Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rundll32.exe smartscreen.exe posting Frst Log


  • This topic is locked This topic is locked
24 replies to this topic

#1 Xxaimee1433xx

Xxaimee1433xx

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:01:10 AM

Posted 29 September 2017 - 02:24 PM

memory/disk high, no admin rights, upnp port enabled, cant login to router. This is just the beginning problems. It looks like someone or something has remote access to my computer. Every scan I run comes back with nothing. I have Windows 10 pro. Have scanned with Avast Premier, Eset online, malwarebytes Antimalware. I have already backed up my pc with Cobian.  Couldnt even get Windows Defender. I did run superantispyware and it deleted 33 ad trackers. Thats about it. 

Memory and disk and cpu seem to go back in forth in high usage, like 70-98% I have seen sometimes. 

Here is my log:

 

==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-09-2017 01
Ran by Dell Opti 755 (29-09-2017 13:41:43)
Running from C:\Users\Dell Opti 755\Desktop
Windows 10 Pro Version 1703 (X64) (2017-06-19 21:10:48)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2745217096-928324710-3568355786-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2745217096-928324710-3568355786-503 - Limited - Disabled)
Dell Opti 755 (S-1-5-21-2745217096-928324710-3568355786-1001 - Administrator - Enabled) => C:\Users\Dell Opti 755
Guest (S-1-5-21-2745217096-928324710-3568355786-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Avast Premier (HKLM-x32\...\Avast Antivirus) (Version: 17.6.2310 - AVAST Software)
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
ClamWin Free Antivirus 0.99.1 (HKLM-x32\...\ClamWin Free Antivirus_is1) (Version:  - alch)
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version:  - )
Encarta Search Bar (64-bit) (HKLM\...\{08044040-959A-4B0D-8825-2C533F0DDB19}) (Version: 1.0.0 - Microsoft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden
Hoyle Puzzle and Board Games (HKLM-x32\...\{2049C1B1-B5BF-4557-9AF9-2506D835F888}) (Version: 1.00.0000 - Encore Software, Inc.)
HP Deskjet 3050 J610 series Basic Device Software (HKLM\...\{6457BD83-98CF-4267-93D7-F173FF3E7C25}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3050 J610 series Help (HKLM-x32\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)
HP Deskjet 3050 J610 series Product Improvement Study (HKLM\...\{5FB5B723-6B6E-45ED-BA73-F264D52AF916}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Learning Essentials for Microsoft Office (HKLM-x32\...\{75F3A4B2-F6E8-434D-A2EF-DBBC016C6CB2}) (Version: 2.0 - Microsoft)
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Microsoft Math (HKLM-x32\...\{07043840-959A-4B0D-8825-2C533F0DDB19}) (Version: 2007 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2745217096-928324710-3568355786-1001\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation)
Microsoft Student 2007 for Learning Essentials (HKLM-x32\...\{Microsoft Student 2007_54A0E938-8390-489F-8F1A-563673334DFE}) (Version:  - )
Microsoft Student with Encarta Premium 2009 (HKLM-x32\...\{09041881-2C94-4A67-8E55-8483C019C7D2}) (Version: 2009 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MiniTool Partition Wizard Free 10.2.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
SereneScreen Marine Aquarium 3 (HKLM-x32\...\SereneScreen Marine Aquarium 3_is1) (Version: 3.2 - Prolific Publishing, Inc.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1248 - SUPERAntiSpyware.com)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22243 - Microsoft Corporation)
Windows Deployment Tools (HKLM-x32\...\{BFC9778E-9765-C94C-C082-C2514F8DEB9B}) (Version: 8.59.25584 - Microsoft)
Windows PE x86 x64 (HKLM-x32\...\{F89D69CA-6EE1-E037-DD3B-08CDDE1BED1C}) (Version: 8.59.25584 - Microsoft)
Windows PE x86 x64 wims (HKLM-x32\...\{85F4ACB1-E7DC-C3C6-F4FD-BB936DF2695E}) (Version: 8.59.25584 - Microsoft)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-09-04] (AVAST Software)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-09-04] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-09-04] (AVAST Software)
ContextMenuHandlers1: [ClamWin] -> {65713842-C410-4f44-8383-BFE01A398C90} => C:\Program Files (x86)\ClamWin\bin\ExpShell64.dll [2008-04-19] ()
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-09-04] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-09-04] (AVAST Software)
ContextMenuHandlers6: [ClamWin] -> {65713842-C410-4f44-8383-BFE01A398C90} => C:\Program Files (x86)\ClamWin\bin\ExpShell64.dll [2008-04-19] ()
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {214FBC99-5333-4708-BE04-DA3D732399E8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {2E5BBBF9-83D4-4598-BBED-E4AEBA2C13B8} - System32\Tasks\S-1-5-21-2745217096-928324710-3568355786-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-03-18] (Microsoft Corporation)
Task: {6FEFC4FA-AE62-43F6-86EB-D672FF855EC9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-19] (Google Inc.)
Task: {8005ACFC-AFA2-4E7C-ABCF-A07B05A2D837} - System32\Tasks\SafeZone scheduled Autoupdate 1497908356 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
Task: {8C5E29E5-5071-43F2-BAE5-072B0A0B14B3} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {9AB049AB-8F25-4DC5-891C-823915C5484B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {B05C3D48-7BF5-4E7E-BEE6-30F6FF942AB0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {CE93D005-85D7-41C8-9297-2B538A118CC5} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-09-04] (AVAST Software)
Task: {CF6C166D-57A0-47B9-AC84-127E5CD813C3} - System32\Tasks\HPCustParticipation HP Deskjet 3050 J610 series => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {F5A7ADDD-09FA-4B3B-B874-B2D8AA837E1A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-19] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\Dell Opti 755\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9fa67dbd4f217751\Evernote Web Clipper.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=pioclpoplcdbaefihamjohnefbikjilc
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-03-18 16:58 - 2017-03-18 16:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-02-23 08:29 - 2017-02-23 08:29 - 008909512 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2017-03-18 16:59 - 2017-03-18 22:30 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-09-04 12:12 - 2017-09-04 12:12 - 000067408 _____ () C:\Program Files\AVAST Software\Avast\x64\module_lifetime.dll
2017-09-27 07:43 - 2017-09-21 03:29 - 004022616 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libglesv2.dll
2017-09-27 07:43 - 2017-09-21 03:29 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libegl.dll
2017-09-04 12:21 - 2005-02-08 17:23 - 000979005 _____ () C:\Program Files (x86)\ClamWin\bin\python23.dll
2017-09-04 12:21 - 2004-11-20 03:27 - 000069632 _____ () C:\Program Files (x86)\ClamWin\lib\win32api.pyd
2017-09-04 12:21 - 2004-10-11 20:21 - 000094208 _____ () C:\Program Files (x86)\ClamWin\lib\pywintypes23.dll
2017-09-04 12:21 - 2004-05-25 21:18 - 000057401 _____ () C:\Program Files (x86)\ClamWin\lib\_sre.pyd
2017-09-04 12:21 - 2004-11-20 03:27 - 000086016 _____ () C:\Program Files (x86)\ClamWin\lib\win32gui.pyd
2017-09-04 12:21 - 2004-11-20 03:27 - 000024576 _____ () C:\Program Files (x86)\ClamWin\lib\win32event.pyd
2017-09-04 12:21 - 2004-11-20 03:27 - 000036864 _____ () C:\Program Files (x86)\ClamWin\lib\win32process.pyd
2017-09-04 12:21 - 2004-05-25 21:18 - 000049212 _____ () C:\Program Files (x86)\ClamWin\lib\_socket.pyd
2017-09-04 12:21 - 2004-05-25 21:18 - 000495616 _____ () C:\Program Files (x86)\ClamWin\lib\_ssl.pyd
2017-09-04 12:21 - 2004-05-25 21:20 - 000036864 _____ () C:\Program Files (x86)\ClamWin\lib\_winreg.pyd
2017-09-04 12:21 - 2004-10-11 20:22 - 000315392 _____ () C:\Program Files (x86)\ClamWin\lib\pythoncom23.dll
2017-09-04 12:21 - 2004-11-20 03:27 - 000106496 _____ () C:\Program Files (x86)\ClamWin\lib\shell.pyd
2017-09-04 12:21 - 2004-11-20 03:27 - 000065536 _____ () C:\Program Files (x86)\ClamWin\lib\win32security.pyd
2017-09-04 12:21 - 2004-01-15 14:45 - 000061440 _____ () C:\Program Files (x86)\ClamWin\lib\_ctypes.pyd
2017-09-04 12:21 - 2004-11-20 03:27 - 000077824 _____ () C:\Program Files (x86)\ClamWin\lib\win32file.pyd
2017-09-04 12:21 - 2004-11-20 03:27 - 000024576 _____ () C:\Program Files (x86)\ClamWin\lib\win32pipe.pyd
2017-09-04 12:21 - 2003-10-01 13:40 - 002240512 _____ () C:\Program Files (x86)\ClamWin\lib\wxc.pyd
2017-09-04 12:21 - 2003-10-01 11:43 - 003239936 _____ () C:\Program Files (x86)\ClamWin\lib\wxmsw24h.dll
2017-09-04 12:21 - 2003-08-10 09:14 - 000061440 _____ () C:\Program Files (x86)\ClamWin\lib\mxDateTime.pyd
2017-09-04 12:21 - 2004-05-25 21:17 - 000622651 _____ () C:\Program Files (x86)\ClamWin\lib\_bsddb.pyd
2017-09-04 12:21 - 2004-05-25 21:19 - 000045117 _____ () C:\Program Files (x86)\ClamWin\lib\datetime.pyd
2017-09-04 12:12 - 2017-09-04 12:12 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-09-04 12:12 - 2017-09-04 12:12 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-07-04 09:17 - 2017-07-04 09:17 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-09-04 12:12 - 2017-09-04 12:12 - 000211904 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-09-04 12:12 - 2017-09-04 12:12 - 000241960 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-09-04 12:12 - 2017-09-04 12:12 - 000233768 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-09-27 13:08 - 2017-09-27 13:08 - 000692408 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-09-29 12:42 - 2017-09-29 12:42 - 005890352 _____ () C:\Program Files\AVAST Software\Avast\defs\17092902\algo.dll
2017-09-28 13:37 - 2008-06-19 17:35 - 000333288 _____ () C:\Program Files (x86)\Spybot - Search & Destroy\sqlite3.dll
2017-09-28 13:37 - 2008-03-04 14:52 - 000790392 _____ () C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\Chai.dll
2017-09-28 13:37 - 2008-03-05 09:34 - 000795520 _____ () C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\Fennel.dll
2017-09-28 13:37 - 2008-02-26 11:04 - 000717176 _____ () C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\Mate.dll
2017-09-28 13:37 - 2007-12-24 01:05 - 000121344 _____ () C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\TCPIPAddress.dll
2017-02-23 08:29 - 2017-02-23 08:29 - 008909512 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-07-16 07:47 - 2016-07-16 07:45 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2745217096-928324710-3568355786-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img2.jpg
DNS Servers: 75.114.81.1 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKU\S-1-5-21-2745217096-928324710-3568355786-1001\...\StartupApproved\StartupFolder: => "Monitor Ink Alerts - HP Deskjet 3050 J610 series (Network).lnk"
HKU\S-1-5-21-2745217096-928324710-3568355786-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2745217096-928324710-3568355786-1001\...\StartupApproved\Run: => "Upwork"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{1D77DB40-65B1-4A09-B011-7960CBA66CB7}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{8360D2FC-1386-4EAE-8CFC-76137DBC33A4}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{A22A345A-AC49-42A0-9148-A00104B19FB5}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{A0A78D63-1DEA-4876-8231-ACE6BB7D4740}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{3A9961AF-B0BA-400A-AA9C-F24A93CEE647}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe
FirewallRules: [{7686A58E-1965-4642-81AD-6EA6C3F88CD0}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{6B06ADEF-B00A-46C3-BF04-64605895B1F7}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{4EAE77E7-9068-4626-A06B-D08445C1E66C}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{7C739DE2-2330-4C14-A1CD-658F52C2F781}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{CEEA3FC3-C8D9-4E52-A042-CAE65ACA76C1}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{C5DF74F8-85A8-469F-B90A-E20F5486F4F2}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{5BC5A9B0-44EA-4675-83DC-DBC073772399}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
FirewallRules: [{CFEB3304-9AC2-4F92-8CB1-98B1B0348B49}] => (Allow) C:\Program Files (x86)\DroidCam\DroidCamApp.exe
FirewallRules: [{1A062962-4A00-402E-AE4C-DE9A693A5E1B}] => (Allow) C:\Program Files (x86)\DroidCam\DroidCamApp.exe
FirewallRules: [{625C8D11-FD01-4780-99CA-E5FA32688169}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
FirewallRules: [{F727884C-A839-4D9C-80A5-87D08C4E42A8}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{522D9CD1-CE55-4977-B44E-ACC10F897700}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{D0F4077F-56FD-4994-9660-2402837D246C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
29-09-2017 04:35:59 Removed Nero12EssTSST.
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/29/2017 01:20:53 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {3e54fd5c-a376-4a4d-88bc-48b3becb9065}
 
Error: (09/29/2017 01:07:08 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Spybot - Search & Destroy\DelZip179.dll".Error in manifest or policy file "C:\Program Files (x86)\Spybot - Search & Destroy\DelZip179.dll" on line 8.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
 
Error: (09/29/2017 01:00:43 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Spybot - Search & Destroy\DelZip179.dll".Error in manifest or policy file "C:\Program Files (x86)\Spybot - Search & Destroy\DelZip179.dll" on line 8.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
 
Error: (09/29/2017 12:44:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_wuauserv, version: 10.0.15063.0, time stamp: 0x02799ef5
Faulting module name: ntdll.dll, version: 10.0.15063.608, time stamp: 0x8274fd8b
Exception code: 0xc0000008
Fault offset: 0x00000000000a917a
Faulting process id: 0x1efc
Faulting application start time: 0x01d3394229a41e85
Faulting application path: c:\windows\system32\svchost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: a98f2e38-949c-491b-ba76-fcb7df94fe1f
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/29/2017 12:33:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-IGH5NP2)
Description: Activation of app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (09/29/2017 12:33:44 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-IGH5NP2)
Description: Activation of app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (09/29/2017 09:57:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.608, time stamp: 0x59ae240c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x1cc0
Faulting application start time: 0x01d3392aae9423de
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: unknown
Report Id: 4846e0bb-451d-4b86-9ed7-d3f14d042c89
Faulting package full name: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess
 
Error: (09/29/2017 09:57:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.608, time stamp: 0x59ae240c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x6dc
Faulting application start time: 0x01d3392ab50a56c0
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: unknown
Report Id: d362ade2-cdab-4550-aa23-e6aea013852a
Faulting package full name: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess
 
Error: (09/29/2017 09:57:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.608, time stamp: 0x59ae240c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x1c10
Faulting application start time: 0x01d3392ac7be9622
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: unknown
Report Id: 9ed3c86c-2c05-4d2e-bb13-54874426f18c
Faulting package full name: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess
 
Error: (09/29/2017 09:57:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.608, time stamp: 0x59ae240c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x1d8
Faulting application start time: 0x01d3392aaeef57ee
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: unknown
Report Id: 6cf98f4a-4d71-4734-957f-a04122efb7a0
Faulting package full name: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess
 
 
System errors:
=============
Error: (09/29/2017 12:44:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Update service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (09/29/2017 12:44:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Update Orchestrator Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (09/29/2017 12:40:44 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The aswbIDSAgent service terminated with the following service-specific error: 
%%3758213665
 
Error: (09/29/2017 12:40:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avast Antivirus service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (09/29/2017 12:40:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BBSvc service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (09/29/2017 12:40:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error: 
The request is not supported.
 
Error: (09/29/2017 12:39:14 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-IGH5NP2)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (09/29/2017 12:37:03 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-IGH5NP2)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (09/29/2017 12:33:51 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-IGH5NP2)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (09/29/2017 12:33:44 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-IGH5NP2)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
 
CodeIntegrity:
===================================
  Date: 2017-09-29 03:07:09.548
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-27 23:29:22.545
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-21 12:34:49.593
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-05 13:30:37.787
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-04 13:56:34.165
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-09-04 13:48:13.842
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-09-04 13:44:22.437
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-09-04 13:44:22.071
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-09-04 13:44:21.443
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-09-04 13:38:53.872
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 


BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,687 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:10 AM

Posted 01 October 2017 - 06:07 PM

Welcome :)

 

The log is incomplete.

Please download the latest Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another log (Addition.txt ). Please attach this to your reply.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 Xxaimee1433xx

Xxaimee1433xx
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:01:10 AM

Posted 02 October 2017 - 01:16 AM

Hi, and thank you for helping me

I reinstalled it. It said failed to update after installing it, which the same happened the first time as well. But here are the results from this last scan. 

 

 

Attached Files



#4 Xxaimee1433xx

Xxaimee1433xx
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:01:10 AM

Posted 02 October 2017 - 11:29 AM

Or should I copy paste? Im sure u dont want to download anything from my pc if its possibly infected right?

#5 Xxaimee1433xx

Xxaimee1433xx
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:01:10 AM

Posted 02 October 2017 - 11:30 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-10-2017
Ran by Dell Opti 755 (02-10-2017 02:12:59)
Running from C:\Users\Dell Opti 755\Desktop
Windows 10 Pro Version 1703 (X64) (2017-06-19 21:10:48)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2745217096-928324710-3568355786-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2745217096-928324710-3568355786-503 - Limited - Disabled)
Dell Opti 755 (S-1-5-21-2745217096-928324710-3568355786-1001 - Administrator - Enabled) => C:\Users\Dell Opti 755
Guest (S-1-5-21-2745217096-928324710-3568355786-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Avast Premier (HKLM-x32\...\Avast Antivirus) (Version: 17.6.2310 - AVAST Software)
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
ClamWin Free Antivirus 0.99.1 (HKLM-x32\...\ClamWin Free Antivirus_is1) (Version: - alch)
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version: - )
Encarta Search Bar (64-bit) (HKLM\...\{08044040-959A-4B0D-8825-2C533F0DDB19}) (Version: 1.0.0 - Microsoft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden
Hoyle Puzzle and Board Games (HKLM-x32\...\{2049C1B1-B5BF-4557-9AF9-2506D835F888}) (Version: 1.00.0000 - Encore Software, Inc.)
HP Deskjet 3050 J610 series Basic Device Software (HKLM\...\{6457BD83-98CF-4267-93D7-F173FF3E7C25}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3050 J610 series Help (HKLM-x32\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)
HP Deskjet 3050 J610 series Product Improvement Study (HKLM\...\{5FB5B723-6B6E-45ED-BA73-F264D52AF916}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Learning Essentials for Microsoft Office (HKLM-x32\...\{75F3A4B2-F6E8-434D-A2EF-DBBC016C6CB2}) (Version: 2.0 - Microsoft)
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Microsoft Math (HKLM-x32\...\{07043840-959A-4B0D-8825-2C533F0DDB19}) (Version: 2007 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2745217096-928324710-3568355786-1001\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation)
Microsoft Student 2007 for Learning Essentials (HKLM-x32\...\{Microsoft Student 2007_54A0E938-8390-489F-8F1A-563673334DFE}) (Version: - )
Microsoft Student with Encarta Premium 2009 (HKLM-x32\...\{09041881-2C94-4A67-8E55-8483C019C7D2}) (Version: 2009 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MiniTool Partition Wizard Free 10.2.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
SereneScreen Marine Aquarium 3 (HKLM-x32\...\SereneScreen Marine Aquarium 3_is1) (Version: 3.2 - Prolific Publishing, Inc.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1248 - SUPERAntiSpyware.com)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22243 - Microsoft Corporation)
Windows Deployment Tools (HKLM-x32\...\{BFC9778E-9765-C94C-C082-C2514F8DEB9B}) (Version: 8.59.25584 - Microsoft)
Windows PE x86 x64 (HKLM-x32\...\{F89D69CA-6EE1-E037-DD3B-08CDDE1BED1C}) (Version: 8.59.25584 - Microsoft)
Windows PE x86 x64 wims (HKLM-x32\...\{85F4ACB1-E7DC-C3C6-F4FD-BB936DF2695E}) (Version: 8.59.25584 - Microsoft)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-09-04] (AVAST Software)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-09-04] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-09-04] (AVAST Software)
ContextMenuHandlers1: [ClamWin] -> {65713842-C410-4f44-8383-BFE01A398C90} => C:\Program Files (x86)\ClamWin\bin\ExpShell64.dll [2008-04-19] ()
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-09-04] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-09-04] (AVAST Software)
ContextMenuHandlers6: [ClamWin] -> {65713842-C410-4f44-8383-BFE01A398C90} => C:\Program Files (x86)\ClamWin\bin\ExpShell64.dll [2008-04-19] ()
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {045A1054-B37B-4B09-95A5-79A4F321C4F2} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Policy Install => [Argument = StartInstall]
Task: {05C35C43-30B0-478C-A045-7452BCE45E4E} - System32\Tasks\Microsoft\Windows\Defrag\ScheduledDefrag => [Argument = -c -h -o -$]
Task: {0C518199-F01B-42CF-9CB7-16710B002812} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\MDMMaintenenceTask =>
Task: {0CC2C164-C391-4AE1-AC44-61014D23FC1F} - System32\Tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Optimization => [Argument = -c -h -g -# -m 8 -i 13500]
Task: {186E3FCA-A925-48F1-88BF-0AD9D9289626} - System32\Tasks\Microsoft\Windows\Autochk\Proxy => [Argument = /d acproxy.dll,PerformAutochkOperations]
Task: {208615C0-92DD-4969-96A3-F8E52D1FC677} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => [Argument = -IdleTask -TaskName WdVerification]
Task: {214FBC99-5333-4708-BE04-DA3D732399E8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => [Argument = scan upload]
Task: {240478A4-B7D2-43B1-AF21-626C77E72C1F} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics => [Argument = -z]
Task: {2532DB2F-A598-4946-BA1F-6EBE9D19C34C} - System32\Tasks\Microsoft\Windows\Location\WindowsActionDialog =>
Task: {2B7BC349-A9C7-4131-AAFE-A916CF9EB20F} - System32\Tasks\Microsoft\Windows\Subscription\LicenseAcquisition =>
Task: {2E5BBBF9-83D4-4598-BBED-E4AEBA2C13B8} - System32\Tasks\S-1-5-21-2745217096-928324710-3568355786-1001\DataSenseLiveTileTask =>
Task: {33C04DDB-DE68-4033-8570-ADDDBFF99E1B} - System32\Tasks\Microsoft\Windows\NlaSvc\WiFiTask => [Argument = nla]
Task: {3619A588-C82A-437E-AAB3-F0AE62D9596A} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => [Argument = config upnphost start= auto]
Task: {3AEEF4D4-C4A8-42A1-8A1E-80CA054C2E9C} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => [Argument = ExecuteScheduledSPPCreation]
Task: {3E757B5E-55B1-4F43-820F-3CA89C3FB296} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => [Argument = start wuauserv]
Task: {3EA82649-A360-4898-A6FB-C273024D1364} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor =>
Task: {4051EB0B-2917-432F-B9F9-431C7E3C9181} - System32\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask => [Argument = /offerraupdate]
Task: {405C84BB-90E5-4359-B749-5C967D252C3A} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Maintenance Install => [Argument = StartInstall]
Task: {4A5D4628-E32A-4422-9B01-D37DD4C1CE75} - System32\Tasks\Microsoft\Windows\WwanSvc\NotificationTask => [Argument = wwan]
Task: {4B6926D3-D490-4D93-82CE-D109F1D1BC80} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sih =>
Task: {5010C4B7-1314-4A40-8FDA-19E7BB61FBA8} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => [Argument = sysmain.dll,PfSvWsSwapAssessmentTask]
Task: {52C4776E-11B1-402C-A230-0A0306A146C4} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator =>
Task: {54B2D694-A159-45FF-AA0A-C6ACC1AF7262} - System32\Tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo =>
Task: {57EF2C20-363C-4BD9-8E29-F9D4C618514F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => [Argument = -IdleTask -TaskName WdCacheMaintenance]
Task: {5BC5A21F-4785-41A6-B4B1-62FB9B08FABD} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join =>
Task: {5C326114-085E-444C-9B7A-D3E2E59C549E} - System32\Tasks\Microsoft\Windows\Device Information\Device =>
Task: {5CF2C2DC-DDD5-41C6-A035-1B4B3F2BEC2D} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Resume On Boot => [Argument = ResumeUpdate]
Task: {5D81326C-D6EC-49A0-AAB5-D8A874E06E83} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot => [Argument = Reboot]
Task: {61BD468E-F5F2-4D36-8B7A-8521069DF8E9} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => [Argument = %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask]
Task: {621D8D38-A0DC-4121-A1A5-882E3C5BC32D} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => [Argument = start w32time task_started]
Task: {6772AC65-7600-4DF2-9BD5-F17292FAAE4B} - System32\Tasks\Microsoft\Windows\Speech\SpeechModelDownloadTask =>
Task: {68F37285-0BE2-4C12-8402-B06A59075A81} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display => [Argument = Display]
Task: {6FEFC4FA-AE62-43F6-86EB-D672FF855EC9} - System32\Tasks\GoogleUpdateTaskMachineCore => [Argument = /c] <==== ATTENTION
Task: {70E0A093-79B7-461E-A9C7-B67CD7B1511E} - System32\Tasks\Microsoft\Windows\Feedback\Siuf\DmClientOnScenarioDownload => [Argument = utcwnf]
Task: {7508389C-FF71-4BE4-AD8A-5F56FB645036} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => [Argument = Windows.Storage.ApplicationData.dll,CleanupTemporaryState]
Task: {78F76D6D-0B70-46A9-8DEB-4FCB650A6627} - System32\Tasks\Microsoft\Windows\SharedPC\Account Cleanup => [Argument = %windir%\System32\Windows.SharedPC.AccountManager.dll,StartMaintenance]
Task: {799AC654-A37D-49AA-B0F3-433D7D5EBBD9} - System32\Tasks\Microsoft\Windows\WCM\WiFiTask =>
Task: {7FB60B2C-DCD1-4862-8880-1AA740E48D8E} - System32\Tasks\Microsoft\XblGameSave\XblGameSaveTaskLogon => [Argument = logon]
Task: {8005ACFC-AFA2-4E7C-ABCF-A07B05A2D837} - System32\Tasks\SafeZone scheduled Autoupdate 1497908356 => [Argument = --scheduledautoupdate $(Arg0)]
Task: {829C695F-E874-432A-9A9F-7862D04236B9} - System32\Tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup =>
Task: {87488988-70F6-44C5-A1BD-E328BE17C205} - System32\Tasks\Microsoft\Windows\AppID\PolicyConverter =>
Task: {88209412-5377-4AA1-B01E-F5D5A6F39E21} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask =>
Task: {88E18EB0-E633-47C9-8FE5-84CEAB8F5EF7} - System32\Tasks\microsoft\windows\applicationdata\appuriverifierdaily =>
Task: {896ED842-4861-49E9-A2C1-0AE31689F876} - System32\Tasks\Microsoft\Windows\Clip\License Validation => [Argument = -p -s -o]
Task: {8C5E29E5-5071-43F2-BAE5-072B0A0B14B3} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat =>
Task: {8EE52AD7-9F81-40D3-AE0C-9F5DB09BC56F} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => [Argument = /autoclean /d %systemdrive%]
Task: {936FF605-A684-4476-8E62-E051A903B3D3} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone =>
Task: {938954E2-DAFB-4BCD-8740-6AC11EBFE13C} - System32\Tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck =>
Task: {95F7441D-F4DE-4103-8791-34DEA0DB80C0} - System32\Tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange => [Argument = bfe.dll,BfeOnServiceStartTypeChange]
Task: {9AB049AB-8F25-4DC5-891C-823915C5484B} - System32\Tasks\Adobe Acrobat Update Task =>
Task: {9CF304F4-4D08-4DBB-A568-102240A2160B} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser =>
Task: {B05C3D48-7BF5-4E7E-BEE6-30F6FF942AB0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => [Argument = scan upload mininterval:2880]
Task: {B0B01AAA-FF6C-4441-B75E-44A24B0B37CD} - System32\Tasks\Microsoft\Windows\DUSM\dusmtask =>
Task: {B2C7FF3D-1D7C-44E2-8ED5-4736AFB73DD7} - System32\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary =>
Task: {B3744B89-973B-4A3A-95D1-62C7A80111CC} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Combined Scan Download Install => [Argument = ScanInstallWait]
Task: {B5EA650A-8EE9-4BA5-BAA0-2A8ACE00500D} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceManagerTask => [Argument = /Work]
Task: {BCC432F2-7A57-4195-881F-9013CF46F613} - System32\Tasks\Microsoft\Windows\MUI\LPRemove =>
Task: {BD69C6ED-AD55-467C-B787-533200C3B376} - System32\Tasks\Microsoft\XblGameSave\XblGameSaveTask => [Argument = standby]
Task: {BEAF8A6C-47E0-4E84-840B-3A61426B5AAD} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => [Argument = Startupscan.dll,SusRunTask]
Task: {C0588B06-ED85-44CB-B887-E05B54E1ECE3} - System32\Tasks\User_Feed_Synchronization-{CFFA1E09-7908-4F79-A967-5BBA7E54F1F3} => [Argument = sync]
Task: {C05E2FFD-7D0D-4F6B-952B-A3318F829D19} - System32\Tasks\Microsoft\Windows\Management\Provisioning\Cellular => [Argument = /turn 7 /source CellStateChangeTask]
Task: {C162FF56-952F-4ABA-AE13-AA8CB0F4C087} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => [Argument = 6]
Task: {C29B855B-A2F1-4C11-ADB2-B2A8F48C27D1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => [Argument = -IdleTask -TaskName WdCleanup]
Task: {C42799B6-75B2-42CF-8197-3BE332E05553} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Scan => [Argument = StartScan]
Task: {C62292B5-1833-424F-AB23-F9514A80511C} - System32\Tasks\Microsoft\Windows\Subscription\EnableLicenseAcquisition => [Argument = -e]
Task: {C97B639A-C1BF-4E0C-ACFD-CF5B27B65B3C} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting => [Argument = -upload]
Task: {CBD48141-91AD-4F24-B406-70C0D7F41BD4} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver =>
Task: {CDC553D2-B5AD-4AF3-BB6D-5AA47466C1F9} - System32\Tasks\Microsoft\Windows\Management\Provisioning\Logon => [Argument = /turn 5 /source LogonIdleTask]
Task: {CE93D005-85D7-41C8-9297-2B538A118CC5} - System32\Tasks\Avast Emergency Update =>
Task: {CF6C166D-57A0-47B9-AC84-127E5CD813C3} - System32\Tasks\HPCustParticipation HP Deskjet 3050 J610 series => [Argument = /UA 9.5 /DDV 0x0805]
Task: {CFE9501D-B60F-45DB-B48F-19C572F7F30E} - System32\Tasks\microsoft\windows\applicationdata\appuriverifierinstall =>
Task: {D2C50CE0-7E9B-4F0D-A2A4-95AC59829444} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => [Argument = $(Arg0)]
Task: {D5EBF28C-A33D-4CBA-8355-0F457EE12498} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => [Argument = -maintenance]
Task: {DD923C97-D108-4DAA-97E7-559881481C80} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => [Argument = Scan -ScheduleJob -ScanTrigger 55]
Task: {DE280E27-41E3-43DD-8D0C-7D14FBD3A6ED} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Refresh Settings => [Argument = RefreshSettings]
Task: {DEA152A4-E986-4F8B-ADFF-063CDA31565E} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => [Argument = Display]
Task: {E11183CC-FCAC-479E-B422-6A72654C14EA} - System32\Tasks\Microsoft\Windows\Location\Notifications =>
Task: {E4E96A36-68AC-4D41-9D8E-362AE7843485} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2745217096-928324710-3568355786-1001 =>
Task: {EC11A6F7-343D-49E9-A974-A3716157F2C1} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser =>
Task: {EDC4AA50-FD7B-4457-9D8D-BC38BF622D2E} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector => [Argument = dfdts.dll,DfdGetDefaultPolicyAndSMART]
Task: {F5A7ADDD-09FA-4B3B-B874-B2D8AA837E1A} - System32\Tasks\GoogleUpdateTaskMachineUA => [Argument = /ua /installsource scheduler] <==== ATTENTION
Task: {F88E01C2-99E3-4AF6-BFAA-7ACC8EF521D4} - System32\Tasks\Microsoft\Windows\Feedback\Siuf\DmClient =>
Task: {F9015704-44A7-4962-B811-A4C0206CF851} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sihboot => [Argument = /boot]
Task: {F9D90672-740E-4C0D-9F37-54E90CEFF1A8} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot => [Argument = ReadyToReboot]

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Dell Opti 755\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9fa67dbd4f217751\Evernote Web Clipper.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=pioclpoplcdbaefihamjohnefbikjilc

==================== Loaded Modules (Whitelisted) ==============

2017-02-23 08:29 - 2017-02-23 08:29 - 008909512 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2017-09-04 12:21 - 2008-04-19 17:35 - 000080384 _____ () C:\Program Files (x86)\ClamWin\bin\ExpShell64.dll
2017-03-18 16:58 - 2017-03-18 16:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 16:59 - 2017-03-18 22:30 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-09-04 12:12 - 2017-09-04 12:12 - 000067408 _____ () C:\Program Files\AVAST Software\Avast\x64\module_lifetime.dll
2017-09-27 07:43 - 2017-09-21 03:29 - 004022616 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libglesv2.dll
2017-09-27 07:43 - 2017-09-21 03:29 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libegl.dll
2017-09-04 12:12 - 2017-09-04 12:12 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-09-04 12:12 - 2017-09-04 12:12 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-07-04 09:17 - 2017-07-04 09:17 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-09-04 12:12 - 2017-09-04 12:12 - 000211904 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-09-04 12:12 - 2017-09-04 12:12 - 000241960 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-09-04 12:12 - 2017-09-04 12:12 - 000233768 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-09-27 13:08 - 2017-09-27 13:08 - 000692408 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-09-29 12:42 - 2017-09-29 12:42 - 005890352 _____ () C:\Program Files\AVAST Software\Avast\defs\17092902\algo.dll
2017-09-04 12:21 - 2005-02-08 17:23 - 000979005 _____ () C:\Program Files (x86)\ClamWin\bin\python23.dll
2017-09-04 12:21 - 2004-11-20 03:27 - 000069632 _____ () C:\Program Files (x86)\ClamWin\lib\win32api.pyd
2017-09-04 12:21 - 2004-10-11 20:21 - 000094208 _____ () C:\Program Files (x86)\ClamWin\lib\pywintypes23.dll
2017-09-04 12:21 - 2004-05-25 21:18 - 000057401 _____ () C:\Program Files (x86)\ClamWin\lib\_sre.pyd
2017-09-04 12:21 - 2004-11-20 03:27 - 000086016 _____ () C:\Program Files (x86)\ClamWin\lib\win32gui.pyd
2017-09-04 12:21 - 2004-11-20 03:27 - 000024576 _____ () C:\Program Files (x86)\ClamWin\lib\win32event.pyd
2017-09-04 12:21 - 2004-11-20 03:27 - 000036864 _____ () C:\Program Files (x86)\ClamWin\lib\win32process.pyd
2017-09-04 12:21 - 2004-05-25 21:18 - 000049212 _____ () C:\Program Files (x86)\ClamWin\lib\_socket.pyd
2017-09-04 12:21 - 2004-05-25 21:18 - 000495616 _____ () C:\Program Files (x86)\ClamWin\lib\_ssl.pyd
2017-09-04 12:21 - 2004-05-25 21:20 - 000036864 _____ () C:\Program Files (x86)\ClamWin\lib\_winreg.pyd
2017-09-04 12:21 - 2004-10-11 20:22 - 000315392 _____ () C:\Program Files (x86)\ClamWin\lib\pythoncom23.dll
2017-09-04 12:21 - 2004-11-20 03:27 - 000106496 _____ () C:\Program Files (x86)\ClamWin\lib\shell.pyd
2017-09-04 12:21 - 2004-11-20 03:27 - 000065536 _____ () C:\Program Files (x86)\ClamWin\lib\win32security.pyd
2017-09-04 12:21 - 2004-01-15 14:45 - 000061440 _____ () C:\Program Files (x86)\ClamWin\lib\_ctypes.pyd
2017-09-04 12:21 - 2004-11-20 03:27 - 000077824 _____ () C:\Program Files (x86)\ClamWin\lib\win32file.pyd
2017-09-04 12:21 - 2004-11-20 03:27 - 000024576 _____ () C:\Program Files (x86)\ClamWin\lib\win32pipe.pyd
2017-09-04 12:21 - 2003-10-01 13:40 - 002240512 _____ () C:\Program Files (x86)\ClamWin\lib\wxc.pyd
2017-09-04 12:21 - 2003-10-01 11:43 - 003239936 _____ () C:\Program Files (x86)\ClamWin\lib\wxmsw24h.dll
2017-09-04 12:21 - 2003-08-10 09:14 - 000061440 _____ () C:\Program Files (x86)\ClamWin\lib\mxDateTime.pyd
2017-09-04 12:21 - 2004-05-25 21:17 - 000622651 _____ () C:\Program Files (x86)\ClamWin\lib\_bsddb.pyd
2017-09-04 12:21 - 2004-05-25 21:19 - 000045117 _____ () C:\Program Files (x86)\ClamWin\lib\datetime.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 07:47 - 2016-07-16 07:45 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2745217096-928324710-3568355786-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img2.jpg
DNS Servers: 75.114.81.1 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKU\S-1-5-21-2745217096-928324710-3568355786-1001\...\StartupApproved\StartupFolder: => "Monitor Ink Alerts - HP Deskjet 3050 J610 series (Network).lnk"
HKU\S-1-5-21-2745217096-928324710-3568355786-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2745217096-928324710-3568355786-1001\...\StartupApproved\Run: => "Upwork"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{1D77DB40-65B1-4A09-B011-7960CBA66CB7}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{8360D2FC-1386-4EAE-8CFC-76137DBC33A4}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{A22A345A-AC49-42A0-9148-A00104B19FB5}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{A0A78D63-1DEA-4876-8231-ACE6BB7D4740}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{3A9961AF-B0BA-400A-AA9C-F24A93CEE647}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe
FirewallRules: [{7686A58E-1965-4642-81AD-6EA6C3F88CD0}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{6B06ADEF-B00A-46C3-BF04-64605895B1F7}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{4EAE77E7-9068-4626-A06B-D08445C1E66C}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{7C739DE2-2330-4C14-A1CD-658F52C2F781}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{CEEA3FC3-C8D9-4E52-A042-CAE65ACA76C1}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{C5DF74F8-85A8-469F-B90A-E20F5486F4F2}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{5BC5A9B0-44EA-4675-83DC-DBC073772399}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
FirewallRules: [{CFEB3304-9AC2-4F92-8CB1-98B1B0348B49}] => (Allow) C:\Program Files (x86)\DroidCam\DroidCamApp.exe
FirewallRules: [{1A062962-4A00-402E-AE4C-DE9A693A5E1B}] => (Allow) C:\Program Files (x86)\DroidCam\DroidCamApp.exe
FirewallRules: [{625C8D11-FD01-4780-99CA-E5FA32688169}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
FirewallRules: [{F727884C-A839-4D9C-80A5-87D08C4E42A8}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{522D9CD1-CE55-4977-B44E-ACC10F897700}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{D0F4077F-56FD-4994-9660-2402837D246C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

29-09-2017 04:35:59 Removed Nero12EssTSST.

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/02/2017 01:18:45 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Spybot - Search & Destroy\DelZip179.dll".Error in manifest or policy file "C:\Program Files (x86)\Spybot - Search & Destroy\DelZip179.dll" on line 8.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (09/30/2017 10:23:01 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Spybot - Search & Destroy\DelZip179.dll".Error in manifest or policy file "C:\Program Files (x86)\Spybot - Search & Destroy\DelZip179.dll" on line 8.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (09/29/2017 02:54:34 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Spybot - Search & Destroy\DelZip179.dll".Error in manifest or policy file "C:\Program Files (x86)\Spybot - Search & Destroy\DelZip179.dll" on line 8.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (09/29/2017 02:07:03 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {3e54fd5c-a376-4a4d-88bc-48b3becb9065}

Error: (09/29/2017 01:20:53 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {3e54fd5c-a376-4a4d-88bc-48b3becb9065}

Error: (09/29/2017 01:07:08 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Spybot - Search & Destroy\DelZip179.dll".Error in manifest or policy file "C:\Program Files (x86)\Spybot - Search & Destroy\DelZip179.dll" on line 8.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (09/29/2017 01:00:43 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Spybot - Search & Destroy\DelZip179.dll".Error in manifest or policy file "C:\Program Files (x86)\Spybot - Search & Destroy\DelZip179.dll" on line 8.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (09/29/2017 12:44:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_wuauserv, version: 10.0.15063.0, time stamp: 0x02799ef5
Faulting module name: ntdll.dll, version: 10.0.15063.608, time stamp: 0x8274fd8b
Exception code: 0xc0000008
Fault offset: 0x00000000000a917a
Faulting process id: 0x1efc
Faulting application start time: 0x01d3394229a41e85
Faulting application path: c:\windows\system32\svchost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: a98f2e38-949c-491b-ba76-fcb7df94fe1f
Faulting package full name:
Faulting package-relative application ID:

Error: (09/29/2017 12:33:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-IGH5NP2)
Description: Activation of app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/29/2017 12:33:44 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-IGH5NP2)
Description: Activation of app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (10/02/2017 01:12:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SBSDWSCService service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (10/02/2017 01:12:25 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SBSDWSCService service to connect.

Error: (10/02/2017 01:12:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The cbVSCService11 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (10/02/2017 01:12:22 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the cbVSCService11 service to connect.

Error: (10/02/2017 01:11:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BBSvc service failed to start due to the following error:
The system cannot find the file specified.

Error: (10/02/2017 01:11:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error:
The request is not supported.

Error: (10/02/2017 01:11:43 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:20:08 PM on ‎9/‎30/‎2017 was unexpected.

Error: (09/29/2017 12:44:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (09/29/2017 12:44:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Update Orchestrator Service service terminated unexpectedly. It has done this 1 time(s).

Error: (09/29/2017 12:40:44 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The aswbIDSAgent service terminated with the following service-specific error:
%%3758213665


CodeIntegrity:
===================================
Date: 2017-10-02 01:43:51.826
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-30 11:46:19.805
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-29 03:07:09.548
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-27 23:29:22.545
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-21 12:34:49.593
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-05 13:30:37.787
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-04 13:56:34.165
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-09-04 13:48:13.842
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-09-04 13:44:22.437
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-09-04 13:44:22.071
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 68%
Total physical RAM: 3965.61 MB
Available physical RAM: 1255.42 MB
Total Virtual: 5693.61 MB
Available Virtual: 2556.54 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.4 GB) (Free:184.02 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 0F0F1101)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

#6 Xxaimee1433xx

Xxaimee1433xx
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:01:10 AM

Posted 02 October 2017 - 11:32 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-10-2017
Ran by Dell Opti 755 (administrator) on DESKTOP-IGH5NP2 (02-10-2017 02:12:03)
Running from C:\Users\Dell Opti 755\Desktop
Loaded Profiles: Dell Opti 755 (Available Profiles: Dell Opti 755)
Platform: Windows 10 Pro Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Safer Networking Limited) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(alch) C:\Program Files (x86)\ClamWin\bin\ClamTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [239856 2017-09-04] (AVAST Software)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ClamWin] => C:\Program Files (x86)\ClamWin\bin\ClamTray.exe [86016 2016-03-19] (alch)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-2745217096-928324710-3568355786-1001\...\Run: [Upwork] => C:\Program Files (x86)\Upwork\upwork.exe
HKU\S-1-5-21-2745217096-928324710-3568355786-1001\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
HKU\S-1-5-21-2745217096-928324710-3568355786-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7964064 2017-08-17] (SUPERAntiSpyware)
HKU\S-1-5-21-2745217096-928324710-3568355786-1001\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-2745217096-928324710-3568355786-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> MARINE~1.SCR
Startup: C:\Users\Dell Opti 755\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3050 J610 series (Network).lnk [2017-08-21]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3050 J610 series (Network).lnk -> C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.114.81.1 209.18.47.62 75.114.81.2
Tcpip\..\Interfaces\{031e0bc6-ae2f-43ef-b1e7-6a467a243fe1}: [DhcpNameServer] 75.114.81.1 209.18.47.62 75.114.81.2
Tcpip\..\Interfaces\{7f329bc1-3dd2-4a76-a5ad-29368d11f55c}: [DhcpNameServer] 75.114.81.1 209.18.47.62 75.114.81.2
Tcpip\..\Interfaces\{e9176579-8798-4ad9-b394-8613e77d2d04}: [DhcpNameServer] 75.114.81.1 75.114.81.2

Internet Explorer:
==================
HKU\S-1-5-21-2745217096-928324710-3568355786-1001\Software\Microsoft\Internet Explorer\Main,Start Page = www,google.com
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2017-08-24] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-08-24] (Microsoft Corporation)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation)

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-2745217096-928324710-3568355786-1001 -> hxxp://www.google.com/
Edge Extension: (Save to Pocket) -> EdgeExtension_PocketSavetoPocket_v63j13wrfzj3t => C:\Program Files\WindowsApps\Pocket.SavetoPocket_2.0.38.0_neutral__v63j13wrfzj3t [2017-07-09]

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-05-16] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2017-05-16] (Microsoft Corporation)

Chrome:
=======
CHR HomePage: Default -> search.swagbucks.com
CHR NewTab: Default -> Not-active:"chrome-extension://nnegnghjbbaaojdkcdgmdehpakckeekb/redirect.html"
CHR Profile: C:\Users\Dell Opti 755\AppData\Local\Google\Chrome\User Data\Default [2017-10-02]
CHR Extension: (Google Docs) - C:\Users\Dell Opti 755\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-06-19]
CHR Extension: (Google Drive) - C:\Users\Dell Opti 755\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-06-19]
CHR Extension: (My Little Pony [LSP]) - C:\Users\Dell Opti 755\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfdblhbhfdpjbcjbpfmbleammlddbaml [2017-09-27]
CHR Extension: (YouTube) - C:\Users\Dell Opti 755\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-19]
CHR Extension: (Weava Highlighter - PDF & Web) - C:\Users\Dell Opti 755\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbnaodkpfinfiipjblikofhlhlcickei [2017-09-28]
CHR Extension: (Google Docs Offline) - C:\Users\Dell Opti 755\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-06-20]
CHR Extension: (Clipular! Research, save & share screenshot) - C:\Users\Dell Opti 755\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjbgcjbgmcfgbgikmbdioggjlhjegpp [2017-09-27]
CHR Extension: (Zapier) - C:\Users\Dell Opti 755\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngghlnfmdgnpegcmbpgehkbhkhkbkjpj [2017-09-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dell Opti 755\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Swagbucks Search) - C:\Users\Dell Opti 755\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnegnghjbbaaojdkcdgmdehpakckeekb [2017-07-15]
CHR Extension: (Evernote Web Clipper) - C:\Users\Dell Opti 755\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2017-09-27]
CHR Extension: (Gmail) - C:\Users\Dell Opti 755\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-06-19]
CHR Extension: (Chrome Media Router) - C:\Users\Dell Opti 755\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-27]
CHR Profile: C:\Users\Dell Opti 755\AppData\Local\Google\Chrome\User Data\System Profile [2017-09-28]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7452288 2017-09-04] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [275208 2017-09-04] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [322976 2017-09-04] (AVAST Software)
S2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-18] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
S2 BBSvc; C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.exe [X]
S3 BBUpdate; C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [320528 2017-09-04] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [198976 2017-09-04] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [343296 2017-09-04] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [57736 2017-09-04] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [47016 2017-09-04] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [41832 2017-09-04] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [147784 2017-09-04] (AVAST Software)
R1 aswNetSec; C:\WINDOWS\system32\drivers\aswNetSec.sys [555072 2017-09-04] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [110376 2017-09-04] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [84416 2017-09-04] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1016384 2017-09-04] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [590880 2017-09-04] (AVAST Software)
S2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [199312 2017-09-24] (AVAST Software)
S3 aswTap; C:\WINDOWS\System32\drivers\aswTap.sys [53904 2017-06-19] (The OpenVPN Project)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [361784 2017-09-27] (AVAST Software)
S3 DroidCam; C:\WINDOWS\system32\DRIVERS\droidcam.sys [33592 2015-05-24] (Dev47Apps)
S3 DroidCamVideo; C:\WINDOWS\system32\DRIVERS\droidcamvideo.sys [230712 2015-05-24] (Windows ® Win 7 DDK provider)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253888 2017-10-02] (Malwarebytes)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] ()
R3 RtlWlanu; C:\WINDOWS\System32\drivers\rtwlanu.sys [5707264 2017-03-18] (Realtek Semiconductor Corporation )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
U1 aswbdisk; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-02 02:12 - 2017-10-02 02:12 - 000014427 _____ C:\Users\Dell Opti 755\Desktop\FRST.txt
2017-10-02 02:10 - 2017-10-02 02:10 - 002399744 _____ (Farbar) C:\Users\Dell Opti 755\Desktop\FRST64.exe
2017-10-02 02:00 - 2017-10-02 02:00 - 002399744 _____ (Farbar) C:\Users\Dell Opti 755\Desktop\FRST64 (1).exe
2017-10-02 01:58 - 2017-10-02 01:58 - 008250832 _____ (Malwarebytes) C:\Users\Dell Opti 755\Desktop\adwcleaner_7.0.3.1.exe
2017-10-02 01:33 - 2017-10-02 01:33 - 000291606 _____ C:\Users\Dell Opti 755\Desktop\TCPView.zip
2017-09-29 15:07 - 2017-09-29 15:07 - 000041800 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2017-09-29 15:06 - 2017-09-29 15:06 - 000000000 ____D C:\Users\Dell Opti 755\Desktop\ProcessExplorer
2017-09-29 15:02 - 2017-09-29 15:02 - 001931969 _____ C:\Users\Dell Opti 755\Desktop\ProcessExplorer.zip
2017-09-29 13:38 - 2017-10-02 02:12 - 000000000 ____D C:\FRST
2017-09-29 13:06 - 2017-09-29 13:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2017-09-29 13:06 - 2017-09-29 13:06 - 000000000 ____D C:\Program Files (x86)\Cobian Backup 11
2017-09-29 13:04 - 2017-09-29 13:04 - 019709440 _____ (Luis Cobian, CobianSoft) C:\Users\Dell Opti 755\Desktop\cbSetup.exe
2017-09-29 12:59 - 2017-10-02 01:12 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-09-29 12:59 - 2017-09-29 12:59 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-09-29 12:59 - 2017-09-29 12:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-09-29 12:59 - 2017-09-29 12:59 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-09-29 12:59 - 2017-08-24 11:27 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-09-29 12:42 - 2017-09-29 12:42 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-09-29 11:21 - 2017-09-29 11:23 - 253383016 _____ (Emsisoft Ltd. ) C:\Users\Dell Opti 755\Desktop\EmsisoftAntiMalwareSetup_bc.exe
2017-09-29 10:49 - 2017-09-29 10:49 - 000002354 _____ C:\Users\Dell Opti 755\Desktop\Autoruns - Shortcut.lnk
2017-09-29 07:26 - 2017-09-29 07:27 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2017-09-29 07:26 - 2017-09-29 07:26 - 000001849 _____ C:\Users\Dell Opti 755\Desktop\SUPERAntiSpyware Free Edition.lnk
2017-09-29 07:26 - 2017-09-29 07:26 - 000000000 ____D C:\Users\Dell Opti 755\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-09-29 04:41 - 2017-09-29 04:41 - 000000000 ____D C:\Users\Dell Opti 755\AppData\Roaming\SUPERAntiSpyware.com
2017-09-29 04:37 - 2017-09-29 04:37 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2017-09-29 04:34 - 2017-09-29 04:34 - 030572800 _____ (SUPERAntiSpyware) C:\Users\Dell Opti 755\Desktop\SUPERAntiSpyware.exe
2017-09-29 04:11 - 2017-09-29 04:11 - 000000000 ____D C:\ProgramData\Package Cache
2017-09-29 04:10 - 2017-09-29 04:35 - 000000000 ____D C:\Program Files (x86)\Nmap
2017-09-29 03:54 - 2017-09-29 03:55 - 027374712 _____ (Insecure.org) C:\Users\Dell Opti 755\Desktop\nmap-7.60-setup.exe
2017-09-29 03:22 - 2017-09-29 03:22 - 000238418 _____ C:\WINDOWS\system32\lISTENINGPORTS.TXT
2017-09-28 13:37 - 2017-09-28 13:48 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-09-28 13:37 - 2017-09-28 13:37 - 000001327 _____ C:\Users\Dell Opti 755\Desktop\Spybot - Search & Destroy.lnk
2017-09-28 13:37 - 2017-09-28 13:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2017-09-28 13:37 - 2017-09-28 13:37 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2017-09-28 13:35 - 2017-09-28 13:35 - 016409960 _____ (Safer Networking Limited ) C:\Users\Dell Opti 755\Desktop\spybotsd162.exe
2017-09-28 13:30 - 2017-09-28 13:30 - 051725936 _____ (Safer-Networking Ltd. ) C:\Users\Dell Opti 755\Desktop\spybotsd-2.6.46.exe
2017-09-28 13:23 - 2017-09-28 13:23 - 000000000 ____D C:\Users\Dell Opti 755\AppData\Local\ESET
2017-09-28 13:22 - 2017-09-28 13:23 - 006754944 _____ (ESET spol. s r.o.) C:\Users\Dell Opti 755\Desktop\esetonlinescanner_enu.exe
2017-09-28 12:16 - 2017-09-28 12:16 - 000002089 _____ C:\ProgramData\Microsoft\Windows\Start Menu\AVG Password Protection.lnk
2017-09-28 12:03 - 2017-09-28 13:11 - 000000000 ____D C:\Program Files (x86)\AVG
2017-09-28 12:02 - 2017-09-29 11:13 - 000000000 ____D C:\ProgramData\Avg
2017-09-28 12:02 - 2017-09-29 02:51 - 000000000 ____D C:\Users\Dell Opti 755\AppData\Local\Avg
2017-09-28 12:02 - 2017-09-28 13:10 - 000000000 ____D C:\Users\Dell Opti 755\AppData\Local\AvgSetupLog
2017-09-28 12:01 - 2017-09-28 12:01 - 003628312 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Dell Opti 755\Desktop\Antivirus_Free_beta_1795.exe
2017-09-28 01:20 - 2017-09-28 11:16 - 000002259 _____ C:\WINDOWS\epplauncher.mif
2017-09-27 13:56 - 2017-09-27 13:56 - 000000000 ____D C:\Users\Dell Opti 755\AppData\Roaming\Google
2017-09-24 16:51 - 2017-09-05 00:45 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-09-24 16:51 - 2017-09-05 00:42 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-09-24 16:51 - 2017-09-05 00:42 - 000291904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2017-09-24 16:51 - 2017-09-05 00:42 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-09-24 16:51 - 2017-09-05 00:41 - 006761560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-09-24 16:51 - 2017-09-05 00:26 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-09-24 16:51 - 2017-09-05 00:25 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-09-24 16:51 - 2017-09-05 00:25 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-09-24 16:51 - 2017-09-05 00:21 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-09-24 16:51 - 2017-09-05 00:21 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.exe
2017-09-24 16:51 - 2017-09-05 00:19 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-09-24 16:51 - 2017-09-05 00:19 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
2017-09-24 16:51 - 2017-09-05 00:19 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
2017-09-24 16:51 - 2017-09-05 00:18 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
2017-09-24 16:51 - 2017-09-05 00:18 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-09-24 16:51 - 2017-09-05 00:18 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
2017-09-24 16:51 - 2017-09-05 00:18 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
2017-09-24 16:51 - 2017-09-05 00:17 - 000918528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2017-09-24 16:51 - 2017-09-05 00:17 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
2017-09-24 16:51 - 2017-09-05 00:17 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2017-09-24 16:51 - 2017-09-05 00:16 - 000844288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2017-09-24 16:51 - 2017-09-05 00:16 - 000563200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2017-09-24 16:51 - 2017-09-05 00:16 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-09-24 16:51 - 2017-09-05 00:15 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-09-24 16:51 - 2017-09-05 00:15 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2017-09-24 16:51 - 2017-09-05 00:14 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-09-24 16:51 - 2017-09-05 00:13 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-09-24 16:51 - 2017-09-05 00:13 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-09-24 16:51 - 2017-09-05 00:13 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-09-24 16:51 - 2017-09-05 00:12 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-09-24 16:51 - 2017-09-05 00:11 - 001463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-09-24 16:51 - 2017-09-05 00:11 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-09-24 16:51 - 2017-09-05 00:11 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-09-24 16:51 - 2017-09-05 00:10 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-09-24 16:51 - 2017-09-05 00:06 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2017-09-24 16:51 - 2017-09-05 00:06 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-09-24 16:51 - 2017-09-05 00:04 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-09-24 16:51 - 2017-09-05 00:04 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-09-24 16:50 - 2017-09-05 01:12 - 001292880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-09-24 16:50 - 2017-09-05 01:12 - 000081176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2017-09-24 16:50 - 2017-09-05 00:53 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-09-24 16:50 - 2017-09-05 00:53 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-09-24 16:50 - 2017-09-05 00:50 - 004330920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2017-09-24 16:50 - 2017-09-05 00:45 - 005821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-09-24 16:50 - 2017-09-05 00:45 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-09-24 16:50 - 2017-09-05 00:44 - 000569264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2017-09-24 16:50 - 2017-09-05 00:43 - 000042456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbs.dll
2017-09-24 16:50 - 2017-09-05 00:41 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-09-24 16:50 - 2017-09-05 00:41 - 004671832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-09-24 16:50 - 2017-09-05 00:41 - 001106904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2017-09-24 16:50 - 2017-09-05 00:41 - 001013912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2017-09-24 16:50 - 2017-09-05 00:26 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-09-24 16:50 - 2017-09-05 00:25 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-09-24 16:50 - 2017-09-05 00:25 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-09-24 16:50 - 2017-09-05 00:23 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-09-24 16:50 - 2017-09-05 00:22 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-09-24 16:50 - 2017-09-05 00:21 - 006728704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-09-24 16:50 - 2017-09-05 00:19 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2017-09-24 16:50 - 2017-09-05 00:18 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2017-09-24 16:50 - 2017-09-05 00:18 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-09-24 16:50 - 2017-09-05 00:17 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-09-24 16:50 - 2017-09-05 00:16 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2017-09-24 16:50 - 2017-09-05 00:15 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-09-24 16:50 - 2017-09-05 00:15 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-09-24 16:50 - 2017-09-05 00:15 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-09-24 16:50 - 2017-09-05 00:15 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-09-24 16:50 - 2017-09-05 00:14 - 011887104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-09-24 16:50 - 2017-09-05 00:14 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-09-24 16:50 - 2017-09-05 00:14 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-09-24 16:50 - 2017-09-05 00:12 - 006265856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-09-24 16:50 - 2017-09-05 00:12 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-09-24 16:50 - 2017-09-05 00:11 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-09-24 16:50 - 2017-09-05 00:11 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-09-24 16:50 - 2017-09-05 00:11 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-09-24 16:50 - 2017-09-05 00:10 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-09-24 16:50 - 2017-09-05 00:10 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-09-24 16:49 - 2017-09-05 01:12 - 001409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-09-24 16:49 - 2017-09-05 01:12 - 000627080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-09-24 16:49 - 2017-09-05 00:52 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-09-24 16:49 - 2017-09-05 00:46 - 004471888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-09-24 16:49 - 2017-09-05 00:45 - 002476712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-09-24 16:49 - 2017-09-05 00:45 - 000085784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialUIBroker.exe
2017-09-24 16:49 - 2017-09-05 00:43 - 000611096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-09-24 16:49 - 2017-09-05 00:43 - 000359560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-09-24 16:49 - 2017-09-05 00:43 - 000280480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-09-24 16:49 - 2017-09-05 00:43 - 000169376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-09-24 16:49 - 2017-09-05 00:42 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-09-24 16:49 - 2017-09-05 00:42 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-09-24 16:49 - 2017-09-05 00:40 - 000052768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2017-09-24 16:49 - 2017-09-05 00:39 - 001517472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-09-24 16:49 - 2017-09-05 00:37 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-09-24 16:49 - 2017-09-05 00:25 - 013844480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-09-24 16:49 - 2017-09-05 00:24 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-09-24 16:49 - 2017-09-05 00:23 - 020509184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-09-24 16:49 - 2017-09-05 00:21 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2017-09-24 16:49 - 2017-09-05 00:20 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-09-24 16:49 - 2017-09-05 00:19 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-09-24 16:49 - 2017-09-05 00:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-09-24 16:49 - 2017-09-05 00:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-09-24 16:49 - 2017-09-05 00:18 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-09-24 16:49 - 2017-09-05 00:16 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-09-24 16:49 - 2017-09-05 00:16 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-09-24 16:49 - 2017-09-05 00:15 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-09-24 16:49 - 2017-09-05 00:12 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-09-24 16:49 - 2017-09-05 00:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-09-24 16:38 - 2017-09-05 00:28 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2017-09-24 16:38 - 2017-09-05 00:27 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-09-24 16:38 - 2017-09-05 00:22 - 000742912 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2017-09-24 16:38 - 2017-09-05 00:21 - 001178624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2017-09-24 16:38 - 2017-09-05 00:20 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-09-24 16:38 - 2017-09-05 00:12 - 002153984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2017-09-24 16:36 - 2017-09-05 01:31 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-09-24 16:36 - 2017-09-05 01:31 - 000115792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2017-09-24 16:36 - 2017-09-05 01:23 - 004462120 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2017-09-24 16:36 - 2017-09-05 01:18 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-09-24 16:36 - 2017-09-05 01:18 - 000685512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2017-09-24 16:36 - 2017-09-05 01:16 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-09-24 16:36 - 2017-09-05 01:16 - 000546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-09-24 16:36 - 2017-09-05 01:16 - 000228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-09-24 16:36 - 2017-09-05 01:16 - 000049720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbs.dll
2017-09-24 16:36 - 2017-09-05 01:15 - 000871448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-09-24 16:36 - 2017-09-05 01:14 - 021352656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-09-24 16:36 - 2017-09-05 01:14 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-09-24 16:36 - 2017-09-05 01:14 - 000958664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2017-09-24 16:36 - 2017-09-05 01:13 - 001619816 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-09-24 16:36 - 2017-09-05 01:11 - 002675104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-09-24 16:36 - 2017-09-05 01:11 - 000610720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2017-09-24 16:36 - 2017-09-05 00:31 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-09-24 16:36 - 2017-09-05 00:30 - 001639936 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-09-24 16:36 - 2017-09-05 00:30 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-09-24 16:36 - 2017-09-05 00:30 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-09-24 16:36 - 2017-09-05 00:30 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-09-24 16:36 - 2017-09-05 00:30 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-09-24 16:36 - 2017-09-05 00:27 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-09-24 16:36 - 2017-09-05 00:27 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\CfgSPCellular.dll
2017-09-24 16:36 - 2017-09-05 00:27 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAPNCsp.dll
2017-09-24 16:36 - 2017-09-05 00:27 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2017-09-24 16:36 - 2017-09-05 00:27 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-09-24 16:36 - 2017-09-05 00:27 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-09-24 16:36 - 2017-09-05 00:26 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2017-09-24 16:36 - 2017-09-05 00:26 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\csplte.dll
2017-09-24 16:36 - 2017-09-05 00:26 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-09-24 16:36 - 2017-09-05 00:25 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-09-24 16:36 - 2017-09-05 00:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-09-24 16:36 - 2017-09-05 00:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2017-09-24 16:36 - 2017-09-05 00:24 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
2017-09-24 16:36 - 2017-09-05 00:24 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2017-09-24 16:36 - 2017-09-05 00:24 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcrecovery.dll
2017-09-24 16:36 - 2017-09-05 00:23 - 000739840 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2017-09-24 16:36 - 2017-09-05 00:23 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
2017-09-24 16:36 - 2017-09-05 00:23 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2017-09-24 16:36 - 2017-09-05 00:22 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2017-09-24 16:36 - 2017-09-05 00:22 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-09-24 16:36 - 2017-09-05 00:22 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-09-24 16:36 - 2017-09-05 00:22 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
2017-09-24 16:36 - 2017-09-05 00:22 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-09-24 16:36 - 2017-09-05 00:22 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-09-24 16:36 - 2017-09-05 00:22 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-09-24 16:36 - 2017-09-05 00:21 - 000946688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
2017-09-24 16:36 - 2017-09-05 00:21 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2017-09-24 16:36 - 2017-09-05 00:21 - 000691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2017-09-24 16:36 - 2017-09-05 00:21 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-09-24 16:36 - 2017-09-05 00:21 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2017-09-24 16:36 - 2017-09-05 00:20 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-09-24 16:36 - 2017-09-05 00:19 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-09-24 16:36 - 2017-09-05 00:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-09-24 16:36 - 2017-09-05 00:19 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2017-09-24 16:36 - 2017-09-05 00:18 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-09-24 16:36 - 2017-09-05 00:18 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-09-24 16:36 - 2017-09-05 00:18 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2017-09-24 16:36 - 2017-09-05 00:18 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-09-24 16:36 - 2017-09-05 00:18 - 000803328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-09-24 16:36 - 2017-09-05 00:18 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-09-24 16:36 - 2017-09-05 00:18 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2017-09-24 16:36 - 2017-09-05 00:17 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-09-24 16:36 - 2017-09-05 00:17 - 008207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-09-24 16:36 - 2017-09-05 00:17 - 002765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-09-24 16:36 - 2017-09-05 00:17 - 001397760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-09-24 16:36 - 2017-09-05 00:15 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-09-24 16:36 - 2017-09-05 00:15 - 003059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-09-24 16:36 - 2017-09-05 00:15 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-09-24 16:36 - 2017-09-05 00:15 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-09-24 16:36 - 2017-09-05 00:15 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-09-24 16:36 - 2017-09-05 00:15 - 001077248 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-09-24 16:36 - 2017-09-05 00:15 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-09-24 16:36 - 2017-09-05 00:14 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-09-24 16:36 - 2017-09-05 00:14 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-09-24 16:36 - 2017-09-05 00:14 - 002445824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-09-24 16:36 - 2017-09-05 00:14 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-09-24 16:36 - 2017-09-05 00:14 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-09-24 16:36 - 2017-09-05 00:13 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-09-24 16:36 - 2017-09-05 00:11 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-09-24 16:36 - 2017-09-05 00:09 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2017-09-24 16:36 - 2017-09-05 00:07 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-09-24 16:36 - 2017-09-05 00:07 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-09-24 16:36 - 2017-09-01 01:55 - 000031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-09-24 16:35 - 2017-09-05 01:26 - 008319904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-09-24 16:35 - 2017-09-05 01:26 - 001930840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-09-24 16:35 - 2017-09-05 01:25 - 000159648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2017-09-24 16:35 - 2017-09-05 01:18 - 005477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-09-24 16:35 - 2017-09-05 01:18 - 001668344 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2017-09-24 16:35 - 2017-09-05 01:16 - 001320344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-09-24 16:35 - 2017-09-05 01:14 - 000094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-09-24 16:35 - 2017-09-05 00:26 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.exe
2017-09-24 16:35 - 2017-09-05 00:26 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnpinst.exe
2017-09-24 16:35 - 2017-09-05 00:24 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
2017-09-24 16:35 - 2017-09-05 00:22 - 000413184 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-09-24 16:35 - 2017-09-05 00:22 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
2017-09-24 16:35 - 2017-09-05 00:21 - 001051136 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2017-09-24 16:35 - 2017-09-05 00:20 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-09-24 16:35 - 2017-09-05 00:20 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-09-24 16:35 - 2017-09-05 00:18 - 000832000 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2017-09-24 16:35 - 2017-09-05 00:17 - 000757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2017-09-24 16:35 - 2017-09-05 00:16 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-09-24 16:35 - 2017-09-05 00:15 - 001143296 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-09-24 16:35 - 2017-09-05 00:14 - 001657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-09-24 16:35 - 2017-09-05 00:14 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-09-24 16:35 - 2017-09-05 00:06 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-09-24 16:34 - 2017-09-05 01:27 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-09-24 16:34 - 2017-09-05 01:27 - 000136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-09-24 16:34 - 2017-09-05 01:24 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-09-24 16:34 - 2017-09-05 01:23 - 001242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-09-24 16:34 - 2017-09-05 01:19 - 002443168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-09-24 16:34 - 2017-09-05 01:18 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-09-24 16:34 - 2017-09-05 01:18 - 002647224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-09-24 16:34 - 2017-09-05 01:14 - 004708504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-09-24 16:34 - 2017-09-05 01:14 - 001146176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2017-09-24 16:34 - 2017-09-05 01:14 - 000254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-09-24 16:34 - 2017-09-05 01:11 - 000387936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-09-24 16:34 - 2017-09-05 00:45 - 023679488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-09-24 16:34 - 2017-09-05 00:29 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
2017-09-24 16:34 - 2017-09-05 00:27 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-09-24 16:34 - 2017-09-05 00:26 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2017-09-24 16:34 - 2017-09-05 00:26 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-09-24 16:34 - 2017-09-05 00:24 - 000457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-09-24 16:34 - 2017-09-05 00:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-09-24 16:34 - 2017-09-05 00:23 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-09-24 16:34 - 2017-09-05 00:23 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2017-09-24 16:34 - 2017-09-05 00:23 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-09-24 16:34 - 2017-09-05 00:23 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2017-09-24 16:34 - 2017-09-05 00:22 - 023684608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-09-24 16:34 - 2017-09-05 00:22 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-09-24 16:34 - 2017-09-05 00:22 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2017-09-24 16:34 - 2017-09-05 00:22 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-09-24 16:34 - 2017-09-05 00:22 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-09-24 16:34 - 2017-09-05 00:20 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-09-24 16:34 - 2017-09-05 00:19 - 001028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-09-24 16:34 - 2017-09-05 00:19 - 000996864 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2017-09-24 16:34 - 2017-09-05 00:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-09-24 16:34 - 2017-09-05 00:18 - 012801536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-09-24 16:34 - 2017-09-05 00:18 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-09-24 16:34 - 2017-09-05 00:18 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-09-24 16:34 - 2017-09-05 00:18 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-09-24 16:34 - 2017-09-05 00:16 - 000440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2017-09-24 16:34 - 2017-09-05 00:15 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-09-24 16:34 - 2017-09-05 00:15 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-09-24 16:34 - 2017-09-05 00:14 - 001583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-09-24 16:34 - 2017-09-05 00:14 - 000810496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-09-24 16:34 - 2017-09-05 00:13 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-09-24 16:33 - 2017-09-05 01:31 - 001596592 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-09-24 16:33 - 2017-09-05 01:31 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-09-24 16:33 - 2017-09-05 01:25 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-09-24 16:33 - 2017-09-05 01:20 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-09-24 16:33 - 2017-09-05 01:19 - 004848960 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-09-24 16:33 - 2017-09-05 01:18 - 002972552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-09-24 16:33 - 2017-09-05 01:17 - 000316320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-09-24 16:33 - 2017-09-05 01:16 - 000724200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-09-24 16:33 - 2017-09-05 01:16 - 000410168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-09-24 16:33 - 2017-09-05 01:16 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-09-24 16:33 - 2017-09-05 01:15 - 003116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-09-24 16:33 - 2017-09-05 01:15 - 000381824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2017-09-24 16:33 - 2017-09-05 00:30 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-09-24 16:33 - 2017-09-05 00:30 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-09-24 16:33 - 2017-09-05 00:30 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-09-24 16:33 - 2017-09-05 00:30 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-09-24 16:33 - 2017-09-05 00:28 - 017371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-09-24 16:33 - 2017-09-05 00:28 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-09-24 16:33 - 2017-09-05 00:27 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\datamarketsvc.dll
2017-09-24 16:33 - 2017-09-05 00:24 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-09-24 16:33 - 2017-09-05 00:24 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
2017-09-24 16:33 - 2017-09-05 00:24 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2017-09-24 16:33 - 2017-09-05 00:22 - 000213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
2017-09-24 16:33 - 2017-09-05 00:21 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-09-24 16:33 - 2017-09-05 00:20 - 007337472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-09-24 16:33 - 2017-09-05 00:20 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-09-24 16:33 - 2017-09-05 00:19 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-09-24 16:33 - 2017-09-05 00:18 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-09-24 16:33 - 2017-09-05 00:18 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-09-24 16:33 - 2017-09-05 00:16 - 002680320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2017-09-24 16:33 - 2017-09-05 00:15 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-09-24 16:33 - 2017-09-05 00:15 - 001736704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2017-09-24 16:33 - 2017-09-05 00:14 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-09-24 16:33 - 2017-09-05 00:14 - 002006528 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2017-09-24 16:32 - 2017-09-05 01:18 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-09-24 16:32 - 2017-09-05 01:15 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-09-24 16:32 - 2017-09-05 01:15 - 000257440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-09-24 16:32 - 2017-09-05 01:13 - 000078240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncAppvPublishingServer.exe
2017-09-24 16:32 - 2017-09-05 01:13 - 000064680 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2017-09-24 16:32 - 2017-09-05 01:12 - 002229152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-09-24 16:32 - 2017-09-05 01:12 - 001854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-09-24 16:32 - 2017-09-05 01:12 - 001693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-09-24 16:32 - 2017-09-05 01:12 - 001462688 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-09-24 16:32 - 2017-09-05 01:12 - 000855456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-09-24 16:32 - 2017-09-05 01:12 - 000849824 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-09-24 16:32 - 2017-09-05 01:12 - 000844704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-09-24 16:32 - 2017-09-05 01:12 - 000774560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-09-24 16:32 - 2017-09-05 01:12 - 000699808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-09-24 16:32 - 2017-09-05 01:12 - 000674720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-09-24 16:32 - 2017-09-05 01:12 - 000406944 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-09-24 16:32 - 2017-09-05 01:12 - 000235424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2017-09-24 16:32 - 2017-09-05 01:12 - 000203680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamingUX.dll
2017-09-24 16:32 - 2017-09-05 00:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2017-09-24 16:32 - 2017-09-05 00:23 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-09-24 16:32 - 2017-09-05 00:20 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-09-24 16:32 - 2017-09-05 00:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-09-24 16:32 - 2017-09-05 00:16 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-09-24 16:31 - 2017-09-05 01:31 - 001147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-09-24 16:31 - 2017-09-05 01:31 - 001024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-09-24 16:31 - 2017-09-05 01:31 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-09-24 16:31 - 2017-09-05 01:30 - 000287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-09-24 16:31 - 2017-09-05 01:24 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-09-24 16:31 - 2017-09-05 01:21 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-09-24 16:31 - 2017-09-05 01:16 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-09-24 16:31 - 2017-09-05 00:28 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2017-09-24 16:31 - 2017-09-05 00:26 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2017-09-24 16:31 - 2017-09-05 00:25 - 000527872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-09-24 16:31 - 2017-09-05 00:18 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-09-24 16:31 - 2017-09-05 00:10 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthHFSrv.dll
2017-09-24 13:18 - 2017-09-24 13:18 - 000000000 ___HD C:\$SysReset
2017-09-21 13:10 - 2017-09-21 13:12 - 000000445 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2017-09-07 11:10 - 2017-09-29 11:03 - 000508178 _____ C:\WINDOWS\ntbtlog.txt
2017-09-07 11:10 - 2017-09-29 10:56 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-09-05 12:59 - 2017-09-05 12:59 - 000000000 ____D C:\Users\Dell Opti 755\Documents\Resumes, etc
2017-09-04 13:06 - 2017-09-04 13:04 - 000544424 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-09-04 12:22 - 2017-09-04 12:24 - 000000000 ____D C:\Users\Dell Opti 755\AppData\Roaming\.clamwin
2017-09-04 12:22 - 2017-09-04 12:22 - 000001190 _____ C:\Users\Public\Desktop\ClamWin Antivirus.lnk
2017-09-04 12:22 - 2017-09-04 12:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClamWin Antivirus
2017-09-04 12:21 - 2017-09-04 12:21 - 000000000 ____D C:\ProgramData\.clamwin
2017-09-04 12:21 - 2017-09-04 12:21 - 000000000 ____D C:\Program Files (x86)\ClamWin
2017-09-04 12:12 - 2017-09-04 12:12 - 000401488 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-09-04 12:06 - 2017-09-04 12:07 - 120690586 _____ (alch ) C:\Users\Dell Opti 755\Downloads\clamwin-0.99.1-setup.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-02 02:09 - 2017-06-19 11:08 - 000000000 ____D C:\Users\Dell Opti 755\AppData\Local\Packages
2017-10-02 01:43 - 2017-06-19 12:20 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-10-02 01:18 - 2017-07-11 11:31 - 000004182 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{CFFA1E09-7908-4F79-A967-5BBA7E54F1F3}
2017-10-02 01:13 - 2017-06-19 12:23 - 000000000 ____D C:\Users\Dell Opti 755
2017-10-02 01:11 - 2017-06-19 12:29 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-30 10:52 - 2017-06-19 11:08 - 000000000 ___RD C:\Users\Dell Opti 755\Desktop\Documents 2017-09-29 14;11;30 (Incremental)
2017-09-29 15:22 - 2017-08-20 06:43 - 000007597 _____ C:\Users\Dell Opti 755\AppData\Local\resmon.resmoncfg
2017-09-29 12:39 - 2017-03-18 07:40 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2017-09-29 11:03 - 2017-07-04 08:53 - 000000000 ____D C:\Users\Dell Opti 755\AppData\Local\ElevatedDiagnostics
2017-09-29 07:30 - 2017-03-18 17:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-29 07:30 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-29 04:39 - 2017-06-21 13:23 - 000000000 ____D C:\ProgramData\Nero
2017-09-29 02:57 - 2017-06-19 12:31 - 001158116 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-09-28 13:09 - 2017-03-18 17:01 - 000000000 ____D C:\WINDOWS\INF
2017-09-28 11:03 - 2017-08-02 22:06 - 000000000 ____D C:\Users\Dell Opti 755\AppData\Local\Nero
2017-09-28 01:01 - 2017-08-20 10:30 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2017-09-27 22:33 - 2017-03-18 07:40 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-09-27 14:55 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\rescache
2017-09-27 07:44 - 2017-06-19 17:39 - 000002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-27 07:44 - 2017-06-19 17:39 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-09-27 07:29 - 2017-06-19 17:34 - 000361784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys
2017-09-27 07:25 - 2016-11-20 14:54 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-09-27 07:20 - 2017-08-21 09:13 - 000420528 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-09-24 19:10 - 2017-03-18 17:03 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-09-24 19:10 - 2017-03-18 17:03 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-09-24 19:10 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2017-09-24 19:10 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-09-24 19:10 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\setup
2017-09-24 19:09 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-09-24 19:09 - 2017-03-18 17:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-09-24 19:09 - 2017-03-18 17:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-09-24 17:37 - 2017-06-19 19:13 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-09-24 17:34 - 2017-06-19 19:12 - 138202976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-09-24 17:34 - 2017-03-18 16:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-09-24 17:25 - 2017-06-19 17:24 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-09-24 17:21 - 2016-07-16 07:47 - 000000167 _____ C:\WINDOWS\win.ini
2017-09-24 12:41 - 2017-06-19 17:34 - 000199312 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys
2017-09-24 12:20 - 2017-07-30 18:50 - 000003392 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2745217096-928324710-3568355786-1001
2017-09-24 12:20 - 2017-06-19 11:10 - 000002387 _____ C:\Users\Dell Opti 755\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-24 12:20 - 2017-06-19 11:10 - 000000000 ___RD C:\Users\Dell Opti 755\OneDrive
2017-09-21 13:42 - 2017-06-19 11:09 - 000000000 ____D C:\Windows10Upgrade
2017-09-21 13:33 - 2017-06-19 11:08 - 000000000 ___RD C:\Users\Dell Opti 755\Desktop\Documents 2017-09-29 13;25;18 (Full)
2017-09-04 13:35 - 2017-03-18 17:03 - 000000000 ___RD C:\WINDOWS\PrintDialog
2017-09-04 12:19 - 2017-08-23 09:02 - 000000033 _____ C:\ProgramData\droidcam-settings
2017-09-04 12:15 - 2017-06-19 17:39 - 000004022 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1497908356
2017-09-04 12:12 - 2017-07-21 09:51 - 000555072 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetSec.sys
2017-09-04 12:12 - 2017-06-19 17:37 - 000041832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-09-04 12:12 - 2017-06-19 17:34 - 001016384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-09-04 12:12 - 2017-06-19 17:34 - 000590880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-09-04 12:12 - 2017-06-19 17:34 - 000343296 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-09-04 12:12 - 2017-06-19 17:34 - 000147784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-09-04 12:12 - 2017-06-19 17:34 - 000110376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-09-04 12:12 - 2017-06-19 17:34 - 000084416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-09-04 12:12 - 2017-06-19 17:34 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2017-09-04 12:12 - 2017-06-19 17:34 - 000057736 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-09-04 12:12 - 2017-06-19 17:34 - 000047016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-09-04 12:12 - 2017-06-19 17:34 - 000003994 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-09-04 12:11 - 2017-06-19 17:34 - 000320528 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-09-04 12:11 - 2017-06-19 17:34 - 000198976 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-09-04 11:53 - 2017-07-15 16:46 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-09-02 11:15 - 2017-03-18 17:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-09-02 11:15 - 2017-03-18 17:06 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2017-08-20 06:43 - 2017-09-29 15:22 - 000007597 _____ () C:\Users\Dell Opti 755\AppData\Local\resmon.resmoncfg
2017-07-13 13:04 - 2017-07-13 13:04 - 000000057 _____ () C:\ProgramData\Ament.ini
2017-08-23 09:02 - 2017-09-04 12:19 - 000000033 _____ () C:\ProgramData\droidcam-settings

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-09-28 00:58

==================== End of FRST.txt ============================

#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,687 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:10 AM

Posted 02 October 2017 - 03:12 PM

  • Highlight the entire content of the quote box below.

Start::  
HKLM-x32\...\Run: [] => [X]
S2 BBSvc; C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.exe [X]
S3 BBUpdate; C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.exe [X]
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
Task: {6FEFC4FA-AE62-43F6-86EB-D672FF855EC9} - System32\Tasks\GoogleUpdateTaskMachineCore =>  [Argument = /c] <==== ATTENTION
Task: {F5A7ADDD-09FA-4B3B-B874-B2D8AA837E1A} - System32\Tasks\GoogleUpdateTaskMachineUA =>  [Argument = /ua /installsource scheduler] <==== ATTENTION
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

Please download Junkware Removal Tool to your Desktop.

  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.

Download AdwCleaner from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8/10 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

65MBhLLb.png


  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this

adwcleaner_delete_restart.jpg


  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 Xxaimee1433xx

Xxaimee1433xx
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:01:10 AM

Posted 02 October 2017 - 08:32 PM

Should i do these in safe mode or does it matter?

#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,687 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:10 AM

Posted 03 October 2017 - 07:52 PM

Prefer Normal Mode, but if not available, Safe Mode may do.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 Xxaimee1433xx

Xxaimee1433xx
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:01:10 AM

Posted 05 October 2017 - 03:43 PM

ok when i run the fix on FRST it says "Fix Completed. "fixlog.txt" is saved in the same directory FRST is located. Then it comes up with a box that says cannot find the C:/users/dellopti755/desktop/fixlog.txt file. Do you want to create a new one. I have done both yes and no and nothing saves.


Edited by Xxaimee1433xx, 05 October 2017 - 03:44 PM.


#11 Xxaimee1433xx

Xxaimee1433xx
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:01:10 AM

Posted 05 October 2017 - 03:45 PM

it just brings up a blank page



#12 Xxaimee1433xx

Xxaimee1433xx
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:01:10 AM

Posted 05 October 2017 - 03:47 PM

Im moving on to the rest of what you told me to do in the meantime. Oh and another thing that was weird, when I logged on today all my icons on the desktop are in all kinds of crazy places, not the way I left them. Is that normal?



#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,687 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:10 AM

Posted 05 October 2017 - 04:00 PM

It is being a few days since you first posted and we haven't started yet. Please continue with the rest of the instructions.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#14 Xxaimee1433xx

Xxaimee1433xx
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:01:10 AM

Posted 05 October 2017 - 04:10 PM

Ok doing the rest of it now

#15 Xxaimee1433xx

Xxaimee1433xx
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:01:10 AM

Posted 05 October 2017 - 04:14 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Pro x64 
Ran by Dell Opti 755 (Administrator) on Thu 10/05/2017 at 17:09:34.85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 0 
 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 10/05/2017 at 17:12:33.81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users