Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

The Requested Resource is in use Error


  • This topic is locked This topic is locked
9 replies to this topic

#1 Strylith

Strylith

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 17 December 2017 - 06:21 PM

Hello,

I have been getting this message multiple times. I have tried using this do it yourself guide:

https://www.bleepingcomputer.com/virus-removal/remove-the-requested-resource-is-in-use-error 

But with no avail. MBAR keeps freezing up after around 15-16 hours. The second time found 10132 malwares, which seems like a LOT. I gave up after it froze the second time. I am in serious trouble as a student if my laptop isn't secure as I know I could lose my files. I will be needing to use my laptop for notes (Microsoft word only) throughout Monday-Friday. If anyone can help me solve the "The Requested Resource is in Use" Error it would be very appreciated. Thank you

 

Ethan



BC AdBot (Login to Remove)

 


#2 Strylith

Strylith
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 17 December 2017 - 06:31 PM

forgot to upload this:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-12-2017
Ran by ideja (administrator) on BB-9E (17-12-2017 15:57:33)
Running from C:\Users\ideja\Desktop
Loaded Profiles: ideja (Available Profiles: ideja)
Platform: Windows 10 Home Version 1703 15063.786 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki124769.inf_amd64_e5e7af49c5a8fe4b\igfxCUIService.exe
(HP) C:\Windows\System32\hpservice.exe
(HP) C:\Windows\System32\HP3DDGService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\dataup\dataup.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Windows\System32\tprdpw64.exe
(Intel Corporation) C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki124769.inf_amd64_e5e7af49c5a8fe4b\IntelCpHeciSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki124769.inf_amd64_e5e7af49c5a8fe4b\igfxEM.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet 4630 series\Bin\HPNetworkCommunicatorCom.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(CenturyLink Inc) C:\Program Files (x86)\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\cpx\cpx.exe
() C:\Program Files (x86)\msrtn32\msrtn32.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\cpx\cpx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
() C:\Users\ideja\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files (x86)\cpx\cpx.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\GameBarPresenceWriter.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
() C:\Users\ideja\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
() C:\Users\ideja\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
() C:\Users\ideja\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
() C:\Program Files (x86)\msrtn32\cdhtr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Users\ideja\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
() C:\Users\ideja\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
() C:\Program Files (x86)\msrtn32\rthdcpd.exe
() C:\Program Files (x86)\cpx\cpx.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8843520 2016-01-28] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-07-31] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.)
HKLM\...\Run: [GoPro Tray App] => C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe [866224 2017-03-16] ()
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [127528 2015-07-08] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [28432392 2017-05-01] (Dropbox, Inc.)
HKLM-x32\...\Run: [CenturyLinkTouchPointAgent] => C:\Program Files (x86)\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe [48616 2015-07-21] (CenturyLink Inc)
HKLM-x32\...\Run: [InstallValidator.exe.FA87EC44_C38F_4148_93A1_FF4A64A2B707] => C:\Program Files (x86)\National Instruments\Shared\NIUninstaller\InstallValidator.exe [265608 2013-11-21] ()
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [657424 2016-01-11] (HP Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [cpx] => C:\Program Files (x86)\cpx\cpx.exe [641536 2016-03-24] () <==== ATTENTION
HKLM-x32\...\Run: [msrtn32] => C:\Program Files (x86)\msrtn32\msrtn32.exe [1141760 2016-04-18] () <==== ATTENTION
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2016-08-22] (Razer Inc.)
HKLM-x32\...\Run: [svcvmx] => "C:\Program Files (x86)\svcvmx\svcvmx.exe" -starup <==== ATTENTION
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKU\S-1-5-21-2639517013-2688658189-4040443759-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)
HKU\S-1-5-21-2639517013-2688658189-4040443759-1001\...\Run: [HP Officejet 4630 series (NET)] => C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-2639517013-2688658189-4040443759-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-11-17] (Apple Inc.)
HKU\S-1-5-21-2639517013-2688658189-4040443759-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\LIGHTS~1.SCR [841216 2015-08-29] ()
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [391040 2017-03-18] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [391040 2017-03-18] (Microsoft Corporation)
Startup: C:\Users\ideja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-12-06]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicyUsers\S-1-5-21-2639517013-2688658189-4040443759-1001\User: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25
Tcpip\..\Interfaces\{0aa4e60d-5277-4c18-9224-d5f9b1a599e8}: [DhcpNameServer] 192.168.0.1 205.171.3.25
Tcpip\..\Interfaces\{2f95b55c-5a7e-434e-bfe1-8e445dc696ee}: [DhcpNameServer] 192.168.0.1 205.171.3.25
Tcpip\..\Interfaces\{f01afe25-0c69-4440-b946-14866e8542a0}: [DhcpNameServer] 172.20.10.1
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131184560548558823&GUID=F1134189-C1AD-4B35-9D17-F6718BB45B4F
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-2639517013-2688658189-4040443759-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131184560548479495&GUID=F1134189-C1AD-4B35-9D17-F6718BB45B4F
HKU\S-1-5-21-2639517013-2688658189-4040443759-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
SearchScopes: HKLM-x32 -> {879D6FE8-D173-4DAD-9B8C-A67A42F4A229} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2639517013-2688658189-4040443759-1001 -> {879D6FE8-D173-4DAD-9B8C-A67A42F4A229} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2639517013-2688658189-4040443759-1001 -> {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-12-15] (Microsoft Corporation)
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-12-15] (Microsoft Corporation)
BHO-x32: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-07-11] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-30] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-07-11] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-15] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-15] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-15] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-15] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: lrb30vuy.default
FF ProfilePath: C:\Users\ideja\AppData\Roaming\Mozilla\Firefox\Profiles\lrb30vuy.default [2017-12-16]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-05] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-07-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-07-11] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-12-15] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-12-15] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
Chrome:
=======
CHR HKU\S-1-5-21-2639517013-2688658189-4040443759-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ooebgdicanjhnamfmdlmlbcnkgehkkmf] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
"drmkpro64" => service could not be unlocked. <==== ATTENTION
R2 AESMService; C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe [3744904 2015-06-19] (Intel Corporation)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1547200 2017-10-20] ()
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2016-01-19] (BitRaider, LLC)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7760552 2017-12-07] (Microsoft Corporation)
R2 Dataup; C:\Program Files (x86)\dataup\dataup.exe [77824 2015-08-06] () [File not signed] <==== ATTENTION
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-19] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-19] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [48944 2017-05-01] (Dropbox, Inc.)
R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1385640 2015-08-02] (Intel Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-07-31] (NVIDIA Corporation)
R2 GoProDeviceDetectionService; C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe [37808 2017-03-16] ()
R2 hp3ddgsrv; C:\WINDOWS\system32\HP3DDGService.exe [130072 2017-10-03] (HP)
R2 hpsrv; C:\WINDOWS\system32\Hpservice.exe [38728 2016-10-11] (HP)
R2 HPSupportSolutionsFrameworkService; c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28552 2016-04-26] (Hewlett-Packard Company)
R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2016-01-11] (HP Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-07-22] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
S3 Intel® WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-06-16] (Intel Corporation)
R2 IntelUSBoverIP; C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe [396992 2015-07-06] (Intel)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [223520 2015-07-11] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [269480 2017-07-03] ()
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-09-16] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1868432 2015-07-31] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-07-31] (NVIDIA Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2016-01-28] (Realtek Semiconductor)
S2 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [592392 2016-05-23] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-08-18] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-19] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3755176 2017-07-03] (Intel® Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 63545116; C:\WINDOWS\system32\drivers\63545116.sys [255928 2017-12-16] (Malwarebytes)
R3 Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [54296 2017-10-03] (HP)
R3 clwvd6; C:\WINDOWS\system32\DRIVERS\clwvd6.sys [41704 2013-10-29] (CyberLink Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [43512 2015-08-02] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [251384 2015-08-02] (Intel Corporation)
R0 hpdskflt; C:\WINDOWS\System32\DRIVERS\hpdskflt.sys [40472 2017-10-03] (HP)
R3 HPMoA407; C:\WINDOWS\System32\drivers\HPMoA407.sys [25088 2011-10-31] (Hewlett-Packard.)
R3 HPubA407; C:\WINDOWS\System32\Drivers\HPubA407.sys [18944 2012-06-14] (Hewlett-Packard.)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [244744 2017-04-13] (Intel Corporation)
S3 libusb0; C:\WINDOWS\system32\DRIVERS\libusb0.sys [61544 2016-11-01] (hxxp://libusb-win32.sourceforge.net)
R3 Netwtw04; C:\WINDOWS\system32\DRIVERS\Netwtw04.sys [7643648 2017-07-13] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvhm.inf_amd64_f0b2a5e1e71031b3\nvlddmkm.sys [15620208 2017-10-16] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-07-31] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [46768 2015-07-31] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [889584 2016-02-07] (Realtek )
S3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [753368 2015-07-31] (Realsil Semiconductor Corporation)
S3 RZSURROUNDVADService; C:\WINDOWS\system32\drivers\RzSurroundVAD.sys [40640 2016-02-15] (Windows ® Win 7 DDK provider)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 SGXEPC; C:\WINDOWS\System32\drivers\sgx_driver.sys [54768 2015-06-19] (Windows ® Win 7 DDK provider)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [33448 2015-07-27] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [55384 2017-08-18] (Synaptics Incorporated)
S3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [100592 2016-10-13] (Symantec Corporation)
R3 usb3Hub; C:\WINDOWS\System32\drivers\usb3Hub.sys [212056 2015-07-06] (Windows ® Win 7 DDK provider)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30368 2017-06-21] (HP)
S1 deunmpbg; \??\C:\WINDOWS\system32\drivers\deunmpbg.sys [X]
R5 drmkpro64;  <==== ATTENTION: Locked Service <==== ATTENTION
S1 hkqqlepk; \??\C:\WINDOWS\system32\drivers\hkqqlepk.sys [X]
S1 ianazcdq; \??\C:\WINDOWS\system32\drivers\ianazcdq.sys [X]
S1 jnnrlyqz; \??\C:\WINDOWS\system32\drivers\jnnrlyqz.sys [X]
S1 mxnoycvd; \??\C:\WINDOWS\system32\drivers\mxnoycvd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-12-17 15:57 - 2017-12-17 15:58 - 000026150 _____ C:\Users\ideja\Desktop\FRST.txt
2017-12-17 15:57 - 2017-12-17 15:57 - 000000000 ____D C:\FRST
2017-12-17 15:55 - 2017-12-17 15:55 - 002392064 _____ (Farbar) C:\Users\ideja\Desktop\FRST64.exe
2017-12-17 15:45 - 2017-12-17 15:45 - 083316440 _____ (Malwarebytes ) C:\Users\ideja\Desktop\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374.exe
2017-12-16 15:40 - 2017-12-16 15:40 - 000000000 ____D C:\Users\ideja\Desktop\mbar
2017-12-15 21:47 - 2017-12-16 15:41 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\63545116.sys
2017-12-15 21:47 - 2017-12-15 21:47 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-12-15 21:46 - 2017-12-16 16:47 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-12-15 21:45 - 2017-12-15 21:45 - 014161479 _____ C:\Users\ideja\Downloads\mbar-1.10.3.1001-nr.exe
2017-12-15 21:15 - 2017-12-15 21:17 - 083316440 _____ (Malwarebytes ) C:\Users\ideja\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374.exe
2017-12-14 20:14 - 2017-12-14 20:14 - 000000000 ___SD C:\WINDOWS\UpdateAssistantV2
2017-12-14 19:34 - 2017-12-14 19:35 - 000000000 ___HD C:\$WINDOWS.~BT
2017-12-13 16:18 - 2017-11-29 20:00 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-12-13 16:18 - 2017-11-29 19:58 - 006763128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-12-13 16:18 - 2017-11-29 19:58 - 000702032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-12-13 16:18 - 2017-11-29 19:57 - 001123968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-12-13 16:18 - 2017-11-29 19:45 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-12-13 16:18 - 2017-11-29 19:43 - 020511232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-12-13 16:18 - 2017-11-29 19:43 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-12-13 16:18 - 2017-11-29 19:43 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-12-13 16:18 - 2017-11-29 19:42 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2017-12-13 16:18 - 2017-11-29 19:42 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscript.ocx
2017-12-13 16:18 - 2017-11-29 19:41 - 000146944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscript.exe
2017-12-13 16:18 - 2017-11-29 19:40 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
2017-12-13 16:18 - 2017-11-29 19:40 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrobj.dll
2017-12-13 16:18 - 2017-11-29 19:40 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscript.exe
2017-12-13 16:18 - 2017-11-29 19:38 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-12-13 16:18 - 2017-11-29 19:38 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-12-13 16:18 - 2017-11-29 19:38 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-12-13 16:18 - 2017-11-29 19:37 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-12-13 16:18 - 2017-11-29 19:36 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-12-13 16:18 - 2017-11-29 19:36 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-12-13 16:18 - 2017-11-29 19:35 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-12-13 16:18 - 2017-11-29 19:34 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-12-13 16:18 - 2017-11-17 02:31 - 000223640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-12-13 16:18 - 2017-11-17 02:00 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-12-13 16:17 - 2017-11-29 19:44 - 019334144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-12-13 16:17 - 2017-11-29 19:40 - 000585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-12-13 16:17 - 2017-11-29 19:38 - 008195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-12-13 16:17 - 2017-11-29 19:37 - 006252544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-12-13 16:17 - 2017-11-29 19:36 - 004726784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-12-13 16:17 - 2017-11-29 19:36 - 003652096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-12-13 16:17 - 2017-11-29 19:36 - 000755200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-12-13 16:16 - 2017-11-29 19:44 - 023679488 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-12-13 16:15 - 2017-11-29 20:33 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\OOBEUpdater.exe
2017-12-13 16:15 - 2017-11-29 19:59 - 023678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-12-13 16:14 - 2017-11-29 20:23 - 001194248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-12-13 16:14 - 2017-11-29 19:44 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-12-13 16:14 - 2017-11-29 19:42 - 000560640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2017-12-13 16:14 - 2017-11-29 19:42 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-12-13 16:14 - 2017-11-29 19:41 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-12-13 16:14 - 2017-11-29 19:40 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-12-13 16:14 - 2017-11-29 19:39 - 011888640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-12-13 16:14 - 2017-11-29 19:36 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-12-13 16:13 - 2017-11-29 20:33 - 001015704 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-12-13 16:13 - 2017-11-29 20:29 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-12-13 16:13 - 2017-11-29 20:24 - 000870896 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-12-13 16:13 - 2017-11-29 20:23 - 007910960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-12-13 16:13 - 2017-11-29 19:44 - 000171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2017-12-13 16:13 - 2017-11-29 19:42 - 000304640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2017-12-13 16:13 - 2017-11-29 19:39 - 003206656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-12-13 16:13 - 2017-11-29 19:39 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-12-13 16:13 - 2017-11-29 19:37 - 003306496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-12-13 16:13 - 2017-11-29 19:36 - 001802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-12-13 16:13 - 2017-11-17 02:46 - 002032536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-12-13 16:13 - 2017-11-17 02:46 - 000821656 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-12-13 16:13 - 2017-11-17 02:03 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-12-13 16:12 - 2017-11-29 20:33 - 001144728 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-12-13 16:12 - 2017-11-17 02:37 - 021353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-12-13 16:12 - 2017-11-17 01:59 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-12-13 16:11 - 2017-11-29 20:26 - 002647216 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-12-13 16:11 - 2017-11-29 19:45 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-12-13 16:11 - 2017-11-29 19:44 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2017-12-13 16:11 - 2017-11-29 19:43 - 000164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscript.exe
2017-12-13 16:11 - 2017-11-29 19:42 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-12-13 16:11 - 2017-11-29 19:42 - 000164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscript.exe
2017-12-13 16:11 - 2017-11-29 19:41 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-12-13 16:11 - 2017-11-29 19:41 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2017-12-13 16:11 - 2017-11-29 19:41 - 000222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll
2017-12-13 16:11 - 2017-11-29 19:39 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-12-13 16:11 - 2017-11-29 19:38 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-12-13 16:11 - 2017-11-29 19:37 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-12-13 16:11 - 2017-11-29 19:36 - 001398784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-12-13 16:11 - 2017-11-17 02:46 - 001578904 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-12-13 16:11 - 2017-11-17 02:46 - 000678808 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-12-13 16:11 - 2017-11-17 02:46 - 000613784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-12-13 16:11 - 2017-11-17 02:46 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-12-13 16:11 - 2017-11-17 02:46 - 000484248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-12-13 16:11 - 2017-11-17 02:46 - 000379288 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-12-13 16:11 - 2017-11-17 02:46 - 000259992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-12-13 16:11 - 2017-11-17 02:46 - 000190360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-12-13 16:11 - 2017-11-17 02:46 - 000136088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-12-13 16:11 - 2017-11-17 02:46 - 000067992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2017-12-13 16:11 - 2017-11-17 02:46 - 000034712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-12-13 16:11 - 2017-11-17 02:41 - 000503704 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2017-12-13 16:11 - 2017-11-17 02:39 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-12-13 16:11 - 2017-11-17 02:39 - 000643200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-12-13 16:11 - 2017-11-17 01:56 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-12-12 19:05 - 2017-12-12 19:05 - 008823296 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2017-12-05 22:22 - 2017-12-05 22:22 - 000000000 ____D C:\Users\ideja\Downloads\SWA
2017-12-03 23:44 - 2017-12-03 23:44 - 000641696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140.dll
2017-12-03 23:44 - 2017-12-03 23:44 - 000389296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vccorlib140.dll
2017-12-03 23:44 - 2017-12-03 23:44 - 000331432 _____ (Microsoft Corporation) C:\WINDOWS\system32\concrt140.dll
2017-12-03 23:44 - 2017-12-03 23:44 - 000087728 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000440128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vccorlib140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\concrt140.dll
2017-12-03 23:38 - 2017-12-03 23:38 - 000083792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vcruntime140.dll
2017-11-24 20:25 - 2017-11-24 20:25 - 000000000 ____D C:\Windows.old
2017-11-24 16:58 - 2017-11-01 22:16 - 002398696 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-11-24 16:58 - 2017-11-01 22:15 - 001239448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-11-24 16:58 - 2017-11-01 22:13 - 000546712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-11-24 16:58 - 2017-11-01 22:13 - 000095640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2017-11-24 16:58 - 2017-11-01 22:10 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-11-24 16:58 - 2017-11-01 22:04 - 001292360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-11-24 16:58 - 2017-11-01 21:49 - 001838848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-11-24 16:58 - 2017-11-01 21:45 - 000613136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-11-24 16:58 - 2017-11-01 21:45 - 000362144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-11-24 16:58 - 2017-11-01 21:45 - 000354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-11-24 16:58 - 2017-11-01 21:45 - 000283544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-11-24 16:58 - 2017-11-01 21:45 - 000172952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-11-24 16:58 - 2017-11-01 21:45 - 000133896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-11-24 16:58 - 2017-11-01 21:44 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-11-24 16:58 - 2017-11-01 21:44 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-11-24 16:58 - 2017-11-01 21:43 - 020372896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-11-24 16:58 - 2017-11-01 21:36 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-11-24 16:58 - 2017-11-01 21:35 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2017-11-24 16:58 - 2017-11-01 21:35 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-11-24 16:58 - 2017-11-01 21:34 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-11-24 16:58 - 2017-11-01 21:34 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-11-24 16:58 - 2017-11-01 21:34 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2017-11-24 16:58 - 2017-11-01 21:32 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-11-24 16:58 - 2017-11-01 21:30 - 013381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-11-24 16:58 - 2017-11-01 21:30 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-11-24 16:58 - 2017-11-01 21:30 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-11-24 16:58 - 2017-11-01 21:30 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-11-24 16:58 - 2017-11-01 21:29 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-11-24 16:58 - 2017-11-01 21:27 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-11-24 16:58 - 2017-11-01 21:27 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertPKICmdlet.dll
2017-11-24 16:58 - 2017-11-01 21:26 - 005963776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-11-24 16:58 - 2017-11-01 21:26 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-11-24 16:58 - 2017-11-01 21:26 - 001937408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2017-11-24 16:58 - 2017-11-01 21:26 - 000371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-11-24 16:58 - 2017-11-01 21:26 - 000068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2017-11-24 16:58 - 2017-11-01 21:25 - 012227072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-11-24 16:58 - 2017-11-01 21:25 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-11-24 16:58 - 2017-11-01 21:25 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2017-11-24 16:58 - 2017-11-01 21:25 - 000364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-11-24 16:58 - 2017-11-01 21:24 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-11-24 16:58 - 2017-11-01 21:24 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-11-24 16:58 - 2017-11-01 21:24 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
2017-11-24 16:58 - 2017-11-01 21:24 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-11-24 16:58 - 2017-11-01 21:23 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-11-24 16:58 - 2017-11-01 21:23 - 000680960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2017-11-24 16:58 - 2017-11-01 21:23 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-11-24 16:58 - 2017-11-01 21:23 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-11-24 16:58 - 2017-11-01 21:22 - 001884160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2017-11-24 16:58 - 2017-11-01 21:22 - 001494528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-11-24 16:58 - 2017-11-01 21:21 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-11-24 16:58 - 2017-11-01 21:21 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-11-24 16:58 - 2017-10-25 00:40 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-11-24 16:58 - 2017-10-15 08:09 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-11-24 16:58 - 2017-10-15 08:01 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-11-24 16:58 - 2017-10-15 07:53 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-11-24 16:58 - 2017-10-15 07:49 - 000094616 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-11-24 16:58 - 2017-10-15 07:49 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-11-24 16:58 - 2017-10-15 07:45 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-11-24 16:58 - 2017-10-15 07:44 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-11-24 16:58 - 2017-10-15 07:42 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-11-24 16:58 - 2017-10-15 07:42 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-11-24 16:58 - 2017-10-15 07:38 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-11-24 16:58 - 2017-10-15 07:14 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
2017-11-24 16:58 - 2017-10-15 07:10 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-11-24 16:57 - 2017-11-01 22:16 - 002327448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-11-24 16:57 - 2017-11-01 22:13 - 000212888 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-11-24 16:57 - 2017-11-01 22:12 - 000727336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-11-24 16:57 - 2017-11-01 22:12 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-11-24 16:57 - 2017-11-01 22:12 - 000430848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2017-11-24 16:57 - 2017-11-01 22:12 - 000412752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-11-24 16:57 - 2017-11-01 22:12 - 000319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-11-24 16:57 - 2017-11-01 22:12 - 000144248 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-11-24 16:57 - 2017-11-01 22:05 - 000187800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-11-24 16:57 - 2017-11-01 21:34 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-11-24 16:57 - 2017-11-01 21:30 - 007339008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-11-24 16:57 - 2017-11-01 21:30 - 000719872 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-11-24 16:57 - 2017-11-01 21:30 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-11-24 16:57 - 2017-11-01 21:29 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-11-24 16:57 - 2017-11-01 21:28 - 000939008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2017-11-24 16:57 - 2017-11-01 21:27 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-11-24 16:57 - 2017-11-01 21:27 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-11-24 16:57 - 2017-11-01 21:25 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-11-24 16:57 - 2017-11-01 21:23 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-11-24 16:57 - 2017-11-01 21:22 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-11-24 16:57 - 2017-10-15 07:59 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-11-24 16:57 - 2017-10-15 07:53 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-11-24 16:57 - 2017-10-15 07:13 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-11-24 16:57 - 2017-10-15 07:05 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-11-24 16:57 - 2017-10-15 07:02 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2017-11-24 16:56 - 2017-11-01 22:20 - 000965016 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-11-24 16:56 - 2017-11-01 22:20 - 000543640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-11-24 16:56 - 2017-11-01 22:20 - 000469568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2017-11-24 16:56 - 2017-11-01 22:14 - 000667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-11-24 16:56 - 2017-11-01 22:13 - 002443672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-11-24 16:56 - 2017-11-01 22:13 - 001345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-11-24 16:56 - 2017-11-01 22:12 - 000714648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-11-24 16:56 - 2017-11-01 22:12 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys
2017-11-24 16:56 - 2017-11-01 22:12 - 000026472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-11-24 16:56 - 2017-11-01 21:37 - 001278976 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-11-24 16:56 - 2017-11-01 21:37 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-11-24 16:56 - 2017-11-01 21:37 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-11-24 16:56 - 2017-11-01 21:37 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-11-24 16:56 - 2017-11-01 21:36 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-11-24 16:56 - 2017-11-01 21:35 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-11-24 16:56 - 2017-11-01 21:35 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2017-11-24 16:56 - 2017-11-01 21:34 - 000438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
2017-11-24 16:56 - 2017-11-01 21:34 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageLiveTileTask.exe
2017-11-24 16:56 - 2017-11-01 21:34 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-11-24 16:56 - 2017-11-01 21:33 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-11-24 16:56 - 2017-11-01 21:33 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageHandlers.dll
2017-11-24 16:56 - 2017-11-01 21:33 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2017-11-24 16:56 - 2017-11-01 21:33 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertPKICmdlet.dll
2017-11-24 16:56 - 2017-11-01 21:32 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2017-11-24 16:56 - 2017-11-01 21:32 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Storage.dll
2017-11-24 16:56 - 2017-11-01 21:31 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-11-24 16:56 - 2017-11-01 21:31 - 000411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-11-24 16:56 - 2017-11-01 21:31 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
2017-11-24 16:56 - 2017-11-01 21:30 - 000635392 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-11-24 16:56 - 2017-11-01 21:30 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2017-11-24 16:56 - 2017-11-01 21:30 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-11-24 16:56 - 2017-11-01 21:29 - 000415232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-11-24 16:56 - 2017-11-01 21:28 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-11-24 16:56 - 2017-11-01 21:28 - 000799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-11-24 16:56 - 2017-11-01 21:28 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-11-24 16:56 - 2017-11-01 21:27 - 000565248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-11-24 16:56 - 2017-11-01 21:27 - 000537600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2017-11-24 16:56 - 2017-11-01 21:26 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-11-24 16:56 - 2017-11-01 21:26 - 003060224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-11-24 16:56 - 2017-11-01 21:26 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-11-24 16:56 - 2017-11-01 21:25 - 002052608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-11-24 16:56 - 2017-11-01 21:25 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-11-24 16:56 - 2017-11-01 21:25 - 001713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-11-24 16:56 - 2017-11-01 21:25 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-11-24 16:56 - 2017-11-01 21:25 - 000877568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2017-11-24 16:56 - 2017-11-01 21:24 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-11-24 16:56 - 2017-11-01 21:23 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-11-24 16:56 - 2017-11-01 21:23 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-11-24 16:56 - 2017-11-01 21:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2017-11-24 16:56 - 2017-10-15 07:57 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-11-24 16:56 - 2017-10-15 07:57 - 000409496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-11-24 16:56 - 2017-10-15 07:56 - 000872464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-11-24 16:56 - 2017-10-15 07:51 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-11-24 16:56 - 2017-10-15 07:15 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-11-24 16:56 - 2017-10-15 07:08 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-11-24 16:56 - 2017-10-15 07:08 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-11-24 16:56 - 2017-10-15 07:00 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-11-22 15:05 - 2017-12-16 16:40 - 000000000 ____D C:\Users\ideja\AppData\LocalLow\Mozilla
2017-11-22 15:04 - 2017-12-16 16:36 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-11-22 15:04 - 2017-12-16 16:36 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-11-22 15:04 - 2017-11-22 15:10 - 000000000 ____D C:\Users\ideja\AppData\Local\Mozilla
2017-11-22 15:04 - 2017-11-22 15:05 - 000000000 ____D C:\Users\ideja\AppData\Roaming\Mozilla
2017-11-22 15:03 - 2017-12-16 16:35 - 000000000 ____D C:\Program Files\Mozilla Firefox
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-12-17 15:58 - 2017-04-20 22:06 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F336DAC6-2D7B-4E28-A497-2E2CE6506065}
2017-12-17 15:30 - 2017-04-20 21:35 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-12-16 18:40 - 2016-02-22 18:56 - 000000000 ____D C:\Users\ideja\AppData\Local\CrashDumps
2017-12-16 15:33 - 2017-03-18 14:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-12-16 15:33 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-12-15 22:28 - 2016-09-15 16:04 - 000000000 ____D C:\Users\ideja\AppData\Local\mstrn32
2017-12-15 21:43 - 2016-01-19 19:15 - 000000000 ____D C:\Program Files (x86)\Steam
2017-12-15 21:29 - 2016-01-19 18:59 - 000000000 ____D C:\Users\ideja\Documents\YouCam
2017-12-15 21:25 - 2016-01-19 18:58 - 000000000 __SHD C:\Users\ideja\IntelGraphicsProfiles
2017-12-15 21:24 - 2017-04-20 21:39 - 000000000 ____D C:\ProgramData\NVIDIA
2017-12-15 21:13 - 2017-04-20 21:40 - 001565480 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-12-15 21:06 - 2017-10-12 22:03 - 000000344 _____ C:\WINDOWS\Tasks\HPCeeScheduleForideja.job
2017-12-15 21:06 - 2017-04-20 22:06 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-12-15 21:06 - 2017-03-18 04:40 - 002621440 _____ C:\WINDOWS\system32\config\BBI
2017-12-15 21:05 - 2017-04-20 21:41 - 000000000 ____D C:\Users\ideja
2017-12-15 20:01 - 2017-10-12 22:03 - 000003236 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForideja
2017-12-15 19:52 - 2017-04-20 21:35 - 000402768 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-12-15 19:37 - 2017-03-18 14:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-12-15 19:33 - 2016-01-11 23:42 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-12-15 19:13 - 2015-07-15 23:05 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-12-14 20:14 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-12-14 20:14 - 2017-03-18 14:01 - 000000000 ____D C:\WINDOWS\INF
2017-12-14 19:35 - 2017-04-20 18:44 - 000000000 ___DC C:\WINDOWS\Panther
2017-12-14 17:31 - 2017-03-18 13:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-12-14 17:17 - 2016-01-19 19:24 - 000000000 ____D C:\Users\ideja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-12-13 16:35 - 2016-01-19 21:19 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-12-13 16:35 - 2016-01-19 18:59 - 000000000 ____D C:\Users\ideja\AppData\Local\Packages
2017-12-13 16:27 - 2017-10-18 18:29 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-12-13 16:27 - 2016-01-19 21:19 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-12-12 19:06 - 2017-06-18 20:22 - 000004580 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-12-12 19:05 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-12-12 19:05 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-12-10 15:00 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\rescache
2017-12-10 14:45 - 2016-01-29 23:28 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-12-10 10:46 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-12-10 10:46 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-12-10 10:46 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\Provisioning
2017-12-10 10:46 - 2017-03-18 14:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-12-10 10:46 - 2017-03-18 14:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-12-01 19:25 - 2017-08-12 13:10 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-12-01 19:25 - 2017-08-12 13:10 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-29 14:07 - 2016-05-19 09:25 - 000000000 ____D C:\Users\ideja\AppData\Local\Windows Live
2017-11-28 16:07 - 2017-04-20 22:11 - 000041913 _____ C:\WINDOWS\diagwrn.xml
2017-11-28 16:07 - 2017-04-20 22:11 - 000041913 _____ C:\WINDOWS\diagerr.xml
2017-11-28 12:32 - 2017-03-18 04:40 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-11-28 12:12 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\Registration
2017-11-22 16:54 - 2016-01-21 11:45 - 000545440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-11-22 14:59 - 2017-06-18 20:22 - 000004422 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-11-20 15:27 - 2017-04-20 22:05 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-11-20 14:52 - 2017-04-26 18:03 - 000000000 ____D C:\Users\ideja\AppData\Roaming\.minecraft
==================== Files in the root of some directories =======
2016-07-31 14:40 - 2016-07-31 14:41 - 000000106 _____ () C:\Users\ideja\jobq.dat
2016-06-13 18:08 - 2016-08-05 21:40 - 000000096 _____ () C:\Users\ideja\AppData\Roaming\LauncherSettings_live.cfg
2016-06-13 18:03 - 2016-08-05 21:39 - 000000039 _____ () C:\Users\ideja\AppData\Roaming\TheHunterSettings_steam_live.cfg
Files to move or delete:
====================
C:\Program Files (x86)\cpx\cpx.exe
C:\Program Files (x86)\msrtn32\msrtn32.exe

Some files in TEMP:
====================
2017-07-11 17:08 - 2017-07-11 17:08 - 000739904 _____ (Oracle Corporation) C:\Users\ideja\AppData\Local\Temp\jre-8u131-windows-au.exe
2017-08-01 19:23 - 2017-08-01 19:23 - 000740416 _____ (Oracle Corporation) C:\Users\ideja\AppData\Local\Temp\jre-8u144-windows-au.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\drivers\ndistpr64.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
LastRegBack: 2017-12-03 19:09


#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,215 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:31 PM

Posted 18 December 2017 - 09:07 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please run this Malwarebytes Anti-Rootkit.

Follow the instructions in the thread below. Make sure to download the MBAR linked in it. Let me know if you're not able to launch it and run a scan.

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

Before you run the program make sure you follow the instructions under Section 5.
5. Unselect sectors and system below. Hit the scan button.

If you manage to run a scan, delete everything it finds, and then copy/paste the content of the "mbar-log-TODAY'S-DATE.txt" log that is located in the MBAR folder here after.
<<<>>>

#4 Strylith

Strylith
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 18 December 2017 - 05:31 PM

Thanks for the response. The malwarebytes does start, it just doesn't finish. Should i still follow the above instructions?



#5 Strylith

Strylith
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 19 December 2017 - 09:25 AM

Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org
Database version:
  main:    v2017.12.19.01
  rootkit: v2017.10.14.01
Windows 10 x64 NTFS
Internet Explorer 11.786.15063.0
ideja :: BB-9E [administrator]
12/18/2017 10:27:23 PM
mbar-log-2017-12-18 (22-27-23).txt
Scan type:
Scan options enabled: Anti-Rootkit | Drivers | MBR
Scan options disabled: Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Objects scanned: 66
Time elapsed: 7 minute(s), 13 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\WINDOWS\SYSTEM32\drivers\ndistpr64.sys (Rootkit.Agent.PUA) -> Delete on reboot. [840821c2bc0774d7192a50aa3ca13f70]
Physical Sectors Detected: 0
(No malicious items detected)
(end)


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,215 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:31 PM

Posted 19 December 2017 - 10:10 AM

Please run the Farbar tool and post a fresh FRST log for my review.

Let me know what problem persists with this computer.

#7 Strylith

Strylith
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 19 December 2017 - 05:09 PM

Farbar Scan results as follows:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-12-2017

Ran by ideja (administrator) on BB-9E (19-12-2017 13:44:53)

Running from C:\Users\ideja\Desktop

Loaded Profiles: ideja (Available Profiles: ideja)

Platform: Windows 10 Home Version 1703 15063.786 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Edge)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki124769.inf_amd64_e5e7af49c5a8fe4b\igfxCUIService.exe

(HP) C:\Windows\System32\hpservice.exe

(HP) C:\Windows\System32\HP3DDGService.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe

() C:\Program Files (x86)\dataup\dataup.exe

(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe

(Intel Corporation) C:\Windows\System32\ibtsiva.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

() C:\Program Files\CyberLink\Shared files\RichVideo64.exe

() C:\Program Files\AVAST Software\SecureLine\vpnsvc.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe

(Intel) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe

(Intel Corporation) C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe

() C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki124769.inf_amd64_e5e7af49c5a8fe4b\igfxEM.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe

() C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe

(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

() C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe

(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet 4630 series\Bin\HPNetworkCommunicatorCom.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(CenturyLink Inc) C:\Program Files (x86)\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe

(Microsoft Corporation) C:\Windows\System32\GameBarPresenceWriter.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

() C:\Program Files (x86)\cpx\cpx.exe

() C:\Program Files (x86)\msrtn32\msrtn32.exe

(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe

(Microsoft Corporation) C:\Windows\System32\browser_broker.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

() C:\Program Files (x86)\cpx\cpx.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Intel Corporation) C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe

(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe

() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkypeHost.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta.exe

(Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

() C:\Program Files (x86)\msrtn32\cdhtr.exe

() C:\Program Files (x86)\cpx\cpx.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8843520 2016-01-28] (Realtek Semiconductor)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-07-31] (NVIDIA Corporation)

HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.)

HKLM\...\Run: [GoPro Tray App] => C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe [866224 2017-03-16] ()

HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [127528 2015-07-08] (Hewlett-Packard Company)

HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567928 2017-12-04] (Dropbox, Inc.)

HKLM-x32\...\Run: [CenturyLinkTouchPointAgent] => C:\Program Files (x86)\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe [48616 2015-07-21] (CenturyLink Inc)

HKLM-x32\...\Run: [InstallValidator.exe.FA87EC44_C38F_4148_93A1_FF4A64A2B707] => C:\Program Files (x86)\National Instruments\Shared\NIUninstaller\InstallValidator.exe [265608 2013-11-21] ()

HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [657424 2016-01-11] (HP Inc.)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)

HKLM-x32\...\Run: [cpx] => C:\Program Files (x86)\cpx\cpx.exe [641536 2016-03-24] () <==== ATTENTION

HKLM-x32\...\Run: [msrtn32] => C:\Program Files (x86)\msrtn32\msrtn32.exe [1141760 2016-04-18] () <==== ATTENTION

HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2016-08-22] (Razer Inc.)

HKLM-x32\...\Run: [svcvmx] => "C:\Program Files (x86)\svcvmx\svcvmx.exe" -starup <==== ATTENTION

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)

HKU\S-1-5-21-2639517013-2688658189-4040443759-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)

HKU\S-1-5-21-2639517013-2688658189-4040443759-1001\...\Run: [HP Officejet 4630 series (NET)] => C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)

HKU\S-1-5-21-2639517013-2688658189-4040443759-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-11-17] (Apple Inc.)

HKU\S-1-5-21-2639517013-2688658189-4040443759-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\LIGHTS~1.SCR [841216 2015-08-29] ()

HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [391040 2017-03-18] (Microsoft Corporation)

HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [391040 2017-03-18] (Microsoft Corporation)

Startup: C:\Users\ideja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-12-06]

ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

GroupPolicyUsers\S-1-5-21-2639517013-2688658189-4040443759-1001\User: Restriction <==== ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25

Tcpip\..\Interfaces\{0aa4e60d-5277-4c18-9224-d5f9b1a599e8}: [DhcpNameServer] 192.168.0.1 205.171.3.25

Tcpip\..\Interfaces\{2f95b55c-5a7e-434e-bfe1-8e445dc696ee}: [DhcpNameServer] 192.168.0.1 205.171.3.25

Tcpip\..\Interfaces\{f01afe25-0c69-4440-b946-14866e8542a0}: [DhcpNameServer] 172.20.10.1

 

Internet Explorer:

==================

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131184560548558823&GUID=F1134189-C1AD-4B35-9D17-F6718BB45B4F

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE

HKU\S-1-5-21-2639517013-2688658189-4040443759-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131184560548479495&GUID=F1134189-C1AD-4B35-9D17-F6718BB45B4F

HKU\S-1-5-21-2639517013-2688658189-4040443759-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE

SearchScopes: HKLM-x32 -> {879D6FE8-D173-4DAD-9B8C-A67A42F4A229} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKU\S-1-5-21-2639517013-2688658189-4040443759-1001 -> {879D6FE8-D173-4DAD-9B8C-A67A42F4A229} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKU\S-1-5-21-2639517013-2688658189-4040443759-1001 -> {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-12-15] (Microsoft Corporation)

BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File

BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)

BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-12-15] (Microsoft Corporation)

BHO-x32: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-07-11] (Oracle Corporation)

BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-30] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-07-11] (Oracle Corporation)

BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)

Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-15] (Microsoft Corporation)

Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-15] (Microsoft Corporation)

Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-15] (Microsoft Corporation)

Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-15] (Microsoft Corporation)

 

FireFox:

========

FF DefaultProfile: lrb30vuy.default

FF ProfilePath: C:\Users\ideja\AppData\Roaming\Mozilla\Firefox\Profiles\lrb30vuy.default [2017-12-16]

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-05] (Adobe Systems, Inc.)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-07-11] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-07-11] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-12-15] (Microsoft Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-12-15] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)

 

Chrome:

=======

CHR HKU\S-1-5-21-2639517013-2688658189-4040443759-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ooebgdicanjhnamfmdlmlbcnkgehkkmf] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo] - hxxps://clients2.google.com/service/update2/crx

 

==================== Services (Whitelisted) ====================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AESMService; C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe [3744904 2015-06-19] (Intel Corporation)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1547200 2017-10-20] ()

S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2016-01-19] (BitRaider, LLC)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7760552 2017-12-07] (Microsoft Corporation)

R2 Dataup; C:\Program Files (x86)\dataup\dataup.exe [77824 2015-08-06] () [File not signed] <==== ATTENTION

S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-19] (Dropbox, Inc.)

S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-19] (Dropbox, Inc.)

R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51016 2017-12-04] (Dropbox, Inc.)

R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1385640 2015-08-02] (Intel Corporation)

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-07-31] (NVIDIA Corporation)

R2 GoProDeviceDetectionService; C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe [37808 2017-03-16] ()

R2 hp3ddgsrv; C:\WINDOWS\system32\HP3DDGService.exe [130072 2017-10-03] (HP)

R2 hpsrv; C:\WINDOWS\system32\Hpservice.exe [38728 2016-10-11] (HP)

R2 HPSupportSolutionsFrameworkService; c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28552 2016-04-26] (Hewlett-Packard Company)

R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2016-01-11] (HP Inc.)

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-07-22] (Intel Corporation)

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)

S3 Intel® WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-06-16] (Intel Corporation)

R2 IntelUSBoverIP; C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe [396992 2015-07-06] (Intel)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [223520 2015-07-11] (Intel Corporation)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [269480 2017-07-03] ()

R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-09-16] (NVIDIA Corporation)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1868432 2015-07-31] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-07-31] (NVIDIA Corporation)

R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()

R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2016-01-28] (Realtek Semiconductor)

R2 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [592392 2016-05-23] ()

R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-08-18] (Synaptics Incorporated)

R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-19] (Microsoft Corporation)

R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3755176 2017-07-03] (Intel® Corporation)

R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]

 

===================== Drivers (Whitelisted) ======================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 63545116; C:\WINDOWS\system32\drivers\63545116.sys [255928 2017-12-16] (Malwarebytes)

R3 Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [54296 2017-10-03] (HP)

R3 clwvd6; C:\WINDOWS\system32\DRIVERS\clwvd6.sys [41704 2013-10-29] (CyberLink Corporation)

R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [43512 2015-08-02] (Intel Corporation)

R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [251384 2015-08-02] (Intel Corporation)

R0 hpdskflt; C:\WINDOWS\System32\DRIVERS\hpdskflt.sys [40472 2017-10-03] (HP)

R3 HPMoA407; C:\WINDOWS\System32\drivers\HPMoA407.sys [25088 2011-10-31] (Hewlett-Packard.)

R3 HPubA407; C:\WINDOWS\System32\Drivers\HPubA407.sys [18944 2012-06-14] (Hewlett-Packard.)

R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [244744 2017-04-13] (Intel Corporation)

S3 libusb0; C:\WINDOWS\system32\DRIVERS\libusb0.sys [61544 2016-11-01] (hxxp://libusb-win32.sourceforge.net)

R3 Netwtw04; C:\WINDOWS\system32\DRIVERS\Netwtw04.sys [7643648 2017-07-13] (Intel Corporation)

R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvhm.inf_amd64_f0b2a5e1e71031b3\nvlddmkm.sys [15620208 2017-10-16] (NVIDIA Corporation)

S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-07-31] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [46768 2015-07-31] (NVIDIA Corporation)

R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [889584 2016-02-07] (Realtek )

S3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [753368 2015-07-31] (Realsil Semiconductor Corporation)

S3 RZSURROUNDVADService; C:\WINDOWS\system32\drivers\RzSurroundVAD.sys [40640 2016-02-15] (Windows ® Win 7 DDK provider)

S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()

S3 SGXEPC; C:\WINDOWS\System32\drivers\sgx_driver.sys [54768 2015-06-19] (Windows ® Win 7 DDK provider)

S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [33448 2015-07-27] (Synaptics Incorporated)

R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [55384 2017-08-18] (Synaptics Incorporated)

S3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [100592 2016-10-13] (Symantec Corporation)

R3 usb3Hub; C:\WINDOWS\System32\drivers\usb3Hub.sys [212056 2015-07-06] (Windows ® Win 7 DDK provider)

S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)

R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)

R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)

R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30368 2017-06-21] (HP)

S1 deunmpbg; \??\C:\WINDOWS\system32\drivers\deunmpbg.sys [X]

S1 ianazcdq; \??\C:\WINDOWS\system32\drivers\ianazcdq.sys [X]

S1 jnnrlyqz; \??\C:\WINDOWS\system32\drivers\jnnrlyqz.sys [X]

S1 mxnoycvd; \??\C:\WINDOWS\system32\drivers\mxnoycvd.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2017-12-19 07:24 - 2017-12-19 07:24 - 001388448 _____ C:\Users\Public\ASR.dat

2017-12-19 07:22 - 2017-12-19 07:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox

2017-12-18 22:27 - 2017-12-18 22:27 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\13128628.sys

2017-12-18 22:26 - 2017-12-18 22:26 - 014161479 _____ C:\Users\ideja\Desktop\mbar-1.10.3.1001-nr.exe

2017-12-17 15:59 - 2017-12-17 16:01 - 000090227 _____ C:\Users\ideja\Desktop\Addition.txt

2017-12-17 15:57 - 2017-12-19 13:46 - 000025224 _____ C:\Users\ideja\Desktop\FRST.txt

2017-12-17 15:57 - 2017-12-19 13:44 - 000000000 ____D C:\FRST

2017-12-17 15:55 - 2017-12-17 15:55 - 002392064 _____ (Farbar) C:\Users\ideja\Desktop\FRST64.exe

2017-12-17 15:45 - 2017-12-17 15:45 - 083316440 _____ (Malwarebytes ) C:\Users\ideja\Desktop\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374.exe

2017-12-16 15:40 - 2017-12-19 07:06 - 000000000 ____D C:\Users\ideja\Desktop\mbar

2017-12-15 21:47 - 2017-12-16 15:41 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\63545116.sys

2017-12-15 21:47 - 2017-12-15 21:47 - 000000000 ____D C:\ProgramData\Malwarebytes

2017-12-15 21:46 - 2017-12-19 07:16 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2017-12-15 21:45 - 2017-12-15 21:45 - 014161479 _____ C:\Users\ideja\Downloads\mbar-1.10.3.1001-nr.exe

2017-12-15 21:15 - 2017-12-15 21:17 - 083316440 _____ (Malwarebytes ) C:\Users\ideja\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374.exe

2017-12-14 20:14 - 2017-12-14 20:14 - 000000000 ___SD C:\WINDOWS\UpdateAssistantV2

2017-12-14 19:34 - 2017-12-14 19:35 - 000000000 ___HD C:\$WINDOWS.~BT

2017-12-13 16:18 - 2017-11-29 20:00 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2017-12-13 16:18 - 2017-11-29 19:58 - 006763128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll

2017-12-13 16:18 - 2017-11-29 19:58 - 000702032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll

2017-12-13 16:18 - 2017-11-29 19:57 - 001123968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll

2017-12-13 16:18 - 2017-11-29 19:45 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll

2017-12-13 16:18 - 2017-11-29 19:43 - 020511232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll

2017-12-13 16:18 - 2017-11-29 19:43 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll

2017-12-13 16:18 - 2017-11-29 19:43 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll

2017-12-13 16:18 - 2017-11-29 19:42 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll

2017-12-13 16:18 - 2017-11-29 19:42 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscript.ocx

2017-12-13 16:18 - 2017-11-29 19:41 - 000146944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscript.exe

2017-12-13 16:18 - 2017-11-29 19:40 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll

2017-12-13 16:18 - 2017-11-29 19:40 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrobj.dll

2017-12-13 16:18 - 2017-11-29 19:40 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscript.exe

2017-12-13 16:18 - 2017-11-29 19:38 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll

2017-12-13 16:18 - 2017-11-29 19:38 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll

2017-12-13 16:18 - 2017-11-29 19:38 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll

2017-12-13 16:18 - 2017-11-29 19:37 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2017-12-13 16:18 - 2017-11-29 19:36 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll

2017-12-13 16:18 - 2017-11-29 19:36 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll

2017-12-13 16:18 - 2017-11-29 19:35 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2017-12-13 16:18 - 2017-11-29 19:34 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll

2017-12-13 16:18 - 2017-11-17 02:31 - 000223640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll

2017-12-13 16:18 - 2017-11-17 02:00 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys

2017-12-13 16:17 - 2017-11-29 19:44 - 019334144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2017-12-13 16:17 - 2017-11-29 19:40 - 000585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll

2017-12-13 16:17 - 2017-11-29 19:38 - 008195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll

2017-12-13 16:17 - 2017-11-29 19:37 - 006252544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll

2017-12-13 16:17 - 2017-11-29 19:36 - 004726784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2017-12-13 16:17 - 2017-11-29 19:36 - 003652096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2017-12-13 16:17 - 2017-11-29 19:36 - 000755200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll

2017-12-13 16:16 - 2017-11-29 19:44 - 023679488 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2017-12-13 16:15 - 2017-11-29 20:33 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\OOBEUpdater.exe

2017-12-13 16:15 - 2017-11-29 19:59 - 023678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll

2017-12-13 16:14 - 2017-11-29 20:23 - 001194248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll

2017-12-13 16:14 - 2017-11-29 19:44 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll

2017-12-13 16:14 - 2017-11-29 19:42 - 000560640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll

2017-12-13 16:14 - 2017-11-29 19:42 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll

2017-12-13 16:14 - 2017-11-29 19:41 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe

2017-12-13 16:14 - 2017-11-29 19:40 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2017-12-13 16:14 - 2017-11-29 19:39 - 011888640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2017-12-13 16:14 - 2017-11-29 19:36 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll

2017-12-13 16:13 - 2017-11-29 20:33 - 001015704 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe

2017-12-13 16:13 - 2017-11-29 20:29 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2017-12-13 16:13 - 2017-11-29 20:24 - 000870896 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll

2017-12-13 16:13 - 2017-11-29 20:23 - 007910960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll

2017-12-13 16:13 - 2017-11-29 19:44 - 000171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll

2017-12-13 16:13 - 2017-11-29 19:42 - 000304640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll

2017-12-13 16:13 - 2017-11-29 19:39 - 003206656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll

2017-12-13 16:13 - 2017-11-29 19:39 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll

2017-12-13 16:13 - 2017-11-29 19:37 - 003306496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2017-12-13 16:13 - 2017-11-29 19:36 - 001802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2017-12-13 16:13 - 2017-11-17 02:46 - 002032536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe

2017-12-13 16:13 - 2017-11-17 02:46 - 000821656 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe

2017-12-13 16:13 - 2017-11-17 02:03 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys

2017-12-13 16:12 - 2017-11-29 20:33 - 001144728 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe

2017-12-13 16:12 - 2017-11-17 02:37 - 021353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll

2017-12-13 16:12 - 2017-11-17 01:59 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll

2017-12-13 16:11 - 2017-11-29 20:26 - 002647216 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2017-12-13 16:11 - 2017-11-29 19:45 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll

2017-12-13 16:11 - 2017-11-29 19:44 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys

2017-12-13 16:11 - 2017-11-29 19:43 - 000164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscript.exe

2017-12-13 16:11 - 2017-11-29 19:42 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll

2017-12-13 16:11 - 2017-11-29 19:42 - 000164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscript.exe

2017-12-13 16:11 - 2017-11-29 19:41 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll

2017-12-13 16:11 - 2017-11-29 19:41 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll

2017-12-13 16:11 - 2017-11-29 19:41 - 000222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll

2017-12-13 16:11 - 2017-11-29 19:39 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll

2017-12-13 16:11 - 2017-11-29 19:38 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll

2017-12-13 16:11 - 2017-11-29 19:37 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll

2017-12-13 16:11 - 2017-11-29 19:36 - 001398784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll

2017-12-13 16:11 - 2017-11-17 02:46 - 001578904 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll

2017-12-13 16:11 - 2017-11-17 02:46 - 000678808 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll

2017-12-13 16:11 - 2017-11-17 02:46 - 000613784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll

2017-12-13 16:11 - 2017-11-17 02:46 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll

2017-12-13 16:11 - 2017-11-17 02:46 - 000484248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll

2017-12-13 16:11 - 2017-11-17 02:46 - 000379288 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll

2017-12-13 16:11 - 2017-11-17 02:46 - 000259992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll

2017-12-13 16:11 - 2017-11-17 02:46 - 000190360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll

2017-12-13 16:11 - 2017-11-17 02:46 - 000136088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe

2017-12-13 16:11 - 2017-11-17 02:46 - 000067992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll

2017-12-13 16:11 - 2017-11-17 02:46 - 000034712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe

2017-12-13 16:11 - 2017-11-17 02:41 - 000503704 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll

2017-12-13 16:11 - 2017-11-17 02:39 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll

2017-12-13 16:11 - 2017-11-17 02:39 - 000643200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys

2017-12-13 16:11 - 2017-11-17 01:56 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys

2017-12-12 19:05 - 2017-12-12 19:05 - 008823296 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe

2017-12-05 22:22 - 2017-12-05 22:22 - 000000000 ____D C:\Users\ideja\Downloads\SWA

2017-12-04 18:06 - 2017-12-04 18:06 - 000051016 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe

2017-12-04 18:06 - 2017-12-04 18:06 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys

2017-12-04 18:06 - 2017-12-04 18:06 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys

2017-12-04 18:06 - 2017-12-04 18:06 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys

2017-12-03 23:44 - 2017-12-03 23:44 - 000641696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140.dll

2017-12-03 23:44 - 2017-12-03 23:44 - 000389296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vccorlib140.dll

2017-12-03 23:44 - 2017-12-03 23:44 - 000331432 _____ (Microsoft Corporation) C:\WINDOWS\system32\concrt140.dll

2017-12-03 23:44 - 2017-12-03 23:44 - 000087728 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140.dll

2017-12-03 23:38 - 2017-12-03 23:38 - 000440128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140.dll

2017-12-03 23:38 - 2017-12-03 23:38 - 000263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vccorlib140.dll

2017-12-03 23:38 - 2017-12-03 23:38 - 000242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\concrt140.dll

2017-12-03 23:38 - 2017-12-03 23:38 - 000083792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vcruntime140.dll

2017-11-24 20:25 - 2017-11-24 20:25 - 000000000 ____D C:\Windows.old

2017-11-24 16:58 - 2017-11-01 22:16 - 002398696 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll

2017-11-24 16:58 - 2017-11-01 22:15 - 001239448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys

2017-11-24 16:58 - 2017-11-01 22:13 - 000546712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys

2017-11-24 16:58 - 2017-11-01 22:13 - 000095640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys

2017-11-24 16:58 - 2017-11-01 22:10 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll

2017-11-24 16:58 - 2017-11-01 22:04 - 001292360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll

2017-11-24 16:58 - 2017-11-01 21:49 - 001838848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll

2017-11-24 16:58 - 2017-11-01 21:45 - 000613136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll

2017-11-24 16:58 - 2017-11-01 21:45 - 000362144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll

2017-11-24 16:58 - 2017-11-01 21:45 - 000354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll

2017-11-24 16:58 - 2017-11-01 21:45 - 000283544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe

2017-11-24 16:58 - 2017-11-01 21:45 - 000172952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe

2017-11-24 16:58 - 2017-11-01 21:45 - 000133896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe

2017-11-24 16:58 - 2017-11-01 21:44 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll

2017-11-24 16:58 - 2017-11-01 21:44 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll

2017-11-24 16:58 - 2017-11-01 21:43 - 020372896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll

2017-11-24 16:58 - 2017-11-01 21:36 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll

2017-11-24 16:58 - 2017-11-01 21:35 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll

2017-11-24 16:58 - 2017-11-01 21:35 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll

2017-11-24 16:58 - 2017-11-01 21:34 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe

2017-11-24 16:58 - 2017-11-01 21:34 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe

2017-11-24 16:58 - 2017-11-01 21:34 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll

2017-11-24 16:58 - 2017-11-01 21:32 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll

2017-11-24 16:58 - 2017-11-01 21:30 - 013381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll

2017-11-24 16:58 - 2017-11-01 21:30 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll

2017-11-24 16:58 - 2017-11-01 21:30 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll

2017-11-24 16:58 - 2017-11-01 21:30 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE

2017-11-24 16:58 - 2017-11-01 21:29 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll

2017-11-24 16:58 - 2017-11-01 21:27 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll

2017-11-24 16:58 - 2017-11-01 21:27 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertPKICmdlet.dll

2017-11-24 16:58 - 2017-11-01 21:26 - 005963776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll

2017-11-24 16:58 - 2017-11-01 21:26 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll

2017-11-24 16:58 - 2017-11-01 21:26 - 001937408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll

2017-11-24 16:58 - 2017-11-01 21:26 - 000371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll

2017-11-24 16:58 - 2017-11-01 21:26 - 000068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll

2017-11-24 16:58 - 2017-11-01 21:25 - 012227072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll

2017-11-24 16:58 - 2017-11-01 21:25 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll

2017-11-24 16:58 - 2017-11-01 21:25 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll

2017-11-24 16:58 - 2017-11-01 21:25 - 000364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll

2017-11-24 16:58 - 2017-11-01 21:24 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll

2017-11-24 16:58 - 2017-11-01 21:24 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll

2017-11-24 16:58 - 2017-11-01 21:24 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll

2017-11-24 16:58 - 2017-11-01 21:24 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll

2017-11-24 16:58 - 2017-11-01 21:23 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll

2017-11-24 16:58 - 2017-11-01 21:23 - 000680960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll

2017-11-24 16:58 - 2017-11-01 21:23 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll

2017-11-24 16:58 - 2017-11-01 21:23 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll

2017-11-24 16:58 - 2017-11-01 21:22 - 001884160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll

2017-11-24 16:58 - 2017-11-01 21:22 - 001494528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll

2017-11-24 16:58 - 2017-11-01 21:21 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll

2017-11-24 16:58 - 2017-11-01 21:21 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll

2017-11-24 16:58 - 2017-10-25 00:40 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll

2017-11-24 16:58 - 2017-10-15 08:09 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll

2017-11-24 16:58 - 2017-10-15 08:01 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll

2017-11-24 16:58 - 2017-10-15 07:53 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll

2017-11-24 16:58 - 2017-10-15 07:49 - 000094616 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll

2017-11-24 16:58 - 2017-10-15 07:49 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll

2017-11-24 16:58 - 2017-10-15 07:45 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll

2017-11-24 16:58 - 2017-10-15 07:44 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll

2017-11-24 16:58 - 2017-10-15 07:42 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll

2017-11-24 16:58 - 2017-10-15 07:42 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll

2017-11-24 16:58 - 2017-10-15 07:38 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll

2017-11-24 16:58 - 2017-10-15 07:14 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll

2017-11-24 16:58 - 2017-10-15 07:10 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll

2017-11-24 16:57 - 2017-11-01 22:16 - 002327448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys

2017-11-24 16:57 - 2017-11-01 22:13 - 000212888 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll

2017-11-24 16:57 - 2017-11-01 22:12 - 000727336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll

2017-11-24 16:57 - 2017-11-01 22:12 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll

2017-11-24 16:57 - 2017-11-01 22:12 - 000430848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll

2017-11-24 16:57 - 2017-11-01 22:12 - 000412752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll

2017-11-24 16:57 - 2017-11-01 22:12 - 000319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe

2017-11-24 16:57 - 2017-11-01 22:12 - 000144248 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe

2017-11-24 16:57 - 2017-11-01 22:05 - 000187800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe

2017-11-24 16:57 - 2017-11-01 21:34 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll

2017-11-24 16:57 - 2017-11-01 21:30 - 007339008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll

2017-11-24 16:57 - 2017-11-01 21:30 - 000719872 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll

2017-11-24 16:57 - 2017-11-01 21:30 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll

2017-11-24 16:57 - 2017-11-01 21:29 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2017-11-24 16:57 - 2017-11-01 21:28 - 000939008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll

2017-11-24 16:57 - 2017-11-01 21:27 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl

2017-11-24 16:57 - 2017-11-01 21:27 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll

2017-11-24 16:57 - 2017-11-01 21:25 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll

2017-11-24 16:57 - 2017-11-01 21:23 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll

2017-11-24 16:57 - 2017-11-01 21:22 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl

2017-11-24 16:57 - 2017-10-15 07:59 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll

2017-11-24 16:57 - 2017-10-15 07:53 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll

2017-11-24 16:57 - 2017-10-15 07:13 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll

2017-11-24 16:57 - 2017-10-15 07:05 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll

2017-11-24 16:57 - 2017-10-15 07:02 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll

2017-11-24 16:56 - 2017-11-01 22:20 - 000965016 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi

2017-11-24 16:56 - 2017-11-01 22:20 - 000543640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe

2017-11-24 16:56 - 2017-11-01 22:20 - 000469568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll

2017-11-24 16:56 - 2017-11-01 22:14 - 000667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll

2017-11-24 16:56 - 2017-11-01 22:13 - 002443672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys

2017-11-24 16:56 - 2017-11-01 22:13 - 001345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll

2017-11-24 16:56 - 2017-11-01 22:12 - 000714648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys

2017-11-24 16:56 - 2017-11-01 22:12 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys

2017-11-24 16:56 - 2017-11-01 22:12 - 000026472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

2017-11-24 16:56 - 2017-11-01 21:37 - 001278976 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll

2017-11-24 16:56 - 2017-11-01 21:37 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll

2017-11-24 16:56 - 2017-11-01 21:37 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE

2017-11-24 16:56 - 2017-11-01 21:37 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe

2017-11-24 16:56 - 2017-11-01 21:36 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll

2017-11-24 16:56 - 2017-11-01 21:35 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll

2017-11-24 16:56 - 2017-11-01 21:35 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys

2017-11-24 16:56 - 2017-11-01 21:34 - 000438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll

2017-11-24 16:56 - 2017-11-01 21:34 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageLiveTileTask.exe

2017-11-24 16:56 - 2017-11-01 21:34 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll

2017-11-24 16:56 - 2017-11-01 21:33 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll

2017-11-24 16:56 - 2017-11-01 21:33 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageHandlers.dll

2017-11-24 16:56 - 2017-11-01 21:33 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll

2017-11-24 16:56 - 2017-11-01 21:33 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertPKICmdlet.dll

2017-11-24 16:56 - 2017-11-01 21:32 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll

2017-11-24 16:56 - 2017-11-01 21:32 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Storage.dll

2017-11-24 16:56 - 2017-11-01 21:31 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll

2017-11-24 16:56 - 2017-11-01 21:31 - 000411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll

2017-11-24 16:56 - 2017-11-01 21:31 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll

2017-11-24 16:56 - 2017-11-01 21:30 - 000635392 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll

2017-11-24 16:56 - 2017-11-01 21:30 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll

2017-11-24 16:56 - 2017-11-01 21:30 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe

2017-11-24 16:56 - 2017-11-01 21:29 - 000415232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll

2017-11-24 16:56 - 2017-11-01 21:28 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll

2017-11-24 16:56 - 2017-11-01 21:28 - 000799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll

2017-11-24 16:56 - 2017-11-01 21:28 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll

2017-11-24 16:56 - 2017-11-01 21:27 - 000565248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll

2017-11-24 16:56 - 2017-11-01 21:27 - 000537600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll

2017-11-24 16:56 - 2017-11-01 21:26 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll

2017-11-24 16:56 - 2017-11-01 21:26 - 003060224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll

2017-11-24 16:56 - 2017-11-01 21:26 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll

2017-11-24 16:56 - 2017-11-01 21:25 - 002052608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys

2017-11-24 16:56 - 2017-11-01 21:25 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll

2017-11-24 16:56 - 2017-11-01 21:25 - 001713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll

2017-11-24 16:56 - 2017-11-01 21:25 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll

2017-11-24 16:56 - 2017-11-01 21:25 - 000877568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll

2017-11-24 16:56 - 2017-11-01 21:24 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll

2017-11-24 16:56 - 2017-11-01 21:23 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll

2017-11-24 16:56 - 2017-11-01 21:23 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll

2017-11-24 16:56 - 2017-11-01 21:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys

2017-11-24 16:56 - 2017-10-15 07:57 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys

2017-11-24 16:56 - 2017-10-15 07:57 - 000409496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys

2017-11-24 16:56 - 2017-10-15 07:56 - 000872464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll

2017-11-24 16:56 - 2017-10-15 07:51 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll

2017-11-24 16:56 - 2017-10-15 07:15 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll

2017-11-24 16:56 - 2017-10-15 07:08 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe

2017-11-24 16:56 - 2017-10-15 07:08 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll

2017-11-24 16:56 - 2017-10-15 07:00 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll

2017-11-22 15:05 - 2017-12-16 16:40 - 000000000 ____D C:\Users\ideja\AppData\LocalLow\Mozilla

2017-11-22 15:04 - 2017-12-19 07:10 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2017-11-22 15:04 - 2017-12-16 16:36 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2017-11-22 15:04 - 2017-11-22 15:10 - 000000000 ____D C:\Users\ideja\AppData\Local\Mozilla

2017-11-22 15:04 - 2017-11-22 15:05 - 000000000 ____D C:\Users\ideja\AppData\Roaming\Mozilla

2017-11-22 15:03 - 2017-12-19 07:10 - 000000000 ____D C:\Program Files\Mozilla Firefox

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2017-12-19 13:44 - 2017-04-20 21:35 - 000000000 ____D C:\WINDOWS\system32\SleepStudy

2017-12-19 07:25 - 2016-01-11 23:37 - 000000000 ____D C:\Program Files (x86)\Dropbox

2017-12-19 07:22 - 2016-09-15 17:01 - 000000000 ____D C:\Users\ideja\AppData\Local\cpx

2017-12-19 07:18 - 2016-09-15 16:04 - 000000000 ____D C:\Users\ideja\AppData\Local\mstrn32

2017-12-19 07:18 - 2016-01-19 19:07 - 000000000 ____D C:\Users\ideja\AppData\Local\Dropbox

2017-12-19 07:18 - 2016-01-19 19:04 - 000000000 ____D C:\Program Files (x86)\Google

2017-12-19 07:17 - 2016-01-19 19:15 - 000000000 ____D C:\Program Files (x86)\Steam

2017-12-19 07:16 - 2016-01-19 18:58 - 000000000 __SHD C:\Users\ideja\IntelGraphicsProfiles

2017-12-19 07:10 - 2017-04-20 22:06 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT

2017-12-19 07:10 - 2017-04-20 21:39 - 000000000 ____D C:\ProgramData\NVIDIA

2017-12-19 07:10 - 2017-04-20 21:35 - 000402768 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2017-12-19 06:55 - 2017-04-20 22:06 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F336DAC6-2D7B-4E28-A497-2E2CE6506065}

2017-12-18 22:35 - 2017-03-18 14:03 - 000000000 ___HD C:\Program Files\WindowsApps

2017-12-18 22:35 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\AppReadiness

2017-12-18 22:29 - 2016-02-22 18:56 - 000000000 ____D C:\Users\ideja\AppData\Local\CrashDumps

2017-12-18 12:40 - 2017-04-20 21:41 - 000000000 ____D C:\Users\ideja

2017-12-15 21:29 - 2016-01-19 18:59 - 000000000 ____D C:\Users\ideja\Documents\YouCam

2017-12-15 21:13 - 2017-04-20 21:40 - 001565480 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2017-12-15 21:06 - 2017-10-12 22:03 - 000000344 _____ C:\WINDOWS\Tasks\HPCeeScheduleForideja.job

2017-12-15 21:06 - 2017-03-18 04:40 - 002621440 _____ C:\WINDOWS\system32\config\BBI

2017-12-15 20:01 - 2017-10-12 22:03 - 000003236 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForideja

2017-12-15 19:37 - 2017-03-18 14:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2017-12-15 19:33 - 2016-01-11 23:42 - 000000000 ____D C:\Program Files (x86)\Microsoft Office

2017-12-15 19:13 - 2015-07-15 23:05 - 000000000 __RHD C:\Users\Public\AccountPictures

2017-12-14 20:14 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\oobe

2017-12-14 20:14 - 2017-03-18 14:01 - 000000000 ____D C:\WINDOWS\INF

2017-12-14 19:35 - 2017-04-20 18:44 - 000000000 ___DC C:\WINDOWS\Panther

2017-12-14 17:31 - 2017-03-18 13:51 - 000000000 ____D C:\WINDOWS\CbsTemp

2017-12-14 17:17 - 2016-01-19 19:24 - 000000000 ____D C:\Users\ideja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

2017-12-13 16:35 - 2016-01-19 21:19 - 000000000 ____D C:\WINDOWS\system32\MRT

2017-12-13 16:35 - 2016-01-19 18:59 - 000000000 ____D C:\Users\ideja\AppData\Local\Packages

2017-12-13 16:27 - 2017-10-18 18:29 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe

2017-12-13 16:27 - 2016-01-19 21:19 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2017-12-12 19:06 - 2017-06-18 20:22 - 000004580 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier

2017-12-12 19:05 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed

2017-12-12 19:05 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\Macromed

2017-12-10 15:00 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\rescache

2017-12-10 14:45 - 2016-01-29 23:28 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

2017-12-10 10:46 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\appraiser

2017-12-10 10:46 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\ShellExperiences

2017-12-10 10:46 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\Provisioning

2017-12-10 10:46 - 2017-03-18 14:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer

2017-12-10 10:46 - 2017-03-18 14:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer

2017-12-01 19:25 - 2017-08-12 13:10 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2017-12-01 19:25 - 2017-08-12 13:10 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2017-11-29 14:07 - 2016-05-19 09:25 - 000000000 ____D C:\Users\ideja\AppData\Local\Windows Live

2017-11-28 16:07 - 2017-04-20 22:11 - 000041913 _____ C:\WINDOWS\diagwrn.xml

2017-11-28 16:07 - 2017-04-20 22:11 - 000041913 _____ C:\WINDOWS\diagerr.xml

2017-11-28 12:32 - 2017-03-18 04:40 - 000032768 _____ C:\WINDOWS\system32\config\ELAM

2017-11-28 12:12 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\Registration

2017-11-22 16:54 - 2016-01-21 11:45 - 000545440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

2017-11-22 14:59 - 2017-06-18 20:22 - 000004422 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater

2017-11-20 15:27 - 2017-04-20 22:05 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task

2017-11-20 14:52 - 2017-04-26 18:03 - 000000000 ____D C:\Users\ideja\AppData\Roaming\.minecraft

 

==================== Files in the root of some directories =======

 

2016-07-31 14:40 - 2016-07-31 14:41 - 000000106 _____ () C:\Users\ideja\jobq.dat

2017-12-19 07:24 - 2017-12-19 07:24 - 001388448 _____ () C:\Users\Public\ASR.dat

2016-06-13 18:08 - 2016-08-05 21:40 - 000000096 _____ () C:\Users\ideja\AppData\Roaming\LauncherSettings_live.cfg

2016-06-13 18:03 - 2016-08-05 21:39 - 000000039 _____ () C:\Users\ideja\AppData\Roaming\TheHunterSettings_steam_live.cfg

 

Files to move or delete:

====================

C:\Program Files (x86)\cpx\cpx.exe

C:\Program Files (x86)\msrtn32\msrtn32.exe

 

 

Some files in TEMP:

====================

2017-07-11 17:08 - 2017-07-11 17:08 - 000739904 _____ (Oracle Corporation) C:\Users\ideja\AppData\Local\Temp\jre-8u131-windows-au.exe

2017-08-01 19:23 - 2017-08-01 19:23 - 000740416 _____ (Oracle Corporation) C:\Users\ideja\AppData\Local\Temp\jre-8u144-windows-au.exe

 

==================== Bamital & volsnap ======================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

 

LastRegBack: 2017-12-03 19:09

 

==================== End of FRST.txt ============================



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,215 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:31 PM

Posted 20 December 2017 - 09:00 AM

Hi,

:step1: Please download Malwarebytes Anti-Malware from here
  • Right-click on the MBAM icon and select Run as administrator to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.
  • Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
  • Note: The scan may take some time to finish, so please be patient.
  • If potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
===

p.s.
If you already have this MBAM program please update it.

Run the application and delete all that will be identified.

Post a fresh FRST log and let me know what problem persists.

#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,215 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:31 PM

Posted 26 December 2017 - 09:10 AM

Are you still with me?

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,215 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:31 PM

Posted 01 January 2018 - 08:12 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users