-04-23 00:07 - 2017-04-23 00:07 - 000029896 _____ () C:\ProgramData\agent.uninstall.1492906052.bdinstall.bin
2017-04-18 22:31 - 2017-04-18 22:31 - 000482232 _____ () C:\ProgramData\cl.1492553560.bdinstall.bin
2017-04-22 23:57 - 2017-04-22 23:57 - 000219718 _____ () C:\ProgramData\cl.uninstall.1492904939.bdinstall.bin
2017-04-18 22:33 - 2017-04-18 22:33 - 000056852 _____ () C:\ProgramData\dm.1492554735.bdinstall.bin
2017-04-22 23:50 - 2017-04-22 23:50 - 000036847 _____ () C:\ProgramData\dm.uninstall.1492904968.bdinstall.bin
2017-04-25 00:53 - 2017-04-25 00:53 - 000000257 _____ () C:\ProgramData\fontcacheev1.dat
2017-05-01 11:29 - 2017-05-01 11:43 - 000000059 _____ () C:\ProgramData\serverclasscache.ini
 
Files to move or delete:
====================
C:\ProgramData\fontcacheev1.dat
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-08-15 20:35
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 wale4love24

wale4love24
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 24 August 2017 - 07:59 PM


ADDITION.txt


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by UltraMarine (25-08-2017 00:07:31)
Running from C:\Users\adeni\Downloads\Programs
Windows 10 Pro Version 1607 (X64) (2017-03-19 20:30:48)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1286292690-3867387504-3010431711-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-1286292690-3867387504-3010431711-503 - Limited - Disabled)
Guest (S-1-5-21-1286292690-3867387504-3010431711-501 - Limited - Disabled)
UltraMarine (S-1-5-21-1286292690-3867387504-3010431711-1001 - Administrator - Enabled) => C:\Users\adeni

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

"Battlefield 4" (HKLM-x32\...\{56BBB063-6069-4A00-94FE-AB1EC329DC6E}_is1) (Version: 1.0.0.0 - )
µTorrent (HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\...\uTorrent) (Version: 3.5.0.43916 - BitTorrent Inc.)
1st Mass Mailer (HKLM-x32\...\1st Mass Mailer_is1) (Version:  - IM Soft, Ltd.)
ABBulkMailer (HKLM-x32\...\{7F6276CF-ACCE-4C11-8AF3-F8C166ECC81B}) (Version: 9.4 - Advanced Business Objects)
Active Directory Authentication Library for SQL Server (HKLM\...\{32C0D7B2-1046-43AC-98AD-B748E1910916}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Active Directory Authentication Library for SQL Server (x86) (HKLM-x32\...\{F40FA676-46B1-4609-85EF-D2F1F79E0C0E}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.1 - Adobe Systems)
Adobe After Effects CC 2017 (HKLM-x32\...\AEFT_14_0_0) (Version: 14.0.0 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.0.327 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.9 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0) (Version: 18.0.0 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Advanced Mass Sender 4.3 (HKLM-x32\...\Advanced Mass Sender 4.3) (Version:  - )
AirVPN (HKLM-x32\...\AirVPN) (Version:  - AirVPN - hxxps://airvpn.org)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.6 - Advanced Micro Devices, Inc.)
Angry IP Scanner (HKLM-x32\...\Angry IP Scanner) (Version: 3.5.1 - Angry IP Scanner)
Arbitrage Underdog Black Label Edition v5.1 (HKLM-x32\...\{F48E7A76-1A81-401C-ArbUDogBLACKG8976-KWV12}_is1) (Version:  - Arbitrage Underdog)
Atomic Email Hunter 11.20.0.223 (HKLM-x32\...\AtomicEmailHunter_is1) (Version: 11.20.0.223 - AtomPark Software Inc.)
Atomic Mail Sender 9.11.0.369 (HKLM-x32\...\AtomicMailSender_is1) (Version: 9.11.0.369 - AtomPark Software Inc.)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.8.2.48475 - Electronic Arts)
Battlefield™ Hardline (HKLM-x32\...\{CB4AC3DA-8CC1-4516-86DA-4078B57DB229}) (Version: 1.1.0.5 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
Bitvise SSH Client - FlowSshNet (x64) (HKLM\...\{222FD5C4-A993-44EB-A50C-D0C0268FA776}) (Version: 7.31.0.0 - Bitvise Limited) Hidden
Bitvise SSH Client - FlowSshNet (x86) (HKLM-x32\...\{7E80E017-4C44-4152-8DF3-2B04CE806B2D}) (Version: 7.31.0.0 - Bitvise Limited) Hidden
Bitvise SSH Client 7.31 (remove only) (HKLM-x32\...\BvSshClient) (Version: 7.31 - Bitvise Limited)
Bitvise SSH Server 7.32 (remove only) (HKLM-x32\...\Bitvise SSH Server) (Version: 7.32 - Bitvise Limited)
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
Cain & Abel 4.9.56 (HKLM-x32\...\Cain & Abel 4.9.56) (Version:  - )
Call of Duty Advanced Warfare (HKLM-x32\...\Call of Duty Advanced Warfare_is1) (Version:  - )
Camtasia 9 (HKLM\...\{1D09B594-C8B5-4CF1-B927-41D9A487799C}) (Version: 9.0.5.2021 - TechSmith Corporation) Hidden
Camtasia 9 (HKLM-x32\...\{00ce4b8c-0138-4743-b0b8-379b2715eb44}) (Version: 9.0.5.2021 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.29 - Piriform)
CherryPlayer (HKLM-x32\...\CherryPlayer) (Version: 2.4.5 - CherryPlayer)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.06073 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{7C222DD9-097A-4E53-B8BD-883B68D9537A}) (Version: 3.1.06073 - Cisco Systems, Inc.) Hidden
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.200.13 - Citrix Systems, Inc.)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 57.0.2987.93 - Comodo)
DFX (HKLM-x32\...\DFX) (Version: 12.023.0.0 - Power Technology)
Discord (HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Driver Booster 4.4 (HKLM-x32\...\Driver Booster_is1) (Version: 4.4.0 - IObit)
Email Extractor (HKLM-x32\...\{30482B99-CAD6-4370-8A3B-8939BCDC90EC}) (Version: 5.5 - WebPro Solutions) Hidden
Email Extractor (HKLM-x32\...\Email Extractor) (Version: 5.5 - WebPro Solutions)
Entity Framework 6.1.3 Tools  for Visual Studio 2015 Update 1 (HKLM-x32\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation)
Epic Privacy Browser (HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\...\Epic) (Version: 55.0.2661.75 - Epic)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Evaer Video Recorder for Skype 1.7.2.47 (HKLM-x32\...\Evaer Video Recorder for Skype) (Version: 1.7.2.47 - Evaer Technology)
Evolve (HKLM\...\{670B1B49-9FD3-4827-9B41-471EFF580AA8}) (Version: 1.8.18 - Echobit, LLC)
Fast Email Extractor 7 (HKLM-x32\...\{1186703C-E6E6-4F7E-8CCD-6D26272A2579}) (Version: 1.0.0 - Lencom Software Inc)
FileZilla Client 3.25.2 (HKLM-x32\...\FileZilla Client) (Version: 3.25.2 - Tim Kosse)
freeSSHd 1.3.1 (HKLM-x32\...\70DBC326-7505-4913-A0C1-C6BD87C1859D_is1) (Version:  - Kresimir Petric)
GitKraken (HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\...\gitkraken) (Version: 2.7.0 - Axosoft, LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.18.284 - SurfRight B.V.)
HP System Event Utility (HKLM-x32\...\{29E20347-C62F-4657-938E-876A182B67F1}) (Version: 1.4.13 - HP Inc.)
ICQ (version 10.0.12201) (HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\...\icq.desktop) (Version: 10.0.12201 - ICQ)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6498.0 - IDT)
Intellisense Lang Pack Mobile Extension SDK 10.0.14393.0 (HKLM-x32\...\{26D23C60-AC47-46E5-8EDF-D19F41CAB666}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Internet Security Essentials (HKLM-x32\...\ComodoIse) (Version: 1.2.421501.88 - Comodo)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 6.4.0.2119 - IObit)
IP List Generator 2 (x64) (HKLM-x32\...\IP List Generator (x64)_is1) (Version:  - )
IPVanish (HKLM\...\A57226AD-BDAF-4860-BD4E-EDA6BC546189_is1) (Version: 3.0.8.0 - IPVANISH)
Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Jitsi (HKLM-x32\...\{67E721DD-19DD-49D1-8AC2-0E0415071175}) (Version: 2.10.5550 - Jitsi)
Kingo ROOT version 1.5.1.2996 (HKLM-x32\...\{AE7675D6-0B31-494F-ABFA-822E1A0FDF17}_is1) (Version: 1.5.1.2996 - Kingosoft Technology Ltd.)
Kits Configuration Installer (HKLM-x32\...\{76825BA0-C536-C284-BAA1-9DB7A2D30D54}) (Version: 10.1.14393.33 - Microsoft) Hidden
Kodi (HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\...\Kodi) (Version:  - XBMC-Foundation)
League of Legends (HKLM-x32\...\{E80C09B5-A296-47E9-BD4B-BCCF2FDCA13E}) (Version: 4.1.2 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
Live Email Verifier Professional (HKLM-x32\...\{A3A6A319-F194-4065-A255-26C03D33A0F8}) (Version: 4.0 - Live Software Inc) Hidden
Live Email Verifier Professional (HKLM-x32\...\Live Email Verifier Professional) (Version:  - Live Software Inc)
LockHunter 3.1, 32/64 bit (HKLM\...\LockHunter_is1) (Version:  - Crystal Rich Ltd)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
ManyCam 4.1.0 (HKLM-x32\...\ManyCam) (Version: 4.1.0 - Visicom Media Inc.)
Mass Effect™ 2 (HKLM-x32\...\{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}) (Version: 1.2.1604.0 - Electronic Arts)
MediaHuman YouTube to MP3 Converter version 3.9.8.11 (HKLM-x32\...\MediaHuman YouTube to MP3 Converter_is1) (Version: 3.9.8.11 - )
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB  (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB  (HKLM\...\{E359515A-92E6-4FA3-A2C9-E1BA02D8DE6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects  (HKLM-x32\...\{0F1C8E2F-199A-4946-B3BF-0906DACFD032}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects  (x64) (HKLM\...\{20EA85AA-2A1D-4F11-B09F-4BA2BF3C8989}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL Language Service  (HKLM-x32\...\{8BFDE775-C5B8-46DB-84EF-43FFC8A2E8AD}) (Version: 13.0.14500.10 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL ScriptDom  (HKLM\...\{D091DE8C-EA0F-49AF-8DE3-BD6C79737C6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.60519.0) (HKLM-x32\...\{4E27B0EF-7BAB-432A-AF3D-3FC8F3F7353F}) (Version: 14.0.60519.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{68BA34E8-9B9D-4A74-83F0-7D366B532D75}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{96EB5054-C775-4BEF-B7B9-AA96A295EDCD}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM-x32\...\{84C23ECA-FE4D-494F-9247-3EBAD57E7F0C}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40649 (HKLM-x32\...\{35b83883-40fa-423c-ae73-2aff7e1ea820}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio Express 2015 for Windows Desktop - ENU (HKLM-x32\...\{ad32eacb-d66f-472d-9af5-11278d461b28}) (Version: 14.0.23107.178 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MiniTool Partition Wizard Free 10 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
MIRACLE BOX (HKLM\...\MIRACLE BOX) (Version: 2.29 - Miracle Team)
mIRC (HKLM-x32\...\mIRC) (Version: 7.49 - mIRC Co. Ltd.)
MOBILedit Forensic 9.1.0.22420 (HKLM-x32\...\{3369649B-FE61-46A0-9268-D938B660EE5C}_is1) (Version: 9.1.0.22420 - COMPELSON Labs)
MOBILedit! Support Libraries (HKLM-x32\...\{9DF587A2-054C-46A2-9B1A-4A230F389E4B}) (Version: 12.0.0 - COMPELSON Labs)
Mortal Kombat XL (HKLM-x32\...\Mortal Kombat XL_is1) (Version:  - )
Mozilla Firefox 52.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 52.0.1 (x86 en-US)) (Version: 52.0.1 - Mozilla)
MSBuild/NuGet Integration 14.0 (x86) (HKLM-x32\...\{128C1654-3B9E-4959-8BFB-CE6F09C0A01D}) (Version: 14.0.25420 - Microsoft Corporation) Hidden
NetLimiter 4 (HKLM\...\{E1890E6E-3D68-458E-B71B-039BBB6259CE}) (Version: 4.0.27.0 - Locktime Software) Hidden
NetLimiter 4 (HKLM-x32\...\NetLimiter 4 4.0.27.0) (Version: 4.0.27.0 - Locktime Software)
Nmap 7.40 (HKLM-x32\...\Nmap) (Version: 7.40 - )
No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.1.1 - Vitalwerks Internet Solutions LLC)
Npcap 0.92 (HKLM-x32\...\NpcapInst) (Version: 0.92 - Nmap Project)
NVIDIA PhysX (HKLM-x32\...\{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}) (Version: 9.12.0613 - NVIDIA Corporation)
Online Community Suite 3.2 (HKLM\...\7742-7563-6331-5288) (Version: 3.2 - Too Sophisticated LLC)
Online Plug-in (HKLM-x32\...\{70DCAD2C-31C1-43F9-AD4D-D45C7DC1F6F5}) (Version: 14.1.200.13 - Citrix Systems, Inc.) Hidden
Opera Stable 43.0.2442.1192 (HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\...\Opera 43.0.2442.1192) (Version: 43.0.2442.1192 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 10.4.6.33873 - Electronic Arts, Inc.)
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.12.0 - )
PlaysTV (HKLM-x32\...\PlaysTV) (Version: 1.23.2-r122830-release - Plays.tv, LLC)
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM-x32\...\{B7E94916-7AE6-4F7F-A377-7A410A42BA19}) (Version: 13.0.1601.5 - Microsoft Corporation)
Proxifier version 3.31 (HKLM-x32\...\Proxifier_is1) (Version: 3.31 - Initex)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
PuTTY release 0.69 (64-bit) (HKLM\...\{5FE84905-DAF1-4319-82B2-D60BCA095BCE}) (Version: 0.69.0.0 - Simon Tatham)
Python 2.6 (64-bit) (HKLM\...\{110EB5C4-E995-4CFB-AB80-A5F315BEA9E9}) (Version: 2.6.150 - Python Software Foundation)
Python 2.6 pywin32-212 (HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\...\pywin32-py2.6) (Version:  - )
QQ International (HKLM-x32\...\{3CA54984-A14B-42FE-9FF1-7EA90151D725}) (Version: 1.91.1369.0 - Tencent Technology(Shenzhen) Company Limited)
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.8-r120085-release - Raptr, Inc)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.27057 - Realtek Semiconductor Corp.)
Realterm 2.0.0.70_SignedWrapper (HKLM-x32\...\Realterm) (Version: 2.0.0.70_SignedWrapper - Broadcast Equipment)
Resident Evil 7 Biohazard (HKLM-x32\...\{1ECBF8F3-7079-44CA-AD32-B2AECBCF636F}_is1) (Version:  - Capcom)
Roslyn Language Services - x86 (HKLM-x32\...\{6970C7E1-F99D-388D-8903-DF8FCE677FED}) (Version: 14.0.25431 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Ruby 2.3.3-p222-x64 (HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\...\{96A4CEEE-5ACC-4FB2-AAB6-8152D5AB0C9E}_is1) (Version: 2.3.3-p222 - RubyInstaller Team)
Samsung Tool PRO 26.8 (HKLM-x32\...\44676886-FD7F-4C53-B188-BC86EED9BBC1_is1) (Version:  - z3x-team)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.)
Sandboxie 5.16 (64-bit) (HKLM\...\Sandboxie) (Version: 5.16 - Sandboxie Holdings, LLC)
Self-service Plug-in (HKLM-x32\...\{19D38B09-9030-4475-90E5-2DDA3A36F670}) (Version: 4.1.200.588 - Citrix Systems, Inc.) Hidden
Skype™ 7.35 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.35.103 - Skype Technologies S.A.)
Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.17054.16 - Samsung Electronics Co., Ltd.) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.17054.16 - Samsung Electronics Co., Ltd.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.1 - Sophos Limited)
Spotify (HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\...\Spotify) (Version: 1.0.60.492.gbb40dab8 - Spotify AB)
Sublime Text Build 3103 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.11.41 - Synaptics Incorporated)
System Mechanic (HKLM-x32\...\{DD0DFA41-5139-45D0-986C-3C1A5C648CAA}) (Version: 16.5.2.232 - iolo technologies, LLC) Hidden
System Mechanic (HKLM-x32\...\InstallShield_{DD0DFA41-5139-45D0-986C-3C1A5C648CAA}) (Version: 16.5.2.232 - iolo technologies, LLC)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
Team Explorer for Microsoft Visual Studio 2015 Update 3.1 (HKLM-x32\...\{7A95671A-759E-3B83-B763-4289D1D24D73}) (Version: 14.102.25619 - Microsoft) Hidden
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.78716 - TeamViewer)
Terela (HKLM-x32\...\{E2F7C535-0785-4C2D-B56F-016BFD02B010}) (Version: 1.1.6 - Terela)
Test Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{9EABBFE1-7EED-47D9-8FB8-21D7E4808057}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
The Witcher 3 - Wild Hunt (HKLM-x32\...\1495134320_is1) (Version: 2.0.0.51 - GOG.com)
TightVNC (HKLM\...\{DEE0B752-52D8-4615-9BEE-1EDA46628960}) (Version: 2.8.8.0 - GlavSoft LLC.)
Topaz Adjust 5 (HKLM-x32\...\Topaz Adjust 5) (Version: 5.2.0 - Topaz Labs, LLC)
Topaz B&W Effects (HKLM-x32\...\Topaz BW Effects 2) (Version: 2.1.0 - Topaz Labs, LLC)
Topaz Clarity (HKLM-x32\...\Topaz Clarity) (Version: 1.1.0 - Topaz Labs, LLC)
Topaz Clean 3 (HKLM-x32\...\Topaz Clean 3) (Version: 3.2.0 - Topaz Labs, LLC)
Topaz DeJpeg 4 (HKLM-x32\...\Topaz DeJpeg 4) (Version: 4.1.0 - Topaz Labs, LLC)
Topaz DeNoise 6 (HKLM-x32\...\Topaz DeNoise 6) (Version: 6.0.1 - Topaz Labs, LLC)
Topaz Detail 3 (HKLM-x32\...\Topaz Detail 3) (Version: 3.3.0 - Topaz Labs, LLC)
Topaz Fusion Express 2 (HKLM-x32\...\Topaz Fusion Express 2) (Version: 2.1.3 - Topaz Labs, LLC)
Topaz Glow 2 (HKLM\...\Topaz Glow 2) (Version: 2.0.0 - Topaz Labs, LLC)
Topaz Impression 2 (HKLM-x32\...\Topaz Impression 2) (Version: 2.0.4 - Topaz Labs, LLC)
Topaz InFocus (HKLM-x32\...\Topaz InFocus) (Version: 1.1.0 - Topaz Labs, LLC)
Topaz Lens Effects (HKLM-x32\...\Topaz Lens Effects) (Version: 1.3.0 - Topaz Labs, LLC)
Topaz ReMask 5 (HKLM-x32\...\Topaz ReMask 5) (Version: 5.0.1 - Topaz Labs, LLC)
Topaz ReStyle (HKLM-x32\...\Topaz ReStyle) (Version: 1.1.0 - Topaz Labs, LLC)
Topaz Simplify 4 (HKLM-x32\...\Topaz Simplify 4) (Version: 4.2.0 - Topaz Labs, LLC)
Topaz Star Effects (HKLM-x32\...\Topaz Star Effects) (Version: 1.2.0 - Topaz Labs, LLC)
Topaz Texture Effects 2 (HKLM-x32\...\Topaz Texture Effects 2) (Version: 2.1.0 - Topaz Labs, LLC) <==== ATTENTION
TurboMailer 2 (HKLM-x32\...\{9E156899-D3A1-4F10-8323-364A095FCFDB}}_is1) (Version:  - Xellsoft.com)
TypeScript Power Tool (HKLM-x32\...\{465ACA24-B8D6-4FEC-A42D-9EFCB92CD560}) (Version: 1.8.34.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{BA5762C7-D35F-4725-A4BD-525854127018}) (Version: 1.8.36.0 - Microsoft Corporation) Hidden
UltraISO Premium V9.66 (HKLM-x32\...\UltraISO_is1) (Version:  - )
UltraVnc (HKLM\...\Ultravnc2_is1) (Version: 1.2.1.5 - uvnc bvba)
Universal CRT Extension SDK (HKLM-x32\...\{1FBCBC17-4527-2340-0832-B1D49C41FF67}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{284FA9A0-CEDD-81D3-5A19-5858E95FD0C4}) (Version: 10.0.10150 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{F6483AD1-9703-F95E-B07B-6BB7A3DA7B71}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{8BFBEC30-33CC-13B4-849F-3B036F27466A}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{96FB0EE4-8F7E-595E-B5CF-BFCC6BF26014}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{ABD37F71-FC3F-F525-C7B3-BDD95F684C51}) (Version: 10.0.10150 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{302A9B8D-5111-6C51-BB99-FF394C4A4255}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{2D359C7E-59C8-79A9-5157-FE9E189F5E8A}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{71436CD5-3E63-CEE9-FC00-5124A5C9A931}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{87F42CC0-5403-3698-87D9-3C2A04E476E1}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Skype for Business 2016 (KB3178717) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{45503767-F19E-4421-B930-8B0004ACA804}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB3178717) 64-Bit Edition (HKLM\...\{90160000-012B-0409-1000-0000000FF1CE}_Office16.PROPLUS_{45503767-F19E-4421-B930-8B0004ACA804}) (Version:  - Microsoft)
Visual Studio 2015 Update 3 (KB3022398) (HKLM-x32\...\{7a68448b-9cf2-4049-bd73-5875f1aa7ba2}) (Version: 14.0.25420 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
VMware Workstation (HKLM\...\{F4C0A853-FA3B-4404-954B-799299EB5A98}) (Version: 12.1.1 - VMware, Inc.)
VPNCheck Pro 1.5 (HKLM-x32\...\VPNCheck Pro_is1) (Version: 1.5 - Guavi)
VS Update core components (HKLM-x32\...\{B2918D01-1D89-34D3-87EF-A28121BC6EB7}) (Version: 14.0.25431 - Microsoft Corporation) Hidden
vs_update3notification (HKLM-x32\...\{AB3DF932-C990-34D4-BF43-970F760DA3CD}) (Version: 14.0.25431 - Microsoft Corporation) Hidden
VyprVPN (HKLM\...\{526B3DDC-6891-4F43-8F64-8B83DC9E4848}) (Version: 2.9.6.7227 - Golden Frog, GmbH.)
Wampserver64 3.0.6 (HKLM\...\{wampserver64}_is1) (Version: 3.0.6 - Dominique Ottello aka Otomatic)
WhatsApp (HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\...\WhatsApp) (Version: 0.2.4240 - WhatsApp)
WinAppDeploy (HKLM-x32\...\{1182888E-EDC9-05C5-33BD-B61DA5B1F916}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Windows 10 Pro Permanent Activator Ultimate v1.6 (HKLM\...\Windows 10 Pro Permanent Activator Ultimate v1.6_is1) (Version: v1.6 - )
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17376 - Microsoft Corporation)
Windows SDK AddOn (HKLM-x32\...\{45D392D2-5956-4646-9CA6-83CBF67507B6}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.14393.33 (HKLM-x32\...\{f23f94c5-8bba-4202-85ad-c83d4402cdc1}) (Version: 10.1.14393.33 - Microsoft Corporation)
WinRAR 5.30 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{01F53182-F1C8-8A72-5C86-B6612BDD4815}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{2AC000E5-E5E6-75B7-7FC2-9ECA8C57CA98}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{6DF5B5E1-A8A0-B617-AADB-31C3709A3C41}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{1AAB8359-4433-FF39-D420-0AD429993AD7}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{CB7AC790-0E8B-D6C9-CE1E-655793E7D541}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{87775501-5259-6A7C-51A6-71C832DB7ABA}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{CFD0294B-945D-62E4-7959-9B22A160496F}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{F75FD5E5-1F33-AE2B-715A-F829F8A8F51D}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinSnare (HKLM-x32\...\{DCC2A107-6E2C-4CEE-9E61-E790A742A938}) (Version: 4.3.6 - WinSnare) <==== ATTENTION
Xvid MPEG-4 Video Codec (HKLM-x32\...\xvid) (Version:  - Xvid Development Team)
ZenMate (HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\...\ZenMate) (Version: 3.4.7.17 - ZenGuard GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1286292690-3867387504-3010431711-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1286292690-3867387504-3010431711-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] ()
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2011-09-05] (Adobe Systems Inc.)
ContextMenuHandlers1: [Incinerator] -> {E8215BEA-3290-4C73-964B-75502B9B41B2} => C:\Program Files (x86)\System Mechanic\Incinerator.dll [2017-05-01] (iolo technologies, LLC)
ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2017-03-28] (IObit)
ContextMenuHandlers1: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt64.dll [2013-11-21] (Crystal Rich Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2015-11-18] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2015-11-18] (Alexander Roshal)
ContextMenuHandlers2: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt64.dll [2013-11-21] (Crystal Rich Ltd)
ContextMenuHandlers2: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2015-10-08] (EZB Systems, Inc.)
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Workstation\vmdkShellExt.dll [2016-04-14] (VMware, Inc.)
ContextMenuHandlers2-x32: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Workstation\x64\vmdkShellExt64.dll [2016-04-14] (VMware, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers4: [Incinerator] -> {E8215BEA-3290-4C73-964B-75502B9B41B2} => C:\Program Files (x86)\System Mechanic\Incinerator.dll [2017-05-01] (iolo technologies, LLC)
ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2017-03-28] (IObit)
ContextMenuHandlers4: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt64.dll [2013-11-21] (Crystal Rich Ltd)
ContextMenuHandlers4: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2015-10-08] (EZB Systems, Inc.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll [2015-08-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-04-02] (Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] ()
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2011-09-05] (Adobe Systems Inc.)
ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2017-03-28] (IObit)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers6: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2015-10-08] (EZB Systems, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2015-11-18] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2015-11-18] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1FCEA5A2-AB36-4D6E-AB68-E61A046267F7} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {24DBF297-7FCC-4715-8979-A70717F92179} - System32\Tasks\ioloActiveCare => C:\Program Files (x86)\System Mechanic\SystemMechanic.exe [2017-05-01] (iolo technologies, LLC)
Task: {2C9C3CBD-07C8-476B-957C-FF0ADFDE451E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-01] (Microsoft Corporation) <==== ATTENTION
Task: {32723E56-80F1-4789-87C5-59FE74480F00} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-01] (Microsoft Corporation) <==== ATTENTION
Task: {3687AC52-C49A-4B29-902D-AED85EE91F34} - System32\Tasks\ioloTUDsDownloader => C:\Program Files (x86)\System Mechanic\ioloSmartUpdater.exe [2017-05-01] (iolo technologies, LLC)
Task: {3785BF8A-B955-4B4A-B811-2CBF2E77311C} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\System Mechanic\iologovernor64.exe [2017-05-01] (iolo technologies, LLC)
Task: {46F6F8DF-9002-4C84-971A-98C12BE90558} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-09-03] (Advanced Micro Devices, Inc.)
Task: {5609B555-E4F1-4668-BAA8-F884289C6E24} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-08] (Google Inc.)
Task: {678B316A-1947-4DAC-93BB-A17A193F5770} - System32\Tasks\ioloAVDefsDownloader => C:\Program Files (x86)\System Mechanic\ioloSmartUpdater.exe [2017-05-01] (iolo technologies, LLC)
Task: {69082C3D-C70E-416C-8823-5A98CB96838D} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-adeniranpauladewale@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {6EB50065-6E08-484C-80FE-7FA80DC7B963} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-08] (Google Inc.)
Task: {774F977E-8DAD-4A4F-9841-FE3CDDD26F6F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-01] (Microsoft Corporation) <==== ATTENTION
Task: {8FF177EF-44CA-4DFD-B91C-E8DCD4C61B8B} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {99ED6C99-0082-41CD-95D8-C19520FAEC94} - System32\Tasks\Bitvise\Persistent BvSshServer Control Panel\S-1-5-21-1286292690-3867387504-3010431711-1001 => C:\Program Files\Bitvise SSH Server\BssCtrl.exe [2017-06-14] (Bitvise Limited)
Task: {9B891FFC-921C-43F1-AEEE-FF57902A48B7} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe [2016-06-20] (Microsoft Corporation)
Task: {A3519A5C-750A-4B08-8F34-95598CFE847C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-01] (Microsoft Corporation) <==== ATTENTION
Task: {B07F3F3A-44BA-4AD1-9B66-A2964BF824F5} - System32\Tasks\ioloSystemShield => C:\Program Files (x86)\System Mechanic\ioloSSTray.exe [2017-05-01] (iolo technologies, LLC)
Task: {B5F54DC5-051B-480D-8E6E-B5E077C81F1A} - System32\Tasks\ioloSmartUpdater => C:\Program Files (x86)\System Mechanic\ioloSmartUpdater.exe [2017-05-01] (iolo technologies, LLC)
Task: {DEDC12D8-3DBF-490E-AD14-782E67DDA02A} - \LoanMan Excel SPreag -> No File <==== ATTENTION
Task: {F31BAD0F-0585-4C19-A7C3-37DCC8657202} - System32\Tasks\ioloToaster => C:\Program Files (x86)\System Mechanic\ioloToaster.exe [2017-05-01] (iolo technologies, LLC)
Task: {F8FC24FF-66F9-4A53-9F96-5EB9058621E7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-04-10] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\adeni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ruby 2.3.3-p222-x64\Start Command Prompt with Ruby.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /E:ON /K C:\Ruby23-x64\bin\setrbvars.bat
ShortcutWithArgument: C:\Users\adeni\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\48499db33039e897\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 4"

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 11:42 - 2016-07-16 11:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-07-12 03:06 - 2017-06-21 07:48 - 002681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-07-18 01:22 - 2016-11-22 21:38 - 000105128 _____ () C:\WINDOWS\system32\PrxerNsp.dll
2017-07-23 11:12 - 2015-02-02 01:05 - 001513072 _____ () C:\Program Files (x86)\freeSSHd\FreeSSHDService.exe
2017-03-19 14:11 - 2017-03-18 00:54 - 000017384 _____ () C:\Users\adeni\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\KingoSoftService.exe
2017-06-14 12:41 - 2017-06-14 12:41 - 001371136 _____ () C:\Program Files\Bitvise SSH Server\CiWinCng64.dll
2016-06-10 01:41 - 2016-06-10 01:41 - 000491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2017-02-22 23:56 - 2017-02-22 23:56 - 008911560 _____ () C:\Program Files\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-04-30 11:19 - 2017-04-30 11:19 - 000052392 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2017-03-20 00:49 - 2016-09-07 04:56 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-20 00:46 - 2017-03-04 06:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-08-23 09:32 - 2017-08-23 09:45 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-08-23 09:32 - 2017-08-23 09:45 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-08-23 09:32 - 2017-08-23 09:45 - 036162048 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-08-23 09:32 - 2017-08-23 09:45 - 002237952 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\skypert.dll
2017-07-14 19:45 - 2016-10-13 22:05 - 001596920 _____ () C:\Program Files (x86)\DFX\DFX.exe
2016-10-13 14:57 - 2016-10-13 14:57 - 000161784 _____ () C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp32.exe
2016-10-13 15:01 - 2016-10-13 15:01 - 000176120 _____ () C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe
2016-10-13 15:42 - 2016-10-13 15:42 - 000098296 _____ () C:\Program Files (x86)\Common Files\DFX\Dlls\dfxShared64.dll
2015-07-20 15:34 - 2015-07-20 15:34 - 000012288 _____ () C:\Program Files (x86)\No-IP\ducservice.exe
2017-08-17 23:12 - 2017-08-11 07:40 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.101\libglesv2.dll
2017-08-17 23:12 - 2017-08-11 07:40 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.101\libegl.dll
2017-07-28 07:52 - 2017-07-28 07:56 - 032960512 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17062.14111.0_x64__8wekyb3d8bbwe\Music.UI.exe
2017-07-28 07:52 - 2017-07-28 07:54 - 009161728 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17062.14111.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-07-14 02:39 - 2017-07-14 02:51 - 003500456 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17062.14111.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-07-28 07:52 - 2017-07-28 07:56 - 013154304 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17062.14111.0_x64__8wekyb3d8bbwe\Music.Visuals.dll
2017-03-20 00:48 - 2017-03-04 06:12 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-20 00:48 - 2017-03-04 06:05 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-20 00:47 - 2017-03-04 06:05 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-08-09 06:37 - 2017-03-04 06:05 - 001033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-08-09 06:37 - 2017-08-01 18:26 - 002424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-08-09 06:37 - 2017-08-01 18:31 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-10-12 02:09 - 2016-10-12 02:09 - 000544976 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2017\manta.dll
2016-10-12 02:09 - 2016-10-12 02:09 - 018502352 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2017\mona.dll
2016-10-12 02:09 - 2016-10-12 02:09 - 000092880 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2017\libglog.dll
2016-10-12 02:09 - 2016-10-12 02:09 - 002543312 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2017\opencv_core249.dll
2016-10-12 02:09 - 2016-10-12 02:09 - 002198736 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2017\opencv_imgproc249.dll
2015-08-05 20:39 - 2015-08-05 20:39 - 000786432 _____ () C:\Program Files (x86)\Topaz Labs\Topaz ReMask 5\PS_Plugins_x64\TopazRemaskAutomation.8li
2016-10-12 02:12 - 2016-10-12 02:12 - 069856976 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2017\Required\Plug-Ins\Spaces\libcef.dll
2016-10-12 02:09 - 2016-10-12 02:09 - 001860304 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2017\aif.dll
2016-10-12 02:12 - 2016-10-12 02:12 - 001180880 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2017\Required\Plug-Ins\Spaces\Adobe Spaces Helper.exe
2016-10-12 02:12 - 2016-10-12 02:12 - 002473168 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2017\Required\Plug-Ins\Spaces\libglesv2.dll
2016-10-12 02:12 - 2016-10-12 02:12 - 000093904 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2017\Required\Plug-Ins\Spaces\libegl.dll
2017-07-24 14:38 - 2017-07-24 14:38 - 026976392 _____ () C:\Users\adeni\AppData\Roaming\ICQ\bin\icq.exe
2017-06-20 03:13 - 2017-03-28 17:08 - 000442144 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2017-06-20 03:13 - 2017-03-28 17:08 - 000210720 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2017-06-20 03:13 - 2017-03-28 17:08 - 000059680 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2017-05-10 20:43 - 2017-05-10 20:43 - 000033280 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\cx_Logging.cp35-win32.pyd
2017-05-10 20:43 - 2017-05-10 20:43 - 000103424 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32api.pyd
2017-05-10 20:43 - 2017-05-10 20:43 - 000111616 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pywintypes35.dll
2017-05-10 20:43 - 2017-05-10 20:43 - 000041984 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32process.pyd
2017-05-10 20:43 - 2017-05-10 20:43 - 000405504 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pythoncom35.dll
2017-05-10 20:43 - 2017-05-10 20:43 - 000173568 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32gui.pyd
2017-05-10 20:43 - 2017-05-10 20:43 - 001934336 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtGui.pyd
2017-05-10 20:43 - 2017-05-10 20:43 - 000077824 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\sip.pyd
2017-05-10 20:43 - 2017-05-10 20:43 - 001780736 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtCore.pyd
2017-05-10 20:43 - 2017-05-10 20:43 - 000505856 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtNetwork.pyd
2017-05-10 20:43 - 2017-05-10 20:43 - 003812864 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWidgets.pyd
2017-04-06 05:30 - 2017-04-06 05:29 - 002493440 _____ () C:\Program Files (x86)\Origin\libGLESv2.dll
2016-04-14 17:16 - 2016-04-14 17:16 - 001309768 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2016-10-07 20:48 - 2016-10-07 20:48 - 000104960 _____ () C:\Program Files (x86)\VyprVPN\GoldenFrogWFP.dll
2016-10-13 15:40 - 2016-10-13 15:40 - 000083960 _____ () C:\Program Files (x86)\Common Files\DFX\Dlls\dfxShared32.dll
2015-07-20 15:34 - 2015-07-20 15:34 - 000073728 _____ () C:\Program Files (x86)\No-IP\ducapi.dll
2017-06-20 03:13 - 2017-03-28 17:09 - 000899872 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\webres.dll
2017-06-20 03:13 - 2017-05-10 13:19 - 000631584 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\ProductStatistics.dll
2012-11-14 03:22 - 2012-11-14 03:22 - 002010624 _____ () C:\Program Files (x86)\ManyCam\opencv_core220.dll
2012-11-14 03:23 - 2012-11-14 03:23 - 001241088 _____ () C:\Program Files (x86)\ManyCam\opencv_imgproc220.dll
2012-11-14 03:23 - 2012-11-14 03:23 - 000241152 _____ () C:\Program Files (x86)\ManyCam\opencv_objdetect220.dll
2012-11-14 03:23 - 2012-11-14 03:23 - 000775680 _____ () C:\Program Files (x86)\ManyCam\opencv_highgui220.dll
2012-11-14 03:23 - 2012-11-14 03:23 - 000201216 _____ () C:\Program Files (x86)\ManyCam\opencv_video220.dll
2017-03-10 02:11 - 2017-03-10 02:11 - 000036878 _____ () C:\Program Files (x86)\Pidgin\libssp-0.dll
2017-03-10 02:11 - 2017-03-10 02:11 - 000671031 _____ () C:\Program Files (x86)\Pidgin\exchndl.dll
2017-06-21 16:04 - 2017-06-21 16:04 - 000904525 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libcairo-2.dll
2017-06-21 16:04 - 2017-06-21 16:04 - 000118272 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\zlib1.dll
2017-06-21 16:04 - 2017-06-21 16:04 - 000216992 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libpng14-14.dll
2017-06-21 16:04 - 2017-06-21 16:04 - 000279059 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libfontconfig-1.dll
2017-06-21 16:04 - 2017-06-21 16:04 - 000553382 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\freetype6.dll
2017-03-10 02:11 - 2017-03-10 02:11 - 001136034 _____ () C:\Program Files (x86)\Pidgin\libxml2-2.dll
2017-06-21 16:04 - 2017-06-21 16:04 - 000177586 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libexpat-1.dll
2017-03-10 02:11 - 2017-03-10 02:11 - 000475580 _____ () C:\Program Files (x86)\Pidgin\spellcheck\libgtkspell-0.dll
2017-03-10 02:11 - 2017-03-10 02:11 - 000020997 _____ () C:\Program Files (x86)\Pidgin\plugins\autoaccept.dll
2017-03-10 02:11 - 2017-03-10 02:11 - 000013253 _____ () C:\Program Files (x86)\Pidgin\plugins\buddynote.dll
2017-03-10 02:11 - 2017-03-10 02:11 - 000024924 _____ () C:\Program Files (x86)\Pidgin\plugins\convcolors.dll
2017-03-10 02:11 - 2017-03-10 02:11 - 000015702 _____ () C:\Program Files (x86)\Pidgin\plugins\extplacement.dll
2017-03-10 02:11 - 2017-03-10 02:11 - 000014147 _____ () C:\Program Files (x86)\Pidgin\plugins\gtkbuddynote.dll
2017-03-10 02:11 - 2017-03-10 02:11 - 000018882 _____ () C:\Program Files (x86)\Pidgin\plugins\history.dll
2017-03-10 02:11 - 2017-03-10 02:11 - 000012865 _____ () C:\Program Files (x86)\Pidgin\plugins\iconaway.dll
2017-03-10 02:11 - 2017-03-10 02:11 - 000019043 _____ () C:\Program Files (x86)\Pidgin\plugins\idle.dll
2017-03-10 02:11 - 2017-03-10 02:11 - 000018555 _____ () C:\Program Files (x86)\Pidgin\plugins\joinpart.dll
2017-03-10 02:11 - 2017-03-10 02:11 - 000015074 _____ () C:\Program Files (x86)\Pidgin\plugins\libaim.dll
2017-03-10 02:11 - 2017-03-10 02:11 - 000315843 _____ () C:\Program Files (x86)\Pidgin\liboscar.dll
2017-03-10 02:11 - 2017-03-10 02:11 - 000093066 _____ () C:\Program Files (x86)\Pidgin\plugins\libbonjour.dll
2017-03-10 02:11 - 2017-03-10 02:11 - 000332178 _____ () C:\Program Files (x86)\Pidgin\plugins\libgg.dll
2017-03-10 02:11 - 2017-03-10 02:11 - 000016005 _____ () C:\Program Files (x86)\Pidgin\plugins\libicq.dll
2017-03-10 02:11 - 2017-03-10 02:11 - 000108441 _____ () C:\Program Files (x86)\Pidgin\plugins\libirc.dll
2017-03-10 02:11 - 2017-03-10 02:11 - 000128694 _____ () C:\Program Files (x86)\Pidgin\libsasl2-3.dll
2017-03-10 02:11 - 2017-03-10 02:11 - 000123540 _____ () C:\Program Files (x86)\Pidgin\plugins\libnovell.dll
2017-03-10 02:11 - 2017-03-10 02:11 - 000116071 _____ () C:\Program Files (x86)\Pidgin\plugins\libsametime.dll
2017-03-10 02:11 - 2017-03-10 02:11 - 000152852 _____ () C:\Program Files (x86)\Pidgin\libmeanwhile-1.dll
2017-03-10 02:11 - 2017-03-10 02:11 - 000171123 _____ () C:\Program Files (x86)\Pidgin\plugins\libsilc.dll
2017-03-10 02:11 - 2017-03-10 02:11 - 000868705 _____ () C:\Program Files (x86)\Pidgin\libsilc-1-1-4.dll
2017-03-10 02:11 - 2017-03-10 02:11 - 000225616 _____ () C:\Program Files (x86)\Pidgin\libsilcclient-1-1-4.dll
2017-03-10 02:11 - 2017-03-10 02:11 - 000055880 _____ () C:\Program Files (x86)\Pidgin\plugins\libsimple.dll
2017-03-10 02:11 - 2017-03-10 02:11 - 000021337 _____ () C:\Program Files (x86)\Pidgin\plugins\libxmpp.dll
2017-03-10 02:11 - 2017-03-10 02:11 - 000416644 _____ () C:\Program Files (x86)\Pidgin\libjabber.dll
2017-03-10 02:11 - 2017-03-10 02:11 - 000047934 _____ () C:\Program Files (x86)\Pidgin\plugins\log_reader.dll
2017-03-10 02:11 - 2017-03-10 02:11 - 000021795 _____ () C:\Program Files (x86)\Pidgin\plugins\markerline.dll
2017-03-10 02:11 - 2017-03-10 02:11 - 000013456 _____ () C:\Program Files (x86)\Pidgin\plugins\newline.dll
2017-03-10 02:11 - 2017-03-10 02:11 - 000029737 _____ () C:\Program Files (x86)\Pidgin\plugins\notify.dll
2017-03-10 02:11 - 2017-03-10 02:11 - 000021075 _____ () C:\Program Files (x86)\Pidgin\plugins\nss-prefs.dll
2017-03-10 02:11 - 2017-03-10 02:11 - 000017023 _____ () C:\Program Files (x86)\Pidgin\plugins\offlinemsg.dll
2017-03-10 02:11 - 2017-03-10 02:11 - 000029256 _____ () C:\Program Files (x86)\Pidgin\plugins\pidginrc.dll
2017-03-10 02:11 - 2017-03-10 02:11 - 000015380 _____ () C:\Program Files (x86)\Pidgin\plugins\psychic.dll
2017-03-10 02:11 - 2017-03-10 02:11 - 000015429 _____ () C:\Program Files (x86)\Pidgin\plugins\relnot.dll
2017-03-10 02:11 - 2017-03-10 02:11 - 000015045 _____ () C:\Program Files (x86)\Pidgin\plugins\sendbutton.dll
2017-03-10 02:11 - 2017-03-10 02:11 - 000069625 _____ () C:\Program Files (x86)\Pidgin\plugins\spellchk.dll
2017-03-10 02:11 - 2017-03-10 02:11 - 000031993 _____ () C:\Program Files (x86)\Pidgin\plugins\ssl-nss.dll
2017-03-10 02:11 - 2017-03-10 02:11 - 000012004 _____ () C:\Program Files (x86)\Pidgin\plugins\ssl.dll
2017-03-10 02:11 - 2017-03-10 02:11 - 000015978 _____ () C:\Program Files (x86)\Pidgin\plugins\statenotify.dll
2017-03-10 02:11 - 2017-03-10 02:11 - 000030353 _____ () C:\Program Files (x86)\Pidgin\plugins\themeedit.dll
2017-03-10 02:11 - 2017-03-10 02:11 - 000032020 _____ () C:\Program Files (x86)\Pidgin\plugins\ticker.dll
2017-03-10 02:12 - 2017-03-10 02:12 - 000018399 _____ () C:\Program Files (x86)\Pidgin\plugins\timestamp.dll
2017-03-10 02:12 - 2017-03-10 02:12 - 000023851 _____ () C:\Program Files (x86)\Pidgin\plugins\timestamp_format.dll
2017-03-10 02:12 - 2017-03-10 02:12 - 000029791 _____ () C:\Program Files (x86)\Pidgin\plugins\win2ktrans.dll
2017-03-10 02:12 - 2017-03-10 02:12 - 000030771 _____ () C:\Program Files (x86)\Pidgin\plugins\winprefs.dll
2017-03-10 02:12 - 2017-03-10 02:12 - 000037191 _____ () C:\Program Files (x86)\Pidgin\plugins\xmppconsole.dll
2017-03-10 02:12 - 2017-03-10 02:12 - 000044494 _____ () C:\Program Files (x86)\Pidgin\plugins\xmppdisco.dll
2017-03-10 02:12 - 2017-03-10 02:12 - 000048402 _____ () C:\Program Files (x86)\Pidgin\sasl2\libanonymous-3.dll
2017-03-10 02:12 - 2017-03-10 02:12 - 000049962 _____ () C:\Program Files (x86)\Pidgin\sasl2\libcrammd5-3.dll
2017-03-10 02:12 - 2017-03-10 02:12 - 000079858 _____ () C:\Program Files (x86)\Pidgin\sasl2\libdigestmd5-3.dll
2017-03-10 02:12 - 2017-03-10 02:12 - 000048907 _____ () C:\Program Files (x86)\Pidgin\sasl2\libplain-3.dll
2017-03-10 02:11 - 2017-03-10 02:11 - 000554496 _____ () C:\Program Files (x86)\Pidgin\sqlite3.dll
2017-06-21 16:04 - 2017-06-21 16:04 - 000090496 _____ () C:\Program Files (x86)\Pidgin\Gtk\lib\gtk-2.0\2.10.0\engines\libwimp.dll
2017-05-11 21:57 - 2005-02-08 16:26 - 000061497 _____ () C:\Program Files (x86)\TurboMailer\zlib.pyd
2017-05-11 21:57 - 2011-02-26 18:12 - 000106496 _____ () C:\Program Files (x86)\TurboMailer\win32api.pyd
2017-05-11 21:57 - 2011-02-27 17:12 - 000122880 _____ () C:\Program Files (x86)\TurboMailer\pywintypes23.dll
2017-05-11 21:57 - 2005-02-08 16:24 - 000057401 _____ () C:\Program Files (x86)\TurboMailer\_sre.pyd
2017-05-11 21:57 - 2005-02-08 16:24 - 000049212 _____ () C:\Program Files (x86)\TurboMailer\_socket.pyd
2017-05-11 21:57 - 2005-02-08 16:24 - 000495616 _____ () C:\Program Files (x86)\TurboMailer\_ssl.pyd
2017-05-11 21:57 - 2004-08-07 19:43 - 000018432 _____ () C:\Program Files (x86)\TurboMailer\cjkcodecs._multibytecodec.pyd
2017-05-11 21:57 - 2004-08-07 19:44 - 000458752 _____ () C:\Program Files (x86)\TurboMailer\cjkcodecs._codecs_tw.pyd
2017-05-11 21:57 - 2004-08-07 19:43 - 000125440 _____ () C:\Program Files (x86)\TurboMailer\cjkcodecs._codecs_cn.pyd
2017-05-11 21:57 - 2011-02-26 18:14 - 000679936 _____ () C:\Program Files (x86)\TurboMailer\win32ui.pyd
2017-05-11 21:57 - 2011-02-26 18:12 - 000180224 _____ () C:\Program Files (x86)\TurboMailer\win32gui.pyd
2017-05-11 21:57 - 2011-02-26 18:12 - 000053248 _____ () C:\Program Files (x86)\TurboMailer\win32help.pyd
2017-05-11 21:57 - 2006-10-28 15:00 - 000090112 _____ () C:\Program Files (x86)\TurboMailer\_ctypes.pyd
2017-05-11 21:57 - 2010-11-05 12:06 - 000147514 _____ () C:\Program Files (x86)\TurboMailer\extc.dll
2017-05-11 21:57 - 2011-02-26 18:12 - 000028672 _____ () C:\Program Files (x86)\TurboMailer\win32ras.pyd
2017-05-11 21:57 - 2011-02-26 18:11 - 000024576 _____ () C:\Program Files (x86)\TurboMailer\timer.pyd
2017-02-22 23:56 - 2017-02-22 23:56 - 008911560 _____ () C:\Program Files (x86)\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2014-11-19 15:36 - 2014-11-19 15:36 - 000063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2016-10-12 02:11 - 2016-10-12 02:11 - 044047568 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2017\Required\CEP\CEPHtmlEngine\libcef.dll
2016-10-12 02:11 - 2016-10-12 02:11 - 001488592 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2017\Required\CEP\CEPHtmlEngine\libglesv2.dll
2016-10-12 02:11 - 2016-10-12 02:11 - 000080080 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2017\Required\CEP\CEPHtmlEngine\libegl.dll
2017-07-24 14:38 - 2017-07-24 14:38 - 004584584 _____ () C:\Users\adeni\AppData\Roaming\ICQ\bin\corelib.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\...\caltech.edu -> hxxps://vpn.caltech.edu
IE trusted site: HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\...\whoer.net -> hxxps://whoer.net

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 07:24 - 2017-07-26 14:11 - 000002377 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       98.129.229.186
127.0.0.1       www.iana.org
127.0.0.1       iana.org# ::1             localhost
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 activate.adobe.com
0.0.0.0 anchorfree.net
0.0.0.0 rss2search.com
0.0.0.0 techbrowsing.com
0.0.0.0 box.anchorfree.net
0.0.0.0 www.mefeedia.com
0.0.0.0 www.anchorfree.net
0.0.0.0 www.mefeedia.com
0.0.0.0 anchorfree.us
0.0.0.0 a433.com
0.0.0.0 anchorfree.net
0.0.0.0 rpt.anchorfree.net
0.0.0.0 delivery.anchorfree.us/land.php
0.0.0.0 hsselite.com
0.0.0.0 www.hsselite.com
127.0.0.1 activation.cloud.techsmith.com
127.0.0.1 oscount.techsmith.com
127.0.0.1 updater.techsmith.com
127.0.0.1 camtasiatudi.techsmith.com
127.0.0.1 tsccloud.cloudapp.net
127.0.0.1 assest.cloud.techsmith.com
127.0.0.1 wepcdisplaysystem.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\adeni\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 131.215.254.100 - 131.215.139.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "HMA! Pro VPN.lnk"
HKLM\...\StartupApproved\Run: => "InstallerLauncher"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
HKLM\...\StartupApproved\Run: => "SysTrayApp"
HKLM\...\StartupApproved\Run: => "tvncontrol"
HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "PlaysTV"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKLM\...\StartupApproved\Run32: => "Bitvise SSH Server Activation State Checker"
HKLM\...\StartupApproved\Run32: => "ConnectionCenter"
HKLM\...\StartupApproved\Run32: => "Redirector"
HKLM\...\StartupApproved\Run32: => "CCAV"
HKLM\...\StartupApproved\Run32: => "IseUI"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\...\StartupApproved\StartupFolder: => "TotalVPN.lnk"
HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\...\StartupApproved\StartupFolder: => "ZenMate.bat"
HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\...\StartupApproved\Run: => "CyberGhost"
HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_06C9214D4ECFCB6B64B902A17D86E5C2"
HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\...\StartupApproved\Run: => "IDMan"
HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\...\StartupApproved\Run: => "OPENVPN-GUI"
HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\...\StartupApproved\Run: => "icq.desktop"
HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\...\StartupApproved\Run: => "ManyCam"
HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\...\StartupApproved\Run: => "WhatsApp"
HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\...\StartupApproved\Run: => "AceStream"
HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\...\StartupApproved\Run: => "HideMyIPSh"
HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\...\StartupApproved\Run: => "NetLimiter"
HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\...\StartupApproved\Run: => "SandboxieControl"
HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\...\StartupApproved\Run: => "Advanced SystemCare Ultimate"
HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\...\StartupApproved\Run: => "Epic Privacy Browser Installer"
HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\...\StartupApproved\Run: => "background_fault"
HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_BF2DC5E71E4736FF07C4B7B4FA4C4A0C"
HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\...\StartupApproved\Run: => "comodo_dragon._product_offer_run"
HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\...\StartupApproved\Run: => "SmartSwitchPDLR.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{2E8532BB-3ED1-42A6-A7F6-0CB498C2EEAD}C:\users\adeni\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\adeni\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{0AADD8A6-E2DB-4B5C-867B-CC5A04B2BC50}C:\users\adeni\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\adeni\appdata\roaming\spotify\spotify.exe
FirewallRules: [{30DDC8E5-8AC6-4673-987D-4A84B7C243D4}] => (Block) C:\users\adeni\appdata\roaming\spotify\spotify.exe
FirewallRules: [{A05FFFFC-2078-43C1-9267-610A32F123D2}] => (Block) C:\users\adeni\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{26E49453-A180-4965-A33E-4D56B4BF03E6}C:\users\adeni\appdata\roaming\spotify\spotifywebhelper.exe] => (Block) C:\users\adeni\appdata\roaming\spotify\spotifywebhelper.exe
FirewallRules: [UDP Query User{6A4A6F21-03DE-4130-A5B6-9C7DC3002B31}C:\users\adeni\appdata\roaming\spotify\spotifywebhelper.exe] => (Block) C:\users\adeni\appdata\roaming\spotify\spotifywebhelper.exe
FirewallRules: [TCP Query User{023F6F70-7537-4267-883F-0093754C7650}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{E227D35D-CF98-4611-85C2-F7C03E464F1F}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{D5327115-9E10-4C26-A9BE-CB64EADD35A0}C:\program files (x86)\internet download manager\idman.exe] => (Allow) C:\program files (x86)\internet download manager\idman.exe
FirewallRules: [UDP Query User{E9A67134-882C-42D3-AF49-0E01F988EF9B}C:\program files (x86)\internet download manager\idman.exe] => (Allow) C:\program files (x86)\internet download manager\idman.exe
FirewallRules: [{8B796DB2-6547-4EE5-92C0-90ECCB988545}] => (Allow) C:\Users\adeni\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C370073A-9D48-45D9-A1D5-A5D2C1C32F13}] => (Allow) C:\Users\adeni\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{85CDA205-E73E-4C42-AFE2-1084AF0F3426}] => (Allow) C:\Program Files\Bitvise SSH Server\BvSshServer.exe
FirewallRules: [{BE87A4BC-E653-4DEC-9E1B-EEBF59B7B632}] => (Allow) C:\Program Files\Bitvise SSH Server\BvSshServer.exe
FirewallRules: [{69A00044-A1F1-47ED-8465-1B1A8BD0C3A2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

23-08-2017 10:43:27 JRT Pre-Junkware Removal
23-08-2017 11:09:22 Installed Sophos Virus Removal Tool.
23-08-2017 11:21:06 Installed Sophos Virus Removal Tool.
23-08-2017 11:24:24 Installed Sophos Virus Removal Tool.
24-08-2017 15:07:50 Installed Cisco AnyConnect Secure Mobility Client

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/24/2017 08:47:47 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {95CABCC9-BC57-4C12-B8DF-BA193232AA01} was rejected

Error: (08/24/2017 08:47:47 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {95CABCC9-BC57-4C12-B8DF-BA193232AA01} was rejected

Error: (08/24/2017 03:09:16 PM) (Source: acvpninstall) (EventID: 2) (User: )
Description: Event-ID 2

Error: (08/24/2017 03:09:16 PM) (Source: acvpninstall) (EventID: 2) (User: )
Description: Event-ID 2

Error: (08/24/2017 03:09:16 PM) (Source: acvpninstall) (EventID: 2) (User: )
Description: Event-ID 2

Error: (08/24/2017 03:09:16 PM) (Source: acvpninstall) (EventID: 2) (User: )
Description: Event-ID 2

Error: (08/24/2017 03:09:16 PM) (Source: acvpninstall) (EventID: 2) (User: )
Description: Event-ID 2

Error: (08/24/2017 03:09:16 PM) (Source: acvpninstall) (EventID: 2) (User: )
Description: Event-ID 2

Error: (08/24/2017 03:08:23 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (08/24/2017 01:42:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Adobe Spaces Helper.exe, version: 0.0.0.0, time stamp: 0x57fde35d
Faulting module name: libcef.dll, version: 3.2526.1347.0, time stamp: 0x572d0cf0
Exception code: 0xc0000005
Fault offset: 0x0000000002656a12
Faulting process id: 0x36ec
Faulting application start time: 0x01d31cd9b3b97b3b
Faulting application path: C:\Program Files\Adobe\Adobe Photoshop CC 2017\Required\Plug-Ins\Spaces\Adobe Spaces Helper.exe
Faulting module path: C:\Program Files\Adobe\Adobe Photoshop CC 2017\Required\Plug-Ins\Spaces\libcef.dll
Report Id: fdb4e210-dd39-4d38-be5b-60adc08c8209
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (08/24/2017 11:22:12 PM) (Source: DCOM) (EventID: 10010) (User: UMPC)
Description: The server {37998346-3765-45B1-8C66-AA88CA6B20B8} did not register with DCOM within the required timeout.

Error: (08/24/2017 11:20:12 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error:
Unspecified error

Error: (08/24/2017 11:15:49 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.

Error: (08/24/2017 12:32:37 AM) (Source: DCOM) (EventID: 10010) (User: UMPC)
Description: The server {37998346-3765-45B1-8C66-AA88CA6B20B8} did not register with DCOM within the required timeout.

Error: (08/24/2017 12:30:37 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error:
Unspecified error

Error: (08/24/2017 12:25:00 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error:
Unspecified error

Error: (08/24/2017 12:24:13 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/24/2017 12:23:42 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The VMware Workstation Server service terminated with the following service-specific error:
%%4294967295

Error: (08/24/2017 12:23:30 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/24/2017 12:23:30 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
  Date: 2017-08-24 11:03:19.316
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-08-24 11:03:18.779
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-08-22 23:00:54.413
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-08-22 23:00:53.987
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-08-21 22:55:37.444
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-08-21 22:55:37.118
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-08-21 09:19:06.119
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\amdhdl64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-08-21 09:17:04.332
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\amdhdl64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-08-21 00:15:12.944
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-08-21 00:15:12.773
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 65%
Total physical RAM: 8094.31 MB
Available physical RAM: 2799.66 MB
Total Virtual: 28574.31 MB
Available Virtual: 14416.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:668.87 GB) (Free:112.13 GB) NTFS
Drive h: (service touba play) (Fixed) (Total:1862.98 GB) (Free:1470.82 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 6E342E58)
Partition 1: (Not Active) - (Size=669.7 GB) - (Type=OF Extended)
Partition 2: (Active) - (Size=500 MB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: CE898C47)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



Please i need help because i have been unable to use my computer very well
Thanks in adavnce
 



#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,518 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:02 AM

Posted 25 August 2017 - 09:59 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove this program in bold via the Control Panel > Programs > Programs and Features.
WinSnare (HKLM-x32\...\{DCC2A107-6E2C-4CEE-9E61-E790A742A938}) (Version: 4.3.6 - WinSnare) <==== ATTENTION
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [4674872 2017-07-12] (Microsoft Corporation) <==== ATTENTION
AlternateShell:
GroupPolicy: Restriction <==== ATTENTION
GroupPolicyScripts: Restriction <==== ATTENTION
GroupPolicyScripts\User: Restriction <==== ATTENTION
BHO-x32: No Name -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> No File
FF HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\adeni\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found
FF Plugin HKU\S-1-5-21-1286292690-3867387504-3010431711-1001: @acestream.net/acestreamplugin,version=3.1.16.1 -> C:\Users\adeni\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File]
CHR HomePage: Profile 4 -> hxxp://www.luckystarting.com/
CHR StartupUrls: Profile 4 -> "hxxp://websearch.oversearch.info/?pid=512&r=2013/09/25&hid=18313136183427387136&lg=EN&cc=NG&unqvl=36","hxxp://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=GB&userid=9e7ca856-cac3-c8ea-b8de-bf7520b218e5&searchtype=hp&installDate=31/10/2013","hxxp://search.conduit.com/?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPFB4108D4-2E01-4069-987E-B52EEACC8300&SSPV=","hxxp://websearch.exitingsearch.info/?pid=2145&r=201... (long line)
CHR Extension: (EditThisCookie) - C:\Users\adeni\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2017-06-20]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Bangtony\Application\chrome.exe <==== ATTENTION
S1 sdtmqput; no ImagePath
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {DEDC12D8-3DBF-490E-AD14-782E67DDA02A} - \LoanMan Excel SPreag -> No File <==== ATTENTION
2017-08-24 21:21 - 2017-08-24 21:21 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsign201ff4b18cba71f8
2017-08-24 20:56 - 2017-08-24 20:56 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsigna0bbe6b628150751
2017-08-24 20:56 - 2017-08-24 20:56 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsign8189ccfe837b1eb6
2017-08-24 13:43 - 2017-08-24 13:43 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsigne3344892dcb0c4a6
2017-08-24 13:43 - 2017-08-24 13:43 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsign9e29d6a95aedcdc1
2017-08-24 13:43 - 2017-08-24 13:43 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsign16ee4a3eb8c88fe1
2017-08-24 13:31 - 2017-08-24 13:31 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsignc92857b635aef771
2017-08-24 13:05 - 2017-08-24 13:05 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsignf9c3d7611025a73c
2017-08-24 13:05 - 2017-08-24 13:05 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsign5f19990cfa879dc5
2017-08-24 01:33 - 2017-08-24 01:33 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsign80ca3d390243c942
2017-08-24 01:12 - 2017-08-24 01:12 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsign5c9d6263c9d48e19
2017-08-24 01:11 - 2017-08-24 01:11 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsignfea682bc007d0c7e
2017-08-24 01:11 - 2017-08-24 01:11 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsignaeb1a7e465961486
2017-08-24 01:11 - 2017-08-24 01:11 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsignaab0390c7bb4211f
2017-08-21 12:51 - 2017-08-21 12:51 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsign353360f164b825da
2017-08-21 12:46 - 2017-08-21 12:46 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsign0d8b4991080ba4f5
2017-08-21 12:42 - 2017-08-21 12:42 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsigne6a59c7384cf9244
2017-08-21 12:41 - 2017-08-21 12:41 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsigndcb94de4f5e1b2f0
2017-08-21 12:41 - 2017-08-21 12:41 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsign320b04eade32213a

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png or the 3 vertical dots located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old versions of Java via the Control Panel > Programs > Programs and Features.
Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
===

Please let me know what problem persists with this computer.

p.s.
Did you set this proxy?

I'm not sure if it's required.

FF NetworkProxy: Mozilla\Firefox\Profiles\jjkfi5y8.default -> socks", "127.0.0.1"
FF NetworkProxy: Mozilla\Firefox\Profiles\jjkfi5y8.default -> socks_port", 9959
FF NetworkProxy: Mozilla\Firefox\Profiles\jjkfi5y8.default -> socks_remote_dns", true



#4 wale4love24

wale4love24
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 25 August 2017 - 04:56 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by UltraMarine (25-08-2017 18:09:51) Run:1
Running from C:\Users\adeni\Downloads\Programs
Loaded Profiles: UltraMarine (Available Profiles: UltraMarine & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [4674872 2017-07-12] (Microsoft Corporation) <==== ATTENTION
AlternateShell:
GroupPolicy: Restriction <==== ATTENTION
GroupPolicyScripts: Restriction <==== ATTENTION
GroupPolicyScripts\User: Restriction <==== ATTENTION
BHO-x32: No Name -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> No File
FF HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\adeni\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found
FF Plugin HKU\S-1-5-21-1286292690-3867387504-3010431711-1001: @acestream.net/acestreamplugin,version=3.1.16.1 -> C:\Users\adeni\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File]
CHR HomePage: Profile 4 -> hxxp://www.luckystarting.com/
CHR StartupUrls: Profile 4 -> "hxxp://websearch.oversearch.info/?pid=512&r=2013/09/25&hid=18313136183427387136&lg=EN&cc=NG&unqvl=36","hxxp://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=GB&userid=9e7ca856-cac3-c8ea-b8de-bf7520b218e5&searchtype=hp&installDate=31/10/2013","hxxp://search.conduit.com/?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPFB4108D4-2E01-4069-987E-B52EEACC8300&SSPV=","hxxp://websearch.exitingsearch.info/?pid=2145&r=201... (long line)
CHR Extension: (EditThisCookie) - C:\Users\adeni\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2017-06-20]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Bangtony\Application\chrome.exe <==== ATTENTION
S1 sdtmqput; no ImagePath
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {DEDC12D8-3DBF-490E-AD14-782E67DDA02A} - \LoanMan Excel SPreag -> No File <==== ATTENTION
2017-08-24 21:21 - 2017-08-24 21:21 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsign201ff4b18cba71f8
2017-08-24 20:56 - 2017-08-24 20:56 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsigna0bbe6b628150751
2017-08-24 20:56 - 2017-08-24 20:56 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsign8189ccfe837b1eb6
2017-08-24 13:43 - 2017-08-24 13:43 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsigne3344892dcb0c4a6
2017-08-24 13:43 - 2017-08-24 13:43 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsign9e29d6a95aedcdc1
2017-08-24 13:43 - 2017-08-24 13:43 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsign16ee4a3eb8c88fe1
2017-08-24 13:31 - 2017-08-24 13:31 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsignc92857b635aef771
2017-08-24 13:05 - 2017-08-24 13:05 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsignf9c3d7611025a73c
2017-08-24 13:05 - 2017-08-24 13:05 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsign5f19990cfa879dc5
2017-08-24 01:33 - 2017-08-24 01:33 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsign80ca3d390243c942
2017-08-24 01:12 - 2017-08-24 01:12 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsign5c9d6263c9d48e19
2017-08-24 01:11 - 2017-08-24 01:11 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsignfea682bc007d0c7e
2017-08-24 01:11 - 2017-08-24 01:11 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsignaeb1a7e465961486
2017-08-24 01:11 - 2017-08-24 01:11 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsignaab0390c7bb4211f
2017-08-21 12:51 - 2017-08-21 12:51 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsign353360f164b825da
2017-08-21 12:46 - 2017-08-21 12:46 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsign0d8b4991080ba4f5
2017-08-21 12:42 - 2017-08-21 12:42 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsigne6a59c7384cf9244
2017-08-21 12:41 - 2017-08-21 12:41 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsigndcb94de4f5e1b2f0
2017-08-21 12:41 - 2017-08-21 12:41 - 000000000 ____D C:\Users\adeni\AppData\Local\Tempzxpsign320b04eade32213a

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\\AlternateShell => value restored successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"C:\WINDOWS\system32\GroupPolicy\Machine" => not found.
C:\WINDOWS\system32\GroupPolicy\User => moved successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8} => key not found.
HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\Software\Mozilla\Firefox\Extensions\\acewebextension_unlisted@acestream.org => value removed successfully
HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\Software\MozillaPlugins\@acestream.net/acestreamplugin,version=3.1.16.1 => key removed successfully
C:\Users\adeni\AppData\Roaming\ACEStream\player\npace_plugin.dll => not found.
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
CHR Extension: (EditThisCookie) - C:\Users\adeni\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2017-06-20] => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Google\Chrome\Extensions\ngpampappnmepgilojfohadhhmbhlaek => key removed successfully
HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\SOFTWARE\Google\Chrome\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo => key removed successfully
HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\SOFTWARE\Clients\StartMenuInternet\ChromeHTML => key removed successfully
HKLM\System\CurrentControlSet\Services\sdtmqput => key removed successfully
sdtmqput => service removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => key removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => key removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{DEDC12D8-3DBF-490E-AD14-782E67DDA02A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DEDC12D8-3DBF-490E-AD14-782E67DDA02A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LoanMan Excel SPreag => key removed successfully
C:\Users\adeni\AppData\Local\Tempzxpsign201ff4b18cba71f8 => moved successfully
C:\Users\adeni\AppData\Local\Tempzxpsigna0bbe6b628150751 => moved successfully
C:\Users\adeni\AppData\Local\Tempzxpsign8189ccfe837b1eb6 => moved successfully
C:\Users\adeni\AppData\Local\Tempzxpsigne3344892dcb0c4a6 => moved successfully
C:\Users\adeni\AppData\Local\Tempzxpsign9e29d6a95aedcdc1 => moved successfully
C:\Users\adeni\AppData\Local\Tempzxpsign16ee4a3eb8c88fe1 => moved successfully
C:\Users\adeni\AppData\Local\Tempzxpsignc92857b635aef771 => moved successfully
C:\Users\adeni\AppData\Local\Tempzxpsignf9c3d7611025a73c => moved successfully
C:\Users\adeni\AppData\Local\Tempzxpsign5f19990cfa879dc5 => moved successfully
C:\Users\adeni\AppData\Local\Tempzxpsign80ca3d390243c942 => moved successfully
C:\Users\adeni\AppData\Local\Tempzxpsign5c9d6263c9d48e19 => moved successfully
C:\Users\adeni\AppData\Local\Tempzxpsignfea682bc007d0c7e => moved successfully
C:\Users\adeni\AppData\Local\Tempzxpsignaeb1a7e465961486 => moved successfully
C:\Users\adeni\AppData\Local\Tempzxpsignaab0390c7bb4211f => moved successfully
C:\Users\adeni\AppData\Local\Tempzxpsign353360f164b825da => moved successfully
C:\Users\adeni\AppData\Local\Tempzxpsign0d8b4991080ba4f5 => moved successfully
C:\Users\adeni\AppData\Local\Tempzxpsigne6a59c7384cf9244 => moved successfully
C:\Users\adeni\AppData\Local\Tempzxpsigndcb94de4f5e1b2f0 => moved successfully
C:\Users\adeni\AppData\Local\Tempzxpsign320b04eade32213a => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 4427998 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 65561199 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 721871 B
Edge => 276372371 B
Chrome => 775213003 B
Firefox => 377822177 B
Opera => 1221344 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 86016 B
systemprofile32 => 305425814 B
LocalService => 29278 B
NetworkService => 714582 B
adeni => 60182125 B
Administrator => 26832 B

RecycleBin => 0 B
EmptyTemp: => 1.7 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:49:50 ====

 

 

 

 

The above is the log for the fix. But i am still having the problem. Chrome, Internet Explorer and some other apps not connect and also remote desktop, especially apps that uses HTTPS.

 

Thanks in advance



#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,518 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:02 AM

Posted 26 August 2017 - 07:40 AM

Hi

Try this fix.

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
CloseProcesses:


FF NetworkProxy: Mozilla\Firefox\Profiles\jjkfi5y8.default -> socks", "127.0.0.1"
FF NetworkProxy: Mozilla\Firefox\Profiles\jjkfi5y8.default -> socks_port", 9959
FF NetworkProxy: Mozilla\Firefox\Profiles\jjkfi5y8.default -> socks_remote_dns", true
cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers

RemoveProxy:

Reboot:


End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

#6 wale4love24

wale4love24
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 26 August 2017 - 06:58 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by UltraMarine (26-08-2017 23:19:34) Run:2
Running from C:\Users\adeni\Downloads\Programs
Loaded Profiles: UltraMarine (Available Profiles: UltraMarine & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
CloseProcesses:


FF NetworkProxy: Mozilla\Firefox\Profiles\jjkfi5y8.default -> socks", "127.0.0.1"
FF NetworkProxy: Mozilla\Firefox\Profiles\jjkfi5y8.default -> socks_port", 9959
FF NetworkProxy: Mozilla\Firefox\Profiles\jjkfi5y8.default -> socks_remote_dns", true
cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers

RemoveProxy:

Reboot:


End
*****************

Restore point was successfully created.
Processes closed successfully.
Firefox Proxy settings were reset.
FF NetworkProxy: Mozilla\Firefox\Profiles\jjkfi5y8.default -> socks_port", 9959 => not found
FF NetworkProxy: Mozilla\Firefox\Profiles\jjkfi5y8.default -> socks_remote_dns", true => not found

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= IPCONFIG /release =========


Windows IP Configuration

No operation can be performed on Ethernet while it has its media disconnected.
No operation can be performed on Ethernet 3 while it has its media disconnected.
No operation can be performed on Local Area Connection* 13 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Ethernet adapter Ethernet 3:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Ethernet adapter Npcap Loopback Adapter:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::68bf:5e83:1f35:8d73%21
   Autoconfiguration IPv4 Address. . : 169.254.141.115
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . :

Ethernet adapter Ethernet 5:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::9dba:b0dc:4ebe:945b%2
   Autoconfiguration IPv4 Address. . : 169.254.148.91
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . :

Wireless LAN adapter Local Area Connection* 13:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Ethernet adapter VMware Network Adapter VMnet1:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::f832:cdc0:b0ac:8e87%17
   Default Gateway . . . . . . . . . :

Ethernet adapter VMware Network Adapter VMnet8:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::a13e:347e:7bac:22fa%30
   Default Gateway . . . . . . . . . :

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::4a0:a14d:ee5d:2919%27
   Default Gateway . . . . . . . . . :

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.{00052167-1559-42B5-ADFE-DB51E3EE39EB}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.{A87CEBFC-F580-4DD6-9880-8A4AC52264B3}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.{F69011E0-AE38-45BD-84E4-FBC23BBBD452}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.home:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

========= End of CMD: =========


========= IPCONFIG /renew =========


Windows IP Configuration

No operation can be performed on Ethernet while it has its media disconnected.
No operation can be performed on Ethernet 3 while it has its media disconnected.
An error occurred while renewing interface Npcap Loopback Adapter : unable to contact your DHCP server. Request has timed out.
An error occurred while renewing interface Ethernet 5 : unable to contact your DHCP server. Request has timed out.
No operation can be performed on Local Area Connection* 13 while it has its media disconnected.
An error occurred while renewing interface VMware Network Adapter VMnet1 : unable to contact your DHCP server. Request has timed out.
An error occurred while renewing interface VMware Network Adapter VMnet8 : unable to contact your DHCP server. Request has timed out.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Ethernet adapter Ethernet 3:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Ethernet adapter Npcap Loopback Adapter:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::68bf:5e83:1f35:8d73%21
   Autoconfiguration IPv4 Address. . : 169.254.141.115
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . :

Ethernet adapter Ethernet 5:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::9dba:b0dc:4ebe:945b%2
   Autoconfiguration IPv4 Address. . : 169.254.148.91
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . :

Wireless LAN adapter Local Area Connection* 13:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Ethernet adapter VMware Network Adapter VMnet1:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::f832:cdc0:b0ac:8e87%17
   Autoconfiguration IPv4 Address. . : 169.254.142.135
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . :

Ethernet adapter VMware Network Adapter VMnet8:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::a13e:347e:7bac:22fa%30
   Autoconfiguration IPv4 Address. . : 169.254.34.250
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . :

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . : home
   Link-local IPv6 Address . . . . . : fe80::4a0:a14d:ee5d:2919%27
   IPv4 Address. . . . . . . . . . . : 192.168.1.24
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.{00052167-1559-42B5-ADFE-DB51E3EE39EB}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.{A87CEBFC-F580-4DD6-9880-8A4AC52264B3}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.{8561FD15-CBC2-46E1-ACB8-4E7F402449EA}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.{F69011E0-AE38-45BD-84E4-FBC23BBBD452}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.home:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : home

========= End of CMD: =========


========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Ok.


========= End of CMD: =========


========= netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= netsh int ip reset c:\resetlog.txt =========

Resetting Global, OK!
Resetting Interface, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Route, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= netsh int ipv4 reset =========

Resetting , failed.
Access is denied.

There's no user specified settings to be reset.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Resetting Interface, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1286292690-3867387504-3010431711-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========



The system needed a reboot.

==== End of Fixlog 23:28:53 ====

 

 

still the same



#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,518 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:02 AM

Posted 27 August 2017 - 08:42 AM


Hi,

Try this.

Reset your router.

How to Reset a Router Back to the Factory Default Settings
http://www.ehow.com/how_2110924_reset-back-factory-default-settings.html

Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it ;)

http://www.routerpasswords.com/
http://www.phenoelit-us.org/dpl/dpl.html
===

Reset for Linksys, Netgear, D-Link and Belkin Routers
http://www.techsupportforum.com/2763-reset-for-linksys-netgear-d-link-and-belkin-routers/

====
How to tell if my Wireless is secure.
http://www.ehow.com/how_6775466_tell-wireless-secure_.html

Keep me posted.

#8 wale4love24

wale4love24
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 27 August 2017 - 12:31 PM

I just reset my router and its still the same thing.



#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,518 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:02 AM

Posted 28 August 2017 - 08:08 AM



Hi,

I can only suggest you check with an expert in the Networking forum.

https://www.bleepingcomputer.com/forums/f/21/networking/

I see from your previous topic that you have the MinitoolBox program.

Run it and post a fresh log for the review by the experts.

This is not caused by malware and is not my forte.

I will keep this topic open for 6 day. If you need to return please do.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users