Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ransom ware tojan with no eset scanable file found


  • This topic is locked This topic is locked
35 replies to this topic

#1 BadAss22

BadAss22

  • Members
  • 42 posts
  • OFFLINE
  •  

Posted 24 August 2017 - 08:52 PM

I had the same problem on my other computer but ran EST ONLINE SCANNNER AND IT DID WIPE IT OUT BUT THIS IS THE SAME AND NOT FOUND. THE Computer had to be restarted and rkill run to restore browers and I ran requested logs.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by Chris (administrator) on CSPERSONALPUTER (23-08-2017 21:58:35)
Running from C:\Users\Chris\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads
Loaded Profiles: Chris (Available Profiles: Chris)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(HP) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(LG Electronics Inc.) C:\Program Files (x86)\LG Software\LG Smart Share\SmartShareStart.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Users\Chris\AppData\Local\Amazon Music\Amazon Music Helper.exe
(© 2015 Microsoft Corporation) C:\Users\Chris\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFTips.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe
(Malwarebytes) C:\ProgramData\Malwarebytes\MBAMService\ctlrupdate\mbupdatr.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDSurrogateHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8241.41275.0_x64__8wekyb3d8bbwe\HxTsr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [384512 2017-07-24] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2014-12-07] (IDT, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213832 2017-08-23] (AVAST Software)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [654088 2015-02-17] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2369248 2015-07-21] (Microsoft Corp.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5232928 2017-05-19] (IObit)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\Run: [Amazon Music] => C:\Users\Chris\AppData\Local\Amazon Music\Amazon Music Helper.exe [3493864 2017-01-11] ()
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\Run: [BingSvc] => C:\Users\Chris\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Mystify.scr [150016 2017-03-18] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-12-18]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{7722a4ae-c8ca-4981-b576-7ca2837bd99a}: [NameServer] 68.105.28.11
Tcpip\..\Interfaces\{c26597db-caf8-4ad5-9b87-71f2d0c4f8b7}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=21.7.0.11
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://msn.com/
SearchScopes: HKLM -> {79433B0E-8330-47BA-916C-4490CCF42796} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-2325216809-2621160187-3092218828-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-08-23] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-08-23] (Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-08-23] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-23] (Oracle Corporation)
BHO: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
BHO-x32: IObit Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2016-12-22] (IObit)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-10-19] (Hewlett-Packard Company)
BHO-x32: IObit Ads Removal -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\Adblock\Adblock.dll [2016-12-22] (IObit)
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-08-23] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-08-23] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-08-23] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-08-23] (Microsoft Corporation)
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-23] (Oracle Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-12-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-12-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-08-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-10] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2325216809-2621160187-3092218828-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll [2013-03-07] (Amazon.com, Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.msn.com/?pc=UP93&ocid=UP93DHP&dt=032913"
CHR Profile: C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default [2017-08-23]
CHR Extension: (Google Slides) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (Google Docs) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Bing) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmkckgpgekmanipelfidlhmkfcjicion [2016-12-06]
CHR Extension: (Honey) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2017-08-23]
CHR Extension: (Google Search) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Avast SafePrice) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-08-23]
CHR Extension: (Google Sheets) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (Google Docs Offline) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
CHR Extension: (Avast Online Security) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-06-20]
CHR Extension: (Auto Refresh) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifooldnmmcmlbdennkpdnlnbgbmfalko [2017-08-23]
CHR Extension: (Webroot Password Manager) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngkhgikojglcgnckopipfdajaifmmnnc [2017-04-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Gmail) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR Extension: (Chrome Media Router) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-23]
CHR Profile: C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Guest Profile [2015-12-13]
CHR HKLM\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - <no Path/update_url>
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-03] (Adobe Systems Incorporated)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7430992 2017-08-23] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263312 2017-08-23] (AVAST Software)
S2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2015-07-21] (Microsoft Corp.)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4424392 2017-08-12] (Microsoft Corporation)
R2 hpsrv; C:\WINDOWS\system32\Hpservice.exe [38728 2016-10-12] (HP)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321896 2017-07-06] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [608520 2015-02-17] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [356352 2017-07-24] (Intel Corporation)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [1766176 2017-05-19] (IObit)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-12-06] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2014-12-06] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
S2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2014-12-07] (IDT, Inc.) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [258136 2017-07-24] (Synaptics Incorporated)
R2 valWBFPolicyService; C:\WINDOWS\system32\valWBFPolicyService.exe [91664 2016-01-06] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-19] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [56128 2016-10-12] (HP)
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [320008 2017-08-23] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [198976 2017-08-23] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [343288 2017-08-23] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [57728 2017-08-23] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [46984 2017-08-23] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [41800 2017-08-23] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [146704 2017-08-23] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [110352 2017-08-23] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [84392 2017-08-23] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1015880 2017-08-23] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [585608 2017-08-23] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [198768 2017-08-23] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [361336 2017-08-23] (AVAST Software)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-08-21] ()
R3 ETDSMBus; C:\WINDOWS\System32\drivers\ETDSMBus.sys [32840 2017-07-24] (ELAN Microelectronic Corp.)
R0 hpdskflt; C:\WINDOWS\System32\DRIVERS\hpdskflt.sys [42312 2016-10-12] (HP)
R1 HWiNFO32; C:\WINDOWS\SysWoW64\drivers\HWiNFO64A.SYS [27552 2017-01-18] (REALiX™)
R3 ikbevent; C:\WINDOWS\system32\DRIVERS\ikbevent.sys [21048 2013-02-13] ()
R1 IMFCameraProtect; C:\WINDOWS\system32\drivers\IMFCameraProtect.sys [44096 2017-03-17] (IObit.com)
R3 IMFDownProtect; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFDownProtect.sys [39288 2017-03-06] (IObit.com)
R3 IMFFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win10_amd64\IMFFilter.sys [40440 2017-02-16] (IObit)
R3 IMFForceDelete; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFForceDelete.sys [33600 2017-02-16] (IObit.com)
R3 imsevent; C:\WINDOWS\system32\DRIVERS\imsevent.sys [21048 2013-02-13] ()
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [192960 2017-08-23] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [101824 2017-08-23] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [45472 2017-08-23] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253888 2017-08-23] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [94144 2017-08-23] (Malwarebytes)
S3 MDA_NTDRV; C:\WINDOWS\system32\MDA_NTDRV.sys [21208 2013-02-25] ()
R0 PxHlpa64; C:\WINDOWS\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\regfilter.sys [52792 2017-02-16] (IObit.com)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [984032 2017-08-23] (Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [781792 2017-07-24] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6804480 2017-05-03] (Realtek Semiconductor Corporation )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-04-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [64088 2017-07-24] (Synaptics Incorporated)
S3 trufos; C:\WINDOWS\System32\drivers\trufos.sys [350160 2015-06-21] (BitDefender S.R.L.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\system32\DRIVERS\WirelessButtonDriver64.sys [32832 2017-07-24] (HP)
S3 WPRO_41_2001; C:\WINDOWS\System32\drivers\WPRO_41_2001.sys [34752 2015-12-15] ()
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-08-23] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-08-23] (Zemana Ltd.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Three Months Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-08-23 21:58 - 2017-08-23 21:58 - 000000000 ____D C:\FRST
2017-08-23 21:52 - 2017-08-23 21:52 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-08-23 21:51 - 2017-08-23 21:51 - 000101824 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-08-23 21:49 - 2017-08-23 21:58 - 000075895 _____ C:\WINDOWS\ZAM.krnl.trace
2017-08-23 21:49 - 2017-08-23 21:58 - 000042091 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-08-23 21:43 - 2017-08-23 21:51 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-08-23 21:43 - 2017-08-23 21:43 - 000192960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-08-23 21:42 - 2017-08-23 21:51 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-08-23 21:42 - 2017-08-23 21:51 - 000045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-08-23 21:42 - 2017-08-23 21:42 - 000001927 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-08-23 21:42 - 2017-08-23 21:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-08-23 21:42 - 2017-08-23 21:42 - 000000000 ____D C:\Program Files\Malwarebytes
2017-08-23 21:42 - 2017-08-21 07:20 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-08-23 21:38 - 2017-08-23 21:39 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-08-23 21:38 - 2017-08-23 21:38 - 000001238 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-08-23 21:38 - 2017-08-23 21:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-08-23 21:18 - 2017-08-23 21:18 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-08-23 21:04 - 2017-08-23 21:04 - 000004022 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1480380597
2017-08-23 21:04 - 2017-08-23 21:04 - 000001095 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-08-23 20:57 - 2017-08-23 20:59 - 000002072 _____ C:\Users\Chris\Desktop\Rkill.txt
2017-08-23 20:52 - 2017-08-23 20:53 - 046661328 _____ (Microsoft Corporation) C:\Users\Chris\Desktop\Windows-KB890830-x64-V5.51.exe
2017-08-23 18:55 - 2017-08-23 18:55 - 000110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2017-08-23 12:17 - 2017-08-23 12:17 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-08-23 12:17 - 2017-08-23 12:17 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-08-23 12:08 - 2017-08-23 12:08 - 007184384 _____ C:\WINDOWS\system32\config\DRIVERS.iobit
2017-08-23 12:02 - 2017-08-23 12:02 - 001015880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2017-08-23 12:02 - 2017-08-23 12:02 - 000146704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2017-08-23 12:02 - 2017-08-23 12:02 - 000146696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys.150351495775007
2017-08-23 12:02 - 2017-08-23 12:02 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2017-08-23 12:02 - 2017-08-23 12:02 - 000003994 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-08-23 12:02 - 2017-08-23 12:00 - 000585608 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-08-23 12:02 - 2017-08-23 12:00 - 000361336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-08-23 12:02 - 2017-08-23 12:00 - 000198768 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-08-23 12:02 - 2017-08-23 12:00 - 000146664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys.150351495162503
2017-08-23 12:02 - 2017-08-23 12:00 - 000110352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-08-23 12:02 - 2017-08-23 12:00 - 000084392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-08-23 12:02 - 2017-08-23 12:00 - 000046984 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-08-23 12:02 - 2017-08-23 11:56 - 001015848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys.150351495775007
2017-08-23 12:02 - 2017-08-23 11:56 - 000041800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-08-23 12:02 - 2017-08-23 11:55 - 000343288 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-08-23 12:02 - 2017-08-23 11:55 - 000320008 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-08-23 12:02 - 2017-08-23 11:55 - 000198976 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-08-23 12:02 - 2017-08-23 11:55 - 000057728 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-08-23 12:01 - 2017-08-23 12:00 - 000400464 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-08-23 12:00 - 2017-08-23 12:00 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-08-23 11:58 - 2017-08-23 11:58 - 000984032 _____ (Realtek ) C:\WINDOWS\system32\Drivers\rt640x64.sys
2017-08-23 11:57 - 2017-08-23 11:57 - 000002487 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-08-23 11:55 - 2017-08-23 11:55 - 000480800 _____ (Intel® Corporation) C:\WINDOWS\system32\Drivers\IntcDAud.sys
2017-08-23 11:48 - 2017-08-23 11:48 - 006754944 _____ (ESET spol. s r.o.) C:\Users\Chris\Downloads\esetonlinescanner_enu.exe
2017-08-23 11:45 - 2017-08-23 11:45 - 000204920 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\TeeDriverW8x64.sys
2017-08-23 11:43 - 2017-08-23 11:43 - 000002420 _____ C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-08-23 11:40 - 2017-08-23 11:40 - 000003038 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (Chris)
2017-07-24 00:48 - 2017-07-24 00:48 - 000001269 _____ C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2017-07-24 00:48 - 2017-07-24 00:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2017-07-24 00:48 - 2017-03-17 00:57 - 000044096 _____ (IObit.com) C:\WINDOWS\system32\Drivers\IMFCameraProtect.sys
2017-07-24 00:46 - 2017-07-24 00:46 - 000902232 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynTP.sys
2017-07-24 00:46 - 2017-07-24 00:46 - 000805464 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynCOM.dll
2017-07-24 00:46 - 2017-07-24 00:46 - 000428632 _____ (Synaptics Incorporated) C:\WINDOWS\SysWOW64\SynCom.dll
2017-07-24 00:46 - 2017-07-24 00:46 - 000338520 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPCo54.dll
2017-07-24 00:46 - 2017-07-24 00:46 - 000278616 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPAPI.dll
2017-07-24 00:46 - 2017-07-24 00:46 - 000064088 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel_Aux.sys
2017-07-24 00:46 - 2017-07-24 00:46 - 000059992 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_AMDASF_Aux.sys
2017-07-24 00:46 - 2017-07-24 00:46 - 000057432 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynRMIHID_Aux.sys
2017-07-24 00:43 - 2017-07-24 00:43 - 001804696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01011.dll
2017-07-24 00:43 - 2017-07-24 00:43 - 000032840 _____ (ELAN Microelectronic Corp.) C:\WINDOWS\system32\Drivers\ETDSMBus.sys
2017-07-24 00:38 - 2017-07-24 00:38 - 000000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2017-07-24 00:36 - 2017-07-24 00:36 - 039864472 _____ (Intel Corporation) C:\WINDOWS\system32\igdumdim64.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 038903384 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdumdim32.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 034823448 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd11dxva32.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 033479864 _____ (Intel Corporation) C:\WINDOWS\system32\igd11dxva64.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 029101560 _____ (Intel Corporation) C:\WINDOWS\system32\common_clang64.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 019861504 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\common_clang32.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 016457272 _____ (Intel Corporation) C:\WINDOWS\system32\igd10iumd64.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 015488920 _____ (Intel Corporation) C:\WINDOWS\system32\igc64.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 013483192 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igc32.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 013070648 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd10iumd32.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 011753464 _____ (Intel Corporation) C:\WINDOWS\system32\ig75icd64.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 008734208 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\ig75icd32.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 007970280 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\igdkmd64.sys
2017-07-24 00:36 - 2017-07-24 00:36 - 006696824 _____ (Intel Corporation) C:\WINDOWS\system32\igdusc64.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 005688832 _____ (Intel Corporation) C:\WINDOWS\system32\igdmcl64.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 005262848 _____ (Intel Corporation) C:\WINDOWS\system32\GfxResources.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 005137296 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdusc32.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 004934144 _____ (Intel Corporation) C:\WINDOWS\system32\igdrcl64.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 004368896 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdrcl32.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 004270672 _____ (Intel Corporation) C:\WINDOWS\system32\igd12umd64.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 004240208 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd12umd32.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 003972096 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdmcl32.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 002393160 _____ (Intel Corporation) C:\WINDOWS\system32\igdmd64.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 002142208 _____ (Intel Corporation) C:\WINDOWS\system32\igfxLHM.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 001858632 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdmd32.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 001816712 _____ (Intel Corporation) C:\WINDOWS\system32\iglhsip64.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 001814056 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iglhsip32.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 001590784 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmjit64.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 001178624 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmjit32.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 001009664 _____ C:\WINDOWS\system32\igfxSDK.exe
2017-07-24 00:36 - 2017-07-24 00:36 - 000950784 _____ (Intel Corporation) C:\WINDOWS\system32\Gfxv4_0.exe
2017-07-24 00:36 - 2017-07-24 00:36 - 000947200 _____ (Intel Corporation) C:\WINDOWS\system32\Gfxv2_0.exe
2017-07-24 00:36 - 2017-07-24 00:36 - 000756224 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDH.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 000705024 _____ (Intel Corporation) C:\WINDOWS\system32\MetroIntelGenericUIFramework.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 000449536 _____ (Intel Corporation) C:\WINDOWS\system32\GfxUIEx.exe
2017-07-24 00:36 - 2017-07-24 00:36 - 000439288 _____ (Intel Corporation) C:\WINDOWS\system32\igdbcl64.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 000431104 _____ (Intel Corporation) C:\WINDOWS\system32\IntelCpHDCPSvc.exe
2017-07-24 00:36 - 2017-07-24 00:36 - 000416256 _____ (Intel Corporation) C:\WINDOWS\system32\IntelOpenCL64.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 000398848 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDI.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 000390144 _____ (Intel Corporation) C:\WINDOWS\system32\igfxOSP.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 000388608 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdbcl32.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 000384512 _____ C:\WINDOWS\system32\igfxTray.exe
2017-07-24 00:36 - 2017-07-24 00:36 - 000356352 _____ (Intel Corporation) C:\WINDOWS\system32\igfxCUIService.exe
2017-07-24 00:36 - 2017-07-24 00:36 - 000337408 _____ (Intel Corporation) C:\WINDOWS\system32\igfxEM.exe
2017-07-24 00:36 - 2017-07-24 00:36 - 000318464 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IntelOpenCL32.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 000312296 _____ (Intel Corporation) C:\WINDOWS\system32\igd10idpp64.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 000297152 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd10idpp32.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 000284160 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe
2017-07-24 00:36 - 2017-07-24 00:36 - 000273408 _____ C:\WINDOWS\system32\igfxCPL.cpl
2017-07-24 00:36 - 2017-07-24 00:36 - 000266232 _____ (Intel Corporation) C:\WINDOWS\system32\igdfcl64.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 000254976 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDTCM.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 000251392 _____ (Intel Corporation) C:\WINDOWS\system32\igfxHK.exe
2017-07-24 00:36 - 2017-07-24 00:36 - 000242152 _____ (Intel Corporation) C:\WINDOWS\system32\iglhcp64.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 000225280 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdfcl32.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 000223240 _____ (Intel Corporation) C:\WINDOWS\system32\igdde64.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 000220160 _____ (Intel Corporation) C:\WINDOWS\system32\igfxCoIn_v4624.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 000219648 _____ (Intel Corporation) C:\WINDOWS\system32\igfxext.exe
2017-07-24 00:36 - 2017-07-24 00:36 - 000215040 _____ (Intel Corporation) C:\WINDOWS\system32\DPTopologyApp.exe
2017-07-24 00:36 - 2017-07-24 00:36 - 000214528 _____ (Intel Corporation) C:\WINDOWS\system32\DPTopologyAppv2_0.exe
2017-07-24 00:36 - 2017-07-24 00:36 - 000205344 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iglhcp32.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 000193016 _____ (Intel Corporation) C:\WINDOWS\system32\igdail64.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 000183968 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmrt64.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 000182944 _____ (Intel Corporation) C:\WINDOWS\system32\igfx11cmrt64.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 000181832 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdde32.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 000173568 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdail32.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 000160264 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmrt32.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 000160256 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfx11cmrt32.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 000157696 _____ (Intel Corporation) C:\WINDOWS\system32\difx64.exe
2017-07-24 00:36 - 2017-07-24 00:36 - 000111616 _____ ( ) C:\WINDOWS\system32\igfxSDKLibv2_0.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 000103936 _____ (Khronos Group) C:\WINDOWS\SysWOW64\Intel_OpenCL_ICD32.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 000103416 _____ C:\WINDOWS\system32\igfxCUIServicePS.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 000100864 _____ ( ) C:\WINDOWS\system32\igfxSDKLib.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 000099840 _____ (Khronos Group) C:\WINDOWS\system32\Intel_OpenCL_ICD64.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 000095232 _____ ( ) C:\WINDOWS\system32\igfxDHLibv2_0.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 000084992 _____ ( ) C:\WINDOWS\system32\igfxDHLib.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 000055240 _____ (Intel Corporation) C:\WINDOWS\system32\igfxexps.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 000052736 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxexps32.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 000029184 _____ ( ) C:\WINDOWS\system32\igfxDILibv2_0.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 000029184 _____ ( ) C:\WINDOWS\system32\igfxDILib.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 000027648 _____ ( ) C:\WINDOWS\system32\igfxEMLibv2_0.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 000027648 _____ ( ) C:\WINDOWS\system32\igfxEMLib.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 000022528 _____ ( ) C:\WINDOWS\system32\igfxLHMLibv2_0.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 000022528 _____ ( ) C:\WINDOWS\system32\igfxLHMLib.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 000004862 _____ C:\WINDOWS\system32\iglhxs64.vp
2017-07-24 00:31 - 2017-07-24 00:31 - 000781792 _____ (Realsil Semiconductor Corporation) C:\WINDOWS\system32\Drivers\RtsPer.sys
2017-07-24 00:30 - 2017-07-24 00:30 - 000032832 _____ (HP) C:\WINDOWS\system32\Drivers\WirelessButtonDriver64.sys
2017-07-24 00:28 - 2017-08-23 11:59 - 000002366 _____ C:\Users\Public\Desktop\Driver Booster 4.lnk
2017-07-24 00:28 - 2017-07-24 00:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 4
2017-07-21 15:02 - 2017-07-21 15:02 - 040267776 _____ C:\WINDOWS\system32\config\COMPONENTS.iobit
2017-07-19 23:05 - 2017-07-06 23:57 - 000626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-07-19 23:05 - 2017-07-06 23:57 - 000125344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2017-07-19 23:05 - 2017-07-06 23:39 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-07-19 23:05 - 2017-07-06 23:39 - 000096128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-07-19 23:05 - 2017-07-06 23:37 - 031652264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsRaw.dll
2017-07-19 23:05 - 2017-07-06 23:37 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-07-19 23:05 - 2017-07-06 23:37 - 001339352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpmde.dll
2017-07-19 23:05 - 2017-07-06 23:31 - 005820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-07-19 23:05 - 2017-07-06 23:31 - 001518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-07-19 23:05 - 2017-07-06 23:31 - 000129184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-07-19 23:05 - 2017-07-06 23:30 - 002165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-07-19 23:05 - 2017-07-06 23:30 - 000949920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2017-07-19 23:05 - 2017-07-06 23:30 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-07-19 23:05 - 2017-07-06 23:29 - 000349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-07-19 23:05 - 2017-07-06 23:29 - 000123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Clipc.dll
2017-07-19 23:05 - 2017-07-06 23:27 - 006759512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-07-19 23:05 - 2017-07-06 23:26 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-07-19 23:05 - 2017-07-06 23:26 - 001529384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-07-19 23:05 - 2017-07-06 23:26 - 001195240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-07-19 23:05 - 2017-07-06 23:26 - 000988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-07-19 23:05 - 2017-07-06 23:25 - 000035232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininitext.dll
2017-07-19 23:05 - 2017-07-06 23:23 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-07-19 23:05 - 2017-07-06 23:14 - 002956800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-07-19 23:05 - 2017-07-06 23:14 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-07-19 23:05 - 2017-07-06 23:14 - 000790016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-07-19 23:05 - 2017-07-06 23:13 - 013839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-07-19 23:05 - 2017-07-06 23:12 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-07-19 23:05 - 2017-07-06 23:10 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-07-19 23:05 - 2017-07-06 23:10 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapprovp.dll
2017-07-19 23:05 - 2017-07-06 23:09 - 020504576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-07-19 23:05 - 2017-07-06 23:09 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-07-19 23:05 - 2017-07-06 23:07 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\raschap.dll
2017-07-19 23:05 - 2017-07-06 23:06 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsExt.dll
2017-07-19 23:05 - 2017-07-06 23:05 - 019335168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-07-19 23:05 - 2017-07-06 23:05 - 011870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-07-19 23:05 - 2017-07-06 23:05 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-07-19 23:05 - 2017-07-06 23:05 - 005719040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-07-19 23:05 - 2017-07-06 23:05 - 000502784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2017-07-19 23:05 - 2017-07-06 23:05 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2017-07-19 23:05 - 2017-07-06 23:04 - 005961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-07-19 23:05 - 2017-07-06 23:04 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-07-19 23:05 - 2017-07-06 23:04 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-07-19 23:05 - 2017-07-06 23:04 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-07-19 23:05 - 2017-07-06 23:04 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-07-19 23:05 - 2017-07-06 23:03 - 006123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-07-19 23:05 - 2017-07-06 23:03 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-07-19 23:05 - 2017-07-06 23:03 - 000446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-07-19 23:05 - 2017-07-06 23:02 - 000952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-07-19 23:05 - 2017-07-06 23:02 - 000508416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2017-07-19 23:05 - 2017-07-06 23:01 - 006287360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-07-19 23:05 - 2017-07-06 23:01 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-07-19 23:05 - 2017-07-06 23:00 - 007596544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-07-19 23:05 - 2017-07-06 23:00 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-07-19 23:05 - 2017-07-06 23:00 - 002588160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-07-19 23:05 - 2017-07-06 23:00 - 001626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-07-19 23:05 - 2017-07-06 23:00 - 001565184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-07-19 23:05 - 2017-07-06 23:00 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-07-19 23:05 - 2017-07-06 22:59 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-07-19 23:05 - 2017-07-06 22:59 - 003656704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-07-19 23:05 - 2017-07-06 22:59 - 001494016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-07-19 23:05 - 2017-07-06 22:59 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-07-19 23:05 - 2017-07-06 22:59 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-07-19 23:05 - 2017-07-06 22:58 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-07-19 23:05 - 2017-07-06 22:58 - 002782720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-07-19 23:05 - 2017-07-06 22:58 - 002298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-07-19 23:05 - 2017-07-06 22:58 - 001237504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2017-07-19 23:05 - 2017-07-06 22:55 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2017-07-19 23:05 - 2017-07-06 22:55 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2017-07-19 23:05 - 2017-07-06 22:53 - 001301504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdc.dll
2017-07-19 23:05 - 2017-07-06 22:53 - 000338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2017-07-19 23:05 - 2017-06-19 22:34 - 000192416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-07-19 23:05 - 2017-06-19 22:15 - 001620368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-07-19 23:05 - 2017-06-19 22:15 - 000455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2017-07-19 23:05 - 2017-06-19 22:14 - 001150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-07-19 23:05 - 2017-06-19 22:13 - 000787712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-07-19 23:05 - 2017-06-19 22:09 - 000406032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-07-19 23:05 - 2017-06-19 22:08 - 004469840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-07-19 23:05 - 2017-06-19 22:07 - 002475136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-07-19 23:05 - 2017-06-19 22:07 - 000346016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-07-19 23:05 - 2017-06-19 22:07 - 000138656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2017-07-19 23:05 - 2017-06-19 22:06 - 000754592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-07-19 23:05 - 2017-06-19 22:06 - 000278944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2017-07-19 23:05 - 2017-06-19 22:05 - 000438096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-07-19 23:05 - 2017-06-19 22:04 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-07-19 23:05 - 2017-06-19 22:04 - 001178528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-07-19 23:05 - 2017-06-19 22:04 - 001077496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2017-07-19 23:05 - 2017-06-19 22:04 - 000181656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-07-19 23:05 - 2017-06-19 22:04 - 000049656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msasn1.dll
2017-07-19 23:05 - 2017-06-19 22:03 - 005806048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-07-19 23:05 - 2017-06-19 22:03 - 000864240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-07-19 23:05 - 2017-06-19 22:03 - 000443728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2017-07-19 23:05 - 2017-06-19 22:02 - 001121928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-07-19 23:05 - 2017-06-19 22:02 - 000354400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-07-19 23:05 - 2017-06-19 22:01 - 000176032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-07-19 23:05 - 2017-06-19 21:49 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfuimanager.dll
2017-07-19 23:05 - 2017-06-19 21:49 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2017-07-19 23:05 - 2017-06-19 21:46 - 000132096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-07-19 23:05 - 2017-06-19 21:45 - 000111104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Profile.RetailInfo.dll
2017-07-19 23:05 - 2017-06-19 21:45 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-07-19 23:05 - 2017-06-19 21:43 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-07-19 23:05 - 2017-06-19 21:43 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ClipboardServer.dll
2017-07-19 23:05 - 2017-06-19 21:43 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2017-07-19 23:05 - 2017-06-19 21:43 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2017-07-19 23:05 - 2017-06-19 21:43 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-07-19 23:05 - 2017-06-19 21:43 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-07-19 23:05 - 2017-06-19 21:43 - 000052224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dataclen.dll
2017-07-19 23:05 - 2017-06-19 21:42 - 000641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certca.dll
2017-07-19 23:05 - 2017-06-19 21:42 - 000387584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2017-07-19 23:05 - 2017-06-19 21:42 - 000338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-07-19 23:05 - 2017-06-19 21:42 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-07-19 23:05 - 2017-06-19 21:42 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-07-19 23:05 - 2017-06-19 21:42 - 000121856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2017-07-19 23:05 - 2017-06-19 21:41 - 000734208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-07-19 23:05 - 2017-06-19 21:41 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2017-07-19 23:05 - 2017-06-19 21:41 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2017-07-19 23:05 - 2017-06-19 21:41 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2017-07-19 23:05 - 2017-06-19 21:41 - 000201216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2017-07-19 23:05 - 2017-06-19 21:40 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-07-19 23:05 - 2017-06-19 21:40 - 000356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-07-19 23:05 - 2017-06-19 21:40 - 000342016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-07-19 23:05 - 2017-06-19 21:40 - 000247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-07-19 23:05 - 2017-06-19 21:40 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
2017-07-19 23:05 - 2017-06-19 21:40 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-07-19 23:05 - 2017-06-19 21:39 - 002814464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2017-07-19 23:05 - 2017-06-19 21:39 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-07-19 23:05 - 2017-06-19 21:39 - 000969728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2017-07-19 23:05 - 2017-06-19 21:39 - 000646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2017-07-19 23:05 - 2017-06-19 21:39 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
2017-07-19 23:05 - 2017-06-19 21:39 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-07-19 23:05 - 2017-06-19 21:38 - 001451008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-07-19 23:05 - 2017-06-19 21:38 - 001285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-07-19 23:05 - 2017-06-19 21:38 - 001171968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-07-19 23:05 - 2017-06-19 21:38 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-07-19 23:05 - 2017-06-19 21:38 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2017-07-19 23:05 - 2017-06-19 21:38 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-07-19 23:05 - 2017-06-19 21:37 - 002008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-07-19 23:05 - 2017-06-19 21:36 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-07-19 23:05 - 2017-06-19 21:35 - 002679296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-07-19 23:05 - 2017-06-19 21:35 - 002132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-07-19 23:05 - 2017-06-19 21:35 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-07-19 23:05 - 2017-06-19 21:34 - 004056576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-07-19 23:05 - 2017-06-19 21:34 - 002750464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-07-19 23:05 - 2017-06-19 21:34 - 002211328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-07-19 23:05 - 2017-06-19 21:34 - 001492480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2017-07-19 23:05 - 2017-06-19 21:34 - 000760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-07-19 23:05 - 2017-06-19 21:31 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-07-19 23:05 - 2017-06-19 21:30 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdmaud.drv
2017-07-19 23:05 - 2017-06-19 21:30 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2017-07-19 23:05 - 2017-06-19 21:30 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-07-19 23:05 - 2017-06-19 21:28 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2017-07-19 23:04 - 2017-07-07 00:21 - 032688336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsRaw.dll
2017-07-19 23:04 - 2017-07-07 00:20 - 002021680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2017-07-19 23:04 - 2017-07-07 00:17 - 001017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-07-19 23:04 - 2017-07-07 00:14 - 001760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-07-19 23:04 - 2017-07-07 00:13 - 000336320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-07-19 23:04 - 2017-07-07 00:12 - 000411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-07-19 23:04 - 2017-07-07 00:12 - 000318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-07-19 23:04 - 2017-07-07 00:12 - 000228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-07-19 23:04 - 2017-07-07 00:11 - 007904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-07-19 23:04 - 2017-07-07 00:10 - 021353208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-07-19 23:04 - 2017-07-07 00:10 - 001670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-07-19 23:04 - 2017-07-07 00:09 - 000041376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininitext.dll
2017-07-19 23:04 - 2017-07-06 23:27 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-07-19 23:04 - 2017-07-06 23:27 - 001640448 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-07-19 23:04 - 2017-07-06 23:27 - 001050624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-07-19 23:04 - 2017-07-06 23:23 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-07-19 23:04 - 2017-07-06 23:23 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-07-19 23:04 - 2017-07-06 23:23 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-07-19 23:04 - 2017-07-06 23:22 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-07-19 23:04 - 2017-07-06 23:21 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-07-19 23:04 - 2017-07-06 23:19 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-07-19 23:04 - 2017-07-06 23:19 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-07-19 23:04 - 2017-07-06 23:18 - 000548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2017-07-19 23:04 - 2017-07-06 23:18 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsExt.dll
2017-07-19 23:04 - 2017-07-06 23:17 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-07-19 23:04 - 2017-07-06 23:17 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-07-19 23:04 - 2017-07-06 23:17 - 000692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-07-19 23:04 - 2017-07-06 23:17 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-07-19 23:04 - 2017-07-06 23:17 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-07-19 23:04 - 2017-07-06 23:15 - 008238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-07-19 23:04 - 2017-07-06 23:15 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-07-19 23:04 - 2017-07-06 23:14 - 008211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-07-19 23:04 - 2017-07-06 23:13 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-07-19 23:04 - 2017-07-06 23:12 - 004730880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-07-19 23:04 - 2017-07-06 23:12 - 002499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-07-19 23:04 - 2017-07-06 23:12 - 002055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-07-19 23:04 - 2017-07-06 23:12 - 001420800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2017-07-19 23:04 - 2017-07-06 23:12 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-07-19 23:04 - 2017-07-06 23:12 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-07-19 23:04 - 2017-07-06 23:11 - 000986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-07-19 23:04 - 2017-07-06 23:11 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-07-19 23:04 - 2017-07-06 23:10 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-07-19 23:04 - 2017-07-06 23:10 - 002444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-07-19 23:04 - 2017-07-06 23:08 - 000285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-07-19 23:04 - 2017-07-01 15:52 - 000031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-07-19 23:04 - 2017-06-19 23:03 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-07-19 23:04 - 2017-06-19 23:02 - 001055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-07-19 23:04 - 2017-06-19 23:00 - 000558920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-07-19 23:04 - 2017-06-19 22:59 - 006554928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-07-19 23:04 - 2017-06-19 22:58 - 000833160 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2017-07-19 23:04 - 2017-06-19 22:57 - 002681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-07-19 23:04 - 2017-06-19 22:57 - 000204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-07-19 23:04 - 2017-06-19 22:16 - 000970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll
2017-07-19 23:04 - 2017-06-19 22:13 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2017-07-19 23:04 - 2017-06-19 22:13 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgr.dll
2017-07-19 23:04 - 2017-06-19 22:13 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModelOOBE.exe
2017-07-19 23:04 - 2017-06-19 22:12 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-07-19 23:04 - 2017-06-19 22:12 - 000264192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbvideo.sys
2017-07-19 23:04 - 2017-06-19 22:12 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Profile.RetailInfo.dll
2017-07-19 23:04 - 2017-06-19 22:11 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-07-19 23:04 - 2017-06-19 22:10 - 000722432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-07-19 23:04 - 2017-06-19 22:10 - 000188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2017-07-19 23:04 - 2017-06-19 22:09 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgrSvc.dll
2017-07-19 23:04 - 2017-06-19 22:09 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2017-07-19 23:04 - 2017-06-19 22:09 - 000250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2017-07-19 23:04 - 2017-06-19 22:09 - 000205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipboardServer.dll
2017-07-19 23:04 - 2017-06-19 22:09 - 000189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-07-19 23:04 - 2017-06-19 22:09 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2017-07-19 23:04 - 2017-06-19 22:08 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2017-07-19 23:04 - 2017-06-19 22:08 - 000328704 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2017-07-19 23:04 - 2017-06-19 22:08 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-07-19 23:04 - 2017-06-19 22:08 - 000251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-07-19 23:04 - 2017-06-19 22:07 - 000632832 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2017-07-19 23:04 - 2017-06-19 22:07 - 000510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-07-19 23:04 - 2017-06-19 22:07 - 000411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-07-19 23:04 - 2017-06-19 22:06 - 000942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-07-19 23:04 - 2017-06-19 22:06 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-07-19 23:04 - 2017-06-19 22:05 - 004447744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-07-19 23:04 - 2017-06-19 22:05 - 002873344 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2017-07-19 23:04 - 2017-06-19 22:05 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-07-19 23:04 - 2017-06-19 22:05 - 000417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-07-19 23:04 - 2017-06-19 22:05 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-07-19 23:04 - 2017-06-19 22:05 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-07-19 23:04 - 2017-06-19 22:04 - 001818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-07-19 23:04 - 2017-06-19 22:04 - 001177600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2017-07-19 23:04 - 2017-06-19 22:04 - 000802816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-07-19 23:04 - 2017-06-19 22:04 - 000400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-07-19 23:04 - 2017-06-19 22:04 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2017-07-19 23:04 - 2017-06-19 22:03 - 001396224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-07-19 23:04 - 2017-06-19 22:02 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-07-19 23:04 - 2017-06-19 22:02 - 000681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-07-19 23:04 - 2017-06-19 22:01 - 003803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-07-19 23:04 - 2017-06-19 22:01 - 003332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-07-19 23:04 - 2017-06-19 22:01 - 003059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-07-19 23:04 - 2017-06-19 22:01 - 001076736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-07-19 23:04 - 2017-06-19 22:00 - 003057664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-07-19 23:04 - 2017-06-19 22:00 - 002597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-07-19 23:04 - 2017-06-19 21:56 - 000985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-07-19 23:03 - 2017-07-07 07:00 - 000947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2017-07-19 23:03 - 2017-07-07 00:27 - 001147288 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-07-19 23:03 - 2017-07-07 00:27 - 001024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-07-19 23:03 - 2017-07-07 00:27 - 000965024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-07-19 23:03 - 2017-07-07 00:27 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-07-19 23:03 - 2017-07-07 00:27 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-07-19 23:03 - 2017-07-07 00:26 - 001065104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-07-19 23:03 - 2017-07-07 00:25 - 000899824 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-07-19 23:03 - 2017-07-07 00:24 - 000117664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2017-07-19 23:03 - 2017-07-07 00:23 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-07-19 23:03 - 2017-07-07 00:22 - 008318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-07-19 23:03 - 2017-07-07 00:22 - 001186464 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-07-19 23:03 - 2017-07-07 00:22 - 000119384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-07-19 23:03 - 2017-07-07 00:21 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-07-19 23:03 - 2017-07-07 00:20 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-07-19 23:03 - 2017-07-07 00:20 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-07-19 23:03 - 2017-07-07 00:20 - 000382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-07-19 23:03 - 2017-07-07 00:15 - 002444696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-07-19 23:03 - 2017-07-07 00:14 - 007325584 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-07-19 23:03 - 2017-07-07 00:14 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-07-19 23:03 - 2017-07-07 00:14 - 001171032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2017-07-19 23:03 - 2017-07-07 00:13 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-07-19 23:03 - 2017-07-07 00:13 - 000147800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Clipc.dll
2017-07-19 23:03 - 2017-07-07 00:11 - 000094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-07-19 23:03 - 2017-07-07 00:10 - 001337848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-07-19 23:03 - 2017-07-07 00:10 - 001325968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-07-19 23:03 - 2017-07-07 00:10 - 000372128 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-07-19 23:03 - 2017-07-07 00:10 - 000254168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-07-19 23:03 - 2017-07-07 00:07 - 001106848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-07-19 23:03 - 2017-07-07 00:07 - 000058488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-07-19 23:03 - 2017-07-06 23:40 - 023677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-07-19 23:03 - 2017-07-06 23:27 - 000859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2017-07-19 23:03 - 2017-07-06 23:27 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll
2017-07-19 23:03 - 2017-07-06 23:27 - 000557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2017-07-19 23:03 - 2017-07-06 23:27 - 000443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-07-19 23:03 - 2017-07-06 23:27 - 000360960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2017-07-19 23:03 - 2017-07-06 23:26 - 017364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-07-19 23:03 - 2017-07-06 23:25 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-07-19 23:03 - 2017-07-06 23:24 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2017-07-19 23:03 - 2017-07-06 23:23 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapprovp.dll
2017-07-19 23:03 - 2017-07-06 23:22 - 000520704 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-07-19 23:03 - 2017-07-06 23:21 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll
2017-07-19 23:03 - 2017-07-06 23:20 - 023681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-07-19 23:03 - 2017-07-06 23:20 - 008331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-07-19 23:03 - 2017-07-06 23:20 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\prntvpt.dll
2017-07-19 23:03 - 2017-07-06 23:19 - 007149056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-07-19 23:03 - 2017-07-06 23:19 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-07-19 23:03 - 2017-07-06 23:19 - 000137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\raschap.dll
2017-07-19 23:03 - 2017-07-06 23:18 - 007336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-07-19 23:03 - 2017-07-06 23:18 - 000563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2017-07-19 23:03 - 2017-07-06 23:18 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2017-07-19 23:03 - 2017-07-06 23:17 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-07-19 23:03 - 2017-07-06 23:17 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-07-19 23:03 - 2017-07-06 23:16 - 012786176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-07-19 23:03 - 2017-07-06 23:16 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-07-19 23:03 - 2017-07-06 23:16 - 000545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-07-19 23:03 - 2017-07-06 23:14 - 003784704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-07-19 23:03 - 2017-07-06 23:14 - 001802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-07-19 23:03 - 2017-07-06 23:14 - 000570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2017-07-19 23:03 - 2017-07-06 23:14 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-07-19 23:03 - 2017-07-06 23:13 - 005892096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-07-19 23:03 - 2017-07-06 23:12 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-07-19 23:03 - 2017-07-06 23:12 - 001713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-07-19 23:03 - 2017-07-06 23:12 - 001305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-07-19 23:03 - 2017-07-06 23:12 - 001142272 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-07-19 23:03 - 2017-07-06 23:11 - 003139584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-07-19 23:03 - 2017-07-06 23:11 - 002829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-07-19 23:03 - 2017-07-06 23:11 - 002649600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-07-19 23:03 - 2017-07-06 23:11 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-07-19 23:03 - 2017-07-06 23:11 - 001888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-07-19 23:03 - 2017-07-06 23:11 - 001812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-07-19 23:03 - 2017-07-06 23:10 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-07-19 23:03 - 2017-07-06 23:07 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-07-19 23:03 - 2017-07-06 23:07 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2017-07-19 23:03 - 2017-07-06 23:07 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2017-07-19 23:03 - 2017-07-06 23:06 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2017-07-19 23:03 - 2017-07-06 23:06 - 000205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sensrsvc.dll
2017-07-19 23:03 - 2017-07-06 23:05 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2017-07-19 23:03 - 2017-07-06 23:04 - 001703424 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-07-19 23:03 - 2017-07-06 23:04 - 001403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdc.dll
2017-07-19 23:03 - 2017-07-06 23:04 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2017-07-19 23:03 - 2017-06-19 23:18 - 001564576 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-07-19 23:03 - 2017-06-19 23:18 - 000096672 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-07-19 23:03 - 2017-06-19 23:17 - 000629152 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-07-19 23:03 - 2017-06-19 23:17 - 000544160 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-07-19 23:03 - 2017-06-19 23:17 - 000334240 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-07-19 23:03 - 2017-06-19 23:17 - 000136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-07-19 23:03 - 2017-06-19 23:17 - 000034720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-07-19 23:03 - 2017-06-19 23:16 - 001214880 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-07-19 23:03 - 2017-06-19 23:16 - 000335776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-07-19 23:03 - 2017-06-19 23:15 - 000233376 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-07-19 23:03 - 2017-06-19 23:11 - 001395152 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-07-19 23:03 - 2017-06-19 23:11 - 000411992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2017-07-19 23:03 - 2017-06-19 23:10 - 002327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-07-19 23:03 - 2017-06-19 23:10 - 001930320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-07-19 23:03 - 2017-06-19 23:08 - 001242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-07-19 23:03 - 2017-06-19 23:06 - 000279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-07-19 23:03 - 2017-06-19 23:05 - 001057832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-07-19 23:03 - 2017-06-19 23:04 - 004847424 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-07-19 23:03 - 2017-06-19 23:04 - 000472728 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-07-19 23:03 - 2017-06-19 23:03 - 000179608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll
2017-07-19 23:03 - 2017-06-19 23:03 - 000102312 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialUIBroker.exe
2017-07-19 23:03 - 2017-06-19 23:02 - 002645688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-07-19 23:03 - 2017-06-19 23:02 - 000426912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-07-19 23:03 - 2017-06-19 23:00 - 000255904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-07-19 23:03 - 2017-06-19 23:00 - 000142752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-07-19 23:03 - 2017-06-19 22:59 - 001220072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-07-19 23:03 - 2017-06-19 22:59 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-07-19 23:03 - 2017-06-19 22:59 - 000583304 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2017-07-19 23:03 - 2017-06-19 22:59 - 000467504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2017-07-19 23:03 - 2017-06-19 22:58 - 000406072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-07-19 23:03 - 2017-06-19 22:58 - 000203168 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2017-07-19 23:03 - 2017-06-19 22:16 - 000417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2017-07-19 23:03 - 2017-06-19 22:14 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2017-07-19 23:03 - 2017-06-19 22:13 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-07-19 23:03 - 2017-06-19 22:12 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2017-07-19 23:03 - 2017-06-19 22:12 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-07-19 23:03 - 2017-06-19 22:12 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2017-07-19 23:03 - 2017-06-19 22:11 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-07-19 23:03 - 2017-06-19 22:10 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2017-07-19 23:03 - 2017-06-19 22:10 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-07-19 23:03 - 2017-06-19 22:10 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-07-19 23:03 - 2017-06-19 22:10 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-07-19 23:03 - 2017-06-19 22:09 - 000551424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2017-07-19 23:03 - 2017-06-19 22:09 - 000427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-07-19 23:03 - 2017-06-19 22:09 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Narrator.exe
2017-07-19 23:03 - 2017-06-19 22:09 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-07-19 23:03 - 2017-06-19 22:09 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-07-19 23:03 - 2017-06-19 22:09 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dataclen.dll
2017-07-19 23:03 - 2017-06-19 22:08 - 000791040 _____ (Microsoft Corporation) C:\WINDOWS\system32\certca.dll
2017-07-19 23:03 - 2017-06-19 22:08 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-07-19 23:03 - 2017-06-19 22:08 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-07-19 23:03 - 2017-06-19 22:08 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-07-19 23:03 - 2017-06-19 22:07 - 000916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2017-07-19 23:03 - 2017-06-19 22:07 - 000823296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2017-07-19 23:03 - 2017-06-19 22:07 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-07-19 23:03 - 2017-06-19 22:07 - 000626176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2017-07-19 23:03 - 2017-06-19 22:07 - 000621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2017-07-19 23:03 - 2017-06-19 22:06 - 000847872 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-07-19 23:03 - 2017-06-19 22:06 - 000751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-07-19 23:03 - 2017-06-19 22:06 - 000455680 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-07-19 23:03 - 2017-06-19 22:06 - 000411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-07-19 23:03 - 2017-06-19 22:06 - 000335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2017-07-19 23:03 - 2017-06-19 22:06 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-07-19 23:03 - 2017-06-19 22:06 - 000253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2017-07-19 23:03 - 2017-06-19 22:05 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-07-19 23:03 - 2017-06-19 22:05 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2017-07-19 23:03 - 2017-06-19 22:05 - 000687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-07-19 23:03 - 2017-06-19 22:05 - 000585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-07-19 23:03 - 2017-06-19 22:05 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-07-19 23:03 - 2017-06-19 22:05 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-07-19 23:03 - 2017-06-19 22:04 - 001425920 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-07-19 23:03 - 2017-06-19 22:04 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2017-07-19 23:03 - 2017-06-19 22:03 - 002077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-07-19 23:03 - 2017-06-19 22:02 - 003204096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-07-19 23:03 - 2017-06-19 22:02 - 002804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-07-19 23:03 - 2017-06-19 22:02 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-07-19 23:03 - 2017-06-19 22:02 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinAUG.dll
2017-07-19 23:03 - 2017-06-19 22:01 - 004536320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-07-19 23:03 - 2017-06-19 22:01 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-07-19 23:03 - 2017-06-19 22:01 - 000809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-07-19 23:03 - 2017-06-19 22:01 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-07-19 23:03 - 2017-06-19 22:00 - 002171392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2017-07-19 23:03 - 2017-06-19 21:59 - 002938880 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-07-19 23:03 - 2017-06-19 21:59 - 001674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-07-19 23:03 - 2017-06-19 21:59 - 001357824 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-07-19 23:03 - 2017-06-19 21:58 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-07-19 23:03 - 2017-06-19 21:57 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2017-07-19 23:03 - 2017-06-19 21:57 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMPushRouterCore.dll
2017-07-19 23:03 - 2017-06-19 21:56 - 000600064 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-07-19 23:03 - 2017-06-19 21:56 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdmaud.drv
2017-07-19 23:03 - 2017-06-19 21:54 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
2017-07-19 23:02 - 2017-07-07 00:13 - 000554392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-06-17 18:55 - 2017-06-17 18:55 - 100343808 _____ C:\WINDOWS\system32\config\SOFTWARE.iobit
2017-06-17 18:55 - 2017-06-17 18:55 - 000475136 _____ C:\WINDOWS\system32\config\DEFAULT.iobit
2017-06-17 18:55 - 2017-06-17 18:55 - 000061440 _____ C:\WINDOWS\system32\config\SAM.iobit
2017-06-17 18:55 - 2017-06-17 18:55 - 000032768 _____ C:\WINDOWS\system32\config\SECURITY.iobit
2017-06-17 15:04 - 2017-06-03 03:09 - 001003624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-06-17 15:04 - 2017-06-03 03:07 - 000119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-17 15:04 - 2017-06-03 03:00 - 000219040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2017-06-17 15:04 - 2017-06-03 02:59 - 001409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-06-17 15:04 - 2017-06-03 02:59 - 000311200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-17 15:04 - 2017-06-03 02:59 - 000259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-06-17 15:04 - 2017-06-03 02:26 - 000266640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\capauthz.dll
2017-06-17 15:04 - 2017-06-03 02:23 - 000573856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2017-06-17 15:04 - 2017-06-03 02:14 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-06-17 15:04 - 2017-06-03 02:12 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-06-17 15:04 - 2017-06-03 02:11 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-06-17 15:04 - 2017-06-03 02:11 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-06-17 15:04 - 2017-06-03 02:11 - 000038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-17 15:04 - 2017-06-03 02:11 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-17 15:04 - 2017-06-03 02:10 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-06-17 15:04 - 2017-06-03 02:09 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-06-17 15:04 - 2017-06-03 02:07 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-06-17 15:04 - 2017-06-03 02:05 - 000198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-06-17 15:04 - 2017-06-03 02:05 - 000169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devicengccredprov.dll
2017-06-17 15:04 - 2017-06-03 02:04 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-06-17 15:04 - 2017-06-03 02:03 - 000467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-06-17 15:04 - 2017-06-03 02:00 - 000933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-17 15:04 - 2017-06-03 02:00 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-06-17 15:04 - 2017-06-03 01:58 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-06-17 15:04 - 2017-06-03 01:58 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-06-17 15:04 - 2017-06-03 01:57 - 006535168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-06-17 15:04 - 2017-06-03 01:57 - 000797184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-17 15:04 - 2017-06-03 01:54 - 002341376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-17 15:03 - 2017-06-03 03:15 - 001596600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-06-17 15:03 - 2017-06-03 03:15 - 000382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-17 15:03 - 2017-06-03 03:10 - 000130464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-17 15:03 - 2017-06-03 03:00 - 000321376 _____ (Microsoft Corporation) C:\WINDOWS\system32\capauthz.dll
2017-06-17 15:03 - 2017-06-03 02:58 - 000660384 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2017-06-17 15:03 - 2017-06-03 02:14 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-06-17 15:03 - 2017-06-03 02:14 - 000047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-17 15:03 - 2017-06-03 02:11 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-06-17 15:03 - 2017-06-03 02:10 - 000076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCredentialDeployment.exe
2017-06-17 15:03 - 2017-06-03 02:09 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-06-17 15:03 - 2017-06-03 02:09 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\devicengccredprov.dll
2017-06-17 15:03 - 2017-06-03 02:07 - 000778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-06-17 15:03 - 2017-06-03 02:07 - 000197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-06-17 15:03 - 2017-06-03 02:06 - 000551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-06-17 15:03 - 2017-06-03 02:01 - 006726656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-06-17 15:03 - 2017-06-03 01:59 - 002625024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-17 15:03 - 2017-06-03 01:59 - 000975360 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-17 15:03 - 2017-06-03 01:58 - 000827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-17 15:03 - 2017-06-03 01:51 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\bfsvc.exe
2017-05-27 12:37 - 2017-05-27 12:37 - 000000000 ____D C:\Users\Chris\AppData\Local\DBG
2017-05-27 12:37 - 2017-05-27 12:37 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2017-05-27 12:33 - 2017-05-27 12:33 - 000000020 ___SH C:\Users\Chris\ntuser.ini
2017-05-26 19:18 - 2017-05-26 19:18 - 004709528 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 004672848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 003135488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 003116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 002765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 002730496 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-05-26 19:18 - 2017-05-26 19:18 - 002604256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 002438656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 002424016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 002347520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 002088960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 002085280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 001984000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 001911752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 001852776 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 001706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 001700408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 001657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 001628160 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 001611776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 001600512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 001583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 001557288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 001536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 001506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 001506712 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 001474800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 001463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 001459728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 001455592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 001433600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 001333136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 001320352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 001302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 001269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 001266544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 001257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 001242624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 001141760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 001102848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 001078272 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 001067008 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 001054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 001035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 001028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000987648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000974848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe
2017-05-26 19:18 - 2017-05-26 19:18 - 000972800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-05-26 19:18 - 2017-05-26 19:18 - 000961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000892416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000891904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-05-26 19:18 - 2017-05-26 19:18 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSMDesktopProvider.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000826368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSMDesktopProvider.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthSSO.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000799232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000750080 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000741784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaserver.exe
2017-05-26 19:18 - 2017-05-26 19:18 - 000730016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-05-26 19:18 - 2017-05-26 19:18 - 000722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-05-26 19:18 - 2017-05-26 19:18 - 000716440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000712608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-05-26 19:18 - 2017-05-26 19:18 - 000708712 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000673112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000651680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-05-26 19:18 - 2017-05-26 19:18 - 000647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000606960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000599576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-05-26 19:18 - 2017-05-26 19:18 - 000557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000549888 _____ (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-05-26 19:18 - 2017-05-26 19:18 - 000543648 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-05-26 19:18 - 2017-05-26 19:18 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000523296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-05-26 19:18 - 2017-05-26 19:18 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000439808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-05-26 19:18 - 2017-05-26 19:18 - 000414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-05-26 19:18 - 2017-05-26 19:18 - 000409504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-05-26 19:18 - 2017-05-26 19:18 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DictationManager.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000388000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-05-26 19:18 - 2017-05-26 19:18 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000370928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-05-26 19:18 - 2017-05-26 19:18 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000363424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2017-05-26 19:18 - 2017-05-26 19:18 - 000354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000332800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-05-26 19:18 - 2017-05-26 19:18 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2017-05-26 19:18 - 2017-05-26 19:18 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Preview.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-05-26 19:18 - 2017-05-26 19:18 - 000218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000211872 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000188824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-05-26 19:18 - 2017-05-26 19:18 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\embeddedmodesvc.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2017-05-26 19:18 - 2017-05-26 19:18 - 000141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSaveExt.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2017-05-26 19:18 - 2017-05-26 19:18 - 000112544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2017-05-26 19:18 - 2017-05-26 19:18 - 000105456 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000095584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000086016 _____ C:\WINDOWS\system32\xboxgipsynthetic.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2017-05-26 19:18 - 2017-05-26 19:18 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2017-05-26 19:18 - 2017-05-26 19:18 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000059904 _____ C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvps.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksthunk.sys
2017-05-26 19:18 - 2017-05-26 19:18 - 000027040 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2017-05-26 19:18 - 2017-05-26 19:18 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-05-26 19:18 - 2017-05-26 19:18 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmptrap.exe
2017-05-26 19:18 - 2017-05-26 19:18 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rootmdm.sys
2017-05-26 19:12 - 2017-05-26 18:24 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2017-05-26 19:11 - 2017-05-26 19:11 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2017-05-26 19:08 - 2017-05-26 19:08 - 000000000 ____D C:\Program Files\Reference Assemblies
2017-05-26 19:08 - 2017-05-26 19:08 - 000000000 ____D C:\Program Files\MSBuild
2017-05-26 19:08 - 2017-05-26 19:08 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-05-26 19:08 - 2017-05-26 19:08 - 000000000 ____D C:\Program Files (x86)\MSBuild
2017-05-26 19:08 - 2017-05-26 19:08 - 000000000 ____D C:\inetpub
2017-05-26 19:07 - 2017-05-26 19:07 - 001087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-05-26 19:07 - 2017-02-10 12:26 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-05-26 19:07 - 2017-02-10 12:26 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-05-26 19:07 - 2017-02-10 12:26 - 000035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-05-26 19:07 - 2017-02-10 12:21 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-05-26 19:07 - 2017-02-10 12:21 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-05-26 19:07 - 2017-02-10 12:21 - 000035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-05-26 19:02 - 2017-05-26 19:06 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2017-05-26 19:02 - 2017-05-26 19:06 - 000007623 _____ C:\WINDOWS\diagerr.xml
2017-05-26 18:55 - 2017-08-23 21:49 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-05-26 18:55 - 2017-08-23 19:17 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5EE6EF7F-8D94-4EED-808B-5C030293FA2F}
2017-05-26 18:55 - 2017-05-26 18:55 - 000003344 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-05-26 18:55 - 2017-05-26 18:55 - 000003120 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-05-26 18:55 - 2017-05-26 18:55 - 000002940 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2325216809-2621160187-3092218828-1001
2017-05-26 18:55 - 2017-05-26 18:55 - 000002562 _____ C:\WINDOWS\System32\Tasks\SmartShare
2017-05-26 18:55 - 2017-05-26 18:55 - 000002320 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2325216809-2621160187-3092218828-500
2017-05-26 18:55 - 2017-05-26 18:55 - 000002254 _____ C:\WINDOWS\System32\Tasks\Synaptics TouchPad Enhancements
2017-05-26 18:55 - 2017-05-26 18:55 - 000002242 _____ C:\WINDOWS\System32\Tasks\{E714A9D9-B601-4BF3-9ED6-D5C34159B55A}
2017-05-26 18:55 - 2017-05-26 18:55 - 000000000 ____D C:\WINDOWS\System32\Tasks\WPD
2017-05-26 18:55 - 2017-05-26 18:55 - 000000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2017-05-26 18:55 - 2017-05-26 18:55 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2017-05-26 18:55 - 2014-05-29 01:44 - 000002320 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4077210667-845433890-3529016006-500
2017-05-26 18:55 - 2013-06-04 17:26 - 000003590 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-286999849-997728950-127929134-500
2017-05-26 18:40 - 2017-05-26 18:40 - 000001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-05-26 18:35 - 2017-05-26 18:35 - 000000000 ____D C:\ProgramData\USOShared
2017-05-26 18:34 - 2017-05-26 18:42 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-05-26 18:30 - 2017-08-23 21:52 - 000000000 ____D C:\Users\Chris
2017-05-26 18:29 - 2017-08-23 21:23 - 001159652 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-05-26 18:29 - 2017-05-26 18:50 - 000982642 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2017-05-26 18:28 - 2017-08-23 21:50 - 000000000 ____D C:\ProgramData\Synaptics
2017-05-26 18:28 - 2017-07-24 00:46 - 000064088 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel.sys
2017-05-26 18:28 - 2017-07-24 00:36 - 000103936 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2017-05-26 18:28 - 2017-07-24 00:36 - 000099840 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2017-05-26 18:28 - 2017-05-26 18:28 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_wbf_vfs_0050_01_09_00.Wdf
2017-05-26 18:28 - 2017-05-26 18:28 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2017-05-26 18:28 - 2017-05-26 18:28 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2017-05-26 18:28 - 2017-05-26 18:28 - 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2017-05-26 18:27 - 2017-05-26 18:34 - 000000000 ____D C:\Program Files\Intel
2017-05-26 18:27 - 2017-05-26 18:27 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2017-05-26 18:27 - 2017-05-26 18:27 - 000000000 ____D C:\Program Files\Synaptics
2017-05-26 18:27 - 2017-05-26 18:27 - 000000000 ____D C:\Program Files (x86)\HP
2017-05-26 18:27 - 2017-03-18 13:56 - 002233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-05-26 18:24 - 2017-08-23 19:50 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-05-26 18:24 - 2017-07-21 13:41 - 001781744 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-05-26 16:07 - 2017-05-27 13:00 - 000000000 ___DC C:\WINDOWS\Panther
==================== Three Months Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-08-23 21:53 - 2014-11-12 21:32 - 000000000 __SHD C:\Users\Chris\IntelGraphicsProfiles
2017-08-23 21:51 - 2013-06-04 17:09 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-08-23 21:42 - 2014-05-29 16:29 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-08-23 21:39 - 2016-07-06 05:23 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-08-23 21:39 - 2015-06-21 22:38 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-08-23 21:25 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-08-23 21:24 - 2014-05-29 06:53 - 140394280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-08-23 21:15 - 2017-03-18 04:40 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2017-08-23 21:14 - 2017-03-18 13:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-08-23 21:01 - 2017-01-18 13:10 - 000000000 ____D C:\ProgramData\IObit
2017-08-23 21:01 - 2016-07-16 04:47 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-08-23 20:56 - 2016-03-03 13:35 - 000000000 ____D C:\AdwCleaner
2017-08-23 18:55 - 2014-08-25 14:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-08-23 18:55 - 2014-08-25 14:53 - 000000000 ____D C:\Program Files\Java
2017-08-23 17:57 - 2014-09-15 15:53 - 000002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-23 17:57 - 2014-09-15 15:53 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-08-23 14:56 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-08-23 13:36 - 2017-03-18 14:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-08-23 13:33 - 2017-03-18 14:01 - 000000000 ____D C:\WINDOWS\INF
2017-08-23 12:01 - 2016-11-28 17:44 - 000000000 ____D C:\ProgramData\AVAST Software
2017-08-23 11:43 - 2014-11-12 21:39 - 000000000 ___RD C:\Users\Chris\OneDrive
2017-08-23 11:41 - 2017-01-18 13:11 - 000000000 ____D C:\ProgramData\ProductData
2017-07-24 00:48 - 2017-01-18 13:10 - 000000000 ____D C:\Users\Chris\AppData\Roaming\IObit
2017-07-24 00:48 - 2017-01-18 13:10 - 000000000 ____D C:\Program Files (x86)\IObit
==================== Files in the root of some directories =======
2015-12-10 10:49 - 2015-12-18 12:13 - 012964920 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2017-01-26 22:01 - 2017-01-26 22:01 - 000000017 _____ () C:\Users\Chris\AppData\Local\resmon.resmoncfg
Some zero byte size files/folders:
==========================
C:\Windows\logo1_.exe
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\rundll16.exe
C:\Windows\VDLL.DLL
C:\Windows\SysWOW64\runouce.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-08-23 17:58
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by Chris (23-08-2017 22:01:01)
Running from C:\Users\Chris\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads
Windows 10 Home Version 1703 (X64) (2017-05-27 02:08:54)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-2325216809-2621160187-3092218828-500 - Administrator - Disabled)
Chris (S-1-5-21-2325216809-2621160187-3092218828-1001 - Administrator - Enabled) => C:\Users\Chris
DefaultAccount (S-1-5-21-2325216809-2621160187-3092218828-503 - Limited - Disabled)
Guest (S-1-5-21-2325216809-2621160187-3092218828-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 16.04 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20095 - Adobe Systems Incorporated)
Adobe Photoshop Elements 12 (HKLM-x32\...\Adobe Photoshop Elements 12) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.9.199 - Adobe Systems, Inc.)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\Amazon Amazon Music) (Version: 5.3.3.1671 - Amazon Services LLC)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.5.2303 - AVAST Software)
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.475.0 - Microsoft Corporation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite MFC-7460DN (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.1.3.0 - Brother Industries, Ltd.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.3.2606 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Driver Booster 4.4 (HKLM-x32\...\Driver Booster_is1) (Version: 4.4.0 - IObit)
Elements 12 Organizer (HKLM-x32\...\{9D80A7B7-DC01-485D-AE93-710D559B5C56}) (Version: 12.0 - Adobe Systems Incorporated) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.101 - Google Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\HPConnectedMusic) (Version: 1.1 (build 126) hp - Meridian Audio Ltd)
HP Documentation (HKLM-x32\...\{0FEE0C28-850D-4AC0-92E7-57D214134102}) (Version: 1.2.0.0 - Hewlett-Packard)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.4.19.3 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.7.27.15 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{D17A3B70-B75E-4C49-83D6-C17DDF65B35F}) (Version: 1.3.4 - Hewlett-Packard Company)
HP USB Disk Storage Format Tool (HKLM-x32\...\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}) (Version:  - )
HP Utility Center (HKLM\...\{73237EBB-B26F-4628-8754-4EFE563D72E9}) (Version: 2.1.5 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6491.0 - IDT)
Inst5675 (HKLM\...\{2DE6247C-7077-451B-8BA7-FFD1A2ABBB47}) (Version: 8.01.11 - Softex Inc.) Hidden
Inst5676 (HKLM\...\{878F6913-7421-4713-97F7-0A736EE2A188}) (Version: 8.01.11 - Softex Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4624 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel® Smart Connect Technology 4.0 x64 (HKLM\...\{5D1D65C3-E6D3-4751-AEFD-CAB4E3EB85F2}) (Version: 4.0.41.2072 - Intel)
IObit Malware Fighter 5 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 5.1 - IObit)
Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java 8 Update 144 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Kodi (HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\Kodi) (Version:  - XBMC-Foundation)
Malwarebytes version 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8326.2076 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{650c9b4a-60ec-4e4e-8d8e-32d85ce3b7c5}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Windows 8 ESU (HKLM-x32\...\{6C502082-A653-4D9E-9287-A252D7835F4C}) (Version: 2.1.1 - Hewlett-Packard)
Movie Maker (HKLM-x32\...\{5BABDA39-61CF-41EE-992D-4054B6649A9B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8326.2076 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8326.2076 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8326.2076 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2076 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-65d2ebd8-4d61-4bf9-9802-353b606157b5) (Version: 2.2.0.98 - WildTangent) Hidden
PSE12 STI Installer (HKLM-x32\...\{11F9A376-342F-4297-82DA-1F6EA8ED4B6B}) (Version: 12.0 - Adobe Systems Incorporated) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.21296 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.13.1216 - REALTEK Semiconductor Corp.)
SafeZone Stable 3.55.2393.609 (HKLM-x32\...\SafeZone 3.55.2393.609) (Version: 3.55.2393.609 - Avast Software) Hidden
SmartShare (HKLM-x32\...\{BAB337AE-DD9E-45C3-BED6-0EE4732AEC60}) (Version: 2.3.1511.1201 - LG Electronics Inc.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.11.41 - Synaptics Incorporated)
Tales of Lagoona (HKLM-x32\...\WTA-010f7704-bf7a-4861-907f-bf99f17888f6) (Version: 2.2.0.110 - WildTangent) Hidden
Validity WBF DDK (HKLM\...\{B80C52A3-7666-4068-A371-7867F51E68EB}) (Version: 4.5.122.0 - Validity Sensors, Inc.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-08-23] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-08-23] (AVAST Software)
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-08-23] ()
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2016-09-20] (IObit)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-08-23] (AVAST Software)
ContextMenuHandlers1: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2017-03-31] (IObit)
ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2016-09-20] (IObit)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-08-23] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2016-09-20] (IObit)
ContextMenuHandlers4: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2017-03-31] (IObit)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-07-24] (Intel Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-08-23] ()
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-08-23] (AVAST Software)
ContextMenuHandlers6: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2017-03-31] (IObit)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00A26C73-606B-493F-86AB-3C6DCD0B7CDB} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-08-23] ()
Task: {07FFB088-8A95-44CC-A8CE-7EDE1F4A7A46} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-07-19] (AVAST Software)
Task: {0EEC168F-AA75-4AE1-BF60-616DA31A87B8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {11A20244-C4C2-434A-B105-4AFBB4AB3B65} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2012-11-05] (Hewlett-Packard Development Company, L.P.)
Task: {176975FB-26C3-4285-ADB3-6DDB9D5863CE} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-08-23] ()
Task: {1CAE02F4-C049-4C8B-A29F-A8BDD083CD27} - \WPD\SqmUpload_S-1-5-21-2325216809-2621160187-3092218828-1001 -> No File <==== ATTENTION
Task: {246A9BFB-E8EC-4566-B15F-4EA3647C1D65} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {2A74EBE5-8944-4083-9378-F1BC14BCB365} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-08-23] (Microsoft Corporation)
Task: {321532ED-7382-4C97-98C8-EC25AA31CCB8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {42FE11AD-2416-459A-976B-0E1C4950C0B4} - System32\Tasks\Driver Booster SkipUAC (Chris) => C:\Program Files (x86)\IObit\Driver Booster\4.4.0\DriverBooster.exe [2017-05-03] (IObit)
Task: {432D1A9A-558C-466B-B3CF-0B6ADBE45373} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2017-07-24] (Synaptics Incorporated)
Task: {433A5964-86B6-408D-87CB-33752533455E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {466407B8-672F-448C-8001-C72198CEE0EC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {473C77F1-1A7B-49A4-B738-3BF533F2A35F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-04-06] (HP Inc.)
Task: {4CA67ED8-91DD-4D13-A3B1-22D0F548830E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {4DA4BB0A-C5CF-4A39-9CDE-7F8082123AD9} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-08-12] (Microsoft Corporation)
Task: {53A84247-66B1-426F-9DF5-39074013B75A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {59FE9EC7-00DB-4B5C-ABDA-BF4B48043C20} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {5CBB8EDB-5E25-4220-86CD-6E1BBF1BB983} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {6BA4E2E0-A662-48AD-A4A9-B4B3C06091E5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {6CB21705-DD56-4F98-BA49-5BC36BEBCB5D} - System32\Tasks\SmartShare => C:\Program Files (x86)\LG Software\LG Smart Share\SmartShareStart.exe [2014-12-05] (LG Electronics Inc.)
Task: {6CEFC585-318C-4F7E-BA6E-CDAD35F651AE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {7111DB24-4073-43DB-A054-5BD77371A9FE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {7629FD1E-D219-4982-842D-F244E8CEA14D} - System32\Tasks\SafeZone scheduled Autoupdate 1480380597 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-06-13] (Avast Software)
Task: {79C32287-26B4-495C-AE0E-2DA92CC5016E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {810F30A9-C8C8-4519-963D-09448735F015} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {871979EB-AFB1-487B-82FB-764C5EE08DA1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {9CC74834-4438-42D9-914C-6BAEB1422D1C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {A747C947-467F-4456-809A-61498E782661} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-08-23] (AVAST Software)
Task: {BAAD64B9-DA96-4B03-954C-55413F4ACD2B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {C68C056F-8F6D-4E75-9954-FEB876CFA46C} - System32\Tasks\{E714A9D9-B601-4BF3-9ED6-D5C34159B55A} => C:\WINDOWS\system32\pcalua.exe -a C:\DriveKey\HPUSBFW.EXE -d C:\Users\Chris\Desktop
Task: {C93077DA-C8D4-4AE3-9F48-887F0CD4F03F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {D605A2B4-F381-470E-A2D7-77E943DFE556} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {DEFC3F74-2D07-48C8-B790-D5CB107C4B90} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-04-01] (HP Inc.)
Task: {E88C62EB-BADA-4A93-9B41-70B50303BCFF} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {FF95EF7E-80E9-41E3-8251-2603BF0E7193} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-08-12] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============
2014-03-28 13:31 - 2014-03-28 13:31 - 002110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2014-03-28 13:27 - 2014-03-28 13:27 - 000021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2014-03-28 13:27 - 2014-03-28 13:27 - 000035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2014-03-28 13:27 - 2014-03-28 13:27 - 000055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2014-03-28 13:48 - 2014-03-28 13:48 - 000367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2014-03-28 13:48 - 2014-03-28 13:48 - 000712080 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2017-08-23 21:42 - 2017-08-21 07:20 - 002264520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-03-18 13:58 - 2017-03-18 13:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-08-23 21:43 - 2017-08-23 21:43 - 008929480 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-07-24 00:36 - 2017-07-24 00:36 - 000384512 _____ () C:\WINDOWS\system32\igfxTray.exe
2017-03-18 13:59 - 2017-03-18 19:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-07-21 14:05 - 2017-07-21 14:06 - 000054272 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.25.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll
2014-06-20 08:26 - 2017-01-11 01:07 - 003493864 _____ () C:\Users\Chris\AppData\Local\Amazon Music\Amazon Music Helper.exe
2017-07-19 23:14 - 2017-07-19 23:15 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-07-19 23:14 - 2017-07-19 23:15 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-07-19 23:14 - 2017-07-19 23:15 - 043573248 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-07-19 23:14 - 2017-07-19 23:15 - 002435584 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\skypert.dll
2017-08-23 11:57 - 2017-08-23 11:57 - 000170224 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-08-23 11:58 - 2017-08-23 11:58 - 001065936 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-08-23 11:59 - 2017-08-23 11:59 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-08-23 11:57 - 2017-08-23 11:57 - 000192664 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-08-23 11:57 - 2017-08-23 11:57 - 000224256 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-08-23 11:55 - 2017-08-23 11:55 - 000292920 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2014-05-29 05:24 - 2009-02-27 16:38 - 000139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2017-07-24 00:48 - 2016-08-10 17:13 - 000899872 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\webres.dll
2017-07-24 00:48 - 2016-08-10 17:13 - 000188704 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\unrar.dll
2017-07-24 00:48 - 2016-08-10 17:13 - 000151840 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\zlibwapi.dll
2017-07-24 00:48 - 2017-05-09 10:59 - 000631584 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\ProductStatistics.dll
2017-07-24 00:48 - 2016-12-12 16:52 - 000442144 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madExcept_.bpl
2017-07-24 00:48 - 2016-12-12 16:52 - 000210720 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madBasic_.bpl
2017-07-24 00:48 - 2016-12-12 16:52 - 000059680 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madDisAsm_.bpl
2015-10-20 17:22 - 2014-09-05 11:55 - 000132808 _____ () C:\Users\Chris\AppData\Local\Microsoft\BingDesktop\en-US\Apps\Wallpaper_5386c77076d04cf9a8b5d619b4cba48e\1.4.82\wallpaper.dll
2014-12-06 18:09 - 2014-12-06 18:09 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\Software\Classes\exefile: "%1" %* <==== ATTENTION
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 06:25 - 2013-08-22 06:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Chris\AppData\Local\Microsoft\BingDesktop\en-US\Apps\Wallpaper_5386c77076d04cf9a8b5d619b4cba48e\VersionIndependent\images\59552.jpg
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{285BFD05-A7F4-488C-B5E1-9F9D88AC9293}C:\users\chris\appdata\local\amazon music\amazon music helper.exe] => (Block) C:\users\chris\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [TCP Query User{9EEDC107-060C-4CAB-8C0A-7DF72E9BCAC5}C:\users\chris\appdata\local\amazon music\amazon music helper.exe] => (Block) C:\users\chris\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [UDP Query User{88B4AE83-3BA4-4B8B-B71F-6A34FD80D18B}C:\users\chris\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\chris\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [TCP Query User{27DA5618-9BF9-4CA6-8B87-7026B7C613D3}C:\users\chris\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\chris\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [{13C97A10-8159-4B22-B93C-E5725C34A6E0}] => (Allow) C:\Program Files (x86)\LG Software\LG Smart Share\DMR\SmartShareDMR.exe
FirewallRules: [{9F9C65C4-0234-4E43-BA4B-888A1B40D499}] => (Allow) C:\Program Files (x86)\LG Software\LG Smart Share\DMR\SmartShareDMR.exe
FirewallRules: [{15DB7AA8-FEF0-4230-8F02-6E9121A6D898}] => (Allow) C:\Program Files (x86)\LG Software\LG Smart Share\DMS\SmartShareDMS.exe
FirewallRules: [{AFDB5255-207B-45FF-8DC2-29490EE75A3C}] => (Allow) C:\Program Files (x86)\LG Software\LG Smart Share\DMS\SmartShareDMS.exe
FirewallRules: [{DF29A692-8E6D-4574-86BD-FD9584D7908A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8BA581CF-9906-4FBC-9113-3AB641D38ED8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{91D24E20-1148-4C4F-BB8E-51F14F49CE60}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6D58F7BA-AFFE-47D0-9007-4A003B2C748F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{980FB3EC-41E1-4F17-8E11-6298CA12C842}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{0F70ADA1-B764-482E-8151-D2522E6DF8C8}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{4DD71B6F-8F68-4BD9-B2E5-A422C0914326}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{D3C7C5E0-0786-492D-9267-58E984BAB479}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{2049265E-91D2-42F4-8692-235333C60FAF}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{46A50AF9-CFAA-4428-AAE2-FC1F1A6B4D6F}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{8B2E6695-44B7-4066-9B98-FB1A1C96050A}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{20A93750-7D7D-4AC0-92F2-618865F2226A}] => (Allow) LPort=1900
FirewallRules: [{915A8124-01DC-4956-90B7-A0BD2EE43677}] => (Allow) LPort=2869
FirewallRules: [{ADD62C95-3EF1-435C-AD4E-5E563F288CA8}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{881A6BCC-22C2-4409-9FB0-40CF8C406238}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe
FirewallRules: [{654A46EF-7DBF-4C1D-B2D6-48A98862B037}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe
FirewallRules: [TCP Query User{2E314ACC-83AF-4AAD-86FE-C65144057EB4}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{A93A9B56-01FA-40FF-B193-1E4FAC25DFAA}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{9B0F4EB3-1890-4D59-8C4E-A7E9260604E4}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.4.0\DriverBooster.exe
FirewallRules: [{A71626F3-4215-424B-B9DD-7FB1EF7D1C10}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.4.0\DriverBooster.exe
FirewallRules: [{BCDE3CD3-7378-41FC-B1D3-793CACC827CD}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.4.0\DBDownloader.exe
FirewallRules: [{E04864BB-B5D7-448B-BC42-0D681EA33DC3}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.4.0\DBDownloader.exe
FirewallRules: [{0AA794CB-7A17-4986-B6F1-DE3445F72DD9}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.4.0\AutoUpdate.exe
FirewallRules: [{55D6C21D-548C-4626-8E30-3D8F24F26DC4}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.4.0\AutoUpdate.exe
FirewallRules: [{06D97735-6C0B-4638-B07A-EECF5DC31188}] => (Allow) C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{B2DADF54-23ED-4D10-A183-64E0C3E09F55}] => (Allow) C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{961DD33B-0DBA-4E24-ABCA-AD27124C3E4D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{FC90EC1B-F84D-4EB8-85BF-BCED0F82B96A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{1AD0E741-B3DF-418C-B455-38D82B8B3385}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609\SZBrowser.exe
==================== Restore Points =========================
19-07-2017 23:14:09 Scheduled Checkpoint
23-08-2017 12:15:11 Windows Modules Installer
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (08/23/2017 09:54:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sttray64.exe, version: 1.0.6491.0, time stamp: 0x520e0160
Faulting module name: sttray64.exe, version: 1.0.6491.0, time stamp: 0x520e0160
Exception code: 0xc000041d
Fault offset: 0x000000000001162a
Faulting process id: 0x2300
Faulting application start time: 0x01d31c94f9fd3f7c
Faulting application path: C:\Program Files\IDT\WDM\sttray64.exe
Faulting module path: C:\Program Files\IDT\WDM\sttray64.exe
Report Id: 56d0b749-0731-4008-badd-cde3d3811093
Faulting package full name:
Faulting package-relative application ID:
Error: (08/23/2017 09:53:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sttray64.exe, version: 1.0.6491.0, time stamp: 0x520e0160
Faulting module name: sttray64.exe, version: 1.0.6491.0, time stamp: 0x520e0160
Exception code: 0xc0000005
Fault offset: 0x000000000001162a
Faulting process id: 0x2300
Faulting application start time: 0x01d31c94f9fd3f7c
Faulting application path: C:\Program Files\IDT\WDM\sttray64.exe
Faulting module path: C:\Program Files\IDT\WDM\sttray64.exe
Report Id: 65631a99-0820-4124-8518-c7781bf6ff99
Faulting package full name:
Faulting package-relative application ID:
Error: (08/23/2017 09:53:44 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: Recovery phase failed.
Context:  Application, SystemIndex Catalog
Details:
 The gatherer is shutting down.  (HRESULT : 0x80040d23) (0x80040d23)
Error: (08/23/2017 09:53:44 PM) (Source: Windows Search Service) (EventID: 3602) (User: )
Description: Error ID 1 happened in Windows Search recovery stage, please restart the service. If this error persists, please recreate the index.
Context:  Application, SystemIndex Catalog
Details:
 The gatherer is shutting down.  (HRESULT : 0x80040d23) (0x80040d23)
Error: (08/23/2017 09:50:20 PM) (Source: STacSV) (EventID: 32767) (User: NT AUTHORITY)
Description: Connection to the Storage interface failed
Error: (08/23/2017 09:44:38 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files (x86)\microsoft office\updates\download\packagefiles\4037085c-5053-4bf0-bec6-292b016816ad\root\flattener\Flattener.exe".
Dependent Assembly AppVOpcServices.dll,processorArchitecture="x86",type="win32",version="4.6.0.111" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (08/23/2017 09:23:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: CSPERSONALPUTER)
Description: Package Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe+ContentProcess#{00041401-0004-0000-8f70-060000000000} was terminated because it took too long to suspend.
Error: (08/23/2017 09:22:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: CSPERSONALPUTER)
Description: Package Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe+ContentProcess#{00091401-0004-0000-8f70-060000000000} was terminated because it took too long to suspend.
Error: (08/23/2017 09:22:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: CSPERSONALPUTER)
Description: Package Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe+ContentProcess#{00081401-0004-0000-8f70-060000000000} was terminated because it took too long to suspend.
Error: (08/23/2017 09:20:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sttray64.exe, version: 1.0.6491.0, time stamp: 0x520e0160
Faulting module name: sttray64.exe, version: 1.0.6491.0, time stamp: 0x520e0160
Exception code: 0xc000041d
Fault offset: 0x000000000001162a
Faulting process id: 0x22cc
Faulting application start time: 0x01d31c9026943dbc
Faulting application path: C:\Program Files\IDT\WDM\sttray64.exe
Faulting module path: C:\Program Files\IDT\WDM\sttray64.exe
Report Id: 830cf3c0-dc4e-43d4-a5e1-723d2aaeb3f0
Faulting package full name:
Faulting package-relative application ID:

System errors:
=============
Error: (08/23/2017 09:58:50 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Downloaded Maps Manager service hung on starting.
Error: (08/23/2017 09:55:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (08/23/2017 09:55:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Support Solutions Framework Service service to connect.
Error: (08/23/2017 09:55:26 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Delivery Optimization service hung on starting.
Error: (08/23/2017 09:50:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the BingDesktopUpdate service to connect.
Error: (08/23/2017 09:50:44 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
Error: (08/23/2017 09:50:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error:
The request is not supported.
Error: (08/23/2017 09:50:05 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:16:17 PM on ‎8/‎23/‎2017 was unexpected.
Error: (08/23/2017 09:25:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading
Error: (08/23/2017 09:25:26 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Chris\AppData\Local\Temp\ehdrv.sys

CodeIntegrity:
===================================
  Date: 2017-08-23 21:58:12.212
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
  Date: 2017-08-23 21:56:57.154
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
  Date: 2017-08-23 21:56:19.471
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
  Date: 2017-08-23 21:56:19.277
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
  Date: 2017-08-23 21:43:27.178
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
  Date: 2017-08-23 21:43:16.009
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
  Date: 2017-08-23 21:43:16.009
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
  Date: 2017-08-23 21:43:15.983
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
  Date: 2017-08-23 21:43:15.968
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
  Date: 2017-08-23 21:43:15.945
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

==================== Memory info ===========================
Processor: Intel® Core™ i7-4700MQ CPU @ 2.40GHz
Percentage of memory in use: 43%
Total physical RAM: 8124.02 MB
Available physical RAM: 4626.52 MB
Total Virtual: 8636.02 MB
Available Virtual: 5173.96 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:671.8 GB) (Free:487.58 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:24.71 GB) (Free:2.5 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 6F653B2B)
Partition: GPT.
==================== End of Addition.txt ============================


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:11 AM

Posted 26 August 2017 - 08:16 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Press the [b] Windows key + r[/b] on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.

[code]

Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(© 2015 Microsoft Corporation) C:\Users\Chris\AppData\Local\Microsoft\BingSvc\BingSvc.exe
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\Run: [BingSvc] => C:\Users\Chris\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
BHO: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
CHR Extension: (Bing) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmkckgpgekmanipelfidlhmkfcjicion [2016-12-06]
CHR Extension: (Honey) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2017-08-23]
CHR Extension: (Avast SafePrice) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-08-23]
CHR Extension: (Avast Online Security) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-06-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Chrome Media Router) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-23]
CHR HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - <no Path/update_url>
S3 trufos; C:\WINDOWS\System32\drivers\trufos.sys [350160 2015-06-21] (BitDefender S.R.L.)
C:\WINDOWS\System32\drivers\trufos.sys
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {1CAE02F4-C049-4C8B-A29F-A8BDD083CD27} - \WPD\SqmUpload_S-1-5-21-2325216809-2621160187-3092218828-1001 -> No File <==== ATTENTION
Task: {433A5964-86B6-408D-87CB-33752533455E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {4CA67ED8-91DD-4D13-A3B1-22D0F548830E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {53A84247-66B1-426F-9DF5-39074013B75A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {59FE9EC7-00DB-4B5C-ABDA-BF4B48043C20} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {5CBB8EDB-5E25-4220-86CD-6E1BBF1BB983} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {6BA4E2E0-A662-48AD-A4A9-B4B3C06091E5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {9CC74834-4438-42D9-914C-6BAEB1422D1C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {BAAD64B9-DA96-4B03-954C-55413F4ACD2B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {C93077DA-C8D4-4AE3-9F48-887F0CD4F03F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {D605A2B4-F381-470E-A2D7-77E943DFE556} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {E88C62EB-BADA-4A93-9B41-70B50303BCFF} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\Software\Classes\exefile: "%1" %* <==== ATTENTION
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION
C:\Windows\logo1_.exe
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\rundll16.exe
C:\Windows\VDLL.DLL
C:\Windows\SysWOW64\runouce.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old versions of Java via the Control Panel > Programs > Programs and Features.
Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)

Please post the log and let me know what problem persists with this computer.

#3 BadAss22

BadAss22
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  

Posted 27 August 2017 - 05:55 PM

OK DID WHAT YOU WANTED NOW WHAT!

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by Chris (27-08-2017 15:52:48) Run:1
Running from C:\FRST
Loaded Profiles: Chris (Available Profiles: Chris)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to a new file.
[code=auto:0]
Start
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
(� 2015 Microsoft Corporation) C:\Users\Chris\AppData\Local\Microsoft\BingSvc\BingSvc.exe
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\Run: [BingSvc] => C:\Users\Chris\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (� 2015 Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
BHO: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
CHR Extension: (Bing) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmkckgpgekmanipelfidlhmkfcjicion [2016-12-06]
CHR Extension: (Honey) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2017-08-23]
CHR Extension: (Avast SafePrice) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-08-23]
CHR Extension: (Avast Online Security) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-06-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Chrome Media Router) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-23]
CHR HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - <no Path/update_url>
S3 trufos; C:\WINDOWS\System32\drivers\trufos.sys [350160 2015-06-21] (BitDefender S.R.L.)
C:\WINDOWS\System32\drivers\trufos.sys
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {1CAE02F4-C049-4C8B-A29F-A8BDD083CD27} - \WPD\SqmUpload_S-1-5-21-2325216809-2621160187-3092218828-1001 -> No File <==== ATTENTION
Task: {433A5964-86B6-408D-87CB-33752533455E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {4CA67ED8-91DD-4D13-A3B1-22D0F548830E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {53A84247-66B1-426F-9DF5-39074013B75A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {59FE9EC7-00DB-4B5C-ABDA-BF4B48043C20} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {5CBB8EDB-5E25-4220-86CD-6E1BBF1BB983} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {6BA4E2E0-A662-48AD-A4A9-B4B3C06091E5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {9CC74834-4438-42D9-914C-6BAEB1422D1C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {BAAD64B9-DA96-4B03-954C-55413F4ACD2B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {C93077DA-C8D4-4AE3-9F48-887F0CD4F03F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {D605A2B4-F381-470E-A2D7-77E943DFE556} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {E88C62EB-BADA-4A93-9B41-70B50303BCFF} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\Software\Classes\exefile: "%1" %* <==== ATTENTION
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION
C:\Windows\logo1_.exe
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\rundll16.exe
C:\Windows\VDLL.DLL
C:\Windows\SysWOW64\runouce.exe
End
*****************
Restore point was successfully created.
Processes closed successfully.
Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX. => Error: No automatic fix found for this entry.
Type Notepad and and click the OK key. => Error: No automatic fix found for this entry.
Please copy the entire contents of the code box below to a new file. => Error: No automatic fix found for this entry.
[code=auto:0] => Error: No automatic fix found for this entry.
Restore point was successfully created.
Processes closed successfully.
C:\Users\Chris\AppData\Local\Microsoft\BingSvc\BingSvc.exe => No running process found
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\Software\Microsoft\Windows\CurrentVersion\Run\\BingSvc => value removed successfully
HKLM\SOFTWARE\Policies\Google => key removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} => key removed successfully
HKLM\Software\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} => key not found.
CHR Extension: (Bing) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmkckgpgekmanipelfidlhmkfcjicion [2016-12-06] => Error: No automatic fix found for this entry.
CHR Extension: (Honey) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2017-08-23] => Error: No automatic fix found for this entry.
CHR Extension: (Avast SafePrice) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-08-23] => Error: No automatic fix found for this entry.
CHR Extension: (Avast Online Security) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-06-20] => Error: No automatic fix found for this entry.
CHR Extension: (Chrome Web Store Payments) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23] => Error: No automatic fix found for this entry.
CHR Extension: (Chrome Media Router) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-23] => Error: No automatic fix found for this entry.
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\SOFTWARE\Google\Chrome\Extensions\bmkckgpgekmanipelfidlhmkfcjicion => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab => key removed successfully
HKLM\System\CurrentControlSet\Services\trufos => key removed successfully
trufos => service removed successfully
C:\WINDOWS\System32\drivers\trufos.sys => moved successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => key removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1CAE02F4-C049-4C8B-A29F-A8BDD083CD27} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1CAE02F4-C049-4C8B-A29F-A8BDD083CD27} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-2325216809-2621160187-3092218828-1001 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{433A5964-86B6-408D-87CB-33752533455E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{433A5964-86B6-408D-87CB-33752533455E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4CA67ED8-91DD-4D13-A3B1-22D0F548830E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4CA67ED8-91DD-4D13-A3B1-22D0F548830E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{53A84247-66B1-426F-9DF5-39074013B75A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53A84247-66B1-426F-9DF5-39074013B75A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{59FE9EC7-00DB-4B5C-ABDA-BF4B48043C20} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59FE9EC7-00DB-4B5C-ABDA-BF4B48043C20} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5CBB8EDB-5E25-4220-86CD-6E1BBF1BB983} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5CBB8EDB-5E25-4220-86CD-6E1BBF1BB983} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6BA4E2E0-A662-48AD-A4A9-B4B3C06091E5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6BA4E2E0-A662-48AD-A4A9-B4B3C06091E5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9CC74834-4438-42D9-914C-6BAEB1422D1C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9CC74834-4438-42D9-914C-6BAEB1422D1C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BAAD64B9-DA96-4B03-954C-55413F4ACD2B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BAAD64B9-DA96-4B03-954C-55413F4ACD2B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C93077DA-C8D4-4AE3-9F48-887F0CD4F03F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C93077DA-C8D4-4AE3-9F48-887F0CD4F03F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D605A2B4-F381-470E-A2D7-77E943DFE556} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D605A2B4-F381-470E-A2D7-77E943DFE556} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E88C62EB-BADA-4A93-9B41-70B50303BCFF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E88C62EB-BADA-4A93-9B41-70B50303BCFF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\Software\Classes\exefile => key removed successfully
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\Software\Classes\.exe => key removed successfully
C:\Windows\logo1_.exe => moved successfully
C:\Windows\logo_1.exe => moved successfully
C:\Windows\RUNDL132.EXE => moved successfully
C:\Windows\rundll16.exe => moved successfully
C:\Windows\VDLL.DLL => moved successfully
C:\Windows\SysWOW64\runouce.exe => moved successfully
=========== EmptyTemp: ==========
BITS transfer queue => 6053888 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 121871133 B


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:11 AM

Posted 28 August 2017 - 09:21 AM

What problem is persisting?

#5 BadAss22

BadAss22
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  

Posted 28 August 2017 - 08:50 PM

Well it seems kinda slow and sluggish



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:11 AM

Posted 29 August 2017 - 08:23 AM


Hi,

Please run this cleaning program.

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zoek tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.
===

Also, please provide an update on how the computer is behaving after running the above script.

===

#7 BadAss22

BadAss22
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  

Posted 29 August 2017 - 04:41 PM

Seems to be much better thank you. not the same but better


Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Chris on Tue 08/29/2017 at 12:54:13.59.
Microsoft Windows 10 Home 10.0.15063  x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Chris\AppData\Local\Microsoft\Windows\INetCache\IE\HCLCGIH0\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
8/29/2017 12:58:39 PM Zoek.exe System Restore Point Created Successfully.
==== Empty Folders Check ======================
C:\PROGRA~2\Zemana AntiMalware deleted successfully
C:\PROGRA~2\COMMON~1\MicroWorld deleted successfully
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\HP SimplePass 2011 deleted successfully
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfully
C:\PROGRA~3\regid.1986-12.com.adobe deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\PROGRA~3\WRData deleted successfully
C:\PROGRA~3\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705} deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\LocalLow deleted successfully
C:\Users\Chris\AppData\Local\ActiveSync deleted successfully
C:\Users\Chris\AppData\Local\CrashDumps deleted successfully
C:\Users\Chris\AppData\Local\DBG deleted successfully
C:\Users\Chris\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Chris\AppData\Local\EmieSiteList deleted successfully
C:\Users\Chris\AppData\Local\EmieUserList deleted successfully
C:\Users\Chris\AppData\Local\ESET deleted successfully
C:\Users\Chris\AppData\Local\HP Quick Start deleted successfully
C:\Users\Chris\AppData\Local\LogMeIn Rescue Applet deleted successfully
C:\Users\Chris\AppData\Local\lptmp deleted successfully
C:\Users\Chris\AppData\Local\lptmp1701602411 deleted successfully
C:\Users\Chris\AppData\Local\lptmp1734753536 deleted successfully
C:\Users\Chris\AppData\Local\NetworkTiles deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Maps deleted successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\CrashDumps deleted successfully
==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Deleting Files \ Folders ======================
C:\PROGRA~2\Zemana AntiMalware not found
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) not found
C:\PROGRA~3\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705} not found
C:\Users\Chris\AppData\Roaming\Exodus deleted
C:\Users\Chris\.android deleted
C:\PROGRA~3\Yahoo! deleted
C:\PROGRA~3\ProductData deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services deleted
C:\Users\Chris\AppData\LocalLow\Yahoo! deleted
C:\WINDOWS\Syswow64\SET210.tmp deleted
C:\WINDOWS\Syswow64\SET29.tmp deleted
C:\WINDOWS\Syswow64\SETF7A9.tmp deleted
C:\WINDOWS\Syswow64\InstallUtil.InstallLog deleted
"C:\Windows\Installer\df48d7.msi" deleted
==== Chromium Look ======================
Google Chrome Version: 46.0.2490.86
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
ngkhgikojglcgnckopipfdajaifmmnnc - No path found[]
Bing Search Engine - Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmkckgpgekmanipelfidlhmkfcjicion
Honey - Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj
Avast SafePrice - Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Avast Online Security - Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Auto Refresh - Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifooldnmmcmlbdennkpdnlnbgbmfalko
Webroot Password Manager - Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngkhgikojglcgnckopipfdajaifmmnnc
Chrome Media Router - Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
undetermined - Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
==== Chromium Fix ======================
C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmkckgpgekmanipelfidlhmkfcjicion deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://msn.com/"
"Old Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://msn.com/"
"Old Start Page"="http://msn.com/"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
{D944BB61-2E34-4DBF-A683-47E505C587DC} eBay  Url="http://rover.ebay.com/rover/1/711-154371-11896-2/4"
==== Reset Google Chrome ======================
C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Preferences.bak was reset successfully
C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences.bak was reset successfully
C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Web Data.ReadOnly was reset successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AA5C8F95DB19D324FB50908AF09398F8 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Policies\Chromium deleted successfully
==== Empty IE Cache ======================
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Chris\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Chris\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Users\Default.migrated\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Chris\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Chris\AppData\Local\Microsoft\Windows\INetCache\IE\HCLCGIH0 will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=88 folders=41 80066845 bytes)
==== Empty Temp Folders ======================
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\Users\Chris\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\Chris\AppData\Local\Microsoft\Windows\INetCache\IE\HCLCGIH0" not found
==== EOF on Tue 08/29/2017 at 14:34:24.57 ======================


#8 BadAss22

BadAss22
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  

Posted 29 August 2017 - 05:24 PM

The Trojan popped up again it read

 

 

RDN/Trojan.worm/055BCC2888545/Infection

on the top of the ransom note. like a ok or cancel box

It was a red screen with ransom demands



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:11 AM

Posted 30 August 2017 - 06:54 AM

Hi,
Which browser were you using at the time?

Reset it.
https://www.howtogeek.com/171924/how-to-reset-your-web-browser-to-its-default-settings/

If you have other browsers reset them also.

Keep me posted.

#10 BadAss22

BadAss22
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  

Posted 30 August 2017 - 09:32 PM

ok I was running avsast! For a quick scan I always run advance system care and avast when I start up



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:11 AM

Posted 31 August 2017 - 07:01 AM


Run this AnltiMalware program.

Please download Zemana AntiMalware and save it to your Desktop.
- You need to unzip it and start..
- Without changing any options, press Scan to begin.
After the short scan is finished, if threats are detected press Next to remove them.

Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.

- Open Zemana AntiMalware again.
- Click on icon and double click the latest report.
- Now click File > Save As and choose your Desktop before pressing Save.
The only left thing is to attach saved report in your next message.

---

#12 BadAss22

BadAss22
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  

Posted 31 August 2017 - 10:10 PM

Zemana AntiMalware 2.15.2.721 (Installed)
-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2015/6/21
Operating System       : Windows 8.1 64-bit
Processor              : 8X Intel® Core™ i7-4700MQ CPU @ 2.40GHz
BIOS Mode              : UEFI
CUID                   : 008910CC1D36C74DAB719F
Scan Type              : Smart Scan
Duration               : 3m 12s
Scanned Objects        : 14748
Detected Objects       : 3
Excluded Objects       : 0
Read Level             : Normal
Auto Upload            : Yes
Include All Extensions : No
Scan Documents         : Yes
Domain Info            : WORKGROUP,1,2
Detected Objects
-------------------------------------------------------
Chrome Homepage
Status             : Scanned
Object             : http://www.mycenturylink.com/
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Traces             :
                Browser Setting - Chrome Homepage
mkfokfffehpeedafpekjeddnmnjhmcmk
Status             : Scanned
Object             : %programfiles%\norton internet security\engine\21.7.0.11\exts\chrome.crx
MD5                : ED98F3BF58558FBA5DA0C3F51587B7CD
Publisher          : -
Size               : 2490701
Version            : -
Detection          : PUA.ChromeExt!Gr
Cleaning Action    : Repair
Traces             :
                Browser Extension - mkfokfffehpeedafpekjeddnmnjhmcmk
Skype Click to Call
Status             : Scanned
Object             : %localappdata%\google\chrome\user data\default\extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : PUA.ChromeExt!Gr
Cleaning Action    : Repair
Traces             :
                Browser Extension - Skype Click to Call
Cleaning Result
-------------------------------------------------------
Cleaned               : 2
Reported as safe      : 0
Failed                : 1
Failed Objects
-------------------------------------------------------
mkfokfffehpeedafpekjeddnmnjhmcmk
Status             : Scanned
Object             : %programfiles%\norton internet security\engine\21.7.0.11\exts\chrome.crx
MD5                : ED98F3BF58558FBA5DA0C3F51587B7CD
Publisher          : -
Size               : 2490701
Version            : -
Detection          : PUA.ChromeExt!Gr
Cleaning Action    : Repair
Traces             :
                Browser Extension - mkfokfffehpeedafpekjeddnmnjhmcmk


#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:11 AM

Posted 01 September 2017 - 08:47 AM



Hi,

The Trojan popped up again it read

RDN/Trojan.worm/055BCC2888545/Infection
on the top of the ransom note. like a ok or cancel box
It was a red screen with ransom demands


Has this been solved.

#14 BadAss22

BadAss22
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  

Posted 01 September 2017 - 09:13 PM

No I have not even begun to find Trojan it still pops up on reboot, it also has 2 encypted files that I deleted attached to root directory and the keep coming back?? I have tried to scan with eset and no luck. that is why I am here. sorry!



#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:11 AM

Posted 02 September 2017 - 06:46 AM

We will check your BIOS and Master boot record.

Read carefully and follow these steps.
TDSS
  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application.
  • Then click on Start Scan.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • ===

    Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
    • Click the "Scan" button to start scan.
    • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
    • Please paste the contents of that log in your next reply.
    There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
    ===

    Wait for further instructions





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users