Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Program Using CPU -- Undetectable Malware??


  • This topic is locked This topic is locked
18 replies to this topic

#1 savannahstine

savannahstine

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 04 September 2017 - 09:10 PM

Hello,

 

I've made a post about this in a different section of this site (https://www.bleepingcomputer.com/forums/t/656258/unknown-undeletable-program-using-30-of-my-cpu/). There is an unknown program called ravcpdkxsrv.exe that has been eating away at 30% of my CPU for hours, making my fan spin and my laptop hot no matter what I do. I can't end the task and I can't delete the root file because it's being used by the system. The file was created today about 8 hours ago and has been running nonstop ever since, even after restarting and scanning my computer with several malware detectors such as Malwarebytes. My previous linked post you can see that MBAR caught several pieces of malware that MalwareBytes did not, but was not successful in removing it because my computer wouldn't reboot correctly (BSOD).

 

I was directed here. Can anybody help me find out why I can't seem to get rid of this malware? Assuming that's what it is. My logs in the previous post seem to say so.

 

FRST LOGS:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017

Ran by sstin (administrator) on DESKTOP-MB90HII (04-09-2017 20:11:40)
Running from C:\Users\sstin\Downloads
Loaded Profiles: sstin (Available Profiles: sstin)
Platform: Windows 10 Pro Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(TOSHIBA CORPORATION) C:\Windows\Temp\msavhdhsrv.exe
() C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FBAgent.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\IntelCpHDCPSvc.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\DCNTranProc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\IntelCpHeciSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxEM.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
() C:\Windows\Temp\ravcpdkxsrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Spotify Ltd) C:\Users\sstin\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office16\ONENOTEM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11707.1001.23.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8400.41195.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8400.41195.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8400.41195.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKU\S-1-5-21-2860598129-2714271170-809102586-1001\...\Run: [GoogleChromeAutoLaunch_F770B1572B52412FE1E9BFAED319E841] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1301848 2017-08-23] (Google Inc.)
HKU\S-1-5-21-2860598129-2714271170-809102586-1001\...\Run: [Spotify Web Helper] => C:\Users\sstin\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1580144 2017-09-02] (Spotify Ltd)
HKU\S-1-5-21-2860598129-2714271170-809102586-1001\...\Run: [Spotify] => C:\Users\sstin\AppData\Roaming\Spotify\Spotify.exe [15866480 2017-09-02] (Spotify Ltd)
HKU\S-1-5-21-2860598129-2714271170-809102586-1001\...\Run: [uTorrent] => C:\Users\sstin\AppData\Roaming\uTorrent\uTorrent.exe [2150336 2017-09-02] (BitTorrent Inc.)
HKU\S-1-5-21-2860598129-2714271170-809102586-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9832152 2017-08-03] (Piriform Ltd)
Startup: C:\Users\sstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-09-04]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office16\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{2a18f749-a013-4bc4-9bff-dd61a05e3cda}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{2a18f749-a013-4bc4-9bff-dd61a05e3cda}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3ca2cbe2-3ea0-4c60-84d1-6db7c365f681}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{4b1e8e6a-d3d7-438e-b70a-49c43ea75abe}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{4b1e8e6a-d3d7-438e-b70a-49c43ea75abe}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{6464e8cc-498b-4367-b0ce-901daee919ca}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{b02b20ff-2f9d-45ec-8cf8-5c025bf9b42f}: [NameServer] 8.8.8.8
ManualProxies: 
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2860598129-2714271170-809102586-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2860598129-2714271170-809102586-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus17win10.msn.com/?pc=ASTE
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2017-06-13] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2017-02-22] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2017-02-22] (Microsoft Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-06-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-09-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-09-01] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2017-06-13] (Microsoft Corporation)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/","","hxxp://Vosteran.com/?f=7&a=vst_wnzp01_15_01_ch&cd=2XzuyEtN2Y1L1QzutDtDtByE0EzzyEyB0A0FtAtC0ByE0EyBtN0D0Tzu0StCtDzyyDtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyB0Bzz0F0EtAtAzztGtDtCzz0AtG0AzzzztAtGtA0A0BtDtGtC0BtCtDtBtA0A0F0EyCyCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0AyBtC0CtCyByDtGzy0E0AtAtGyEtD0DtDtG0AyCyEtDtGtA0EtDtAtDtCyCtAtDtCyBzz2Q&cr=1615465451&ir="
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSearchKeyword: Default -> Logo Creator
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default [2017-09-04]
CHR Extension: (Google Slides) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-09-01]
CHR Extension: (Seedr) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\abfimpkhacgimamjbiegeoponlepcbob [2017-09-01]
CHR Extension: (Google Docs) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-09-01]
CHR Extension: (Google Drive) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-01]
CHR Extension: (YouTube) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-01]
CHR Extension: (Spotify - Music for every moment) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2017-09-01]
CHR Extension: (Polarr Photo Editor) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\djonnbgfieijldcieafgjcnhmpcfpmgg [2017-09-01]
CHR Extension: (Hermit) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\eepjclgekdamekgkecokpheeoagcpjgb [2017-09-01]
CHR Extension: (Nitrous) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\efdcneeepllhjlbejkfnaolelbpdacai [2017-09-01]
CHR Extension: (Google Sheets) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-09-01]
CHR Extension: (PicMonkey) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm [2017-09-01]
CHR Extension: (Tabs 2 Grid) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhhlffidbdcekjjclelmafdgfpekkgeh [2017-09-03]
CHR Extension: (Word Online) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiombgjlkfpdpkbhfioofeeinbehmajg [2017-09-01]
CHR Extension: (.torrent to Transmission) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjfeeonbeiocojnpfboldpckcgcfknll [2017-09-01]
CHR Extension: (Caret) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fljalecfjciodhpcledpamjachpmelml [2017-09-01]
CHR Extension: (Webcam Recorder & Snapshot) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpjbakngpgphfbnhoeghllnpddelchcj [2017-09-01]
CHR Extension: (Google Docs Offline) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-09-01]
CHR Extension: (Betternet Unlimited Free VPN Proxy) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpoekiipm [2017-09-01]
CHR Extension: (Chrome Chess) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpahaceigpcebiefmijneimenbgbcjcn [2017-09-01]
CHR Extension: (Pixlr Editor) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk [2017-09-01]
CHR Extension: (Torrent Stream) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\icocmgpofpimcojhefbcfbdldkmndpgj [2017-09-01]
CHR Extension: (SoundCloud) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipebkipbeggmmkjjljenoblnfaenambp [2017-09-01]
CHR Extension: (Flat) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdamekkolfabhbljecbjiniepfpckdli [2017-09-01]
CHR Extension: (Chromebook Recovery Utility) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndclpdbaamdhonoechobihbbiimdgai [2017-09-01]
CHR Extension: (Grammarly for Chrome) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-09-01]
CHR Extension: (Google Hangouts) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2017-09-01]
CHR Extension: (IcoMoon) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kppingdhhalimbaehfmhldppemnmlcjd [2017-09-04]
CHR Extension: (SoundCloud Downloader Free) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\libedajeiljdoodmokbppgapcfbignci [2017-09-01]
CHR Extension: (Canva) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbcfmcoibkecmionmehabndbljdleekf [2017-09-01]
CHR Extension: (FotoJet) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\medejhbgmfcehgfpinhgnhlnljnpghge [2017-09-01]
CHR Extension: (Bit Player) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjkikpbeengfefopcnmhljmiobkghfpd [2017-09-01]
CHR Extension: (Word to PDF - Smallpdf.com) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfkpncleclnaihjlknbcpbjpanihohdh [2017-09-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-01]
CHR Extension: (Gravit Designer) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdagghjnpkeagmlbilmjmclfhjeaapaa [2017-09-01]
CHR Extension: (Gmail) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-01]
CHR Extension: (Chrome Media Router) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-01]
CHR Extension: (YouiDraw Logo Creator) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmdikniemaokeigdgfkaihkldilkjmgi [2017-09-01]
CHR Extension: (Writer) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnengefjfhgcceajaepbjhanoojifmog [2017-09-01]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 cphs; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\IntelCpHeciSvc.exe [301536 2016-11-30] (Intel Corporation)
R2 cplspcon; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\IntelCpHDCPSvc.exe [480224 2016-11-30] (Intel Corporation)
R2 esifsvc; C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe [2208888 2016-10-02] (Intel Corporation)
R2 FBAgent; C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FBAgent.exe [73032 2014-08-13] ()
R2 igfxCUIService2.0.0.0; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxCUIService.exe [341984 2016-11-30] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [974632 2016-02-19] (Intel® Corporation)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2016-03-02] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [8704 2016-03-02] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [215328 2016-05-17] (Intel Corporation)
S2 Kingsoft_WPS_UpdateService; C:\Program Files (x86)\Kingsoft\WPS Office\10.1.0.5644\wtoolex\wpsupdatesvr.exe [133376 2016-11-25] (Zhuhai Kingsoft Office Software Co.,Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-11-29] ()
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-18] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer GmbH)
R2 Tran_Process_Proc; C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\DCNTranProc.exe [71024 2014-03-25] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-11] (Microsoft Corporation)
S3 wpscloudsvr; C:\Program Files (x86)\Kingsoft\WPS Office\wpscloudsvr.exe [162048 2016-11-25] (Zhuhai Kingsoft Office Software Co.,Ltd)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-11-29] (Intel® Corporation)
S2 0232961504458830mcinstcleanup; C:\Users\sstin\AppData\Local\Temp\023296~1.EXE -cleanup -nolog [X] <==== ATTENTION
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
S4 McProxy; "C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ASMMAP64; C:\WINDOWS\system32\DRIVERS\ASMMAP64.sys [36696 2016-04-27] (ASUSTek Computer Inc.)
R3 AsusHFilter; C:\WINDOWS\System32\drivers\AsusHFilter.sys [30200 2016-12-22] ()
R3 AsusPTPDrv; C:\WINDOWS\System32\drivers\AsusPTPFilter.sys [97784 2016-07-13] (ASUS Corporation)
S3 bsitf; C:\WINDOWS\system32\DRIVERS\bsitf.sys [37208 2017-09-02] (ASUSTek Computer Inc.)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [71232 2016-10-02] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [66624 2016-10-02] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [350272 2016-10-02] (Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-08-24] ()
S3 farmntio; C:\Windows\system32\drivers\farmntio.sys [25144 2014-03-25] () [File not signed]
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [732416 2016-10-15] (Intel Corporation)
R3 igfx; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igdkmd64.sys [11039712 2016-11-30] (Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [192960 2017-09-03] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [101824 2017-09-04] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [45472 2017-09-04] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [94144 2017-09-04] (Malwarebytes)
R3 Netwtw04; C:\WINDOWS\system32\DRIVERS\Netwtw04.sys [7918840 2016-12-19] (Intel Corporation)
S4 rjaty; C:\WINDOWS\System32\drivers\imofugc.sys [79064 2017-09-04] (Malwarebytes Corporation)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2017-06-13] (The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-04 20:11 - 2017-09-04 20:11 - 000023045 _____ C:\Users\sstin\Downloads\FRST.txt
2017-09-04 20:09 - 2017-09-04 20:11 - 000000000 ____D C:\FRST
2017-09-04 20:09 - 2017-09-04 20:09 - 002395648 _____ (Farbar) C:\Users\sstin\Desktop\FRST64.exe
2017-09-04 19:36 - 2017-09-04 19:36 - 000000000 ___HD C:\OneDriveTemp
2017-09-04 19:35 - 2017-09-04 19:35 - 000113488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndiaehkn.sys
2017-09-04 18:38 - 2017-09-04 18:39 - 000001496 _____ C:\Users\sstin\Desktop\iExplore.exe - Shortcut.lnk
2017-09-04 18:37 - 2017-09-04 18:37 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\sstin\Downloads\rkill.exe
2017-09-04 18:37 - 2017-09-04 18:37 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\sstin\Downloads\iExplore.exe
2017-09-04 18:37 - 2017-09-04 18:37 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\sstin\Desktop\rkill.exe
2017-09-04 18:34 - 2017-09-04 18:34 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\273F4CA0.sys
2017-09-04 18:34 - 2017-09-04 18:34 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\15C44C27.sys
2017-09-04 18:32 - 2017-09-04 18:32 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\137A4A99.sys
2017-09-04 18:32 - 2017-09-04 18:32 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\0B4F4AC0.sys
2017-09-04 18:27 - 2017-09-04 18:27 - 000079064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\imofugc.sys
2017-09-04 18:25 - 2017-09-04 18:32 - 000000000 ____D C:\Users\sstin\Desktop\checkup
2017-09-04 18:19 - 2017-09-04 19:36 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-09-04 18:18 - 2017-09-04 18:32 - 000000000 ____D C:\Users\sstin\Desktop\mbar
2017-09-04 18:18 - 2017-09-04 18:18 - 016563352 _____ (Malwarebytes Corp.) C:\Users\sstin\Downloads\mbar-1.09.3.1001.exe
2017-09-04 18:16 - 2017-09-04 18:16 - 000035197 _____ C:\Users\sstin\Downloads\MTB.txt
2017-09-04 18:14 - 2017-09-04 18:14 - 000892416 _____ (Farbar) C:\Users\sstin\Downloads\MiniToolBox.exe
2017-09-04 18:13 - 2017-09-04 18:13 - 000002982 _____ C:\Users\sstin\Downloads\FSS.txt
2017-09-04 18:12 - 2017-09-04 18:12 - 000899584 _____ (Farbar) C:\Users\sstin\Downloads\FSS.exe
2017-09-04 18:10 - 2017-09-04 18:09 - 000852798 _____ C:\Users\sstin\Desktop\SecurityCheck.exe
2017-09-04 18:09 - 2017-09-04 18:09 - 000852798 _____ C:\Users\sstin\Downloads\SecurityCheck.exe
2017-09-04 14:10 - 2017-09-04 14:10 - 000002870 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-09-04 14:10 - 2017-09-04 14:10 - 000000865 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-09-04 14:10 - 2017-09-04 14:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-09-04 14:10 - 2017-09-04 14:10 - 000000000 ____D C:\Program Files\CCleaner
2017-09-04 14:09 - 2017-09-04 14:10 - 009791816 _____ (Piriform Ltd) C:\Users\sstin\Downloads\ccsetup533.exe
2017-09-04 12:12 - 2017-09-04 12:12 - 000000000 ____D C:\Users\sstin\OneDrive\Documents\OneNote Notebooks
2017-09-04 11:38 - 2017-09-04 11:38 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\6BF90DE9.sys
2017-09-04 11:27 - 2017-09-04 11:27 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-09-04 11:25 - 2017-09-04 11:25 - 000002729 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2017-09-04 11:25 - 2017-09-04 11:25 - 000002662 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2017-09-04 11:25 - 2017-09-04 11:25 - 000002656 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2017-09-04 11:25 - 2017-09-04 11:25 - 000002656 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2017-09-04 11:25 - 2017-09-04 11:25 - 000002656 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2017-09-04 11:25 - 2017-09-04 11:25 - 000002648 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2017-09-04 11:25 - 2017-09-04 11:25 - 000002648 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2017-09-04 11:25 - 2017-09-04 11:25 - 000002642 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2017-09-04 11:25 - 2017-09-04 11:25 - 000002628 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2017-09-04 11:25 - 2017-09-04 11:25 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2017-09-04 11:24 - 2017-09-04 11:24 - 000000000 ____D C:\WINDOWS\PCHEALTH
2017-09-04 11:24 - 2017-09-04 11:24 - 000000000 ____D C:\Program Files\Microsoft SQL Server
2017-09-04 11:24 - 2017-09-04 11:24 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2017-09-04 11:24 - 2017-09-04 11:24 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2017-09-04 11:20 - 2017-09-04 11:24 - 000000000 ____D C:\WINDOWS\SHELLNEW
2017-09-04 11:20 - 2017-09-04 11:20 - 000000000 __RHD C:\MSOCache
2017-09-04 11:20 - 2017-09-04 11:20 - 000000000 ____D C:\Users\sstin\AppData\Local\Microsoft Help
2017-09-04 11:20 - 2017-09-04 11:20 - 000000000 ____D C:\Program Files\Microsoft Analysis Services
2017-09-04 11:20 - 2017-09-04 11:20 - 000000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2017-09-04 11:16 - 2017-09-04 11:17 - 000000000 ____D C:\Users\sstin\Desktop\Office Professional Plus 2016 July 2017 x64
2017-09-04 10:44 - 2017-09-04 10:44 - 000000000 ____D C:\WINDOWS\system32\winrdmt
2017-09-03 13:01 - 2017-09-03 13:12 - 2080348505 ____R C:\Users\sstin\Desktop\Office Professional Plus 2016 July 2017 x64.zip
2017-09-03 13:01 - 2017-09-03 13:10 - 000000000 ____D C:\Users\sstin\Downloads\Microsoft Office Pro Plus 2016 v16.0.4549.1000 (x86+x64) July 2017 + Activator [CracksNow]
2017-09-03 12:55 - 2017-09-03 12:55 - 000000560 __RSH C:\ProgramData\ntuser.pol
2017-09-03 12:54 - 2017-09-03 12:55 - 000536308 _____ ( ) C:\Users\sstin\Downloads\Microsoft_Office_2017_Crack_Product_Key_Free_Download.exe
2017-09-03 12:17 - 2017-09-03 12:17 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\1C005D9A.sys
2017-09-03 01:54 - 2017-09-04 19:36 - 000101824 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-09-03 01:54 - 2017-09-04 19:36 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-09-03 01:54 - 2017-09-04 19:36 - 000045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-09-03 01:54 - 2017-09-04 18:19 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-09-03 01:54 - 2017-09-04 13:44 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-09-03 01:54 - 2017-09-03 01:54 - 000192960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-09-03 01:54 - 2017-09-03 01:54 - 000001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-09-03 01:54 - 2017-09-03 01:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-09-03 01:54 - 2017-09-03 01:54 - 000000000 ____D C:\Program Files\Malwarebytes
2017-09-03 01:54 - 2017-08-24 11:27 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-09-03 00:54 - 2017-09-03 00:55 - 066347240 _____ (Malwarebytes ) C:\Users\sstin\Downloads\mb3-setup-consumer-3.2.2.2018.exe
2017-09-03 00:04 - 2017-09-04 14:10 - 000000000 ____D C:\WINDOWS\Minidump
2017-09-02 23:27 - 2017-09-02 23:27 - 000000000 ____D C:\Users\sstin\AppData\Local\DBG
2017-09-02 23:26 - 2017-09-03 12:15 - 000000000 ____D C:\Users\sstin\AppData\Local\vmtjkud
2017-09-02 23:26 - 2017-09-03 12:09 - 000000000 ____D C:\Users\sstin\AppData\Local\wudpohk
2017-09-02 23:21 - 2017-09-04 19:36 - 000081696 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\msidntfs.sys
2017-09-02 23:21 - 2017-09-02 23:21 - 000000000 ____D C:\WINDOWS\SysWOW64\lsadgxj
2017-09-02 23:21 - 2017-09-02 23:21 - 000000000 ____D C:\WINDOWS\system32\lsadgxj
2017-09-02 23:20 - 2017-09-03 01:56 - 000000000 ____D C:\Program Files (x86)\PxpAtYqel0NV Updater
2017-09-02 23:20 - 2017-09-02 23:20 - 000000000 ____D C:\Users\sstin\AppData\Roaming\et
2017-09-02 23:19 - 2017-09-02 23:19 - 000014848 _____ C:\Users\sstin\AppData\Local\part64.dll
2017-09-02 23:19 - 2017-09-02 23:19 - 000000000 ____D C:\Users\sstin\AppData\Local\PeerDistRepub
2017-09-02 23:16 - 2017-09-02 23:17 - 000301672 _____ C:\Users\sstin\Downloads\Microsoft+Office+365+(Activator)+2016.zip
2017-09-02 23:16 - 2017-09-02 23:16 - 000001366 _____ C:\Users\sstin\Downloads\Microsoft_Office_365_(Activator)_2016 (1).xht
2017-09-02 23:15 - 2017-09-02 23:15 - 000001364 _____ C:\Users\sstin\Downloads\Microsoft_Office_365_(Activator)_2016.xht
2017-09-02 23:07 - 2017-09-04 11:12 - 000000000 ____D C:\Users\sstin\AppData\Roaming\TunnelBear
2017-09-02 23:07 - 2017-09-04 11:12 - 000000000 ____D C:\Program Files (x86)\TunnelBear
2017-09-02 23:07 - 2017-09-02 23:07 - 000000000 ____D C:\Users\sstin\AppData\Local\IsolatedStorage
2017-09-02 23:06 - 2017-09-02 23:06 - 029903688 _____ (TunnelBear) C:\Users\sstin\Downloads\TunnelBear-Installer.exe
2017-09-02 14:42 - 2017-09-02 14:42 - 000000000 ____D C:\Users\sstin\AppData\Local\{C574F328-E1DC-9F90-8C44-BA78A82C46E0}
2017-09-02 14:41 - 2017-09-04 14:11 - 000000000 ____D C:\Users\sstin\AppData\Roaming\uTorrent
2017-09-02 14:41 - 2017-09-02 14:41 - 000000898 _____ C:\Users\sstin\Desktop\µTorrent.lnk
2017-09-02 14:41 - 2017-09-02 14:41 - 000000878 _____ C:\Users\sstin\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2017-09-02 14:38 - 2017-09-02 14:38 - 001733104 _____ (BitTorrent Inc.) C:\Users\sstin\Downloads\uTorrent.exe
2017-09-02 14:35 - 2017-09-04 12:12 - 000000120 ____R C:\Users\sstin\OneDrive\Documents\Savannah's Notebook.url
2017-09-02 12:24 - 2017-09-02 12:25 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-09-02 12:24 - 2017-09-02 12:24 - 140394280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-09-02 12:10 - 2017-09-02 12:10 - 000000981 _____ C:\Users\sstin\Desktop\PerformanceTest.lnk
2017-09-02 12:10 - 2017-09-02 12:10 - 000000000 ____D C:\Users\sstin\OneDrive\Documents\PassMark
2017-09-02 12:10 - 2017-09-02 12:10 - 000000000 ____D C:\Users\sstin\AppData\Local\PassMark
2017-09-02 12:10 - 2017-09-02 12:10 - 000000000 ____D C:\ProgramData\Passmark
2017-09-02 12:10 - 2017-09-02 12:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PerformanceTest
2017-09-02 12:09 - 2017-09-02 12:17 - 000000000 ____D C:\Program Files\PerformanceTest
2017-09-02 08:43 - 2017-09-04 10:43 - 000000000 ____D C:\Users\sstin\AppData\Local\Spotify
2017-09-02 08:43 - 2017-09-02 08:43 - 000001852 _____ C:\Users\sstin\Desktop\Spotify.lnk
2017-09-02 08:43 - 2017-09-02 08:43 - 000001838 _____ C:\Users\sstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2017-09-02 08:42 - 2017-09-04 10:43 - 000000000 ____D C:\Users\sstin\AppData\Roaming\Spotify
2017-09-02 08:38 - 2017-09-03 00:01 - 000001270 _____ C:\Users\sstin\Desktop\nativelog.txt
2017-09-02 02:56 - 2017-09-02 02:56 - 000000000 ____D C:\Windows.old
2017-09-02 02:55 - 2017-09-02 02:55 - 023681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 023677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 021353208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 020504064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 017366528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 013841408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 012786176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 011870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 008333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 008319392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-09-02 02:55 - 2017-09-02 02:55 - 008209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 007336960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 006761568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 006269440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 005820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 005721600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 005302968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 004535296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 004213656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 004056064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 003995136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-09-02 02:55 - 2017-09-02 02:55 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 003656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 003464704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 003204608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 002969888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 002956288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-09-02 02:55 - 2017-09-02 02:55 - 002939392 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 002679200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-09-02 02:55 - 2017-09-02 02:55 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 002645680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 002604248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 002444704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-09-02 02:55 - 2017-09-02 02:55 - 002444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 002424024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 002327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-09-02 02:55 - 2017-09-02 02:55 - 002259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 002211840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 002165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 002055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-09-02 02:55 - 2017-09-02 02:55 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 001833984 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 001722880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 001706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 001536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 001525760 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-09-02 02:55 - 2017-09-02 02:55 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 001396736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 001357312 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 001337856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 001325968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 001305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 001298432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 001291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 001275392 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 001269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-09-02 02:55 - 2017-09-02 02:55 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 001195760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 001114528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 001087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 001068720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 001052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 001033544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2017-09-02 02:55 - 2017-09-02 02:55 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-09-02 02:55 - 2017-09-02 02:55 - 000967584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2017-09-02 02:55 - 2017-09-02 02:55 - 000952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2017-09-02 02:55 - 2017-09-02 02:55 - 000926208 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
2017-09-02 02:55 - 2017-09-02 02:55 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000892928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-09-02 02:55 - 2017-09-02 02:55 - 000877056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
2017-09-02 02:55 - 2017-09-02 02:55 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswdat10.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000866808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000864248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000853504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe
2017-09-02 02:55 - 2017-09-02 02:55 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-09-02 02:55 - 2017-09-02 02:55 - 000817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000805816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-09-02 02:55 - 2017-09-02 02:55 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000777216 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-09-02 02:55 - 2017-09-02 02:55 - 000723680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000723360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2017-09-02 02:55 - 2017-09-02 02:55 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-09-02 02:55 - 2017-09-02 02:55 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-09-02 02:55 - 2017-09-02 02:55 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000660680 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000641536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000616448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrepl40.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000612864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsvcs.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000610584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000587776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shsvcs.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000554400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-09-02 02:55 - 2017-09-02 02:55 - 000551200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000538112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000529992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000527976 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2017-09-02 02:55 - 2017-09-02 02:55 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000518144 _____ C:\WINDOWS\SysWOW64\msjetoledb40.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000482816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000473240 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000455584 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-09-02 02:55 - 2017-09-02 02:55 - 000446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-09-02 02:55 - 2017-09-02 02:55 - 000414296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000410160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000406544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-09-02 02:55 - 2017-09-02 02:55 - 000382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-09-02 02:55 - 2017-09-02 02:55 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-09-02 02:55 - 2017-09-02 02:55 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000359552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-09-02 02:55 - 2017-09-02 02:55 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000323936 _____ (Microsoft Corporation) C:\WINDOWS\system32\shlwapi.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2017-09-02 02:55 - 2017-09-02 02:55 - 000318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-09-02 02:55 - 2017-09-02 02:55 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000315288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-09-02 02:55 - 2017-09-02 02:55 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000303104 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjtes40.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000280472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-09-02 02:55 - 2017-09-02 02:55 - 000279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-09-02 02:55 - 2017-09-02 02:55 - 000277432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shlwapi.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstext40.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000267264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-09-02 02:55 - 2017-09-02 02:55 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-09-02 02:55 - 2017-09-02 02:55 - 000194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000192264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-09-02 02:55 - 2017-09-02 02:55 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-09-02 02:55 - 2017-09-02 02:55 - 000180736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2017-09-02 02:55 - 2017-09-02 02:55 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000176024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000173104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000168864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-09-02 02:55 - 2017-09-02 02:55 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-09-02 02:55 - 2017-09-02 02:55 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\qasf.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvcext.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000143736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-09-02 02:55 - 2017-09-02 02:55 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qasf.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000133904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-09-02 02:55 - 2017-09-02 02:55 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000119904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-09-02 02:55 - 2017-09-02 02:55 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000116280 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-09-02 02:55 - 2017-09-02 02:55 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2017-09-02 02:55 - 2017-09-02 02:55 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2017-09-02 02:55 - 2017-09-02 02:55 - 000104432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000100232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcd.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2017-09-02 02:55 - 2017-09-02 02:55 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys
2017-09-02 02:55 - 2017-09-02 02:55 - 000096648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\spbcd.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000090464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ofdeploy.exe
2017-09-02 02:55 - 2017-09-02 02:55 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjter40.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2017-09-02 02:55 - 2017-09-02 02:55 - 000082336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2017-09-02 02:55 - 2017-09-02 02:55 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-09-02 02:55 - 2017-09-02 02:55 - 000077312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spbcd.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2017-09-02 02:55 - 2017-09-02 02:55 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sscore.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\IpNatHlpClient.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IpNatHlpClient.dll
2017-09-02 02:52 - 2017-03-18 01:00 - 006238208 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons000c.dll
2017-09-02 02:52 - 2017-03-18 00:54 - 002352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData000c.dll
2017-09-02 02:52 - 2017-03-18 00:44 - 006238208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsLexicons000c.dll
2017-09-02 02:52 - 2017-03-18 00:39 - 002264064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsData000c.dll
2017-09-02 02:51 - 2017-09-04 19:40 - 000962656 _____ C:\WINDOWS\system32\perfh00C.dat
2017-09-02 02:51 - 2017-09-04 19:40 - 000196092 _____ C:\WINDOWS\system32\perfc00C.dat
2017-09-02 02:51 - 2017-09-02 02:51 - 000351124 _____ C:\WINDOWS\system32\perfi00C.dat
2017-09-02 02:51 - 2017-09-02 02:51 - 000040694 _____ C:\WINDOWS\system32\perfd00C.dat
2017-09-02 02:51 - 2017-09-02 02:51 - 000000000 ____D C:\WINDOWS\SysWOW64\fr
2017-09-02 02:51 - 2017-09-02 02:51 - 000000000 ____D C:\WINDOWS\system32\fr
2017-09-02 02:51 - 2017-03-18 01:00 - 009893376 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons000a.dll
2017-09-02 02:51 - 2017-03-18 00:54 - 009675264 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData000a.dll
2017-09-02 02:51 - 2017-03-18 00:45 - 009893376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsLexicons000a.dll
2017-09-02 02:51 - 2017-03-18 00:39 - 009560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsData000a.dll
2017-09-02 02:50 - 2017-09-04 19:40 - 000958916 _____ C:\WINDOWS\system32\perfh00A.dat
2017-09-02 02:50 - 2017-09-04 19:40 - 000201746 _____ C:\WINDOWS\system32\perfc00A.dat
2017-09-02 02:50 - 2017-09-02 02:51 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2017-09-02 02:50 - 2017-09-02 02:50 - 000000000 ____D C:\WINDOWS\SysWOW64\es
2017-09-02 02:50 - 2017-09-02 02:50 - 000000000 ____D C:\WINDOWS\system32\es
2017-09-02 02:50 - 2017-09-02 02:49 - 000346834 _____ C:\WINDOWS\system32\perfi00A.dat
2017-09-02 02:50 - 2017-09-02 02:49 - 000043954 _____ C:\WINDOWS\system32\perfd00A.dat
2017-09-02 02:48 - 2017-09-02 02:48 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2017-09-02 02:48 - 2017-09-01 23:58 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2017-09-02 02:47 - 2017-09-02 02:47 - 000000000 ____D C:\Program Files\Reference Assemblies
2017-09-02 02:47 - 2017-09-02 02:47 - 000000000 ____D C:\Program Files\MSBuild
2017-09-02 02:47 - 2017-09-02 02:47 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-09-02 02:47 - 2017-09-02 02:47 - 000000000 ____D C:\Program Files (x86)\MSBuild
2017-09-02 02:47 - 2017-02-10 14:26 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-09-02 02:47 - 2017-02-10 14:26 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-09-02 02:47 - 2017-02-10 14:26 - 000035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-09-02 02:47 - 2017-02-10 14:21 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-09-02 02:47 - 2017-02-10 14:21 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-09-02 02:47 - 2017-02-10 14:21 - 000035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-09-02 00:18 - 2017-09-02 00:18 - 000037208 _____ (ASUSTek Computer Inc.) C:\WINDOWS\system32\Drivers\bsitf.sys
2017-09-02 00:14 - 2017-09-02 00:14 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2017-09-02 00:12 - 2017-09-02 00:12 - 000000020 ___SH C:\Users\sstin\ntuser.ini
2017-09-02 00:12 - 2017-09-02 00:12 - 000000000 ____D C:\ProgramData\USOShared
2017-09-02 00:10 - 2017-09-04 19:40 - 003361368 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-09-02 00:09 - 2017-09-02 00:10 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2017-09-02 00:09 - 2017-09-02 00:10 - 000007623 _____ C:\WINDOWS\diagerr.xml
2017-09-02 00:07 - 2017-09-04 19:36 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-02 00:07 - 2017-09-02 12:24 - 000000000 ____D C:\WINDOWS\System32\Tasks\ASUSTek Computer Inc
2017-09-02 00:07 - 2017-09-02 00:15 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2860598129-2714271170-809102586-1001
2017-09-02 00:07 - 2017-09-02 00:07 - 000022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-09-02 00:07 - 2017-09-02 00:07 - 000003344 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-09-02 00:07 - 2017-09-02 00:07 - 000003268 _____ C:\WINDOWS\System32\Tasks\WpsKtpcntrQingTask_Administrator
2017-09-02 00:07 - 2017-09-02 00:07 - 000003120 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-09-02 00:07 - 2017-09-02 00:07 - 000003118 _____ C:\WINDOWS\System32\Tasks\Intel PTT EK Recertification
2017-09-02 00:07 - 2017-09-02 00:07 - 000003026 _____ C:\WINDOWS\System32\Tasks\WpsExternal_20161125175401
2017-09-02 00:07 - 2017-09-02 00:07 - 000002924 _____ C:\WINDOWS\System32\Tasks\ATK Package 36D18D69AFC3
2017-09-02 00:07 - 2017-09-02 00:07 - 000002346 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_ListenToDevice
2017-09-02 00:07 - 2017-09-02 00:07 - 000002340 _____ C:\WINDOWS\System32\Tasks\ASUS USB Charger Plus
2017-09-02 00:07 - 2017-09-02 00:07 - 000002280 _____ C:\WINDOWS\System32\Tasks\RTKCPL
2017-09-02 00:07 - 2017-09-02 00:07 - 000002214 _____ C:\WINDOWS\System32\Tasks\ATK Package A22126881260
2017-09-02 00:07 - 2017-09-02 00:07 - 000002214 _____ C:\WINDOWS\System32\Tasks\ASUS Splendid ACMON
2017-09-02 00:07 - 2017-09-02 00:07 - 000000000 ____D C:\WINDOWS\System32\Tasks\ASUS
2017-09-02 00:05 - 2017-09-02 00:05 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-09-02 00:03 - 2017-09-02 08:38 - 000000000 ____D C:\Users\sstin
2017-09-02 00:03 - 2017-09-02 00:05 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-09-02 00:02 - 2017-09-02 00:03 - 000000000 ____D C:\Program Files\Intel
2017-09-02 00:02 - 2017-09-02 00:03 - 000000000 ____D C:\Program Files (x86)\Intel
2017-09-02 00:02 - 2017-09-02 00:02 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WbfUsbDriver_01_11_00.Wdf
2017-09-02 00:02 - 2017-09-02 00:02 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_esif_umdf2_02_00_00.Wdf
2017-09-02 00:02 - 2017-09-02 00:02 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_esif_lf_01011.Wdf
2017-09-02 00:02 - 2017-09-02 00:02 - 000000000 ____H C:\ProgramData\DP45977C.lfl
2017-09-02 00:02 - 2017-09-02 00:02 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-09-02 00:02 - 2017-09-02 00:02 - 000000000 ____D C:\WINDOWS\system32\Intel
2017-09-02 00:02 - 2017-09-02 00:02 - 000000000 ____D C:\WINDOWS\system32\DAX2
2017-09-02 00:02 - 2017-09-02 00:02 - 000000000 ____D C:\Program Files\Realtek
2017-09-02 00:02 - 2017-09-02 00:02 - 000000000 ____D C:\Program Files\ElanFP
2017-09-02 00:02 - 2017-09-02 00:02 - 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2017-09-02 00:02 - 2016-11-30 09:36 - 000113672 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2017-09-02 00:00 - 2017-03-18 15:56 - 002233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-09-01 23:58 - 2017-09-04 19:51 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-09-01 23:58 - 2017-09-04 18:31 - 000384776 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-09-01 23:15 - 2017-09-04 14:10 - 000000000 ___DC C:\WINDOWS\Panther
2017-09-01 23:15 - 2017-09-01 23:41 - 000000000 ___HD C:\$WINDOWS.~BT
2017-09-01 23:13 - 2017-09-01 23:15 - 000000036 _____ C:\WINDOWS\progress.ini
2017-09-01 23:10 - 2017-09-01 23:10 - 000000000 ____D C:\Users\sstin\AppData\Local\CEF
2017-09-01 23:09 - 2017-09-02 23:59 - 000000000 ____D C:\Users\sstin\AppData\Roaming\.minecraft
2017-09-01 23:08 - 2017-09-02 00:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2017-09-01 23:08 - 2017-09-01 23:10 - 000000000 ____D C:\Program Files (x86)\Minecraft
2017-09-01 23:08 - 2017-09-01 23:08 - 000001032 _____ C:\Users\Public\Desktop\Minecraft.lnk
2017-09-01 23:07 - 2017-09-01 23:08 - 002314240 _____ C:\Users\sstin\Downloads\MinecraftInstaller.msi
2017-09-01 22:53 - 2017-09-02 00:05 - 000000000 ____D C:\Users\sstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2017-09-01 22:53 - 2017-09-01 22:53 - 000000000 ____D C:\Users\sstin\AppData\Roaming\Google
2017-09-01 22:47 - 2017-09-02 00:08 - 000002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-01 22:47 - 2017-09-02 00:08 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-09-01 22:44 - 2017-09-01 22:47 - 000000000 ____D C:\Program Files (x86)\Google
2017-09-01 22:43 - 2017-09-01 23:15 - 000000000 ____D C:\Users\sstin\AppData\Local\Google
2017-09-01 22:43 - 2017-09-01 22:43 - 001130328 _____ (Google Inc.) C:\Users\sstin\Downloads\ChromeSetup.exe
2017-09-01 22:41 - 2017-09-01 22:43 - 000000000 ____D C:\Users\sstin\AppData\Local\MicrosoftEdge
2017-09-01 22:40 - 2017-09-01 22:40 - 000000000 ____D C:\Program Files\Common Files\Intel
2017-09-01 22:36 - 2017-09-01 22:36 - 000000000 ____D C:\Users\sstin\AppData\Local\NetworkTiles
2017-09-01 22:35 - 2017-09-01 22:35 - 000000000 ____D C:\Users\sstin\OneDrive\Documents\HIIIIIIIIIIIIIi.aep Logs
2017-09-01 22:35 - 2017-09-01 22:35 - 000000000 ____D C:\Users\sstin\OneDrive\Documents\Adobe After Effects Auto-Save
2017-09-01 22:35 - 2016-01-12 20:19 - 001155239 _____ C:\Users\sstin\OneDrive\Documents\icons.psd
2017-09-01 22:35 - 2015-12-14 00:07 - 000223428 _____ C:\Users\sstin\OneDrive\Documents\HIIIIIIIIIIIIIi.aep
2017-09-01 22:35 - 2015-12-13 19:00 - 000441645 _____ C:\Users\sstin\OneDrive\Documents\COEXIST.oxps
2017-09-01 22:35 - 2015-11-09 22:17 - 010243435 _____ C:\Users\sstin\OneDrive\Documents\Untitled-1.psd
2017-09-01 22:35 - 2015-11-05 22:30 - 000000050 _____ C:\Users\sstin\OneDrive\Documents\emaildude.txt
2017-09-01 22:35 - 2015-04-03 22:04 - 000827018 _____ C:\Users\sstin\OneDrive\Documents\killer medicine intro.aep
2017-09-01 22:35 - 2015-03-20 21:48 - 000177480 _____ C:\Users\sstin\OneDrive\Documents\with audio spectrum.aep
2017-09-01 22:35 - 2015-03-20 21:48 - 000177480 _____ C:\Users\sstin\OneDrive\Documents\with audio spectrum - Copy.aep
2017-09-01 22:34 - 2017-09-01 22:34 - 000000000 ____D C:\Users\sstin\AppData\Roaming\Skype
2017-09-01 22:33 - 2017-09-04 19:36 - 000000000 ___RD C:\Users\sstin\OneDrive
2017-09-01 22:33 - 2017-09-02 14:01 - 000000000 ____D C:\Users\sstin\AppData\Local\Comms
2017-09-01 22:33 - 2017-09-02 00:15 - 000002365 _____ C:\Users\sstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-01 22:33 - 2017-09-01 23:44 - 000000000 ____D C:\Windows10Upgrade
2017-09-01 22:33 - 2017-09-01 23:13 - 000000000 ___HD C:\$GetCurrent
2017-09-01 22:33 - 2017-09-01 22:33 - 000000819 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Upgrade Assistant.lnk
2017-09-01 22:33 - 2017-09-01 22:33 - 000000807 _____ C:\Users\sstin\Desktop\Windows 10 Upgrade Assistant.lnk
2017-09-01 22:32 - 2017-09-01 22:32 - 000000000 ____D C:\Users\sstin\AppData\Roaming\Macromedia
2017-09-01 22:32 - 2017-09-01 22:32 - 000000000 ____D C:\Users\sstin\AppData\Local\Publishers
2017-09-01 22:32 - 2017-09-01 22:32 - 000000000 ____D C:\Users\sstin\AppData\Local\PackageStaging
2017-09-01 22:31 - 2017-09-04 19:36 - 000000200 _____ C:\Users\sstin\AppData\Roaming\sp_data.sys
2017-09-01 22:31 - 2017-09-04 19:36 - 000000000 __SHD C:\Users\sstin\IntelGraphicsProfiles
2017-09-01 22:31 - 2017-09-02 14:00 - 000000000 ____D C:\Users\sstin\AppData\Local\Packages
2017-09-01 22:31 - 2017-09-02 00:14 - 000000000 ____D C:\Users\sstin\AppData\Local\ConnectedDevicesPlatform
2017-09-01 22:31 - 2017-09-01 22:31 - 000000000 ____D C:\Users\sstin\AppData\Roaming\Intel
2017-09-01 22:31 - 2017-09-01 22:31 - 000000000 ____D C:\Users\sstin\AppData\Roaming\Adobe
2017-09-01 22:31 - 2017-09-01 22:31 - 000000000 ____D C:\Users\sstin\AppData\Local\VirtualStore
2017-09-01 22:31 - 2017-09-01 22:31 - 000000000 ____D C:\Users\sstin\AppData\Local\TileDataLayer
2017-09-01 22:29 - 2017-09-01 22:31 - 000000000 ____D C:\ProgramData\USBChargerPlus
2017-09-01 22:28 - 2017-09-01 22:28 - 000000000 ___SD C:\WINDOWS\UpdateAssistantV2
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-04 19:36 - 2017-01-11 20:44 - 000004608 ___RH C:\farstone_pe.letter
2017-09-04 19:35 - 2017-03-18 06:40 - 020971520 _____ C:\WINDOWS\system32\config\HARDWARE
2017-09-04 19:35 - 2017-03-18 06:40 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2017-09-04 18:27 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\appcompat
2017-09-04 14:10 - 2017-03-18 16:01 - 000000000 ____D C:\WINDOWS\INF
2017-09-04 11:29 - 2016-07-16 06:47 - 000000167 _____ C:\WINDOWS\win.ini
2017-09-04 11:24 - 2017-03-18 16:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-09-04 11:24 - 2017-03-18 16:03 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-09-04 11:24 - 2017-01-11 20:44 - 000000000 ____D C:\Program Files\Microsoft Office
2017-09-04 11:21 - 2017-03-18 16:03 - 000000000 ____D C:\Program Files\Common Files\System
2017-09-04 11:20 - 2016-11-25 20:53 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-09-04 11:12 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-09-04 11:12 - 2017-01-11 20:32 - 000000000 ____D C:\ProgramData\Package Cache
2017-09-04 10:46 - 2017-03-18 16:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-04 10:46 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-03 12:55 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-09-03 12:55 - 2016-07-16 06:47 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-09-03 12:16 - 2017-01-11 20:40 - 000000000 ____D C:\ProgramData\McAfee
2017-09-03 12:16 - 2017-01-11 20:40 - 000000000 ____D C:\Program Files\Common Files\McAfee
2017-09-03 12:15 - 2017-03-18 16:03 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2017-09-03 12:15 - 2017-03-18 06:40 - 000008192 _____ C:\WINDOWS\system32\config\ELAM
2017-09-03 00:05 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-09-02 12:27 - 2017-03-18 16:03 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-09-02 12:25 - 2017-01-11 20:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2017-09-02 12:25 - 2016-11-25 20:53 - 000000000 ____D C:\Program Files (x86)\ASUS
2017-09-02 12:24 - 2017-03-18 15:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-09-02 02:58 - 2017-03-18 16:03 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-09-02 02:56 - 2017-03-18 16:06 - 000000000 ____D C:\WINDOWS\Setup
2017-09-02 02:56 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2017-09-02 02:56 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2017-09-02 02:56 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-09-02 02:56 - 2017-03-18 16:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-09-02 02:56 - 2017-03-18 16:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-09-02 02:51 - 2017-03-18 21:31 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2017-09-02 02:51 - 2017-03-18 21:28 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2017-09-02 02:51 - 2017-03-18 21:28 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2017-09-02 02:51 - 2017-03-18 21:28 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2017-09-02 02:51 - 2017-03-18 21:28 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2017-09-02 02:51 - 2017-03-18 21:28 - 000000000 ____D C:\WINDOWS\system32\winrm
2017-09-02 02:51 - 2017-03-18 21:28 - 000000000 ____D C:\WINDOWS\system32\WCN
2017-09-02 02:51 - 2017-03-18 21:28 - 000000000 ____D C:\WINDOWS\system32\slmgr
2017-09-02 02:51 - 2017-03-18 21:28 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2017-09-02 02:51 - 2017-03-18 16:03 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-09-02 02:51 - 2017-03-18 16:03 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2017-09-02 02:51 - 2017-03-18 16:03 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-09-02 02:51 - 2017-03-18 16:03 - 000000000 ___SD C:\WINDOWS\system32\dsc
2017-09-02 02:51 - 2017-03-18 16:03 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2017-09-02 02:51 - 2017-03-18 16:03 - 000000000 ___RD C:\Program Files\Windows Defender
2017-09-02 02:51 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2017-09-02 02:51 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2017-09-02 02:51 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-09-02 02:51 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2017-09-02 02:51 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2017-09-02 02:51 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\MUI
2017-09-02 02:51 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\migwiz
2017-09-02 02:51 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\Com
2017-09-02 02:51 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2017-09-02 02:51 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\IME
2017-09-02 02:51 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\Help
2017-09-02 02:51 - 2017-03-18 16:03 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2017-09-02 02:51 - 2017-03-18 06:40 - 000000000 ____D C:\WINDOWS\system32\Dism
2017-09-02 02:51 - 2017-03-18 06:40 - 000000000 ____D C:\WINDOWS\servicing
2017-09-02 00:13 - 2017-01-11 20:30 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-09-02 00:12 - 2017-03-18 16:03 - 000000000 ____D C:\ProgramData\USOPrivate
2017-09-02 00:09 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\rescache
2017-09-02 00:09 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\Registration
2017-09-02 00:09 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-09-02 00:07 - 2017-03-18 21:31 - 000000000 ____D C:\WINDOWS\HoloShell
2017-09-02 00:06 - 2017-03-18 16:03 - 000000000 __RHD C:\Users\Public\Libraries
2017-09-02 00:05 - 2017-01-11 20:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek
2017-09-02 00:05 - 2016-11-25 20:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WPS Office
2017-09-02 00:04 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\spool
2017-09-02 00:04 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-09-02 00:04 - 2017-01-11 20:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FarStone
2017-09-02 00:04 - 2017-01-11 20:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICEpower
2017-09-02 00:04 - 2017-01-11 20:36 - 000000000 ___HD C:\WINDOWS\system32\WLANProfiles
2017-09-02 00:03 - 2017-03-18 06:40 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2017-09-02 00:02 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-09-02 00:02 - 2017-01-11 20:33 - 000000000 ___HD C:\Intel
2017-09-01 22:40 - 2017-01-11 20:33 - 000000000 ____D C:\ProgramData\Intel
 
==================== Files in the root of some directories =======
 
2017-09-01 22:31 - 2017-09-04 19:36 - 000000200 _____ () C:\Users\sstin\AppData\Roaming\sp_data.sys
2017-09-02 23:19 - 2017-09-02 23:19 - 000014848 _____ () C:\Users\sstin\AppData\Local\part64.dll
2017-09-02 00:02 - 2017-09-02 00:02 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-09-01 23:58
 
==================== End of FRST.txt ============================
 
Additional:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by sstin (04-09-2017 20:12:05)
Running from C:\Users\sstin\Downloads
Windows 10 Pro Version 1703 (X64) (2017-09-02 05:12:46)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2860598129-2714271170-809102586-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2860598129-2714271170-809102586-503 - Limited - Disabled)
Guest (S-1-5-21-2860598129-2714271170-809102586-501 - Limited - Disabled)
sstin (S-1-5-21-2860598129-2714271170-809102586-1001 - Administrator - Enabled) => C:\Users\sstin
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2860598129-2714271170-809102586-1001\...\uTorrent) (Version: 3.5.0.43916 - BitTorrent Inc.)
ASUS HiPost (HKLM-x32\...\{04768366-F421-4BA5-8423-B84F644B5249}) (Version: 1.0.6 - ASUS)
ASUS Input Configuration (HKLM-x32\...\{7DDF7571-64BD-4232-9729-20FF10CE6C62}) (Version: 1.0.3 - ASUS)
ASUS PTP Driver (HKLM-x32\...\{7618E419-9124-4E6C-9AF4-487A6DDEC1C5}) (Version: 11.0.12 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.16.0002 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.7 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0045 - ASUS)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.3.6 - ICEpower a/s)
CCleaner (HKLM\...\CCleaner) (Version: 5.33 - Piriform)
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.2.5 - ASUSTek COMPUTER INC.)
ELAN FingerPrinter (HKLM\...\ElanFP) (Version: 1.5.5.1 - ELAN Microelectronic Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{aaa7f0fb-02dc-4576-beef-7d24842c5fbe}) (Version: 10.1.1.32 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.11000.2996 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.5.0.1015 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4550 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.63.1620.3 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{09B8FFA4-5222-4271-8AA9-CDC98AD64863}) (Version: 18.1.1613.3274 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{5853172b-5520-4089-9ef4-e26c594382b3}) (Version: 19.30.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{8B08DDA1-FDE7-4897-8EB6-E0B048A6D88B}) (Version: 1.0.1.618 - Intel Corporation)
Malwarebytes version 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2860598129-2714271170-809102586-1001\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
PerformanceTest v9.0 (HKLM\...\PerformanceTest 9_is1) (Version: 9.0.1017.0 - Passmark Software)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7945 - Realtek Semiconductor Corp.)
Spotify (HKU\S-1-5-21-2860598129-2714271170-809102586-1001\...\Spotify) (Version: 1.0.60.492.gbb40dab8 - Spotify AB)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.59518 - TeamViewer)
TotalRecovery Pro (HKLM-x32\...\TotalRecovery) (Version: 10.0.11.2 - FarStone Inc.)
Update for Skype for Business 2016 (KB3213548) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{1C894A72-A611-4A19-B106-0218E3CAC377}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB3213548) 64-Bit Edition (HKLM\...\{90160000-012B-0409-1000-0000000FF1CE}_Office16.PROPLUS_{1C894A72-A611-4A19-B106-0218E3CAC377}) (Version:  - Microsoft)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22175 - Microsoft Corporation)
Windows Driver Package - ASUS (AsusHFilter) HIDClass  (12/19/2016 1.0.0.2) (HKLM\...\EEDD19DDF3F0CA7CFA2F4C500D442DD1FEB434F6) (Version: 12/19/2016 1.0.0.2 - ASUS)
Windows Driver Package - ASUS (AsusPTPDrv) HIDClass  (07/01/2016 11.0.0.12) (HKLM\...\AE03E43494611410A2996E4747E2A8C0FE87F26D) (Version: 07/01/2016 11.0.0.12 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.2.2 - ASUSTeK COMPUTER INC.)
WPS Office for ASUS (HKLM-x32\...\Kingsoft Office) (Version: 10.1.0.5644 - Kingsoft Corp.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxDTCM.dll [2016-11-30] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {179D4C51-E14A-4BCD-99EE-662CBC877A82} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2016-10-03] (Realtek Semiconductor)
Task: {22923E71-E5DC-43A8-B1FA-56638ACE552D} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-09-22] (ASUSTek Computer Inc.)
Task: {22F0136E-B708-4FDD-B1FA-AA71E63FC672} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-02-19] (Intel® Corporation)
Task: {2587681A-9A51-4DDE-BA35-16E5A367BAE8} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-10-03] (Realtek Semiconductor)
Task: {46A5013E-96B1-4D2E-8936-D382FF97E708} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2016-05-24] (ASUS)
Task: {4F73599B-AEBB-4EA0-B0DD-037872AE5323} - System32\Tasks\WpsKtpcntrQingTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\10.1.0.5644\office6\ktpcntr.exe [2016-11-25] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {5C490296-64A2-444E-B597-7C9588D0953D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-01] (Google Inc.)
Task: {6CBEC04A-2F01-45A3-8183-ACAAD127C84D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-08-03] (Piriform Ltd)
Task: {70BD6626-0765-4724-B5B6-5B2AB4DD0764} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2016-07-07] (ASUSTek COMPUTER INC.)
Task: {727A542C-BDC6-473B-A9A5-72BF5D318AC4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-01] (Google Inc.)
Task: {83CF7738-D85D-462F-AA10-E97A3A1E68D7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {A894460B-4DF6-471C-B5C9-047A2520ECB8} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {AF72A95B-CD5E-462C-9592-08049EE38D12} - System32\Tasks\WpsExternal_20161125175401 => C:\Program Files (x86)\Kingsoft\WPS Office\ksolaunch.exe [2016-11-25] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {B78E9708-94E4-484E-950C-5996BD549EBD} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2016-02-23] (ASUSTek Computer Inc.)
Task: {BA874B21-5E29-4EC4-8778-353AF02314F7} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-09-22] (ASUSTek Computer Inc.)
Task: {EA3DC120-E3E9-4FAE-B479-BDBADE94A6D0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\WpsExternal_20161125175401.job => C:\Program Files (x86)\Kingsoft\WPS Office\ksolaunch.exe
Task: C:\WINDOWS\Tasks\WpsKtpcntrQingTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\10.1.0.5644\office6\ktpcntr.exeÃqing 10.1.0.5644 xxx server_url=hxxp:/kdl1.cache.wps.com/ksodl/wpscfg/client/____client____html____service____bubble.html ic_server_url=hxxp:/info.kingsoftstore.com/wpsv6internet/infos.ads
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\sstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Bit Player.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=mjkikpbeengfefopcnmhljmiobkghfpd
ShortcutWithArgument: C:\Users\sstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Caret.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=fljalecfjciodhpcledpamjachpmelml
ShortcutWithArgument: C:\Users\sstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chromebook Recovery Utility.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=jndclpdbaamdhonoechobihbbiimdgai
ShortcutWithArgument: C:\Users\sstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl
ShortcutWithArgument: C:\Users\sstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gravit Designer.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=pdagghjnpkeagmlbilmjmclfhjeaapaa
ShortcutWithArgument: C:\Users\sstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Nitrous.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=efdcneeepllhjlbejkfnaolelbpdacai
ShortcutWithArgument: C:\Users\sstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Polarr Photo Editor.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=djonnbgfieijldcieafgjcnhmpcfpmgg
ShortcutWithArgument: C:\Users\sstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Torrent Stream.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=icocmgpofpimcojhefbcfbdldkmndpgj
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-08-13 01:30 - 2014-08-13 01:30 - 000073032 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FBAgent.exe
2014-03-25 04:14 - 2014-03-25 04:14 - 000071024 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\DCNTranProc.exe
2017-09-03 01:54 - 2017-08-24 11:27 - 002264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-02-22 23:56 - 2017-02-22 23:56 - 008911560 _____ () C:\Program Files\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-03-18 15:58 - 2017-03-18 15:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-09-04 11:38 - 2017-09-04 19:36 - 000809472 _____ () C:\WINDOWS\TEMP\RAVCPDKXSRV.EXE
2017-03-18 15:59 - 2017-03-18 21:30 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-09-02 08:56 - 2017-09-02 08:57 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-09-02 08:56 - 2017-09-02 08:57 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-09-02 08:56 - 2017-09-02 08:57 - 036162048 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-09-02 08:56 - 2017-09-02 08:57 - 002237952 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\skypert.dll
2017-09-01 22:47 - 2017-08-23 03:48 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libglesv2.dll
2017-09-01 22:47 - 2017-08-23 03:48 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libegl.dll
2017-09-02 08:55 - 2017-09-02 08:55 - 003139496 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11707.1001.23.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-09-02 08:57 - 2017-09-02 08:57 - 010600960 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11707.1001.23.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2017-09-02 08:57 - 2017-09-02 08:57 - 002640896 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11707.1001.23.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2017-09-02 08:58 - 2017-09-02 08:59 - 013259456 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8400.41195.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Core.dll
2017-09-02 08:58 - 2017-09-02 08:59 - 001199816 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8400.41195.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Word.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-07-16 06:47 - 2016-07-16 06:45 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2860598129-2714271170-809102586-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\sstin\Downloads\ws_Aesthetic_Pleasure_1920x1200.jpg
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKU\S-1-5-21-2860598129-2714271170-809102586-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_F770B1572B52412FE1E9BFAED319E841"
HKU\S-1-5-21-2860598129-2714271170-809102586-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-2860598129-2714271170-809102586-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2860598129-2714271170-809102586-1001\...\StartupApproved\Run: => "TunnelBear"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{54A07749-0CCC-4000-A0CA-A4FA82B810BA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{4D0FD53D-B591-4D09-B750-E4838B21EA97}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{7D59C3A3-F920-4C3F-8015-60128327E120}] => (Allow) C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FBAgent.exe
FirewallRules: [{79873342-7168-45C4-A7B0-9CD4B8DC503D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{8528DAEB-53E3-47D0-AC1E-5E47813A8FEF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{EA8D9939-871F-4C41-9FD2-0FC70887DC88}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B16846F1-62C7-4B39-A85A-3A031E6E48EA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{03689C42-2EE5-4ADA-BD3A-BF8BE5569B79}] => (Allow) C:\Users\sstin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{DA56AC2C-16B2-47B2-BE11-BBEEAAAD69C9}] => (Allow) C:\Users\sstin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3FFECB60-3103-4D52-9D26-A5473A101124}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [TCP Query User{43D67830-06BF-467B-A527-7EE463C2ABA1}C:\users\sstin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sstin\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{622419EF-D7CB-4D80-AC6F-082782B72F78}C:\users\sstin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sstin\appdata\roaming\spotify\spotify.exe
FirewallRules: [{6172AE39-A49E-42D4-B927-11E1DB2166D3}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{CDEBB679-FDD2-4B1C-9978-15ECBE9A2B29}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{4F33261B-3D65-475F-A574-0B0724FD5CF3}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{E5F72E48-6DFD-4B02-B34D-E2CFBF58DA3A}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
 
==================== Restore Points =========================
 
02-09-2017 12:23:56 Windows Update
04-09-2017 11:11:58 TunnelBear
04-09-2017 18:26:44 Malwarebytes Anti-Rootkit Restore Point
 
==================== Faulty Device Manager Devices =============
 
Name: TunnelBear Adapter V9
Description: TunnelBear Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TunnelBear Provider V9
Service: tap-tb-0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/04/2017 07:36:07 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.2.11000.2996) TYPE: ERROR MODULE: DPTF TIME 6065 ms
 
DPTF Build Version:  8.2.11000.2996
DPTF Build Date:  Aug 10 2016 11:44:33
Source File:  ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 989
Executing Function:  PolicyBase::takeControlOfOsc
Message:  Passive Policy 2: Failed to acquire OSC: Failure during execution of _OSC: 
DPTF Build Version:  8.2.11000.2996
DPTF Build Date:  Aug 10 2016 11:44:33
Source File:  ..\..\..\Sources\Manager\EsifServices.cpp @ line 472
Executing Function:  EsifServices::primitiveExecuteSet
Message:  Error returned from ESIF services interface function call
Participant:  NoParticipant
Domain:  NoDomain
ESIF Primitive:  SET_OPERATING_SYSTEM_CAPABILITIES [93]
ESIF Instance:  255
ESIF Return Code:  ESIF_E_UNSUPPORTED_ACTION_TYPE [1202]
 
 
Policy:  Passive Policy 2 [0]
 
Error: (09/04/2017 06:31:49 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.2.11000.2996) TYPE: ERROR MODULE: DPTF TIME 8988 ms
 
DPTF Build Version:  8.2.11000.2996
DPTF Build Date:  Aug 10 2016 11:44:33
Source File:  ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 989
Executing Function:  PolicyBase::takeControlOfOsc
Message:  Passive Policy 2: Failed to acquire OSC: Failure during execution of _OSC: 
DPTF Build Version:  8.2.11000.2996
DPTF Build Date:  Aug 10 2016 11:44:33
Source File:  ..\..\..\Sources\Manager\EsifServices.cpp @ line 472
Executing Function:  EsifServices::primitiveExecuteSet
Message:  Error returned from ESIF services interface function call
Participant:  NoParticipant
Domain:  NoDomain
ESIF Primitive:  SET_OPERATING_SYSTEM_CAPABILITIES [93]
ESIF Instance:  255
ESIF Return Code:  ESIF_E_UNSUPPORTED_ACTION_TYPE [1202]
 
 
Policy:  Passive Policy 2 [0]
 
Error: (09/04/2017 01:44:26 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.2.11000.2996) TYPE: ERROR MODULE: DPTF TIME 6191 ms
 
DPTF Build Version:  8.2.11000.2996
DPTF Build Date:  Aug 10 2016 11:44:33
Source File:  ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 989
Executing Function:  PolicyBase::takeControlOfOsc
Message:  Passive Policy 2: Failed to acquire OSC: Failure during execution of _OSC: 
DPTF Build Version:  8.2.11000.2996
DPTF Build Date:  Aug 10 2016 11:44:33
Source File:  ..\..\..\Sources\Manager\EsifServices.cpp @ line 472
Executing Function:  EsifServices::primitiveExecuteSet
Message:  Error returned from ESIF services interface function call
Participant:  NoParticipant
Domain:  NoDomain
ESIF Primitive:  SET_OPERATING_SYSTEM_CAPABILITIES [93]
ESIF Instance:  255
ESIF Return Code:  ESIF_E_UNSUPPORTED_ACTION_TYPE [1202]
 
 
Policy:  Passive Policy 2 [0]
 
Error: (09/04/2017 11:38:13 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.2.11000.2996) TYPE: ERROR MODULE: DPTF TIME 6113 ms
 
DPTF Build Version:  8.2.11000.2996
DPTF Build Date:  Aug 10 2016 11:44:33
Source File:  ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 989
Executing Function:  PolicyBase::takeControlOfOsc
Message:  Passive Policy 2: Failed to acquire OSC: Failure during execution of _OSC: 
DPTF Build Version:  8.2.11000.2996
DPTF Build Date:  Aug 10 2016 11:44:33
Source File:  ..\..\..\Sources\Manager\EsifServices.cpp @ line 472
Executing Function:  EsifServices::primitiveExecuteSet
Message:  Error returned from ESIF services interface function call
Participant:  NoParticipant
Domain:  NoDomain
ESIF Primitive:  SET_OPERATING_SYSTEM_CAPABILITIES [93]
ESIF Instance:  255
ESIF Return Code:  ESIF_E_UNSUPPORTED_ACTION_TYPE [1202]
 
 
Policy:  Passive Policy 2 [0]
 
Error: (09/04/2017 11:27:11 AM) (Source: MsiInstaller) (EventID: 1024) (User: DESKTOP-MB90HII)
Description: Product: Microsoft Office 32-bit Components 2016 - Update '{1C894A72-A611-4A19-B106-0218E3CAC377}' could not be installed. Error code 1642. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (09/04/2017 10:46:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 10.0.15063.447, time stamp: 0xe365c782
Faulting module name: ntdll.dll, version: 10.0.15063.447, time stamp: 0xa329d3a8
Exception code: 0xc0000005
Fault offset: 0x00000000000a8e3d
Faulting process id: 0x9e4
Faulting application start time: 0x01d324db0e5c58ee
Faulting application path: C:\WINDOWS\system32\AUDIODG.EXE
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 989418f8-dbea-4375-a86f-c6abe4f9514e
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/03/2017 12:35:37 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.2.11000.2996) TYPE: ERROR MODULE: DPTF TIME 6326 ms
 
DPTF Build Version:  8.2.11000.2996
DPTF Build Date:  Aug 10 2016 11:44:33
Source File:  ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 989
Executing Function:  PolicyBase::takeControlOfOsc
Message:  Passive Policy 2: Failed to acquire OSC: Failure during execution of _OSC: 
DPTF Build Version:  8.2.11000.2996
DPTF Build Date:  Aug 10 2016 11:44:33
Source File:  ..\..\..\Sources\Manager\EsifServices.cpp @ line 472
Executing Function:  EsifServices::primitiveExecuteSet
Message:  Error returned from ESIF services interface function call
Participant:  NoParticipant
Domain:  NoDomain
ESIF Primitive:  SET_OPERATING_SYSTEM_CAPABILITIES [93]
ESIF Instance:  255
ESIF Return Code:  ESIF_E_UNSUPPORTED_ACTION_TYPE [1202]
 
 
Policy:  Passive Policy 2 [0]
 
Error: (09/03/2017 12:25:06 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.2.11000.2996) TYPE: ERROR MODULE: DPTF TIME 5703 ms
 
DPTF Build Version:  8.2.11000.2996
DPTF Build Date:  Aug 10 2016 11:44:33
Source File:  ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 989
Executing Function:  PolicyBase::takeControlOfOsc
Message:  Passive Policy 2: Failed to acquire OSC: Failure during execution of _OSC: 
DPTF Build Version:  8.2.11000.2996
DPTF Build Date:  Aug 10 2016 11:44:33
Source File:  ..\..\..\Sources\Manager\EsifServices.cpp @ line 472
Executing Function:  EsifServices::primitiveExecuteSet
Message:  Error returned from ESIF services interface function call
Participant:  NoParticipant
Domain:  NoDomain
ESIF Primitive:  SET_OPERATING_SYSTEM_CAPABILITIES [93]
ESIF Instance:  255
ESIF Return Code:  ESIF_E_UNSUPPORTED_ACTION_TYPE [1202]
 
 
Policy:  Passive Policy 2 [0]
 
Error: (09/03/2017 12:22:40 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.2.11000.2996) TYPE: ERROR MODULE: DPTF TIME 6233 ms
 
DPTF Build Version:  8.2.11000.2996
DPTF Build Date:  Aug 10 2016 11:44:33
Source File:  ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 989
Executing Function:  PolicyBase::takeControlOfOsc
Message:  Passive Policy 2: Failed to acquire OSC: Failure during execution of _OSC: 
DPTF Build Version:  8.2.11000.2996
DPTF Build Date:  Aug 10 2016 11:44:33
Source File:  ..\..\..\Sources\Manager\EsifServices.cpp @ line 472
Executing Function:  EsifServices::primitiveExecuteSet
Message:  Error returned from ESIF services interface function call
Participant:  NoParticipant
Domain:  NoDomain
ESIF Primitive:  SET_OPERATING_SYSTEM_CAPABILITIES [93]
ESIF Instance:  255
ESIF Return Code:  ESIF_E_UNSUPPORTED_ACTION_TYPE [1202]
 
 
Policy:  Passive Policy 2 [0]
 
Error: (09/03/2017 12:17:11 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.2.11000.2996) TYPE: ERROR MODULE: DPTF TIME 6272 ms
 
DPTF Build Version:  8.2.11000.2996
DPTF Build Date:  Aug 10 2016 11:44:33
Source File:  ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 989
Executing Function:  PolicyBase::takeControlOfOsc
Message:  Passive Policy 2: Failed to acquire OSC: Failure during execution of _OSC: 
DPTF Build Version:  8.2.11000.2996
DPTF Build Date:  Aug 10 2016 11:44:33
Source File:  ..\..\..\Sources\Manager\EsifServices.cpp @ line 472
Executing Function:  EsifServices::primitiveExecuteSet
Message:  Error returned from ESIF services interface function call
Participant:  NoParticipant
Domain:  NoDomain
ESIF Primitive:  SET_OPERATING_SYSTEM_CAPABILITIES [93]
ESIF Instance:  255
ESIF Return Code:  ESIF_E_UNSUPPORTED_ACTION_TYPE [1202]
 
 
Policy:  Passive Policy 2 [0]
 
 
System errors:
=============
Error: (09/04/2017 07:51:37 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/04/2017 07:39:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Antivirus Service service failed to start due to the following error: 
The requested resource is in use.
 
Error: (09/04/2017 07:36:12 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/04/2017 07:36:12 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/04/2017 07:36:12 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/04/2017 07:36:12 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/04/2017 07:36:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Kingsoft_WPS_UpdateService service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (09/04/2017 07:36:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Kingsoft_WPS_UpdateService service to connect.
 
Error: (09/04/2017 07:36:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error: 
The request is not supported.
 
Error: (09/04/2017 07:35:44 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-MB90HII)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
 
 
CodeIntegrity:
===================================
  Date: 2017-09-04 13:32:28.892
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-09-04 13:32:28.726
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-7500U CPU @ 2.70GHz
Percentage of memory in use: 18%
Total physical RAM: 16268.34 MB
Available physical RAM: 13289.52 MB
Total Virtual: 19212.34 MB
Available Virtual: 16157 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:475.84 GB) (Free:404.68 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 961077FC)

 



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 PM

Posted 05 September 2017 - 08:08 AM

Hi savannahstine :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Follow the instructions in the thread below. Make sure to download the MBAR version linked in it. Let me know if you're not able to launch it and run a scan.

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

If you manage to run a scan, delete everything it finds, and then copy/paste the content of the "mbar-log-TODAY'S-DATE.txt" log that is located in the MBAR folder here after.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 savannahstine

savannahstine
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 06 September 2017 - 09:51 AM

I cannot run MBAR on my computer. The rootkit malware is preventing the DDA driver to be installed and cannot be installed upon reboot. It ran a scan once when I first downloaded it, detected over 1000 items, and then when it rebooted to quarantine the files, I got the blue screen of death and it never worked again. I've tried RKill and IExplore to get the "Resource is in Use" error message, none of my antivirus software is working and the random cpu eating processes that I don't have access to end in Task Manager let me know that this is a rootkit issue. However, I don't know how to get rid of it without MBAR. I've tried Norton PowerScanner, Sophos Virus Remover and other tools. Norton detected issues, but like MBAR failed to delete them upon restarting and now does not work any longer.

 

How do I fix this? It seems to have ever anti-rootkit and anti-virus program blocked and my computer is suffering. I can post any logs you need (the original, only successful MBAR log is quite long). 



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 PM

Posted 06 September 2017 - 12:13 PM

I was expecting MBAR to fail against this variant (known issue), but I always give it a go just in case it somehow manages to load (as it would tell me that something changed in SmartService).

Do you have a USB Flash Drive? If so, how big is it?

Also, follow the instructions below.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located)
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Fix button
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
  • Copy and paste its content in your next reply

Attached Files


animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 savannahstine

savannahstine
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 06 September 2017 - 03:31 PM

Yes, I do have an 8 gig flash. I can probably scrounge around for a 16 gig if I need to.

 

I ran the fixlist:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by sstin (06-09-2017 12:42:49) Run:1
Running from C:\Users\sstin\Desktop
Loaded Profiles: sstin (Available Profiles: sstin & Test)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CMD: bcdedit.exe /set {default} recoveryenabled yes
CMD: dir C:\Windows
CMD: dir C:\Windows\system32\drivers
*****************
 
 
========= bcdedit.exe /set {default} recoveryenabled yes =========
 
The operation completed successfully.
 
========= End of CMD: =========
 
 
========= dir C:\Windows =========
 
 Volume in drive C is OS
 Volume Serial Number is B0A8-37C5
 
 Directory of C:\Windows
 
09/06/2017  12:41 PM    <DIR>          .
09/06/2017  12:41 PM    <DIR>          ..
03/18/2017  04:03 PM    <DIR>          addins
09/04/2017  06:27 PM    <DIR>          appcompat
09/05/2017  11:51 PM    <DIR>          AppPatch
09/06/2017  09:40 AM    <DIR>          AppReadiness
10/21/2016  02:36 AM                25 AsDCDVer.txt
11/07/2016  09:46 PM                28 AsHDIVer.txt
12/27/2016  05:02 AM                59 AsKitVer.txt
04/08/2016  02:27 AM                80 ASOFSVer.txt
01/11/2017  06:09 PM                96 AsPEToolVer.txt
09/06/2017  12:20 AM    <DIR>          assembly
11/20/2016  09:55 PM                55 AsToolCDVer.txt
01/11/2017  08:27 PM    <DIR>          ASUS
03/18/2017  04:03 PM    <DIR>          bcastdvr
07/11/2017  12:40 AM            64,512 bfsvc.exe
03/18/2017  04:03 PM    <DIR>          Boot
03/18/2017  04:03 PM    <DIR>          Branding
09/05/2017  11:52 PM    <DIR>          CbsTemp
01/11/2017  08:30 PM    <DIR>          CSC
11/25/2016  08:46 PM                12 csup.txt
03/18/2017  04:03 PM    <DIR>          Cursors
09/04/2017  02:10 PM    <DIR>          debug
09/02/2017  12:10 AM             7,623 diagerr.xml
03/18/2017  04:03 PM    <DIR>          diagnostics
09/02/2017  12:10 AM             7,623 diagwrn.xml
03/18/2017  09:28 PM    <DIR>          DigitalLocker
10/12/2016  04:12 AM             6,126 DriverCD_Template.txt
03/18/2017  09:28 PM    <DIR>          en-US
09/05/2017  11:50 PM    <DIR>          es-ES
07/11/2017  12:40 AM         4,847,424 explorer.exe
09/05/2017  11:51 PM    <DIR>          fr-FR
03/18/2017  04:03 PM    <DIR>          GameBarPresenceWriter
03/18/2017  04:03 PM    <DIR>          Globalization
09/05/2017  11:51 PM    <DIR>          Help
07/11/2017  12:40 AM           975,360 HelpPane.exe
03/18/2017  03:57 PM            18,432 hh.exe
09/02/2017  12:07 AM    <DIR>          HoloShell
09/05/2017  11:51 PM    <DIR>          IME
09/05/2017  11:51 PM    <DIR>          ImmersiveControlPanel
09/05/2017  11:51 PM    <DIR>          INF
03/18/2017  04:03 PM    <DIR>          InfusedApps
03/18/2017  04:03 PM    <DIR>          InputMethod
03/18/2017  04:03 PM    <DIR>          L2Schemas
09/05/2017  12:42 AM    <DIR>          LiveKernelReports
01/11/2017  09:02 PM    <DIR>          Log
09/06/2017  12:01 AM    <DIR>          Logs
09/06/2017  01:42 AM       695,338,801 MEMORY.DMP
03/18/2017  03:57 PM            43,131 mib.bin
09/06/2017  12:20 AM    <DIR>          Microsoft.NET
03/18/2017  04:03 PM    <DIR>          Migration
09/06/2017  01:42 AM    <DIR>          Minidump
09/05/2017  03:16 AM    <DIR>          MiracastView
03/18/2017  04:03 PM    <DIR>          ModemLogs
03/18/2017  03:58 PM           246,784 notepad.exe
03/18/2017  09:30 PM    <DIR>          OCR
03/18/2017  04:03 PM    <DIR>          Offline Web Pages
09/04/2017  02:10 PM    <DIR>          Panther
09/04/2017  11:24 AM    <DIR>          PCHEALTH
03/18/2017  04:03 PM    <DIR>          Performance
09/06/2017  10:44 AM            11,848 PFRO.log
03/18/2017  04:03 PM    <DIR>          PLA
09/05/2017  11:51 PM    <DIR>          PolicyDefinitions
09/06/2017  12:42 PM    <DIR>          Prefetch
09/05/2017  03:16 AM    <DIR>          PrintDialog
03/18/2017  03:59 PM            34,774 Professional.xml
09/01/2017  11:15 PM                36 progress.ini
07/11/2017  12:42 AM    <DIR>          Provisioning
03/18/2017  03:57 PM           321,024 regedit.exe
09/02/2017  12:09 AM    <DIR>          Registration
03/18/2017  09:31 PM    <DIR>          RemotePackages
09/06/2017  12:01 AM    <DIR>          rescache
03/18/2017  04:03 PM    <DIR>          Resources
09/07/2016  02:33 AM         2,839,520 RtlExUpd.dll
03/18/2017  04:03 PM    <DIR>          SchCache
03/18/2017  09:31 PM    <DIR>          schemas
03/18/2017  09:31 PM    <DIR>          security
09/01/2017  11:58 PM    <DIR>          ServiceProfiles
09/05/2017  11:51 PM    <DIR>          servicing
09/02/2017  02:56 AM    <DIR>          Setup
09/02/2017  02:56 AM    <DIR>          ShellExperiences
09/04/2017  11:24 AM    <DIR>          SHELLNEW
03/18/2017  09:29 PM    <DIR>          SKB
09/02/2017  12:10 AM    <DIR>          SoftwareDistribution
03/18/2017  04:03 PM    <DIR>          Speech
03/18/2017  04:03 PM    <DIR>          Speech_OneCore
03/18/2017  03:58 PM           130,560 splwow64.exe
03/18/2017  04:03 PM    <DIR>          System
07/16/2016  06:45 AM               219 system.ini
09/06/2017  01:46 AM    <DIR>          System32
03/18/2017  09:31 PM    <DIR>          SystemApps
03/18/2017  09:31 PM    <DIR>          SystemResources
09/02/2017  11:21 PM    <DIR>          SysWOW64
03/18/2017  04:03 PM    <DIR>          TAPI
09/02/2017  12:07 AM    <DIR>          Tasks
09/06/2017  12:40 PM    <DIR>          Temp
03/18/2017  04:03 PM    <DIR>          tracing
03/18/2017  04:03 PM    <DIR>          twain_32
03/18/2017  03:58 PM            65,536 twain_32.dll
03/18/2017  04:03 PM    <DIR>          Vss
03/18/2017  04:03 PM    <DIR>          Web
09/04/2017  11:29 AM               167 win.ini
09/06/2017  10:44 AM               275 WindowsUpdate.log
03/18/2017  03:58 PM            10,240 winhlp32.exe
09/05/2017  11:52 PM    <DIR>          WinSxS
03/18/2017  03:56 PM           316,640 WMSysPr9.prx
03/18/2017  03:58 PM            11,264 write.exe
              30 File(s)    705,298,274 bytes
              77 Dir(s)  428,610,162,688 bytes free
 
========= End of CMD: =========
 
 
========= dir C:\Windows\system32\drivers =========
 
 Volume in drive C is OS
 Volume Serial Number is B0A8-37C5
 
 Directory of C:\Windows\system32\drivers
 
09/06/2017  10:43 AM    <DIR>          .
09/06/2017  10:43 AM    <DIR>          ..
09/04/2017  06:32 PM           253,888 0B4F4AC0.sys
09/04/2017  06:32 PM           253,888 137A4A99.sys
03/18/2017  03:56 PM           238,080 1394ohci.sys
09/04/2017  06:34 PM           192,216 15C44C27.sys
09/03/2017  12:17 PM           253,888 1C005D9A.sys
09/04/2017  06:34 PM           192,216 273F4CA0.sys
09/06/2017  01:41 AM           253,888 28F16168.sys
09/08/2016  10:19 PM           597,935 370b12060002340e00.bseq
09/08/2016  10:19 PM           580,688 370b12060002340e00.sfi
09/08/2016  10:19 PM                57 370b1223002e221000.bseq
03/18/2017  03:56 PM           107,424 3ware.sys
09/04/2017  11:38 AM           253,888 6BF90DE9.sys
09/02/2017  02:55 AM           723,360 acpi.sys
03/18/2017  03:56 PM            20,480 AcpiDev.sys
03/18/2017  03:56 PM           127,392 acpiex.sys
03/18/2017  03:56 PM            12,800 acpipagr.sys
03/18/2017  03:56 PM            14,848 acpipmi.sys
03/18/2017  03:56 PM            14,336 acpitime.sys
03/18/2017  03:56 PM         1,135,512 adp80xx.sys
03/18/2017  03:57 PM           610,712 afd.sys
03/18/2017  03:58 PM           108,544 agilevpn.sys
03/18/2017  03:57 PM           239,616 ahcache.sys
02/23/2016  04:54 PM            22,656 AiCharger.sys
03/18/2017  03:56 PM           176,640 amdk8.sys
03/18/2017  03:56 PM           172,544 amdppm.sys
03/18/2017  03:56 PM            83,352 amdsata.sys
03/18/2017  03:56 PM           259,488 amdsbs.sys
03/18/2017  03:56 PM            27,040 amdxata.sys
03/18/2017  03:58 PM           184,736 appid.sys
03/18/2017  03:58 PM            17,920 applockerfltr.sys
03/18/2017  09:30 PM           127,904 AppVStrm.sys
03/18/2017  09:30 PM           161,696 AppvVemgr.sys
03/18/2017  09:30 PM           143,776 AppvVfs.sys
03/18/2017  03:56 PM           132,000 arcsas.sys
08/19/2015  05:53 AM            27,872 AsHIDSwitch64.sys
04/27/2016  04:34 AM            36,696 ASMMAP64.sys
12/22/2016  07:54 PM            30,200 AsusHFilter.sys
07/13/2016  07:57 PM            97,784 AsusPTPFilter.sys
03/18/2017  03:57 PM            28,672 asyncmac.sys
03/18/2017  03:56 PM            29,088 atapi.sys
03/18/2017  03:56 PM           194,464 ataport.sys
03/18/2017  03:56 PM            57,344 BasicDisplay.sys
07/11/2017  12:40 AM            35,840 BasicRender.sys
03/18/2017  03:56 PM            36,256 battc.sys
03/18/2017  03:56 PM             9,728 bcmfn2.sys
03/18/2017  03:57 PM            10,240 beep.sys
03/18/2017  03:56 PM           101,888 bowser.sys
09/02/2017  02:55 AM           115,712 bridge.sys
09/02/2017  12:18 AM            37,208 bsitf.sys
03/18/2017  03:56 PM            23,552 BtaMPM.sys
03/18/2017  03:56 PM            43,520 BthAvrcpTg.sys
09/02/2017  02:55 AM           105,472 bthenum.sys
09/02/2017  02:55 AM            97,792 bthhfenum.sys
03/18/2017  03:56 PM            32,256 BthhfHid.sys
03/18/2017  03:56 PM            66,560 bthmodem.sys
07/11/2017  12:40 AM           130,048 bthpan.sys
09/02/2017  02:55 AM           982,016 bthport.sys
03/18/2017  03:56 PM            85,504 BTHUSB.SYS
03/18/2017  03:56 PM            39,424 buttonconverter.sys
03/18/2017  03:56 PM           533,920 bxvbda.sys
03/18/2017  03:56 PM            53,664 CAD.sys
03/18/2017  03:56 PM           122,880 capimg.sys
03/18/2017  03:57 PM            93,184 cdfs.sys
03/18/2017  03:56 PM           160,256 cdrom.sys
03/18/2017  03:57 PM            77,216 CEA.sys
03/18/2017  03:56 PM           102,816 cht4dx64.sys
03/18/2017  03:56 PM           347,032 cht4sx64.sys
03/18/2017  03:56 PM         2,104,224 cht4vx64.sys
03/18/2017  03:56 PM            49,152 circlass.sys
03/18/2017  03:57 PM           391,584 Classpnp.sys
03/18/2017  03:58 PM            12,288 cldflt.sys
09/02/2017  02:55 AM           382,368 clfs.sys
03/18/2017  03:58 PM           877,472 ClipSp.sys
03/18/2017  03:56 PM            30,208 CmBatt.sys
03/18/2017  03:56 PM            28,064 cmimcext.sys
03/18/2017  03:58 PM           642,688 cng.sys
03/18/2017  03:57 PM            39,840 cnghwassist.sys
03/18/2017  03:57 PM            56,224 condrv.sys
03/18/2017  03:57 PM            86,432 crashdmp.sys
03/18/2017  09:30 PM           559,104 csc.sys
07/11/2017  12:40 AM           112,544 dam.sys
03/18/2017  03:56 PM            45,568 devauthe.sys
03/18/2017  03:57 PM           150,528 dfsc.sys
03/18/2017  03:56 PM           102,816 disk.sys
03/18/2017  03:58 PM            38,816 Diskdump.sys
03/18/2017  03:57 PM            15,360 Dmpusbstor.sys
03/18/2017  03:56 PM            47,104 dmvsc.sys
10/02/2016  08:38 PM            71,232 dptf_acpi.sys
10/02/2016  08:38 PM            66,624 dptf_cpu.sys
03/18/2017  03:56 PM            97,280 drmk.sys
03/18/2017  03:56 PM            16,232 drmkaud.sys
03/18/2017  03:57 PM            35,744 Dumpata.sys
03/18/2017  03:59 PM            91,152 dumpfve.sys
07/11/2017  12:40 AM           188,824 dumpsd.sys
03/18/2017  03:58 PM            32,256 dumpsdport.sys
03/18/2017  03:57 PM            25,600 Dumpstorport.sys
09/02/2017  02:55 AM         2,444,704 dxgkrnl.sys
07/11/2017  12:40 AM           409,504 dxgmms1.sys
09/02/2017  02:55 AM           712,600 dxgmms2.sys
03/18/2017  03:57 PM            88,992 EhStorClass.sys
03/18/2017  03:56 PM           119,200 EhStorTcgDrv.sys
03/18/2017  09:31 PM    <DIR>          en-US
03/18/2017  03:56 PM            13,824 errdev.sys
09/05/2017  11:50 PM    <DIR>          es-ES
10/02/2016  08:38 PM           350,272 esif_lf.sys
09/02/2017  12:06 AM    <DIR>          etc
03/18/2017  03:56 PM         3,419,040 evbda.sys
03/18/2017  03:57 PM           347,136 exfat.sys
03/25/2014  04:14 AM            25,144 farmntio.sys
07/11/2017  12:40 AM           363,424 fastfat.sys
03/18/2017  03:56 PM            32,768 fdc.sys
03/18/2017  03:56 PM            54,272 filecrypt.sys
03/18/2017  03:57 PM            86,432 fileinfo.sys
03/18/2017  03:57 PM            36,864 filetrace.sys
03/18/2017  03:56 PM            26,624 flpydisk.sys
03/18/2017  03:57 PM           386,464 fltMgr.sys
09/05/2017  11:51 PM    <DIR>          fr-FR
03/18/2017  03:56 PM            63,904 fsdepends.sys
03/18/2017  03:57 PM            33,688 fs_rec.sys
09/02/2017  02:55 AM           715,168 fvevol.sys
03/18/2017  03:57 PM           419,744 FWPKCLNT.SYS
03/18/2017  03:56 PM            21,504 genericusbfn.sys
03/18/2017  03:57 PM         3,440,660 gm.dls
03/18/2017  03:57 PM               646 gmreadme.txt
03/18/2017  03:58 PM             8,192 gpuenergydrv.sys
07/11/2017  12:40 AM            86,528 hdaudbus.sys
03/18/2017  03:56 PM            38,296 hidbatt.sys
03/18/2017  03:56 PM           106,496 hidbth.sys
03/18/2017  03:56 PM           180,736 hidclass.sys
03/18/2017  03:56 PM            52,224 hidi2c.sys
03/18/2017  03:56 PM            51,104 hidinterrupt.sys
03/18/2017  03:56 PM            46,592 hidir.sys
03/18/2017  03:56 PM            40,960 hidparse.sys
03/18/2017  03:56 PM            40,960 hidusb.sys
03/18/2017  03:56 PM            64,416 HpSAMD.sys
07/11/2017  12:40 AM         1,106,848 http.sys
03/18/2017  03:57 PM            74,648 hvservice.sys
03/18/2017  03:56 PM           118,688 hvsocket.sys
03/18/2017  03:57 PM            29,600 hwpolicy.sys
03/18/2017  03:56 PM            16,896 hyperkbd.sys
03/18/2017  03:56 PM           115,200 i8042prt.sys
03/18/2017  03:56 PM            33,280 iagpio.sys
03/18/2017  03:56 PM            81,408 iai2c.sys
03/18/2017  03:56 PM            70,656 iaLPSS2i_GPIO2.sys
03/18/2017  03:56 PM            85,504 iaLPSS2i_GPIO2_BXT_P.sys
03/18/2017  03:56 PM           165,376 iaLPSS2i_I2C.sys
03/18/2017  03:56 PM           168,448 iaLPSS2i_I2C_BXT_P.sys
03/18/2017  03:56 PM            38,128 iaLPSSi_GPIO.sys
03/18/2017  03:56 PM           113,152 iaLPSSi_I2C.sys
03/18/2017  03:56 PM           673,184 iaStorAV.sys
03/18/2017  03:56 PM           412,064 iaStorV.sys
03/18/2017  03:56 PM           526,240 ibbus.sys
10/15/2016  12:29 AM           732,416 ibtusb.sys
09/04/2017  06:27 PM            79,064 imofugc.sys
03/18/2017  03:58 PM            36,864 IndirectKmd.sys
10/07/2016  10:25 AM           822,248 IntcDAud.sys
03/18/2017  03:56 PM            19,360 intelide.sys
05/17/2016  12:48 AM            18,720 IntelMEFWVer.dll
03/18/2017  03:56 PM            74,840 intelpep.sys
03/18/2017  03:56 PM           193,536 intelppm.sys
03/18/2017  03:57 PM            49,568 iorate.sys
03/18/2017  03:57 PM            87,040 ipfltdrv.sys
03/18/2017  03:56 PM            92,064 IPMIDrv.sys
03/18/2017  03:58 PM           214,528 ipnat.sys
03/18/2017  03:57 PM           120,320 irda.sys
03/18/2017  03:57 PM            19,968 irenum.sys
03/18/2017  03:56 PM            22,944 isapnp.sys
03/18/2017  03:56 PM            64,416 kbdclass.sys
03/18/2017  03:56 PM            40,448 kbdhid.sys
03/18/2017  03:56 PM            23,040 kdnic.sys
03/18/2017  03:58 PM           390,144 ks.sys
03/18/2017  03:57 PM           136,088 ksecdd.sys
03/18/2017  03:58 PM           170,912 ksecpkg.sys
07/11/2017  12:40 AM            27,136 ksthunk.sys
03/18/2017  03:58 PM            66,560 lltdio.sys
03/18/2017  03:56 PM           108,960 lsi_sas.sys
03/18/2017  03:56 PM           123,808 lsi_sas2i.sys
03/18/2017  03:56 PM           103,328 lsi_sas3i.sys
03/18/2017  03:56 PM            82,848 lsi_sss.sys
03/18/2017  03:57 PM           124,928 luafv.sys
03/18/2017  03:56 PM           405,408 mausbhost.sys
03/18/2017  03:56 PM            51,104 mausbip.sys
08/24/2017  11:27 AM            77,440 mbae64.sys
03/18/2017  03:57 PM            23,552 mcd.sys
03/18/2017  03:56 PM            59,808 megasas.sys
03/18/2017  03:56 PM            64,416 MegaSas2i.sys
03/18/2017  03:56 PM           575,904 megasr.sys
09/02/2017  02:55 AM            97,280 Microsoft.Bluetooth.Legacy.LEEnumerator.sys
03/18/2017  03:56 PM           842,656 mlx4_bus.sys
03/18/2017  03:57 PM            50,688 mmcss.sys
03/18/2017  03:57 PM            42,496 modem.sys
03/18/2017  03:56 PM            39,424 monitor.sys
03/18/2017  03:56 PM            60,320 mouclass.sys
03/18/2017  03:56 PM            33,280 mouhid.sys
03/18/2017  03:57 PM           105,880 mountmgr.sys
03/18/2017  03:58 PM            76,800 mpsdrv.sys
03/18/2017  03:57 PM           144,384 mrxdav.sys
03/18/2017  03:57 PM           467,352 mrxsmb.sys
07/11/2017  12:41 AM           285,696 mrxsmb10.sys
07/11/2017  12:40 AM           228,256 mrxsmb20.sys
03/18/2017  03:57 PM            31,744 msfs.sys
07/16/2016  06:42 AM                 3 MsftWdf_Kernel_01019_Inbox_Critical.Wdf
03/18/2017  03:57 PM           169,888 msgpioclx.sys
03/18/2017  03:56 PM            49,056 msgpiowin32.sys
03/18/2017  03:57 PM             8,704 mshidkmdf.sys
03/18/2017  03:57 PM            12,288 mshidumdf.sys
09/06/2017  10:44 AM            81,696 msidntfs.sys
03/18/2017  03:56 PM            19,352 msisadrv.sys
09/02/2017  02:55 AM           279,968 msiscsi.sys
07/11/2017  12:40 AM            32,768 mskssrv.sys
03/18/2017  03:57 PM            83,456 mslldp.sys
03/18/2017  03:58 PM            10,752 mspclock.sys
03/18/2017  03:58 PM            10,752 mspqm.sys
03/18/2017  03:57 PM           367,000 msrpc.sys
03/18/2017  09:31 PM           230,816 mssecflt.sys
03/18/2017  03:56 PM            44,960 mssmbios.sys
03/18/2017  03:58 PM            12,800 mstee.sys
03/18/2017  03:56 PM            16,896 MTConfig.sys
03/18/2017  03:57 PM           123,808 mup.sys
03/18/2017  03:56 PM            63,904 mvumis.sys
03/18/2017  03:56 PM           108,960 ndfltr.sys
09/06/2017  10:43 AM           113,488 ndiruxbe.sys
07/11/2017  12:40 AM         1,242,528 ndis.sys
03/18/2017  03:57 PM            50,688 ndiscap.sys
03/18/2017  03:57 PM           128,512 NdisImPlatform.sys
03/18/2017  03:58 PM            27,136 ndistapi.sys
03/18/2017  03:58 PM            65,536 ndisuio.sys
03/18/2017  03:57 PM            20,992 NdisVirtualBus.sys
03/18/2017  03:58 PM           192,000 ndiswan.sys
03/18/2017  03:58 PM            62,464 ndproxy.sys
03/18/2017  03:58 PM           127,488 Ndu.sys
03/18/2017  03:57 PM           122,368 NetAdapterCx.sys
03/18/2017  03:57 PM            57,760 netbios.sys
03/18/2017  03:57 PM           305,152 netbt.sys
07/11/2017  12:40 AM           519,584 netio.sys
07/11/2017  12:40 AM           118,784 netvsc.sys
12/19/2016  01:52 PM         9,940,860 Netwfw04.dat
12/19/2016  05:56 PM         7,918,840 Netwtw04.sys
03/18/2017  03:57 PM            69,120 npfs.sys
03/18/2017  03:56 PM            27,136 npsvctrig.sys
03/18/2017  03:57 PM            41,984 nsiproxy.sys
09/02/2017  02:55 AM         2,327,456 ntfs.sys
03/18/2017  03:57 PM            20,376 ntosext.sys
03/18/2017  03:57 PM             7,680 null.sys
03/18/2017  03:56 PM            80,896 nvdimmn.sys
03/18/2017  03:56 PM           150,432 nvraid.sys
03/18/2017  03:56 PM           166,304 nvstor.sys
03/18/2017  03:58 PM           549,888 nwifi.sys
03/18/2017  03:57 PM           152,992 pacer.sys
03/18/2017  03:56 PM            97,792 parport.sys
03/18/2017  03:57 PM           159,648 partmgr.sys
03/18/2017  03:56 PM           353,696 pci.sys
03/18/2017  03:56 PM            16,800 pciide.sys
03/18/2017  03:56 PM            53,656 pciidex.sys
03/18/2017  03:56 PM           120,224 pcmcia.sys
03/18/2017  03:57 PM            52,640 pcw.sys
07/11/2017  12:40 AM           117,664 pdc.sys
03/18/2017  03:58 PM           741,376 PEAuth.sys
03/18/2017  03:56 PM            58,784 percsas2i.sys
03/18/2017  03:56 PM            61,848 percsas3i.sys
03/18/2017  03:56 PM           101,376 pmem.sys
03/18/2017  03:56 PM           373,248 portcls.sys
03/18/2017  03:56 PM           172,032 processr.sys
03/18/2017  03:57 PM            49,664 qwavedrv.sys
03/18/2017  03:57 PM            17,920 rasacd.sys
03/18/2017  03:58 PM           107,008 rasl2tp.sys
03/18/2017  03:57 PM            81,920 raspppoe.sys
03/18/2017  03:58 PM            97,792 raspptp.sys
03/18/2017  03:58 PM            79,872 rassstp.sys
03/18/2017  03:57 PM           434,080 rdbss.sys
03/18/2017  09:31 PM            27,136 rdpbus.sys
03/18/2017  09:30 PM           183,296 rdpdr.sys
03/18/2017  09:30 PM            30,624 rdpvideominiport.sys
03/18/2017  03:57 PM           282,528 rdyboost.sys
03/18/2017  03:57 PM         1,735,584 refs.sys
03/18/2017  03:57 PM           936,864 refsv1.sys
03/18/2017  03:57 PM            14,336 registry.sys
09/02/2017  02:55 AM           180,736 rfcomm.sys
03/18/2017  03:56 PM            40,960 RfxVmt.sys
03/18/2017  03:57 PM           150,016 rmcast.sys
03/18/2017  03:57 PM            34,816 RNDISMP.sys
07/11/2017  12:40 AM            13,312 rootmdm.sys
03/18/2017  03:58 PM            82,432 rspndr.sys
10/03/2016  07:24 PM         7,195,815 RTAIODAT.DAT
10/03/2016  07:24 PM         1,920,820 rtkSSTsetting.dat
10/03/2016  07:24 PM         5,341,224 RTKVHD64.sys
10/03/2016  07:24 PM         5,804,772 rtvienna.dat
03/18/2017  03:56 PM           110,496 sbp2port.sys
03/18/2017  03:57 PM            43,520 scfilter.sys
03/18/2017  03:56 PM            91,040 scmbus.sys
03/18/2017  03:57 PM           175,520 scsiport.sys
07/11/2017  12:40 AM           287,648 sdbus.sys
03/18/2017  03:56 PM            31,128 SDFRd.sys
03/18/2017  03:56 PM            98,208 sdport.sys
03/18/2017  03:56 PM            94,624 sdstor.sys
03/18/2017  03:57 PM            75,680 SerCx.sys
03/18/2017  03:57 PM           154,016 SerCx2.sys
03/18/2017  03:56 PM            26,112 serenum.sys
03/18/2017  03:56 PM            84,480 serial.sys
03/18/2017  03:56 PM            28,672 sermouse.sys
08/25/2016  08:44 AM         7,298,312 SET550A.tmp
10/03/2016  09:23 PM           819,176 SETDFF9.tmp
03/18/2017  03:56 PM            18,432 sfloppy.sys
03/18/2017  03:56 PM            44,960 sisraid2.sys
03/18/2017  03:56 PM            81,824 sisraid4.sys
03/18/2017  03:58 PM            32,672 SleepStudyHelper.sys
03/18/2017  03:57 PM            21,504 smclib.sys
09/06/2017  01:41 AM             1,488 SMR501.dat
03/18/2017  03:56 PM           167,328 spacedump.sys
03/18/2017  03:56 PM           587,168 spaceport.sys
03/18/2017  09:31 PM            40,352 SpatialGraphFilter.sys
03/18/2017  03:57 PM            80,288 SpbCx.sys
07/11/2017  12:41 AM           414,208 srv.sys
07/11/2017  12:40 AM           722,944 srv2.sys
03/18/2017  03:57 PM           255,488 srvnet.sys
03/18/2017  03:56 PM            31,136 stexstor.sys
07/11/2017  12:40 AM           144,288 storahci.sys
03/18/2017  03:56 PM            95,648 stornvme.sys
07/11/2017  12:40 AM           546,208 storport.sys
03/18/2017  03:58 PM            79,872 storqosflt.sys
03/18/2017  03:56 PM            36,760 storufs.sys
03/18/2017  03:56 PM            36,768 storvsc.sys
03/18/2017  03:57 PM            75,776 stream.sys
03/18/2017  03:56 PM            18,336 swenum.sys
03/18/2017  03:56 PM            64,512 Synth3dVsc.sys
06/13/2017  05:55 PM            38,656 tap-tb-0901.sys
04/21/2016  04:10 AM            27,136 tap0901.sys
03/18/2017  03:57 PM            31,232 tape.sys
03/18/2017  03:57 PM            28,064 tbs.sys
09/02/2017  02:55 AM         2,679,200 tcpip.sys
03/18/2017  03:57 PM            51,712 tcpipreg.sys
03/18/2017  03:57 PM            40,352 tdi.sys
09/02/2017  02:55 AM           119,712 tdx.sys
04/14/2016  05:37 AM           202,848 TeeDriverW8x64.sys
03/18/2017  09:31 PM            37,280 terminpt.sys
07/11/2017  12:40 AM           130,464 tm.sys
07/11/2017  12:40 AM           219,040 tpm.sys
03/18/2017  03:56 PM            61,440 TsUsbFlt.sys
03/18/2017  03:56 PM            35,328 TsUsbGD.sys
03/18/2017  09:30 PM           125,952 tsusbhub.sys
03/18/2017  03:58 PM           162,304 tunnel.sys
03/18/2017  03:56 PM            78,752 uaspstor.sys
03/18/2017  03:58 PM           104,448 UcmCx.sys
03/18/2017  03:58 PM           179,200 UcmTcpciCx.sys
09/02/2017  02:55 AM            51,712 UcmUcsi.sys
03/18/2017  03:56 PM           213,920 Ucx01000.sys
03/18/2017  03:56 PM            45,568 Udecx.sys
03/18/2017  03:57 PM           324,096 udfs.sys
03/18/2017  03:56 PM            29,600 uefi.sys
03/18/2017  09:31 PM            40,344 UevAgentDriver.sys
03/18/2017  03:58 PM           263,584 ufx01000.sys
03/18/2017  03:56 PM            98,712 UfxChipidea.sys
03/18/2017  03:56 PM           138,656 ufxsynopsys.sys
03/18/2017  03:56 PM            57,856 umbus.sys
09/05/2017  11:51 PM    <DIR>          UMDF
03/18/2017  03:56 PM            14,336 umpass.sys
03/18/2017  03:56 PM            29,600 urschipidea.sys
03/18/2017  03:58 PM            59,288 urscx01000.sys
03/18/2017  03:56 PM            28,064 urssynopsys.sys
03/18/2017  03:57 PM            23,040 usb8023.sys
03/18/2017  03:57 PM            37,888 USBCAMD2.sys
03/18/2017  03:56 PM           173,984 usbccgp.sys
03/18/2017  03:56 PM           103,424 usbcir.sys
03/18/2017  03:56 PM            32,160 usbd.sys
03/18/2017  03:56 PM            98,200 usbehci.sys
03/18/2017  03:56 PM           511,904 usbhub.sys
09/02/2017  02:55 AM           554,400 USBHUB3.SYS
03/18/2017  03:56 PM            30,720 usbohci.sys
03/18/2017  03:56 PM           466,336 usbport.sys
03/18/2017  03:56 PM            27,136 usbprint.sys
03/18/2017  03:56 PM            32,768 usbrpm.sys
03/18/2017  03:56 PM            71,680 usbser.sys
03/18/2017  03:56 PM           131,488 USBSTOR.SYS
03/18/2017  03:56 PM            35,328 usbuhci.sys
07/11/2017  12:40 AM           264,192 usbvideo.sys
07/11/2017  12:40 AM           388,000 USBXHCI.SYS
03/18/2017  03:56 PM            54,176 vdrvroot.sys
03/18/2017  03:57 PM           215,456 VerifierExt.sys
07/11/2017  12:40 AM           730,016 vhdmp.sys
03/18/2017  03:56 PM            35,328 vhf.sys
03/18/2017  03:57 PM            49,664 videoprt.sys
09/02/2017  02:55 AM            82,336 vmbkmcl.sys
09/02/2017  02:55 AM            83,968 vmbkmclr.sys
03/18/2017  03:56 PM           107,424 vmbus.sys
03/18/2017  03:56 PM            25,088 VMBusHID.sys
03/18/2017  03:56 PM            13,824 vmgencounter.sys
03/18/2017  03:56 PM            10,240 vmgid.sys
03/18/2017  03:56 PM             9,216 vms3cap.sys
03/18/2017  03:56 PM            47,520 vmstorfl.sys
03/18/2017  03:56 PM            83,360 volmgr.sys
03/18/2017  03:57 PM           373,664 volmgrx.sys
03/18/2017  03:57 PM           397,216 volsnap.sys
03/18/2017  03:56 PM            16,288 volume.sys
03/18/2017  03:56 PM            74,656 vpci.sys
03/18/2017  03:56 PM           166,816 vsmraid.sys
03/18/2017  03:56 PM           305,568 VSTXRAID.SYS
03/18/2017  03:58 PM            27,136 vwifibus.sys
03/18/2017  03:58 PM            77,312 vwififlt.sys
03/18/2017  03:58 PM            41,472 vwifimp.sys
03/18/2017  03:56 PM            30,720 wacompen.sys
03/18/2017  03:58 PM            81,408 wanarp.sys
03/18/2017  03:57 PM            55,808 watchdog.sys
07/11/2017  12:40 AM           142,752 wcifs.sys
03/18/2017  03:57 PM            72,192 wcnfs.sys
03/18/2017  03:56 PM            44,632 WdBoot.sys
03/18/2017  03:57 PM           902,376 Wdf01000.sys
03/18/2017  03:56 PM           294,816 WdFilter.sys
03/18/2017  03:57 PM            61,672 WdfLdr.sys
07/11/2017  12:40 AM           757,248 WdiWiFi.sys
03/18/2017  03:56 PM           121,248 WdNisDrv.sys
03/18/2017  03:57 PM            46,488 werkernel.sys
03/18/2017  03:57 PM           164,768 wfplwfs.sys
03/18/2017  03:57 PM            35,744 wimmount.sys
03/18/2017  03:58 PM            70,232 WindowsTrustedRT.sys
03/18/2017  03:56 PM            18,520 WindowsTrustedRTProxy.sys
03/18/2017  03:56 PM            31,648 winhv.sys
03/18/2017  03:57 PM            55,296 winhvr.sys
03/18/2017  03:56 PM            32,160 winmad.sys
03/18/2017  03:58 PM           217,088 winnat.sys
03/18/2017  03:56 PM            90,112 winusb.sys
03/18/2017  03:56 PM            64,920 winverbs.sys
03/18/2017  03:56 PM            18,432 wmiacpi.sys
03/18/2017  03:57 PM            20,384 wmilib.sys
03/18/2017  03:57 PM           208,288 wof.sys
03/18/2017  03:59 PM            30,624 WpdUpFltr.sys
03/18/2017  03:57 PM            33,184 WppRecorder.sys
03/18/2017  03:57 PM            23,552 ws2ifsl.sys
03/18/2017  03:57 PM           100,864 WUDFPf.sys
03/18/2017  03:57 PM           220,672 WUDFRd.sys
07/11/2017  12:40 AM           277,504 xboxgip.sys
03/18/2017  03:56 PM            46,592 xinputhid.sys
             426 File(s)    126,815,192 bytes
               7 Dir(s)  428,610,129,920 bytes free
 
========= End of CMD: =========
 
 
==== End of Fixlog 12:42:49 ====


#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 PM

Posted 06 September 2017 - 06:25 PM

Just so you know, the infection most likely came from one of the Office crack you downloaded. These programs are illegal to use, but they are also one of the best way to end up infected just like you did. You might want to keep that in mind for the future :)

Now, here's the fun part.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Recovery Environment Scan
Follow the instructions below to download and execute a scan on your system with FRST from the Recovery Environment, and provide the logs in your next reply.

Item(s) required:
  • USB Flash Drive (size depend on if you have to create a USB Recovery or Installation media)
  • CD/DVD (optional: only needed if you need to create a Recovery or Installation media and your USB Flash Drive is too small)
  • Another computer (optional: only needed if you cannot work from the infected computer directly)
Preparing the USB Flash Drive
  • Download the right version of FRST for your system:
  • Move the executable (FRST.exe or FRST64.exe) on your USB Flash Drive
  • Download the attached fixlist.txt, and move it on your USB Flash Drive as well
Boot in the Recovery Environment
  • Plug your USB Flash Drive in the infected computer
  • To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below:
    • Restart the computer
    • Once you've seen your BIOS splashscreen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears
    • Use the arrow keys to select Repair your computer, and press on Enter
    • Select your keyboard layout (US, French, etc.) and click on Next
    • Click on Command Prompt to open the command prompt
      Note: If you can't access the Recovery Environment using the F8 method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on SevenForums.
  • To enter the Recovery Environment with Windows 8 or Windows 8.1, follow the instructions in this tutorial on EightForums
    Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial.
  • To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums
    Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums.
Once in the command prompt
  • In the command prompt, type notepad and press on Enter
  • Notepad will open. Click on the File menu and select Open
  • Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad
  • In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter
  • Note: Replace the letter e with the drive letter of your USB Flash Drive
  • FRST will open
  • Click on Yes to accept the disclaimer
  • Click on the Fix button and wait for the scan to complete
  • A log called fixlog.txt will be saved on your USB Flash Drive. Attach it in your next reply

Attached Files


animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 savannahstine

savannahstine
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 06 September 2017 - 10:04 PM

Getting into advanced boot systems is very difficult. The rootkit has disabled my ability to get into the advanced boot options it seems. I have tried pressing f8, shift+restart, command prompt, settings and no luck. I can't reset my computer or recover through settings either. However, I did manage to hard reboot my system enough times and crash it to get the advanced options button to appear. Once I did that, I ran command prompt like you asked, but my flash drive was not available under My PC with the rest of the drives. I had nothing to do but restart my computer again and try my luck one more time, but I was unable to crash my OS again. What do I do? I cannot get into the recovery mode. 

 

Also, my computer doesn't have a disk drive so that's out of the question. I have no other computers running windows 8 but one running windows 10. 



#8 savannahstine

savannahstine
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 06 September 2017 - 10:28 PM

Update: just got farbar to scan. Here is the log: 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by SYSTEM (06-09-2017 22:24:33) Run:2
Running from D:\
Boot Mode: Recovery
==============================================
 
fixlist content:
*****************
S2 0232961504458830mcinstcleanup; C:\Users\sstin\AppData\Local\Temp\023296~1.EXE -cleanup -nolog [X] <==== ATTENTION
 
C:\Program Files (x86)\PxpAtYqel0NV Updater
C:\ProgramData\ntuser.pol
C:\Users\sstin\Desktop\Office Professional Plus 2016 July 2017 x64
C:\Users\sstin\Desktop\Office Professional Plus 2016 July 2017 x64.zip
C:\Users\sstin\Downloads\Microsoft Office Pro Plus 2016 v16.0.4549.1000 (x86+x64) July 2017 + Activator [CracksNow]
C:\Users\sstin\Downloads\Microsoft_Office_2017_Crack_Product_Key_Free_Download.exe
C:\Users\sstin\Downloads\Microsoft+Office+365+(Activator)+2016.zip
C:\Users\sstin\Downloads\Microsoft_Office_365_(Activator)_2016 (1).xht
C:\Users\sstin\Downloads\Microsoft_Office_365_(Activator)_2016.xht
C:\Users\sstin\AppData\Local\{C574F328-E1DC-9F90-8C44-BA78A82C46E0}
C:\Users\sstin\AppData\Local\vmtjkud
C:\Users\sstin\AppData\Local\wudpohk
C:\Users\sstin\AppData\Local\part64.dll
C:\Users\sstin\AppData\Roaming\et
C:\WINDOWS\system32\lsadgxj
C:\Windows\System32\drivers\msidntfs.sys
C:\Windows\System32\drivers\ndiruxbe.sys
C:\WINDOWS\SysWOW64\lsadgxj
C:\Windows\Temp\msavhdhsrv.exe
C:\Windows\Temp\ravcpdkxsrv.exe
*****************
 
HKLM\System\ControlSet001\Services\0232961504458830mcinstcleanup => key removed successfully
0232961504458830mcinstcleanup => service removed successfully
C:\Program Files (x86)\PxpAtYqel0NV Updater => moved successfully
C:\ProgramData\ntuser.pol => moved successfully
C:\Users\sstin\Desktop\Office Professional Plus 2016 July 2017 x64 => moved successfully
C:\Users\sstin\Desktop\Office Professional Plus 2016 July 2017 x64.zip => moved successfully
C:\Users\sstin\Downloads\Microsoft Office Pro Plus 2016 v16.0.4549.1000 (x86+x64) July 2017 + Activator [CracksNow] => moved successfully
C:\Users\sstin\Downloads\Microsoft_Office_2017_Crack_Product_Key_Free_Download.exe => moved successfully
C:\Users\sstin\Downloads\Microsoft+Office+365+(Activator)+2016.zip => moved successfully
C:\Users\sstin\Downloads\Microsoft_Office_365_(Activator)_2016 (1).xht => moved successfully
C:\Users\sstin\Downloads\Microsoft_Office_365_(Activator)_2016.xht => moved successfully
C:\Users\sstin\AppData\Local\{C574F328-E1DC-9F90-8C44-BA78A82C46E0} => moved successfully
C:\Users\sstin\AppData\Local\vmtjkud => moved successfully
C:\Users\sstin\AppData\Local\wudpohk => moved successfully
C:\Users\sstin\AppData\Local\part64.dll => moved successfully
C:\Users\sstin\AppData\Roaming\et => moved successfully
C:\WINDOWS\system32\lsadgxj => moved successfully
C:\Windows\System32\drivers\msidntfs.sys => moved successfully
"C:\Windows\System32\drivers\ndiruxbe.sys" => not found.
C:\WINDOWS\SysWOW64\lsadgxj => moved successfully
C:\Windows\Temp\msavhdhsrv.exe => moved successfully
C:\Windows\Temp\ravcpdkxsrv.exe => moved successfully
 
==== End of Fixlog 22:24:34 ====


#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 PM

Posted 07 September 2017 - 08:04 PM

Awesome :) How did you end up getting in the Recovery Environment? I've had multiple users report the same issue (though most seems to be able to access it just fine).

Now, you should be able to install and run a scan with Malwarebytes.

j1Bynr2.pngMalwarebytes - Clean Mode
  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
  • Let the scan run, the time required to complete the scan depends of your system and computer specs
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button
    • If it asks you to restart your computer to complete the removal, do so
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#10 savannahstine

savannahstine
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 08 September 2017 - 12:39 AM

I finally got into recovery mode by looking up the specifics for my BIOS (This is ASUS in my case). The website says that pressing and holding the power button once  you see the BIOS screen automatically puts it into "Automatic Recovery Mode". It will try to fix problems itself before deeming them irremovable. After that, it gives you the option to open advanced settings. This is the only option that worked for me. All other options were literally removed or grayed out from my settings.

 

My malwarebytes scan detected nothing, which was disappointing. However, since running farbar in recovery mode, the CPU eating processes have stopped entirely. However, some anti-malware programs (rkill and iexplore) are still saying they cannot be run because their resources are in use, a sign that the rootkit isn't gone yet.

 

Malwarebytes Log:

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 9/8/17
Scan Time: 12:32 AM
Log File: 1107e816-9457-11e7-ad7e-a0c589626f91.json
Administrator: Yes
 
-Software Information-
Version: 3.2.2.2018
Components Version: 1.0.188
Update Package Version: 1.0.2751
License: Trial
 
-System Information-
OS: Windows 10 (Build 15063.540)
CPU: x64
File System: NTFS
User: DESKTOP-MB90HII\sstin
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 384745
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 1 min, 22 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
 

(end) 



#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 PM

Posted 08 September 2017 - 07:47 AM

Awesome, thank you for the information :)

Now, let's run a sweep with RogueKiller and AdwCleaner.

RQKuhw1.pngRogueKiller
  • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
  • Once done, move the executable file to your Desktop, right-click on it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Check every single entry (threat found), and click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply
zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
    V7SD4El.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply
Your next reply(ies) should therefore contain:
  • Copy/pasted RogueKiller clean log
  • Copy/pasted AdwCleaner clean log

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#12 savannahstine

savannahstine
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 08 September 2017 - 03:26 PM

Note: Still cannot turn antivirus back on. Windows Defender and Malwarebytes live protection is turned off.

 

RogueKiller Log:

 

RogueKiller V12.11.13.0 (x64) [Sep  4 2017] (Free) by Adlice Software
 
Operating System : Windows 10 (10.0.15063) 64 bits version
Started in : Normal mode
User : sstin [Administrator]
Started from : C:\Users\sstin\Desktop\RogueKiller_portable64.exe
Mode : Delete -- Date : 09/08/2017 10:24:04 (Duration : 00:16:58)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 7 ¤¤¤
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\xs -> Deleted
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) :   -> Deleted
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2860598129-2714271170-809102586-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://asus17win10.msn.com/?pc=ASTE  -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2860598129-2714271170-809102586-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://asus17win10.msn.com/?pc=ASTE  -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.125.1.1 10.125.1.2 ([][])  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2a18f749-a013-4bc4-9bff-dd61a05e3cda} | DhcpNameServer : 10.125.1.1 10.125.1.2 ([][])  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{caeb6638-1c3f-4e35-b957-9976551150cc} | DhcpNameServer : 10.13.0.1 ([])  -> Replaced ()
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 1 ¤¤¤
[Tr.Gen0][File] C:\Users\sstin\AppData\Roaming\uTorrent\updates\3.5.0_43916\utorrentie.exe -> Deleted
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 3 ¤¤¤
[PUP.Gen3][Chrome:Addon] Default : Tabs 2 Grid [fhhlffidbdcekjjclelmafdgfpekkgeh] -> Deleted
[PUP.Gen0][Chrome:Addon] Default : SoundCloud Downloader Free [libedajeiljdoodmokbppgapcfbignci] -> ERROR [2]
[PUP.Gen1|PUM.HomePage][Chrome:Config] Default [SecurePrefs] : session.startup_urls [http://www.google.com/||http://Vosteran.com/?f=7&a=vst_wnzp01_15_01_ch&cd=2XzuyEtN2Y1L1QzutDtDtByE0EzzyEyB0A0FtAtC0ByE0EyBtN0D0Tzu0StCtDzyyDtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyB0Bzz0F0EtAtAzztGtDtCzz0AtG0AzzzztAtGtA0A0BtDtGtC0BtCtDtBtA0A0F0EyCyCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0AyBtC0CtCyByDtGzy0E0AtAtGyEtD0DtDtG0AyCyEtDtGtA0EtDtAtDtCyCtAtDtCyBzz2Q&cr=1615465451&ir=] -> Deleted
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: THNSN5512GPU7 TOSHIBA +++++
--- User ---
[MBR] a05e5a4260c852aee495e8212fa99003
[BSP] 676e17192b64064e4233e88a89bbe732 : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 534528 | Size: 16 MB
2 - Basic data partition | Offset (sectors): 567296 | Size: 487262 MB
3 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 998481920 | Size: 846 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )
 
 
ADWCleaner Log:
 
# AdwCleaner 7.0.2.1 - Logfile created on Fri Sep 08 20:18:38 2017
# Updated on 2017/29/08 by Malwarebytes 
# Running on Windows 10 Pro (X64)
# Mode: clean
 
***** [ Services ] *****
 
No malicious services deleted.
 
***** [ Folders ] *****
 
No malicious folders deleted.
 
***** [ Files ] *****
 
No malicious files deleted.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks deleted.
 
***** [ Registry ] *****
 
No malicious registry entries deleted.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries deleted.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries deleted.
 
*************************
 
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
 
 
 
*************************
 
C:/AdwCleaner/AdwCleaner[S0].txt - [944 B] - [2017/9/8 20:17:39]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########


#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 PM

Posted 08 September 2017 - 07:09 PM

There's probably settings that needs to be adjusted to fix Windows Defender and Malwarebytes. Let's see what FRST can tell us about this.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds
  • Click on the Scan button
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files
  • Copy and paste the content of both FRST.txt and Addition.txt in your next reply

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#14 savannahstine

savannahstine
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 09 September 2017 - 12:37 AM

FRST Log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by sstin (administrator) on DESKTOP-MB90HII (09-09-2017 00:34:55)
Running from C:\Users\sstin\Desktop\FIXER
Loaded Profiles: sstin (Available Profiles: sstin & Test)
Platform: Windows 10 Pro Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FBAgent.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\IntelCpHDCPSvc.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\DCNTranProc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\IntelCpHeciSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxEM.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Spotify Ltd) C:\Users\sstin\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office16\ONENOTEM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8500.40725.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8500.40725.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11707.1001.23.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.13510.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8500.40725.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKU\S-1-5-21-2860598129-2714271170-809102586-1001\...\Run: [GoogleChromeAutoLaunch_F770B1572B52412FE1E9BFAED319E841] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1301848 2017-08-23] (Google Inc.)
HKU\S-1-5-21-2860598129-2714271170-809102586-1001\...\Run: [Spotify] => C:\Users\sstin\AppData\Roaming\Spotify\Spotify.exe [20449904 2017-09-06] (Spotify Ltd)
HKU\S-1-5-21-2860598129-2714271170-809102586-1001\...\Run: [uTorrent] => C:\Users\sstin\AppData\Roaming\uTorrent\uTorrent.exe [2150336 2017-09-02] (BitTorrent Inc.)
HKU\S-1-5-21-2860598129-2714271170-809102586-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9832152 2017-08-03] (Piriform Ltd)
HKU\S-1-5-21-2860598129-2714271170-809102586-1001\...\Run: [Spotify Web Helper] => C:\Users\sstin\AppData\Roaming\Spotify\SpotifyWebHelper.exe [777840 2017-09-06] (Spotify Ltd)
Startup: C:\Users\sstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-09-07]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office16\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{2a18f749-a013-4bc4-9bff-dd61a05e3cda}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{2a18f749-a013-4bc4-9bff-dd61a05e3cda}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3ca2cbe2-3ea0-4c60-84d1-6db7c365f681}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{4b1e8e6a-d3d7-438e-b70a-49c43ea75abe}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{4b1e8e6a-d3d7-438e-b70a-49c43ea75abe}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{6464e8cc-498b-4367-b0ce-901daee919ca}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{b02b20ff-2f9d-45ec-8cf8-5c025bf9b42f}: [NameServer] 8.8.8.8
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2860598129-2714271170-809102586-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2860598129-2714271170-809102586-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2017-06-13] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2017-02-22] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2017-02-22] (Microsoft Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-06-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-09-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-09-01] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2017-06-13] (Microsoft Corporation)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSearchKeyword: Default -> Logo Creator
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default [2017-09-09]
CHR Extension: (Google Slides) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-09-01]
CHR Extension: (Seedr) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\abfimpkhacgimamjbiegeoponlepcbob [2017-09-01]
CHR Extension: (Google Docs) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-09-01]
CHR Extension: (Google Drive) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-01]
CHR Extension: (YouTube) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-01]
CHR Extension: (Spotify - Music for every moment) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2017-09-01]
CHR Extension: (Polarr Photo Editor) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\djonnbgfieijldcieafgjcnhmpcfpmgg [2017-09-01]
CHR Extension: (Hermit) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\eepjclgekdamekgkecokpheeoagcpjgb [2017-09-01]
CHR Extension: (Nitrous) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\efdcneeepllhjlbejkfnaolelbpdacai [2017-09-01]
CHR Extension: (Google Sheets) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-09-01]
CHR Extension: (PicMonkey) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm [2017-09-01]
CHR Extension: (Tabs 2 Grid) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhhlffidbdcekjjclelmafdgfpekkgeh [2017-09-08]
CHR Extension: (Word Online) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiombgjlkfpdpkbhfioofeeinbehmajg [2017-09-01]
CHR Extension: (.torrent to Transmission) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjfeeonbeiocojnpfboldpckcgcfknll [2017-09-01]
CHR Extension: (Caret) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fljalecfjciodhpcledpamjachpmelml [2017-09-01]
CHR Extension: (Webcam Recorder & Snapshot) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpjbakngpgphfbnhoeghllnpddelchcj [2017-09-06]
CHR Extension: (Google Docs Offline) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-09-01]
CHR Extension: (Betternet Unlimited Free VPN Proxy) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpoekiipm [2017-09-01]
CHR Extension: (Chrome Chess) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpahaceigpcebiefmijneimenbgbcjcn [2017-09-01]
CHR Extension: (Pixlr Editor) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk [2017-09-01]
CHR Extension: (Torrent Stream) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\icocmgpofpimcojhefbcfbdldkmndpgj [2017-09-01]
CHR Extension: (SoundCloud) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipebkipbeggmmkjjljenoblnfaenambp [2017-09-01]
CHR Extension: (Flat) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdamekkolfabhbljecbjiniepfpckdli [2017-09-01]
CHR Extension: (Chromebook Recovery Utility) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndclpdbaamdhonoechobihbbiimdgai [2017-09-01]
CHR Extension: (Grammarly for Chrome) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-09-08]
CHR Extension: (Google Hangouts) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2017-09-01]
CHR Extension: (IcoMoon) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kppingdhhalimbaehfmhldppemnmlcjd [2017-09-06]
CHR Extension: (Canva) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbcfmcoibkecmionmehabndbljdleekf [2017-09-01]
CHR Extension: (FotoJet) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\medejhbgmfcehgfpinhgnhlnljnpghge [2017-09-01]
CHR Extension: (Bit Player) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjkikpbeengfefopcnmhljmiobkghfpd [2017-09-01]
CHR Extension: (Word to PDF - Smallpdf.com) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfkpncleclnaihjlknbcpbjpanihohdh [2017-09-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-01]
CHR Extension: (Gravit Designer) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdagghjnpkeagmlbilmjmclfhjeaapaa [2017-09-01]
CHR Extension: (Gmail) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-01]
CHR Extension: (Chrome Media Router) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-01]
CHR Extension: (YouiDraw Logo Creator) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmdikniemaokeigdgfkaihkldilkjmgi [2017-09-01]
CHR Extension: (Writer) - C:\Users\sstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnengefjfhgcceajaepbjhanoojifmog [2017-09-01]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 cphs; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\IntelCpHeciSvc.exe [301536 2016-11-30] (Intel Corporation)
R2 cplspcon; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\IntelCpHDCPSvc.exe [480224 2016-11-30] (Intel Corporation)
R2 esifsvc; C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe [2208888 2016-10-02] (Intel Corporation)
R2 FBAgent; C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FBAgent.exe [73032 2014-08-13] ()
R2 igfxCUIService2.0.0.0; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxCUIService.exe [341984 2016-11-30] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [974632 2016-02-19] (Intel® Corporation)
S3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2016-03-02] (Intel Corporation) [File not signed]
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [8704 2016-03-02] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [215328 2016-05-17] (Intel Corporation)
S2 Kingsoft_WPS_UpdateService; C:\Program Files (x86)\Kingsoft\WPS Office\10.1.0.5644\wtoolex\wpsupdatesvr.exe [133376 2016-11-25] (Zhuhai Kingsoft Office Software Co.,Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-11-29] ()
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [32384 2016-10-03] (The OpenVPN Project)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-18] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer GmbH)
R2 Tran_Process_Proc; C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\DCNTranProc.exe [71024 2014-03-25] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-11] (Microsoft Corporation)
S3 wpscloudsvr; C:\Program Files (x86)\Kingsoft\WPS Office\wpscloudsvr.exe [162048 2016-11-25] (Zhuhai Kingsoft Office Software Co.,Ltd)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-11-29] (Intel® Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
S4 McProxy; "C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ASMMAP64; C:\WINDOWS\system32\DRIVERS\ASMMAP64.sys [36696 2016-04-27] (ASUSTek Computer Inc.)
R3 AsusHFilter; C:\WINDOWS\System32\drivers\AsusHFilter.sys [30200 2016-12-22] ()
R3 AsusPTPDrv; C:\WINDOWS\System32\drivers\AsusPTPFilter.sys [97784 2016-07-13] (ASUS Corporation)
S3 bsitf; C:\WINDOWS\system32\DRIVERS\bsitf.sys [37208 2017-09-02] (ASUSTek Computer Inc.)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [71232 2016-10-02] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [66624 2016-10-02] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [350272 2016-10-02] (Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-08-24] ()
S3 farmntio; C:\Windows\system32\drivers\farmntio.sys [25144 2014-03-25] () [File not signed]
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [732416 2016-10-15] (Intel Corporation)
R3 igfx; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igdkmd64.sys [11039712 2016-11-30] (Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [192960 2017-09-06] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [101824 2017-09-08] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [45472 2017-09-08] (Malwarebytes)
R4 MBAMSwissArmy; C:\WINDOWS\system32\drivers\3A8B6F84.sys [253888 2017-09-08] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [94144 2017-09-08] (Malwarebytes)
R3 Netwtw04; C:\WINDOWS\system32\DRIVERS\Netwtw04.sys [7918840 2016-12-19] (Intel Corporation)
S4 rjaty; C:\WINDOWS\System32\drivers\imofugc.sys [79064 2017-09-04] (Malwarebytes Corporation)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2017-06-13] (The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-08 15:21 - 2017-09-08 15:21 - 008182736 _____ (Malwarebytes) C:\Users\sstin\Downloads\AdwCleaner (1).exe
2017-09-08 15:21 - 2017-09-08 15:21 - 000001129 _____ C:\Users\sstin\Desktop\adwlog1.txt
2017-09-08 15:19 - 2017-09-08 15:19 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\3A8B6F84.sys
2017-09-08 15:18 - 2017-09-08 15:18 - 000113488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndikorux.sys
2017-09-08 15:16 - 2017-09-08 15:16 - 000006666 _____ C:\Users\sstin\Desktop\roguekillerlog.txt
2017-09-08 15:15 - 2017-09-08 15:23 - 000000000 ____D C:\AdwCleaner
2017-09-08 15:15 - 2017-09-08 15:15 - 008182736 _____ (Malwarebytes) C:\Users\sstin\Desktop\AdwCleaner.exe
2017-09-08 10:40 - 2017-09-08 10:40 - 005470884 _____ C:\Users\sstin\Desktop\Julia C.-Mishayla Guire.mp4
2017-09-08 10:24 - 2017-09-08 10:24 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-09-08 10:23 - 2017-09-08 15:15 - 000000000 ____D C:\ProgramData\RogueKiller
2017-09-08 10:23 - 2017-09-08 10:23 - 026680904 _____ C:\Users\sstin\Downloads\RogueKiller_portable64.exe
2017-09-08 10:23 - 2017-09-08 10:23 - 026680904 _____ C:\Users\sstin\Desktop\RogueKiller_portable64.exe
2017-09-08 10:09 - 2017-09-08 10:09 - 005814730 _____ C:\Users\sstin\Desktop\Savannah Stine - Autumn Redcorn.mp4
2017-09-08 09:52 - 2017-09-08 10:41 - 000000000 ____D C:\Users\sstin\AppData\Local\Screencast-O-Matic-v2
2017-09-08 09:52 - 2017-09-08 09:52 - 000000000 ____D C:\Users\sstin\OneDrive\Documents\Screencast-O-Matic
2017-09-08 09:52 - 2017-09-08 09:52 - 000000000 ____D C:\Users\sstin\AppData\Local\WebLaunchRecorder
2017-09-08 09:51 - 2017-09-08 09:51 - 000347584 _____ (Big Nerd Software, LLC) C:\Users\sstin\Downloads\WebLaunchRecorder.exe
2017-09-08 09:25 - 2017-09-08 09:26 - 000000000 ____D C:\Users\sstin\Desktop\APLAC stuff
2017-09-08 09:25 - 2017-09-08 09:25 - 000000000 ____D C:\Users\sstin\OneDrive\Documents\Custom Office Templates
2017-09-08 02:18 - 2017-09-08 02:18 - 000113106 _____ C:\Users\sstin\Desktop\aplaaaaac.pdf
2017-09-08 02:18 - 2017-09-08 02:18 - 000000000 ____D C:\Users\sstin\AppData\LocalLow\Temp
2017-09-06 22:32 - 2017-09-08 15:19 - 000101824 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-09-06 22:32 - 2017-09-08 15:19 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-09-06 22:32 - 2017-09-08 15:19 - 000045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-09-06 22:32 - 2017-09-06 22:32 - 066347240 _____ (Malwarebytes ) C:\Users\sstin\Downloads\mb3-setup-consumer-3.2.2.2018 (2).exe
2017-09-06 22:32 - 2017-09-06 22:32 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-09-06 22:32 - 2017-09-06 22:32 - 000192960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-09-06 22:32 - 2017-09-06 22:32 - 000001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-09-06 22:32 - 2017-09-06 22:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-09-06 22:32 - 2017-09-06 22:32 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-09-06 22:27 - 2017-09-06 22:27 - 000000000 ___HD C:\OneDriveTemp
2017-09-06 22:26 - 2017-09-06 22:26 - 000779476 _____ C:\WINDOWS\Minidump\090617-5656-01.dmp
2017-09-06 22:25 - 2017-09-06 22:25 - 000805684 _____ C:\WINDOWS\Minidump\090617-5750-01.dmp
2017-09-06 21:14 - 2017-09-06 21:14 - 000813084 _____ C:\WINDOWS\Minidump\090617-5843-01.dmp
2017-09-06 21:13 - 2017-09-06 21:13 - 000781076 _____ C:\WINDOWS\Minidump\090617-4734-01.dmp
2017-09-06 20:05 - 2017-09-06 20:05 - 000001167 _____ C:\Users\sstin\Downloads\fixlist (1).txt
2017-09-06 20:04 - 2017-09-06 20:04 - 002395648 _____ (Farbar) C:\Users\sstin\Downloads\FRST64.exe
2017-09-06 19:56 - 2017-09-06 20:00 - 000000000 ____D C:\Users\sstin\Desktop\torrent movies
2017-09-06 19:55 - 2017-09-06 19:55 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-09-06 16:51 - 2017-09-07 09:19 - 000000000 ____D C:\Users\sstin\AppData\Local\CrashDumps
2017-09-06 16:00 - 2017-09-06 16:00 - 000001596 _____ C:\Users\sstin\Downloads\Fixlog.txt
2017-09-06 15:28 - 2017-09-09 00:34 - 000000000 ____D C:\Users\sstin\Desktop\FIXER
2017-09-06 12:42 - 2017-09-06 12:42 - 000000110 _____ C:\Users\sstin\Downloads\fixlist.txt
2017-09-06 12:41 - 2017-09-06 12:41 - 000040039 _____ C:\Users\sstin\Desktop\Addition.txt
2017-09-06 12:40 - 2017-09-06 12:41 - 000094381 _____ C:\Users\sstin\Desktop\FRST.txt
2017-09-06 10:41 - 2017-09-06 10:41 - 066347240 _____ (Malwarebytes ) C:\Users\sstin\Downloads\mb3-setup-consumer-3.2.2.2018 (1).exe
2017-09-06 10:38 - 2017-09-06 10:38 - 000566128 _____ (Malwarebytes) C:\Users\sstin\Downloads\mbam-clean-2.3.0.1001.exe
2017-09-06 10:38 - 2017-09-06 10:38 - 000566128 _____ (Malwarebytes) C:\Users\sstin\Desktop\mbam-clean-2.3.0.1001.exe
2017-09-06 01:42 - 2017-09-06 22:26 - 661718377 _____ C:\WINDOWS\MEMORY.DMP
2017-09-06 01:42 - 2017-09-06 01:42 - 000828388 _____ C:\WINDOWS\Minidump\090617-14343-01.dmp
2017-09-06 01:41 - 2017-09-06 01:41 - 000253888 _____ C:\WINDOWS\system32\Drivers\28F16168.sys
2017-09-06 01:36 - 2017-09-06 01:45 - 000000000 ____D C:\Users\sstin\AppData\Local\NPE
2017-09-06 01:36 - 2017-09-06 01:41 - 000001488 _____ C:\WINDOWS\system32\Drivers\SMR501.dat
2017-09-06 01:36 - 2017-09-06 01:36 - 000000000 ____D C:\ProgramData\Norton
2017-09-06 01:35 - 2017-09-06 01:35 - 003422944 _____ (Symantec Corporation) C:\Users\sstin\Downloads\NPE.exe
2017-09-06 00:41 - 2017-09-06 00:41 - 000002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-09-06 00:41 - 2017-09-06 00:41 - 000000000 ____D C:\ProgramData\Sophos
2017-09-06 00:41 - 2017-09-06 00:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-09-06 00:41 - 2017-09-06 00:41 - 000000000 ____D C:\Program Files (x86)\Sophos
2017-09-06 00:38 - 2017-09-06 00:39 - 175549128 _____ (Sophos Limited) C:\Users\sstin\Downloads\Sophos Virus Removal Tool.exe
2017-09-06 00:32 - 2017-09-06 00:32 - 016564750 _____ (Malwarebytes Corp.) C:\Users\sstin\Downloads\mbar-1.09.4.1001.exe
2017-09-06 00:29 - 2017-09-06 00:29 - 016563352 _____ (Malwarebytes Corp.) C:\Users\sstin\Downloads\mbar-1.09.3.1001 (3).exe
2017-09-05 11:59 - 2017-09-07 09:14 - 000001431 _____ C:\Users\sstin\Desktop\Roblox Player.lnk
2017-09-05 11:58 - 2017-09-05 11:58 - 000811576 _____ (Roblox Corporation) C:\Users\sstin\Downloads\RobloxPlayerLauncher (1).exe
2017-09-05 10:42 - 2017-09-07 09:14 - 000001246 _____ C:\Users\sstin\Desktop\Roblox Studio.lnk
2017-09-05 10:42 - 2017-09-07 09:14 - 000000000 ____D C:\Users\sstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-09-05 10:42 - 2017-09-05 12:08 - 000000246 _____ C:\Users\sstin\AppData\LocalLow\rbxcsettings.rbx
2017-09-05 10:39 - 2017-09-05 11:05 - 000000000 ____D C:\Users\sstin\AppData\Local\Roblox
2017-09-05 10:39 - 2017-09-05 10:39 - 000811576 _____ (Roblox Corporation) C:\Users\sstin\Downloads\RobloxPlayerLauncher.exe
2017-09-05 09:09 - 2017-09-07 09:22 - 000000000 ____D C:\ProgramData\Betternet
2017-09-05 09:08 - 2017-09-05 09:08 - 011535280 _____ (Betternet Technologies Inc.) C:\Users\sstin\Downloads\BetternetForWindows390.exe
2017-09-05 09:08 - 2017-09-05 09:08 - 000002028 _____ C:\Users\Public\Desktop\Betternet.lnk
2017-09-05 09:08 - 2017-09-05 09:08 - 000000000 ____D C:\Users\sstin\AppData\Local\Downloaded Installations
2017-09-05 09:08 - 2017-09-05 09:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2017-09-05 09:08 - 2017-09-05 09:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Betternet Technologies Inc
2017-09-05 09:08 - 2017-09-05 09:08 - 000000000 ____D C:\Program Files\TAP-Windows
2017-09-05 09:08 - 2017-09-05 09:08 - 000000000 ____D C:\Program Files (x86)\OpenVPN
2017-09-05 09:08 - 2017-09-05 09:08 - 000000000 ____D C:\Program Files (x86)\Betternet
2017-09-05 03:36 - 2017-09-08 00:45 - 000000000 ____D C:\Users\sstin\Desktop\mbar
2017-09-05 03:36 - 2017-09-05 03:36 - 016563352 _____ (Malwarebytes Corp.) C:\Users\sstin\Downloads\mbar-1.09.3.1001 (2).exe
2017-09-05 03:34 - 2017-09-05 03:34 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\sstin\Downloads\rkill (1).exe
2017-09-05 03:23 - 2017-09-05 03:24 - 016563352 _____ (Malwarebytes Corp.) C:\Users\sstin\Downloads\mbar-1.09.3.1001 (1).exe
2017-09-05 03:16 - 2017-09-05 03:16 - 000000000 ____D C:\Users\Test\AppData\Local\Comms
2017-09-05 03:14 - 2017-09-05 03:14 - 002267848 _____ (wj32 ) C:\Users\sstin\Downloads\processhacker-2.39-setup.exe
2017-09-05 03:14 - 2017-09-05 03:14 - 000001967 _____ C:\Users\sstin\Desktop\Process Hacker 2.lnk
2017-09-05 03:14 - 2017-09-05 03:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
2017-09-05 03:14 - 2017-09-05 03:14 - 000000000 ____D C:\Program Files\Process Hacker 2
2017-09-05 03:02 - 2017-09-05 03:02 - 000003374 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2860598129-2714271170-809102586-1002
2017-09-05 03:02 - 2017-09-05 03:02 - 000000000 ____D C:\Users\Test\AppData\Local\MicrosoftEdge
2017-09-05 03:01 - 2017-09-05 03:02 - 000002362 _____ C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-05 03:01 - 2017-09-05 03:02 - 000000000 ___RD C:\Users\Test\OneDrive
2017-09-05 03:01 - 2017-09-05 03:01 - 000000000 ____D C:\Users\Test\AppData\Roaming\Skype
2017-09-05 02:59 - 2017-09-06 01:40 - 000000000 ____D C:\Users\Test
2017-09-05 02:59 - 2017-09-05 03:16 - 000000000 ____D C:\Users\Test\AppData\Local\Packages
2017-09-05 02:59 - 2017-09-05 02:59 - 000000200 _____ C:\Users\Test\AppData\Roaming\sp_data.sys
2017-09-05 02:59 - 2017-09-05 02:59 - 000000020 ___SH C:\Users\Test\ntuser.ini
2017-09-05 02:59 - 2017-09-05 02:59 - 000000000 __SHD C:\Users\Test\IntelGraphicsProfiles
2017-09-05 02:59 - 2017-09-05 02:59 - 000000000 ____D C:\Users\Test\AppData\Roaming\Intel
2017-09-05 02:59 - 2017-09-05 02:59 - 000000000 ____D C:\Users\Test\AppData\Roaming\Adobe
2017-09-05 02:59 - 2017-09-05 02:59 - 000000000 ____D C:\Users\Test\AppData\Local\VirtualStore
2017-09-05 02:59 - 2017-09-05 02:59 - 000000000 ____D C:\Users\Test\AppData\Local\TileDataLayer
2017-09-05 02:59 - 2017-09-05 02:59 - 000000000 ____D C:\Users\Test\AppData\Local\Publishers
2017-09-05 02:59 - 2017-09-05 02:59 - 000000000 ____D C:\Users\Test\AppData\Local\Google
2017-09-05 02:59 - 2017-09-05 02:59 - 000000000 ____D C:\Users\Test\AppData\Local\ConnectedDevicesPlatform
2017-09-05 02:02 - 2017-09-05 02:01 - 000000120 ____R C:\Users\sstin\OneDrive\Documents\APUSH.url
2017-09-04 21:23 - 2017-09-04 21:23 - 000000000 ____D C:\Users\sstin\AppData\Local\ElevatedDiagnostics
2017-09-04 20:12 - 2017-09-04 20:12 - 000035769 _____ C:\Users\sstin\Downloads\Addition.txt
2017-09-04 20:11 - 2017-09-04 20:12 - 000090519 _____ C:\Users\sstin\Downloads\FRST.txt
2017-09-04 20:09 - 2017-09-09 00:34 - 000000000 ____D C:\FRST
2017-09-04 18:38 - 2017-09-04 18:39 - 000001496 _____ C:\Users\sstin\Desktop\iExplore.exe - Shortcut.lnk
2017-09-04 18:37 - 2017-09-04 18:37 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\sstin\Downloads\rkill.exe
2017-09-04 18:37 - 2017-09-04 18:37 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\sstin\Downloads\iExplore.exe
2017-09-04 18:37 - 2017-09-04 18:37 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\sstin\Desktop\rkill.exe
2017-09-04 18:34 - 2017-09-04 18:34 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\273F4CA0.sys
2017-09-04 18:34 - 2017-09-04 18:34 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\15C44C27.sys
2017-09-04 18:32 - 2017-09-04 18:32 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\137A4A99.sys
2017-09-04 18:32 - 2017-09-04 18:32 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\0B4F4AC0.sys
2017-09-04 18:27 - 2017-09-04 18:27 - 000079064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\imofugc.sys
2017-09-04 18:25 - 2017-09-04 18:32 - 000000000 ____D C:\Users\sstin\Desktop\checkup
2017-09-04 18:19 - 2017-09-04 19:36 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-09-04 18:18 - 2017-09-04 18:18 - 016563352 _____ (Malwarebytes Corp.) C:\Users\sstin\Downloads\mbar-1.09.3.1001.exe
2017-09-04 18:16 - 2017-09-04 18:16 - 000035197 _____ C:\Users\sstin\Downloads\MTB.txt
2017-09-04 18:14 - 2017-09-04 18:14 - 000892416 _____ (Farbar) C:\Users\sstin\Downloads\MiniToolBox.exe
2017-09-04 18:13 - 2017-09-04 18:13 - 000002982 _____ C:\Users\sstin\Downloads\FSS.txt
2017-09-04 18:12 - 2017-09-04 18:12 - 000899584 _____ (Farbar) C:\Users\sstin\Downloads\FSS.exe
2017-09-04 18:10 - 2017-09-04 18:09 - 000852798 _____ C:\Users\sstin\Desktop\SecurityCheck.exe
2017-09-04 18:09 - 2017-09-04 18:09 - 000852798 _____ C:\Users\sstin\Downloads\SecurityCheck.exe
2017-09-04 14:10 - 2017-09-04 14:10 - 000002870 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-09-04 14:10 - 2017-09-04 14:10 - 000000865 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-09-04 14:10 - 2017-09-04 14:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-09-04 14:10 - 2017-09-04 14:10 - 000000000 ____D C:\Program Files\CCleaner
2017-09-04 14:09 - 2017-09-04 14:10 - 009791816 _____ (Piriform Ltd) C:\Users\sstin\Downloads\ccsetup533.exe
2017-09-04 12:12 - 2017-09-04 12:12 - 000000000 ____D C:\Users\sstin\OneDrive\Documents\OneNote Notebooks
2017-09-04 11:38 - 2017-09-04 11:38 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\6BF90DE9.sys
2017-09-04 11:27 - 2017-09-04 11:27 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-09-04 11:25 - 2017-09-04 11:25 - 000002729 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2017-09-04 11:25 - 2017-09-04 11:25 - 000002662 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2017-09-04 11:25 - 2017-09-04 11:25 - 000002656 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2017-09-04 11:25 - 2017-09-04 11:25 - 000002656 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2017-09-04 11:25 - 2017-09-04 11:25 - 000002656 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2017-09-04 11:25 - 2017-09-04 11:25 - 000002648 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2017-09-04 11:25 - 2017-09-04 11:25 - 000002648 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2017-09-04 11:25 - 2017-09-04 11:25 - 000002642 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2017-09-04 11:25 - 2017-09-04 11:25 - 000002628 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2017-09-04 11:25 - 2017-09-04 11:25 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2017-09-04 11:24 - 2017-09-04 11:24 - 000000000 ____D C:\WINDOWS\PCHEALTH
2017-09-04 11:24 - 2017-09-04 11:24 - 000000000 ____D C:\Program Files\Microsoft SQL Server
2017-09-04 11:24 - 2017-09-04 11:24 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2017-09-04 11:24 - 2017-09-04 11:24 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2017-09-04 11:20 - 2017-09-04 11:24 - 000000000 ____D C:\WINDOWS\SHELLNEW
2017-09-04 11:20 - 2017-09-04 11:20 - 000000000 __RHD C:\MSOCache
2017-09-04 11:20 - 2017-09-04 11:20 - 000000000 ____D C:\Users\sstin\AppData\Local\Microsoft Help
2017-09-04 11:20 - 2017-09-04 11:20 - 000000000 ____D C:\Program Files\Microsoft Analysis Services
2017-09-04 11:20 - 2017-09-04 11:20 - 000000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2017-09-04 10:44 - 2017-09-04 10:44 - 000000000 ____D C:\WINDOWS\system32\winrdmt
2017-09-03 12:17 - 2017-09-03 12:17 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\1C005D9A.sys
2017-09-03 01:54 - 2017-09-03 01:54 - 000000000 ____D C:\Program Files\Malwarebytes
2017-09-03 01:54 - 2017-08-24 11:27 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-09-03 00:54 - 2017-09-03 00:55 - 066347240 _____ (Malwarebytes ) C:\Users\sstin\Downloads\mb3-setup-consumer-3.2.2.2018.exe
2017-09-03 00:04 - 2017-09-06 22:26 - 000000000 ____D C:\WINDOWS\Minidump
2017-09-02 23:27 - 2017-09-02 23:27 - 000000000 ____D C:\Users\sstin\AppData\Local\DBG
2017-09-02 23:19 - 2017-09-02 23:19 - 000000000 ____D C:\Users\sstin\AppData\Local\PeerDistRepub
2017-09-02 23:07 - 2017-09-04 11:12 - 000000000 ____D C:\Users\sstin\AppData\Roaming\TunnelBear
2017-09-02 23:07 - 2017-09-04 11:12 - 000000000 ____D C:\Program Files (x86)\TunnelBear
2017-09-02 23:07 - 2017-09-02 23:07 - 000000000 ____D C:\Users\sstin\AppData\Local\IsolatedStorage
2017-09-02 23:06 - 2017-09-02 23:06 - 029903688 _____ (TunnelBear) C:\Users\sstin\Downloads\TunnelBear-Installer.exe
2017-09-02 14:41 - 2017-09-04 14:11 - 000000000 ____D C:\Users\sstin\AppData\Roaming\uTorrent
2017-09-02 14:41 - 2017-09-02 14:41 - 000000898 _____ C:\Users\sstin\Desktop\µTorrent.lnk
2017-09-02 14:41 - 2017-09-02 14:41 - 000000878 _____ C:\Users\sstin\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2017-09-02 14:38 - 2017-09-02 14:38 - 001733104 _____ (BitTorrent Inc.) C:\Users\sstin\Downloads\uTorrent.exe
2017-09-02 14:35 - 2017-09-04 12:12 - 000000120 ____R C:\Users\sstin\OneDrive\Documents\Savannah's Notebook.url
2017-09-02 12:24 - 2017-09-02 12:25 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-09-02 12:24 - 2017-09-02 12:24 - 140394280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-09-02 12:10 - 2017-09-02 12:10 - 000000981 _____ C:\Users\sstin\Desktop\PerformanceTest.lnk
2017-09-02 12:10 - 2017-09-02 12:10 - 000000000 ____D C:\Users\sstin\OneDrive\Documents\PassMark
2017-09-02 12:10 - 2017-09-02 12:10 - 000000000 ____D C:\Users\sstin\AppData\Local\PassMark
2017-09-02 12:10 - 2017-09-02 12:10 - 000000000 ____D C:\ProgramData\Passmark
2017-09-02 12:10 - 2017-09-02 12:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PerformanceTest
2017-09-02 12:09 - 2017-09-02 12:17 - 000000000 ____D C:\Program Files\PerformanceTest
2017-09-02 08:43 - 2017-09-08 00:27 - 000000000 ____D C:\Users\sstin\AppData\Local\Spotify
2017-09-02 08:43 - 2017-09-02 08:43 - 000001852 _____ C:\Users\sstin\Desktop\Spotify.lnk
2017-09-02 08:43 - 2017-09-02 08:43 - 000001838 _____ C:\Users\sstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2017-09-02 08:42 - 2017-09-08 15:13 - 000000000 ____D C:\Users\sstin\AppData\Roaming\Spotify
2017-09-02 08:38 - 2017-09-05 09:19 - 000001190 _____ C:\Users\sstin\Desktop\nativelog.txt
2017-09-02 02:56 - 2017-09-02 02:56 - 000000000 ____D C:\Windows.old
2017-09-02 02:55 - 2017-09-02 02:55 - 023681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 023677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 021353208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 020504064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 017366528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 013841408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 012786176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 011870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 008333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 008319392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-09-02 02:55 - 2017-09-02 02:55 - 008209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 007336960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 006761568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 006269440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 005820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 005721600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 005302968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 004535296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 004213656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 004056064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 003995136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-09-02 02:55 - 2017-09-02 02:55 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 003656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 003464704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 003204608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 002969888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 002956288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-09-02 02:55 - 2017-09-02 02:55 - 002939392 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 002679200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-09-02 02:55 - 2017-09-02 02:55 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 002645680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 002604248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 002444704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-09-02 02:55 - 2017-09-02 02:55 - 002444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 002424024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 002327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-09-02 02:55 - 2017-09-02 02:55 - 002259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 002211840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 002165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 002055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-09-02 02:55 - 2017-09-02 02:55 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 001833984 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 001722880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 001706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 001536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 001525760 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-09-02 02:55 - 2017-09-02 02:55 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 001396736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 001357312 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 001337856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 001325968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 001305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 001298432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 001291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 001275392 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 001269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-09-02 02:55 - 2017-09-02 02:55 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 001195760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 001114528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 001087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 001068720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 001052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 001033544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2017-09-02 02:55 - 2017-09-02 02:55 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-09-02 02:55 - 2017-09-02 02:55 - 000967584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2017-09-02 02:55 - 2017-09-02 02:55 - 000952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2017-09-02 02:55 - 2017-09-02 02:55 - 000926208 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
2017-09-02 02:55 - 2017-09-02 02:55 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000892928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-09-02 02:55 - 2017-09-02 02:55 - 000877056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
2017-09-02 02:55 - 2017-09-02 02:55 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswdat10.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000866808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000864248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000853504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe
2017-09-02 02:55 - 2017-09-02 02:55 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-09-02 02:55 - 2017-09-02 02:55 - 000817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000805816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-09-02 02:55 - 2017-09-02 02:55 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000777216 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-09-02 02:55 - 2017-09-02 02:55 - 000723680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000723360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2017-09-02 02:55 - 2017-09-02 02:55 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-09-02 02:55 - 2017-09-02 02:55 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-09-02 02:55 - 2017-09-02 02:55 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000660680 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000641536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000616448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrepl40.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000612864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsvcs.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000610584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000587776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shsvcs.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000554400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-09-02 02:55 - 2017-09-02 02:55 - 000551200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000538112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000529992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000527976 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2017-09-02 02:55 - 2017-09-02 02:55 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000518144 _____ C:\WINDOWS\SysWOW64\msjetoledb40.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000482816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000473240 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000455584 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-09-02 02:55 - 2017-09-02 02:55 - 000446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-09-02 02:55 - 2017-09-02 02:55 - 000414296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000410160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000406544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-09-02 02:55 - 2017-09-02 02:55 - 000382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-09-02 02:55 - 2017-09-02 02:55 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-09-02 02:55 - 2017-09-02 02:55 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000359552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-09-02 02:55 - 2017-09-02 02:55 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000323936 _____ (Microsoft Corporation) C:\WINDOWS\system32\shlwapi.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2017-09-02 02:55 - 2017-09-02 02:55 - 000318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-09-02 02:55 - 2017-09-02 02:55 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000315288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-09-02 02:55 - 2017-09-02 02:55 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000303104 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjtes40.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000280472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-09-02 02:55 - 2017-09-02 02:55 - 000279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-09-02 02:55 - 2017-09-02 02:55 - 000277432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shlwapi.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstext40.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000267264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-09-02 02:55 - 2017-09-02 02:55 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-09-02 02:55 - 2017-09-02 02:55 - 000194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000192264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-09-02 02:55 - 2017-09-02 02:55 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-09-02 02:55 - 2017-09-02 02:55 - 000180736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2017-09-02 02:55 - 2017-09-02 02:55 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000176024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000173104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000168864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-09-02 02:55 - 2017-09-02 02:55 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-09-02 02:55 - 2017-09-02 02:55 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\qasf.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvcext.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000143736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-09-02 02:55 - 2017-09-02 02:55 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qasf.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000133904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-09-02 02:55 - 2017-09-02 02:55 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000119904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-09-02 02:55 - 2017-09-02 02:55 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000116280 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-09-02 02:55 - 2017-09-02 02:55 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2017-09-02 02:55 - 2017-09-02 02:55 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2017-09-02 02:55 - 2017-09-02 02:55 - 000104432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000100232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcd.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2017-09-02 02:55 - 2017-09-02 02:55 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys
2017-09-02 02:55 - 2017-09-02 02:55 - 000096648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\spbcd.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000090464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ofdeploy.exe
2017-09-02 02:55 - 2017-09-02 02:55 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjter40.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2017-09-02 02:55 - 2017-09-02 02:55 - 000082336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2017-09-02 02:55 - 2017-09-02 02:55 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-09-02 02:55 - 2017-09-02 02:55 - 000077312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spbcd.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2017-09-02 02:55 - 2017-09-02 02:55 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sscore.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\IpNatHlpClient.dll
2017-09-02 02:55 - 2017-09-02 02:55 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IpNatHlpClient.dll
2017-09-02 02:52 - 2017-03-18 01:00 - 006238208 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons000c.dll
2017-09-02 02:52 - 2017-03-18 00:54 - 002352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData000c.dll
2017-09-02 02:52 - 2017-03-18 00:44 - 006238208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsLexicons000c.dll
2017-09-02 02:52 - 2017-03-18 00:39 - 002264064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsData000c.dll
2017-09-02 02:51 - 2017-09-08 15:23 - 001108942 _____ C:\WINDOWS\system32\perfh00C.dat
2017-09-02 02:51 - 2017-09-08 15:23 - 000239832 _____ C:\WINDOWS\system32\perfc00C.dat
2017-09-02 02:51 - 2017-09-05 23:51 - 000000000 ____D C:\WINDOWS\system32\fr
2017-09-02 02:51 - 2017-09-02 02:51 - 000351124 _____ C:\WINDOWS\system32\perfi00C.dat
2017-09-02 02:51 - 2017-09-02 02:51 - 000040694 _____ C:\WINDOWS\system32\perfd00C.dat
2017-09-02 02:51 - 2017-09-02 02:51 - 000000000 ____D C:\WINDOWS\SysWOW64\fr
2017-09-02 02:51 - 2017-03-18 01:00 - 009893376 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons000a.dll
2017-09-02 02:51 - 2017-03-18 00:54 - 009675264 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData000a.dll
2017-09-02 02:51 - 2017-03-18 00:45 - 009893376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsLexicons000a.dll
2017-09-02 02:51 - 2017-03-18 00:39 - 009560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsData000a.dll
2017-09-02 02:50 - 2017-09-08 15:23 - 001105202 _____ C:\WINDOWS\system32\perfh00A.dat
2017-09-02 02:50 - 2017-09-08 15:23 - 000245486 _____ C:\WINDOWS\system32\perfc00A.dat
2017-09-02 02:50 - 2017-09-05 23:50 - 000000000 ____D C:\WINDOWS\system32\es
2017-09-02 02:50 - 2017-09-02 02:51 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2017-09-02 02:50 - 2017-09-02 02:50 - 000000000 ____D C:\WINDOWS\SysWOW64\es
2017-09-02 02:50 - 2017-09-02 02:49 - 000346834 _____ C:\WINDOWS\system32\perfi00A.dat
2017-09-02 02:50 - 2017-09-02 02:49 - 000043954 _____ C:\WINDOWS\system32\perfd00A.dat
2017-09-02 02:48 - 2017-09-02 02:48 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2017-09-02 02:48 - 2017-09-01 23:58 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2017-09-02 02:47 - 2017-09-02 02:47 - 000000000 ____D C:\Program Files\Reference Assemblies
2017-09-02 02:47 - 2017-09-02 02:47 - 000000000 ____D C:\Program Files\MSBuild
2017-09-02 02:47 - 2017-09-02 02:47 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-09-02 02:47 - 2017-09-02 02:47 - 000000000 ____D C:\Program Files (x86)\MSBuild
2017-09-02 02:47 - 2017-02-10 14:26 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-09-02 02:47 - 2017-02-10 14:26 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-09-02 02:47 - 2017-02-10 14:26 - 000035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-09-02 02:47 - 2017-02-10 14:21 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-09-02 02:47 - 2017-02-10 14:21 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-09-02 02:47 - 2017-02-10 14:21 - 000035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-09-02 00:18 - 2017-09-02 00:18 - 000037208 _____ (ASUSTek Computer Inc.) C:\WINDOWS\system32\Drivers\bsitf.sys
2017-09-02 00:14 - 2017-09-02 00:14 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2017-09-02 00:12 - 2017-09-02 00:12 - 000000020 ___SH C:\Users\sstin\ntuser.ini
2017-09-02 00:12 - 2017-09-02 00:12 - 000000000 ____D C:\ProgramData\USOShared
2017-09-02 00:10 - 2017-09-08 15:23 - 003943110 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-09-02 00:09 - 2017-09-02 00:10 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2017-09-02 00:09 - 2017-09-02 00:10 - 000007623 _____ C:\WINDOWS\diagerr.xml
2017-09-02 00:07 - 2017-09-08 15:19 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-02 00:07 - 2017-09-06 10:43 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2860598129-2714271170-809102586-1001
2017-09-02 00:07 - 2017-09-02 12:24 - 000000000 ____D C:\WINDOWS\System32\Tasks\ASUSTek Computer Inc
2017-09-02 00:07 - 2017-09-02 00:07 - 000022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-09-02 00:07 - 2017-09-02 00:07 - 000003344 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-09-02 00:07 - 2017-09-02 00:07 - 000003268 _____ C:\WINDOWS\System32\Tasks\WpsKtpcntrQingTask_Administrator
2017-09-02 00:07 - 2017-09-02 00:07 - 000003120 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-09-02 00:07 - 2017-09-02 00:07 - 000003118 _____ C:\WINDOWS\System32\Tasks\Intel PTT EK Recertification
2017-09-02 00:07 - 2017-09-02 00:07 - 000003026 _____ C:\WINDOWS\System32\Tasks\WpsExternal_20161125175401
2017-09-02 00:07 - 2017-09-02 00:07 - 000002924 _____ C:\WINDOWS\System32\Tasks\ATK Package 36D18D69AFC3
2017-09-02 00:07 - 2017-09-02 00:07 - 000002346 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_ListenToDevice
2017-09-02 00:07 - 2017-09-02 00:07 - 000002340 _____ C:\WINDOWS\System32\Tasks\ASUS USB Charger Plus
2017-09-02 00:07 - 2017-09-02 00:07 - 000002280 _____ C:\WINDOWS\System32\Tasks\RTKCPL
2017-09-02 00:07 - 2017-09-02 00:07 - 000002214 _____ C:\WINDOWS\System32\Tasks\ATK Package A22126881260
2017-09-02 00:07 - 2017-09-02 00:07 - 000002214 _____ C:\WINDOWS\System32\Tasks\ASUS Splendid ACMON
2017-09-02 00:07 - 2017-09-02 00:07 - 000000000 ____D C:\WINDOWS\System32\Tasks\ASUS
2017-09-02 00:05 - 2017-09-02 00:05 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-09-02 00:03 - 2017-09-08 15:18 - 000000000 ____D C:\Users\sstin
2017-09-02 00:03 - 2017-09-02 00:05 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-09-02 00:02 - 2017-09-02 00:03 - 000000000 ____D C:\Program Files\Intel
2017-09-02 00:02 - 2017-09-02 00:03 - 000000000 ____D C:\Program Files (x86)\Intel
2017-09-02 00:02 - 2017-09-02 00:02 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WbfUsbDriver_01_11_00.Wdf
2017-09-02 00:02 - 2017-09-02 00:02 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_esif_umdf2_02_00_00.Wdf
2017-09-02 00:02 - 2017-09-02 00:02 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_esif_lf_01011.Wdf
2017-09-02 00:02 - 2017-09-02 00:02 - 000000000 ____H C:\ProgramData\DP45977C.lfl
2017-09-02 00:02 - 2017-09-02 00:02 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-09-02 00:02 - 2017-09-02 00:02 - 000000000 ____D C:\WINDOWS\system32\Intel
2017-09-02 00:02 - 2017-09-02 00:02 - 000000000 ____D C:\WINDOWS\system32\DAX2
2017-09-02 00:02 - 2017-09-02 00:02 - 000000000 ____D C:\Program Files\Realtek
2017-09-02 00:02 - 2017-09-02 00:02 - 000000000 ____D C:\Program Files\ElanFP
2017-09-02 00:02 - 2017-09-02 00:02 - 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2017-09-02 00:02 - 2016-11-30 09:36 - 000113672 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2017-09-02 00:00 - 2017-03-18 15:56 - 002233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-09-01 23:58 - 2017-09-09 00:33 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-09-01 23:58 - 2017-09-06 22:26 - 000384776 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-09-01 23:15 - 2017-09-04 14:10 - 000000000 ___DC C:\WINDOWS\Panther
2017-09-01 23:15 - 2017-09-01 23:41 - 000000000 ___HD C:\$WINDOWS.~BT
2017-09-01 23:13 - 2017-09-01 23:15 - 000000036 _____ C:\WINDOWS\progress.ini
2017-09-01 23:10 - 2017-09-01 23:10 - 000000000 ____D C:\Users\sstin\AppData\Local\CEF
2017-09-01 23:09 - 2017-09-05 09:06 - 000000000 ____D C:\Users\sstin\AppData\Roaming\.minecraft
2017-09-01 23:08 - 2017-09-02 00:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2017-09-01 23:08 - 2017-09-01 23:10 - 000000000 ____D C:\Program Files (x86)\Minecraft
2017-09-01 23:08 - 2017-09-01 23:08 - 000001032 _____ C:\Users\Public\Desktop\Minecraft.lnk
2017-09-01 23:07 - 2017-09-01 23:08 - 002314240 _____ C:\Users\sstin\Downloads\MinecraftInstaller.msi
2017-09-01 22:53 - 2017-09-02 00:05 - 000000000 ____D C:\Users\sstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2017-09-01 22:53 - 2017-09-01 22:53 - 000000000 ____D C:\Users\sstin\AppData\Roaming\Google
2017-09-01 22:47 - 2017-09-02 00:08 - 000002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-01 22:47 - 2017-09-02 00:08 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-09-01 22:44 - 2017-09-01 22:47 - 000000000 ____D C:\Program Files (x86)\Google
2017-09-01 22:43 - 2017-09-01 23:15 - 000000000 ____D C:\Users\sstin\AppData\Local\Google
2017-09-01 22:43 - 2017-09-01 22:43 - 001130328 _____ (Google Inc.) C:\Users\sstin\Downloads\ChromeSetup.exe
2017-09-01 22:41 - 2017-09-01 22:43 - 000000000 ____D C:\Users\sstin\AppData\Local\MicrosoftEdge
2017-09-01 22:40 - 2017-09-01 22:40 - 000000000 ____D C:\Program Files\Common Files\Intel
2017-09-01 22:36 - 2017-09-01 22:36 - 000000000 ____D C:\Users\sstin\AppData\Local\NetworkTiles
2017-09-01 22:35 - 2017-09-01 22:35 - 000000000 ____D C:\Users\sstin\OneDrive\Documents\HIIIIIIIIIIIIIi.aep Logs
2017-09-01 22:35 - 2017-09-01 22:35 - 000000000 ____D C:\Users\sstin\OneDrive\Documents\Adobe After Effects Auto-Save
2017-09-01 22:35 - 2016-01-12 20:19 - 001155239 _____ C:\Users\sstin\OneDrive\Documents\icons.psd
2017-09-01 22:35 - 2015-12-14 00:07 - 000223428 _____ C:\Users\sstin\OneDrive\Documents\HIIIIIIIIIIIIIi.aep
2017-09-01 22:35 - 2015-12-13 19:00 - 000441645 _____ C:\Users\sstin\OneDrive\Documents\COEXIST.oxps
2017-09-01 22:35 - 2015-11-09 22:17 - 010243435 _____ C:\Users\sstin\OneDrive\Documents\Untitled-1.psd
2017-09-01 22:35 - 2015-11-05 22:30 - 000000050 _____ C:\Users\sstin\OneDrive\Documents\emaildude.txt
2017-09-01 22:35 - 2015-04-03 22:04 - 000827018 _____ C:\Users\sstin\OneDrive\Documents\killer medicine intro.aep
2017-09-01 22:35 - 2015-03-20 21:48 - 000177480 _____ C:\Users\sstin\OneDrive\Documents\with audio spectrum.aep
2017-09-01 22:35 - 2015-03-20 21:48 - 000177480 _____ C:\Users\sstin\OneDrive\Documents\with audio spectrum - Copy.aep
2017-09-01 22:34 - 2017-09-01 22:34 - 000000000 ____D C:\Users\sstin\AppData\Roaming\Skype
2017-09-01 22:33 - 2017-09-08 15:19 - 000000000 ___RD C:\Users\sstin\OneDrive
2017-09-01 22:33 - 2017-09-06 10:43 - 000002365 _____ C:\Users\sstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-01 22:33 - 2017-09-02 14:01 - 000000000 ____D C:\Users\sstin\AppData\Local\Comms
2017-09-01 22:33 - 2017-09-01 23:44 - 000000000 ____D C:\Windows10Upgrade
2017-09-01 22:33 - 2017-09-01 23:13 - 000000000 ___HD C:\$GetCurrent
2017-09-01 22:33 - 2017-09-01 22:33 - 000000819 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Upgrade Assistant.lnk
2017-09-01 22:33 - 2017-09-01 22:33 - 000000807 _____ C:\Users\sstin\Desktop\Windows 10 Upgrade Assistant.lnk
2017-09-01 22:32 - 2017-09-01 22:32 - 000000000 ____D C:\Users\sstin\AppData\Roaming\Macromedia
2017-09-01 22:32 - 2017-09-01 22:32 - 000000000 ____D C:\Users\sstin\AppData\Local\Publishers
2017-09-01 22:32 - 2017-09-01 22:32 - 000000000 ____D C:\Users\sstin\AppData\Local\PackageStaging
2017-09-01 22:31 - 2017-09-09 00:33 - 000000200 _____ C:\Users\sstin\AppData\Roaming\sp_data.sys
2017-09-01 22:31 - 2017-09-08 15:19 - 000000000 __SHD C:\Users\sstin\IntelGraphicsProfiles
2017-09-01 22:31 - 2017-09-02 14:00 - 000000000 ____D C:\Users\sstin\AppData\Local\Packages
2017-09-01 22:31 - 2017-09-02 00:14 - 000000000 ____D C:\Users\sstin\AppData\Local\ConnectedDevicesPlatform
2017-09-01 22:31 - 2017-09-01 22:31 - 000000000 ____D C:\Users\sstin\AppData\Roaming\Intel
2017-09-01 22:31 - 2017-09-01 22:31 - 000000000 ____D C:\Users\sstin\AppData\Roaming\Adobe
2017-09-01 22:31 - 2017-09-01 22:31 - 000000000 ____D C:\Users\sstin\AppData\Local\VirtualStore
2017-09-01 22:31 - 2017-09-01 22:31 - 000000000 ____D C:\Users\sstin\AppData\Local\TileDataLayer
2017-09-01 22:29 - 2017-09-01 22:31 - 000000000 ____D C:\ProgramData\USBChargerPlus
2017-09-01 22:28 - 2017-09-01 22:28 - 000000000 ___SD C:\WINDOWS\UpdateAssistantV2
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-08 15:19 - 2017-01-11 20:44 - 000004608 ___RH C:\farstone_pe.letter
2017-09-08 15:18 - 2017-03-18 06:40 - 022020096 _____ C:\WINDOWS\system32\config\HARDWARE
2017-09-08 15:18 - 2017-03-18 06:40 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2017-09-08 09:26 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-07 07:53 - 2017-03-18 16:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-06 21:17 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-09-06 19:55 - 2017-03-18 16:01 - 000000000 ____D C:\WINDOWS\INF
2017-09-06 00:01 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\rescache
2017-09-05 23:52 - 2017-03-18 15:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-09-05 23:51 - 2017-03-18 21:31 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2017-09-05 23:51 - 2017-03-18 16:03 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-09-05 23:51 - 2017-03-18 16:03 - 000000000 ___SD C:\WINDOWS\system32\dsc
2017-09-05 23:51 - 2017-03-18 16:03 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2017-09-05 23:51 - 2017-03-18 16:03 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-09-05 23:51 - 2017-03-18 16:03 - 000000000 ___RD C:\Program Files\Windows Defender
2017-09-05 23:51 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-09-05 23:51 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\MUI
2017-09-05 23:51 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\migwiz
2017-09-05 23:51 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\Com
2017-09-05 23:51 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2017-09-05 23:51 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\IME
2017-09-05 23:51 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\Help
2017-09-05 23:51 - 2017-03-18 16:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-09-05 23:51 - 2017-03-18 16:03 - 000000000 ____D C:\Program Files\Common Files\System
2017-09-05 23:51 - 2017-03-18 16:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-09-05 23:51 - 2017-03-18 16:03 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2017-09-05 23:51 - 2017-03-18 06:40 - 000000000 ____D C:\WINDOWS\system32\Dism
2017-09-05 23:51 - 2017-03-18 06:40 - 000000000 ____D C:\WINDOWS\servicing
2017-09-05 03:16 - 2017-03-18 16:03 - 000000000 ___RD C:\WINDOWS\PrintDialog
2017-09-05 03:16 - 2017-03-18 16:03 - 000000000 ___RD C:\WINDOWS\MiracastView
2017-09-05 02:59 - 2017-01-11 20:30 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-09-05 00:42 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-09-04 18:27 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\appcompat
2017-09-04 11:29 - 2016-07-16 06:47 - 000000167 _____ C:\WINDOWS\win.ini
2017-09-04 11:24 - 2017-03-18 16:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-09-04 11:24 - 2017-03-18 16:03 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-09-04 11:24 - 2017-01-11 20:44 - 000000000 ____D C:\Program Files\Microsoft Office
2017-09-04 11:20 - 2016-11-25 20:53 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-09-04 11:12 - 2017-01-11 20:32 - 000000000 ____D C:\ProgramData\Package Cache
2017-09-03 12:55 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-09-03 12:55 - 2016-07-16 06:47 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-09-03 12:16 - 2017-01-11 20:40 - 000000000 ____D C:\ProgramData\McAfee
2017-09-03 12:16 - 2017-01-11 20:40 - 000000000 ____D C:\Program Files\Common Files\McAfee
2017-09-03 12:15 - 2017-03-18 16:03 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2017-09-03 12:15 - 2017-03-18 06:40 - 000008192 _____ C:\WINDOWS\system32\config\ELAM
2017-09-02 12:25 - 2017-01-11 20:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2017-09-02 12:25 - 2016-11-25 20:53 - 000000000 ____D C:\Program Files (x86)\ASUS
2017-09-02 02:58 - 2017-03-18 16:03 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-09-02 02:56 - 2017-03-18 16:06 - 000000000 ____D C:\WINDOWS\Setup
2017-09-02 02:56 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2017-09-02 02:56 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2017-09-02 02:56 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-09-02 02:51 - 2017-03-18 21:28 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2017-09-02 02:51 - 2017-03-18 21:28 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2017-09-02 02:51 - 2017-03-18 21:28 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2017-09-02 02:51 - 2017-03-18 21:28 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2017-09-02 02:51 - 2017-03-18 21:28 - 000000000 ____D C:\WINDOWS\system32\winrm
2017-09-02 02:51 - 2017-03-18 21:28 - 000000000 ____D C:\WINDOWS\system32\WCN
2017-09-02 02:51 - 2017-03-18 21:28 - 000000000 ____D C:\WINDOWS\system32\slmgr
2017-09-02 02:51 - 2017-03-18 21:28 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2017-09-02 02:51 - 2017-03-18 16:03 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-09-02 02:51 - 2017-03-18 16:03 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2017-09-02 02:51 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2017-09-02 02:51 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2017-09-02 02:51 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-09-02 02:51 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2017-09-02 02:51 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2017-09-02 00:12 - 2017-03-18 16:03 - 000000000 ____D C:\ProgramData\USOPrivate
2017-09-02 00:09 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\Registration
2017-09-02 00:09 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-09-02 00:07 - 2017-03-18 21:31 - 000000000 ____D C:\WINDOWS\HoloShell
2017-09-02 00:06 - 2017-03-18 16:03 - 000000000 __RHD C:\Users\Public\Libraries
2017-09-02 00:05 - 2017-01-11 20:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek
2017-09-02 00:05 - 2016-11-25 20:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WPS Office
2017-09-02 00:04 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\spool
2017-09-02 00:04 - 2017-01-11 20:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FarStone
2017-09-02 00:04 - 2017-01-11 20:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICEpower
2017-09-02 00:04 - 2017-01-11 20:36 - 000000000 ___HD C:\WINDOWS\system32\WLANProfiles
2017-09-02 00:03 - 2017-03-18 06:40 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2017-09-02 00:02 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-09-02 00:02 - 2017-01-11 20:33 - 000000000 ___HD C:\Intel
2017-09-01 22:40 - 2017-01-11 20:33 - 000000000 ____D C:\ProgramData\Intel
 
==================== Files in the root of some directories =======
 
2017-09-01 22:31 - 2017-09-09 00:33 - 000000200 _____ () C:\Users\sstin\AppData\Roaming\sp_data.sys
2017-09-02 00:02 - 2017-09-02 00:02 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
2017-09-08 10:23 - 2017-07-11 00:40 - 001930320 _____ (Microsoft Corporation) C:\Users\sstin\AppData\Local\Temp\dllnt_dump.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-09-01 23:58
 
==================== End of FRST.txt ============================
 
Addition Log:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by sstin (09-09-2017 00:35:23)
Running from C:\Users\sstin\Desktop\FIXER
Windows 10 Pro Version 1703 (X64) (2017-09-02 05:12:46)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2860598129-2714271170-809102586-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2860598129-2714271170-809102586-503 - Limited - Disabled)
Guest (S-1-5-21-2860598129-2714271170-809102586-501 - Limited - Disabled)
sstin (S-1-5-21-2860598129-2714271170-809102586-1001 - Administrator - Enabled) => C:\Users\sstin
Test (S-1-5-21-2860598129-2714271170-809102586-1002 - Limited - Enabled) => C:\Users\Test
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2860598129-2714271170-809102586-1001\...\uTorrent) (Version: 3.5.0.43916 - BitTorrent Inc.)
ASUS HiPost (HKLM-x32\...\{04768366-F421-4BA5-8423-B84F644B5249}) (Version: 1.0.6 - ASUS)
ASUS Input Configuration (HKLM-x32\...\{7DDF7571-64BD-4232-9729-20FF10CE6C62}) (Version: 1.0.3 - ASUS)
ASUS PTP Driver (HKLM-x32\...\{7618E419-9124-4E6C-9AF4-487A6DDEC1C5}) (Version: 11.0.12 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.16.0002 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.7 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0045 - ASUS)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.3.6 - ICEpower a/s)
Betternet for Windows (HKLM-x32\...\{2E77104D-96E1-4A9C-86F2-C7CF4C703900}) (Version: 3.9.0.0 - Betternet Technologies Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.33 - Piriform)
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.2.5 - ASUSTek COMPUTER INC.)
ELAN FingerPrinter (HKLM\...\ElanFP) (Version: 1.5.5.1 - ELAN Microelectronic Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{aaa7f0fb-02dc-4576-beef-7d24842c5fbe}) (Version: 10.1.1.32 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.11000.2996 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.5.0.1015 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4550 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.63.1620.3 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{09B8FFA4-5222-4271-8AA9-CDC98AD64863}) (Version: 18.1.1613.3274 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{5853172b-5520-4089-9ef4-e26c594382b3}) (Version: 19.30.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{8B08DDA1-FDE7-4897-8EB6-E0B048A6D88B}) (Version: 1.0.1.618 - Intel Corporation)
Malwarebytes version 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2860598129-2714271170-809102586-1001\...\OneDriveSetup.exe) (Version: 17.3.6966.0824 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
OpenVPN 2.3.12-I602  (HKLM-x32\...\OpenVPN) (Version: 2.3.12-I602 - )
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
PerformanceTest v9.0 (HKLM\...\PerformanceTest 9_is1) (Version: 9.0.1017.0 - Passmark Software)
Process Hacker 2.39 (r124) (HKLM\...\Process_Hacker2_is1) (Version: 2.39.0.124 - wj32)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7945 - Realtek Semiconductor Corp.)
Roblox Player for sstin (HKU\S-1-5-21-2860598129-2714271170-809102586-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - Roblox Corporation)
Roblox Studio for sstin (HKU\S-1-5-21-2860598129-2714271170-809102586-1001\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - Roblox Corporation)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.1 - Sophos Limited)
Spotify (HKU\S-1-5-21-2860598129-2714271170-809102586-1001\...\Spotify) (Version: 1.0.62.508.g2c497f24 - Spotify AB)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.59518 - TeamViewer)
TotalRecovery Pro (HKLM-x32\...\TotalRecovery) (Version: 10.0.11.2 - FarStone Inc.)
Update for Skype for Business 2016 (KB3213548) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{1C894A72-A611-4A19-B106-0218E3CAC377}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB3213548) 64-Bit Edition (HKLM\...\{90160000-012B-0409-1000-0000000FF1CE}_Office16.PROPLUS_{1C894A72-A611-4A19-B106-0218E3CAC377}) (Version:  - Microsoft)
Web Launch Recorder (HKU\S-1-5-21-2860598129-2714271170-809102586-1001\...\WebLaunchRecorder) (Version: 2.0 - )
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22175 - Microsoft Corporation)
Windows Driver Package - ASUS (AsusHFilter) HIDClass  (12/19/2016 1.0.0.2) (HKLM\...\EEDD19DDF3F0CA7CFA2F4C500D442DD1FEB434F6) (Version: 12/19/2016 1.0.0.2 - ASUS)
Windows Driver Package - ASUS (AsusPTPDrv) HIDClass  (07/01/2016 11.0.0.12) (HKLM\...\AE03E43494611410A2996E4747E2A8C0FE87F26D) (Version: 07/01/2016 11.0.0.12 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.2.2 - ASUSTeK COMPUTER INC.)
WPS Office for ASUS (HKLM-x32\...\Kingsoft Office) (Version: 10.1.0.5644 - Kingsoft Corp.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxDTCM.dll [2016-11-30] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {179D4C51-E14A-4BCD-99EE-662CBC877A82} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2016-10-03] (Realtek Semiconductor)
Task: {22923E71-E5DC-43A8-B1FA-56638ACE552D} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-09-22] (ASUSTek Computer Inc.)
Task: {22F0136E-B708-4FDD-B1FA-AA71E63FC672} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-02-19] (Intel® Corporation)
Task: {2587681A-9A51-4DDE-BA35-16E5A367BAE8} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-10-03] (Realtek Semiconductor)
Task: {46A5013E-96B1-4D2E-8936-D382FF97E708} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2016-05-24] (ASUS)
Task: {4F73599B-AEBB-4EA0-B0DD-037872AE5323} - System32\Tasks\WpsKtpcntrQingTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\10.1.0.5644\office6\ktpcntr.exe [2016-11-25] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {5C490296-64A2-444E-B597-7C9588D0953D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-01] (Google Inc.)
Task: {6CBEC04A-2F01-45A3-8183-ACAAD127C84D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-08-03] (Piriform Ltd)
Task: {70BD6626-0765-4724-B5B6-5B2AB4DD0764} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2016-07-07] (ASUSTek COMPUTER INC.)
Task: {727A542C-BDC6-473B-A9A5-72BF5D318AC4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-01] (Google Inc.)
Task: {83CF7738-D85D-462F-AA10-E97A3A1E68D7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {A894460B-4DF6-471C-B5C9-047A2520ECB8} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {AF72A95B-CD5E-462C-9592-08049EE38D12} - System32\Tasks\WpsExternal_20161125175401 => C:\Program Files (x86)\Kingsoft\WPS Office\ksolaunch.exe [2016-11-25] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {B78E9708-94E4-484E-950C-5996BD549EBD} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2016-02-23] (ASUSTek Computer Inc.)
Task: {BA874B21-5E29-4EC4-8778-353AF02314F7} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-09-22] (ASUSTek Computer Inc.)
Task: {EA3DC120-E3E9-4FAE-B479-BDBADE94A6D0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\WpsExternal_20161125175401.job => C:\Program Files (x86)\Kingsoft\WPS Office\ksolaunch.exe
Task: C:\WINDOWS\Tasks\WpsKtpcntrQingTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\10.1.0.5644\office6\ktpcntr.exeÃqing 10.1.0.5644 xxx server_url=hxxp:/kdl1.cache.wps.com/ksodl/wpscfg/client/____client____html____service____bubble.html ic_server_url=hxxp:/info.kingsoftstore.com/wpsv6internet/infos.ads
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\sstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Bit Player.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=mjkikpbeengfefopcnmhljmiobkghfpd
ShortcutWithArgument: C:\Users\sstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Caret.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=fljalecfjciodhpcledpamjachpmelml
ShortcutWithArgument: C:\Users\sstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chromebook Recovery Utility.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=jndclpdbaamdhonoechobihbbiimdgai
ShortcutWithArgument: C:\Users\sstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl
ShortcutWithArgument: C:\Users\sstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gravit Designer.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=pdagghjnpkeagmlbilmjmclfhjeaapaa
ShortcutWithArgument: C:\Users\sstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Nitrous.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=efdcneeepllhjlbejkfnaolelbpdacai
ShortcutWithArgument: C:\Users\sstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Polarr Photo Editor.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=djonnbgfieijldcieafgjcnhmpcfpmgg
ShortcutWithArgument: C:\Users\sstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Torrent Stream.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=icocmgpofpimcojhefbcfbdldkmndpgj
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-08-13 01:30 - 2014-08-13 01:30 - 000073032 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FBAgent.exe
2014-03-25 04:14 - 2014-03-25 04:14 - 000071024 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\DCNTranProc.exe
2017-09-06 22:32 - 2017-08-24 11:27 - 002264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-02-22 23:56 - 2017-02-22 23:56 - 008911560 _____ () C:\Program Files\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-03-18 15:58 - 2017-03-18 15:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 15:59 - 2017-03-18 21:30 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-09-02 08:56 - 2017-09-02 08:57 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-09-02 08:56 - 2017-09-02 08:57 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-09-02 08:56 - 2017-09-02 08:57 - 036162048 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-09-02 08:56 - 2017-09-02 08:57 - 002237952 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\skypert.dll
2017-09-06 09:39 - 2017-09-06 09:40 - 001226440 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8500.40725.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Word.dll
2017-09-01 22:47 - 2017-08-23 03:48 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libglesv2.dll
2017-09-01 22:47 - 2017-08-23 03:48 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libegl.dll
2017-09-02 08:55 - 2017-09-02 08:55 - 003139496 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11707.1001.23.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-09-02 08:57 - 2017-09-02 08:57 - 010600960 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11707.1001.23.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2017-09-02 08:57 - 2017-09-02 08:57 - 002640896 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11707.1001.23.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2017-09-02 08:59 - 2017-09-02 09:00 - 000020480 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.13510.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-09-02 08:59 - 2017-09-02 09:00 - 029627904 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.13510.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-09-02 08:59 - 2017-09-02 09:00 - 000358912 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.13510.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll
2017-09-02 08:59 - 2017-09-02 09:00 - 002536448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.13510.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2017-09-02 08:59 - 2017-09-02 09:00 - 020719104 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.13510.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2017-09-02 08:59 - 2017-09-02 09:00 - 002415104 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.13510.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-09-02 08:59 - 2017-09-02 09:00 - 003065856 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.13510.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2017-09-02 08:55 - 2017-09-02 08:55 - 003139496 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.13510.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-09-02 08:59 - 2017-09-02 09:00 - 000118784 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.13510.0_x64__8wekyb3d8bbwe\ExploreModel.dll
2017-09-02 08:59 - 2017-09-02 09:00 - 000046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.13510.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2017-09-02 08:59 - 2017-09-02 09:00 - 001370112 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.13510.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2014-03-25 04:14 - 2014-03-25 04:14 - 000088576 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\zlibwapi.dll
2015-08-18 02:18 - 2015-08-18 02:18 - 000332800 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FBCmdDsp.dll
2015-08-17 23:30 - 2015-08-17 23:30 - 000085504 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FlBckpBk.dll
2015-08-17 23:28 - 2015-08-17 23:28 - 000323584 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FlBckpRt.dll
2014-11-24 22:22 - 2014-11-24 22:22 - 000089088 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\EfbCheckImg.dll
2015-08-17 23:26 - 2015-08-17 23:26 - 000223232 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\DiskClone.dll
2015-07-27 00:50 - 2015-07-27 00:50 - 000224256 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\DiskMgr.dll
2014-09-21 21:40 - 2014-09-21 21:40 - 000194560 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\EFBSearchTool.dll
2014-09-21 21:40 - 2014-09-21 21:40 - 000022528 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FBEventMgr.dll
2015-08-18 00:23 - 2015-08-18 00:23 - 000114176 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\EasyFuncs.dll
2015-08-18 02:17 - 2015-08-18 02:17 - 000104448 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\BootConfig.dll
2014-03-14 02:04 - 2014-03-14 02:04 - 000012288 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FSFat32.dll
2014-05-20 22:04 - 2014-05-20 22:04 - 000018432 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FSToken.dll
2014-03-14 02:04 - 2014-03-14 02:04 - 000201216 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\NtfsLib.dll
2014-03-14 02:04 - 2014-03-14 02:04 - 000013312 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\VssNew.dll
2014-11-04 19:44 - 2014-11-04 19:44 - 000017408 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\VDiskConvert.dll
2014-09-21 21:41 - 2014-09-21 21:41 - 000239104 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\diskpart.dll
2014-03-25 04:14 - 2014-03-25 04:14 - 000194048 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\NetTool.dll
2014-09-03 21:41 - 2014-09-03 21:41 - 000037888 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\RapidClone.dll
2014-08-19 20:23 - 2014-08-19 20:23 - 000075264 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\DiskInterface.dll
2014-03-25 04:14 - 2014-03-25 04:14 - 000157552 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FtpPipeModule.dll
2014-03-25 04:14 - 2014-03-25 04:14 - 000091584 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\TransferManager.dll
2014-03-25 04:14 - 2014-03-25 04:14 - 000062832 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\CommonFun.dll
2014-03-25 04:14 - 2014-03-25 04:14 - 000054712 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FTPFunModule.dll
2014-03-25 04:14 - 2014-03-25 04:14 - 000617952 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\XpIcfOpt.dll
2016-05-24 15:44 - 2016-05-24 15:44 - 000027648 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2016-05-24 15:44 - 2016-05-24 15:44 - 000125440 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2016-05-24 15:44 - 2016-05-24 15:44 - 000029184 _____ () C:\Program Files (x86)\ASUS\Splendid\VideoEnhance.dll
2016-05-17 00:50 - 2016-05-17 00:50 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-07-16 06:47 - 2016-07-16 06:45 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2860598129-2714271170-809102586-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\sstin\Downloads\ws_Aesthetic_Pleasure_1920x1200.jpg
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKU\S-1-5-21-2860598129-2714271170-809102586-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_F770B1572B52412FE1E9BFAED319E841"
HKU\S-1-5-21-2860598129-2714271170-809102586-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-2860598129-2714271170-809102586-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2860598129-2714271170-809102586-1001\...\StartupApproved\Run: => "TunnelBear"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{54A07749-0CCC-4000-A0CA-A4FA82B810BA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{4D0FD53D-B591-4D09-B750-E4838B21EA97}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{7D59C3A3-F920-4C3F-8015-60128327E120}] => (Allow) C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FBAgent.exe
FirewallRules: [{79873342-7168-45C4-A7B0-9CD4B8DC503D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{8528DAEB-53E3-47D0-AC1E-5E47813A8FEF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{EA8D9939-871F-4C41-9FD2-0FC70887DC88}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B16846F1-62C7-4B39-A85A-3A031E6E48EA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{03689C42-2EE5-4ADA-BD3A-BF8BE5569B79}] => (Allow) C:\Users\sstin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{DA56AC2C-16B2-47B2-BE11-BBEEAAAD69C9}] => (Allow) C:\Users\sstin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3FFECB60-3103-4D52-9D26-A5473A101124}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [TCP Query User{43D67830-06BF-467B-A527-7EE463C2ABA1}C:\users\sstin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sstin\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{622419EF-D7CB-4D80-AC6F-082782B72F78}C:\users\sstin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sstin\appdata\roaming\spotify\spotify.exe
FirewallRules: [{6172AE39-A49E-42D4-B927-11E1DB2166D3}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{CDEBB679-FDD2-4B1C-9978-15ECBE9A2B29}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{4F33261B-3D65-475F-A574-0B0724FD5CF3}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{E5F72E48-6DFD-4B02-B34D-E2CFBF58DA3A}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
 
==================== Restore Points =========================
 
02-09-2017 12:23:56 Windows Update
04-09-2017 11:11:58 TunnelBear
04-09-2017 18:26:44 Malwarebytes Anti-Rootkit Restore Point
05-09-2017 23:49:53 Language Pack Removal
 
==================== Faulty Device Manager Devices =============
 
Name: TunnelBear Adapter V9
Description: TunnelBear Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TunnelBear Provider V9
Service: tap-tb-0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/08/2017 03:19:07 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.2.11000.2996) TYPE: ERROR MODULE: DPTF TIME 6626 ms
 
DPTF Build Version:  8.2.11000.2996
DPTF Build Date:  Aug 10 2016 11:44:33
Source File:  ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 989
Executing Function:  PolicyBase::takeControlOfOsc
Message:  Passive Policy 2: Failed to acquire OSC: Failure during execution of _OSC: 
DPTF Build Version:  8.2.11000.2996
DPTF Build Date:  Aug 10 2016 11:44:33
Source File:  ..\..\..\Sources\Manager\EsifServices.cpp @ line 472
Executing Function:  EsifServices::primitiveExecuteSet
Message:  Error returned from ESIF services interface function call
Participant:  NoParticipant
Domain:  NoDomain
ESIF Primitive:  SET_OPERATING_SYSTEM_CAPABILITIES [93]
ESIF Instance:  255
ESIF Return Code:  ESIF_E_UNSUPPORTED_ACTION_TYPE [1202]
 
 
Policy:  Passive Policy 2 [0]
 
Error: (09/08/2017 03:18:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 10.0.15063.447, time stamp: 0xe365c782
Faulting module name: ntdll.dll, version: 10.0.15063.447, time stamp: 0xa329d3a8
Exception code: 0xc0000005
Fault offset: 0x00000000000a8e3d
Faulting process id: 0x296c
Faulting application start time: 0x01d328653cbee8ed
Faulting application path: C:\WINDOWS\system32\AUDIODG.EXE
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 8ff8cb20-e998-4fa8-82a4-6cdc786e946d
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/08/2017 10:41:00 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
 
Error: (09/08/2017 10:41:00 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
 
Error: (09/08/2017 10:40:48 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
 
Error: (09/08/2017 10:40:48 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
 
Error: (09/08/2017 12:30:12 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (09/07/2017 09:18:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RobloxPlayerBeta.exe, version: 0.306.0.16614, time stamp: 0x59a88c9b
Faulting module name: RobloxPlayerBeta.exe, version: 0.306.0.16614, time stamp: 0x59a88c9b
Exception code: 0xc0000005
Fault offset: 0x007fd021
Faulting process id: 0x5fc
Faulting application start time: 0x01d327e3a3fe97af
Faulting application path: C:\Users\sstin\AppData\Local\Roblox\Versions\version-86883159fabf4065\RobloxPlayerBeta.exe
Faulting module path: C:\Users\sstin\AppData\Local\Roblox\Versions\version-86883159fabf4065\RobloxPlayerBeta.exe
Report Id: ba9deebe-f490-4b7d-8c78-1d24184ee872
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/07/2017 07:52:55 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (09/06/2017 10:26:59 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.2.11000.2996) TYPE: ERROR MODULE: DPTF TIME 7032 ms
 
DPTF Build Version:  8.2.11000.2996
DPTF Build Date:  Aug 10 2016 11:44:33
Source File:  ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 989
Executing Function:  PolicyBase::takeControlOfOsc
Message:  Passive Policy 2: Failed to acquire OSC: Failure during execution of _OSC: 
DPTF Build Version:  8.2.11000.2996
DPTF Build Date:  Aug 10 2016 11:44:33
Source File:  ..\..\..\Sources\Manager\EsifServices.cpp @ line 472
Executing Function:  EsifServices::primitiveExecuteSet
Message:  Error returned from ESIF services interface function call
Participant:  NoParticipant
Domain:  NoDomain
ESIF Primitive:  SET_OPERATING_SYSTEM_CAPABILITIES [93]
ESIF Instance:  255
ESIF Return Code:  ESIF_E_UNSUPPORTED_ACTION_TYPE [1202]
 
 
Policy:  Passive Policy 2 [0]
 
 
System errors:
=============
Error: (09/09/2017 12:33:14 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/08/2017 03:22:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Antivirus Service service failed to start due to the following error: 
The requested resource is in use.
 
Error: (09/08/2017 03:19:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/08/2017 03:19:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/08/2017 03:19:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/08/2017 03:19:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/08/2017 03:19:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Kingsoft_WPS_UpdateService service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (09/08/2017 03:19:09 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Kingsoft_WPS_UpdateService service to connect.
 
Error: (09/08/2017 03:19:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error: 
The request is not supported.
 
Error: (09/08/2017 03:18:46 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\WINDOWS\System32\IWMSSvc.dll
 
 
CodeIntegrity:
===================================
  Date: 2017-09-06 00:26:53.705
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-09-06 00:26:53.555
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-09-05 03:02:13.637
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-09-05 03:02:12.844
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-09-04 13:32:28.892
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-09-04 13:32:28.726
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-7500U CPU @ 2.70GHz
Percentage of memory in use: 19%
Total physical RAM: 16268.34 MB
Available physical RAM: 13088.39 MB
Total Virtual: 19212.34 MB
Available Virtual: 15858.13 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:475.84 GB) (Free:390.44 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 961077FC)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#15 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 PM

Posted 09 September 2017 - 09:34 AM

LdH4gmf.pngGoogle Chrome - Remove Extension/App
  • In Google Chrome, enter chrome://extensions in the address bar and press on Enter
  • In the Extensions page, uninstall these (by clicking on the little garbage can icon on their right)
    • Tabs 2 Grid
    • Webcam Recorder & Snapshot
    • Flat
  • If you don't see the extension listed, it means that it's installed as an App. So enter chrome://apps in the address bar and press on Enter
  • From the Apps page, look for the app, right-click on it and select Remove from Chrome
iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located)
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Fix button
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
  • Copy and paste its content in your next reply
After running the fix below, are your Windows Defender and Malwarebytes real-time protection still disabled?

Attached Files


animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users