Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malwarebytes unable to remove Rootkit.Agent. Very frustrated.


  • This topic is locked This topic is locked
37 replies to this topic

#31 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,012 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:09:59 PM

Posted 10 January 2018 - 01:48 PM

Good! Now please run a new scan with FRST and provide me a fresh set of logs. I'll look for remnants.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


BC AdBot (Login to Remove)

 


m

#32 coolelementskater

coolelementskater
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:59 PM

Posted 10 January 2018 - 08:17 PM

FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.01.2018
Ran by coole (administrator) on LAPTOP-1EFMGE0S (10-01-2018 20:13:50)
Running from C:\Users\coole\Desktop
Loaded Profiles: coole (Available Profiles: coole)
Platform: Windows 10 Home Version 1709 16299.125 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Users\coole\AppData\Local\Epic Privacy Browser\Application\epic.exe" -- "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki119320.inf_amd64_1636669de50ea477\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe
(Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Scarlet.Crush Productions) C:\Program Files\Scarlet.Crush Productions\bin\ScpService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki119320.inf_amd64_1636669de50ea477\igfxEM.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD14\PDVD14Serv.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
(Lenovo(beijing) Limited) C:\ProgramData\Lenovo\ImController\Plugins\IdeaOSDPackage\x64\utility.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Epic Privacy Browser) C:\Users\coole\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Lenovo Group Limited) C:\Users\coole\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSB.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11712.1001.11.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.16299.188_none_16c3dcde323064d9\TiWorker.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [916184 2014-07-02] (Conexant Systems, Inc.)
HKLM\...\Run: [acevents] => C:\Program Files\ActivIdentity\ActivClient\acevents.exe [196648 2009-06-03] (ActivIdentity)
HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [483880 2009-06-03] (ActivIdentity)
HKLM\...\Run: [LenovoUtility] => C:\ProgramData\Lenovo\ImController\Plugins\IdeaOSDPackage\x64\utility.exe [911272 2017-07-27] (Lenovo(beijing) Limited)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830232 2016-03-08] (Conexant Systems, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297272 2017-12-11] (Apple Inc.)
HKU\S-1-5-21-3417926983-1736898458-3893536348-1001\ DisallowedCertificates: 99C494ECE4FC093EEE13C4D65B1B1E01B9B5D434 (U)
HKU\S-1-5-21-3417926983-1736898458-3893536348-1001\ DisallowedCertificates: DA36FAF56B2F6FBA1604F5BE46D864C9FA013BA3 (U)
HKU\S-1-5-21-3417926983-1736898458-3893536348-1001\ DisallowedCertificates: FCE1B1E25374DD94F5935BEB86CA643D8C8D1FF4 (U)
HKU\S-1-5-21-3417926983-1736898458-3893536348-1001\ DisallowedCertificates: FFAD03329B9E527A43EEC66A56F9CBB5393E6E13 (U)
HKU\S-1-5-21-3417926983-1736898458-3893536348-1001\...\Run: [Epic Privacy Browser Installer] => C:\Users\coole\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe [509096 2017-12-08] (Epic Privacy Browser)
HKU\S-1-5-21-3417926983-1736898458-3893536348-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10249048 2017-12-13] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ActivClient Agent.lnk [2017-09-01]
ShortcutTarget: ActivClient Agent.lnk -> C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
BootExecute: autocheck autochk /k:C *
GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{2e34d640-ef8d-45ba-954d-f9fb2e6a228b}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{5d8eae27-f45a-4bdf-9635-28217f7bf24f}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{5d8eae27-f45a-4bdf-9635-28217f7bf24f}: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{73201087-cf32-11e7-9dda-806e6f6e6963}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{933e1438-99d8-4ee7-a517-c3167507409a}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{933e1438-99d8-4ee7-a517-c3167507409a}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{a796df4c-a553-48b6-a132-df8cc7a5e7f9}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{be2096bc-ceaa-44b7-9ea6-ff7057b43c04}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{de7449df-ad47-46f8-af5d-899ffb2df875}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{f4e421bb-7cf9-408d-881f-7e271ba8451c}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{f4e421bb-7cf9-408d-881f-7e271ba8451c}: [DhcpNameServer] 8.8.8.8

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-3417926983-1736898458-3893536348-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-3417926983-1736898458-3893536348-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
SearchScopes: HKLM -> DefaultScope {04F5FCD3-D2BF-4594-88BA-697D352BE4BD} URL =
SearchScopes: HKLM-x32 -> DefaultScope {04F5FCD3-D2BF-4594-88BA-697D352BE4BD} URL =
SearchScopes: HKU\S-1-5-21-3417926983-1736898458-3893536348-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-12-18] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-12-18] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-12-18] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-12-18] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-18] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-18] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-18] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-18] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 4skqb24j.default-1512886024552
FF ProfilePath: C:\Users\coole\AppData\Roaming\Mozilla\Firefox\Profiles\4skqb24j.default-1512886024552 [2018-01-10]
FF Extension: (Disable JavaScript Shared Memory) - C:\Users\coole\AppData\Roaming\Mozilla\Firefox\Profiles\4skqb24j.default-1512886024552\features\{4a921b9c-2e1b-4dc6-8075-8b3096373149}\disable-js-shared-memory@mozilla.org.xpi [2018-01-07] [Legacy]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-12-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-12-18] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3417926983-1736898458-3893536348-1001: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=3 -> C:\Users\coole\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2017-12-08] (Epic Privacy Browser)
FF Plugin HKU\S-1-5-21-3417926983-1736898458-3893536348-1001: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=9 -> C:\Users\coole\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2017-12-08] (Epic Privacy Browser)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-11-27] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7761576 2017-12-25] (Microsoft Corporation)
R2 Ds3Service; C:\Program Files\Scarlet.Crush Productions\bin\ScpService.exe [381952 2014-03-13] (Scarlet.Crush Productions) [File not signed]
S4 ETDService; C:\Program Files\Elantech\ETDService.exe [134872 2016-11-10] (ELAN Microelectronics Corp.)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [68408 2017-11-12] (Lenovo Group Limited)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 RtkBtManServ; C:\WINDOWS\RtkBtManServ.exe [207392 2017-01-02] (Realtek Semiconductor Corp.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\NisSrv.exe [356176 2017-12-08] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MsMpEng.exe [105792 2017-12-08] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 7731B43B; C:\WINDOWS\system32\drivers\7731B43B.sys [255928 2017-12-10] (Malwarebytes)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [100624 2015-06-08] (CyberLink)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-09-09] (Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-09-09] (Disc Soft Ltd)
R3 ETDSMBus; C:\WINDOWS\system32\DRIVERS\ETDSMBus.sys [32336 2016-11-10] (ELAN Microelectronic Corp.)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2018-01-05] (Malwarebytes)
R1 MpKsl1df04c62; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3ED908F2-D685-4D0A-BE65-D7AC5443D219}\MpKsl1df04c62.sys [58120 2018-01-10] (Microsoft Corporation)
S1 RawDisk3; C:\WINDOWS\system32\drivers\rawdsk3.sys [41576 2016-02-19] (EldoS Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-08-22] (Realtek )
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [713248 2017-01-02] (Realtek Semiconductor Corporation)
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [418784 2016-10-26] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3138056 2016-08-04] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\WINDOWS\system32\DRIVERS\rtwlane.sys [6813664 2017-05-19] (Realtek Semiconductor Corporation )
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2017-12-08] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288848 2017-12-08] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2017-12-08] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-12-01] (Zemana Ltd.)
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-10 20:13 - 2018-01-10 20:15 - 000015867 _____ C:\Users\coole\Desktop\FRST.txt
2018-01-10 20:13 - 2018-01-10 20:13 - 002393088 _____ (Farbar) C:\Users\coole\Desktop\FRST64.exe
2018-01-09 20:33 - 2018-01-10 19:12 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-01-09 19:41 - 2018-01-09 20:29 - 000000000 ____D C:\ProgramData\RogueKiller
2018-01-09 19:41 - 2018-01-09 19:41 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-01-08 22:07 - 2018-01-08 22:07 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2018-01-08 21:38 - 2018-01-08 21:38 - 000000000 ____D C:\Program Files\AVAST Software
2018-01-08 20:21 - 2017-12-07 18:31 - 000779440 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-01-08 20:21 - 2017-12-07 18:16 - 000603920 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-01-08 20:21 - 2017-12-07 17:57 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-01-08 20:21 - 2017-12-07 17:31 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-01-08 20:21 - 2017-12-07 17:13 - 002905600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-01-08 20:21 - 2017-12-07 17:05 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-01-08 20:21 - 2017-12-07 17:05 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-01-08 20:21 - 2017-12-07 17:04 - 003678208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-01-08 20:21 - 2017-11-26 08:41 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2018-01-08 20:21 - 2017-11-26 08:32 - 000373656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2018-01-08 20:21 - 2017-11-26 08:31 - 000187288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2018-01-08 20:21 - 2017-11-26 06:59 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-01-08 20:21 - 2017-11-26 06:59 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2018-01-08 20:20 - 2017-12-08 01:52 - 000666112 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2018-01-08 20:20 - 2017-12-07 18:34 - 001925296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2018-01-08 20:20 - 2017-12-07 18:34 - 001634288 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2018-01-08 20:20 - 2017-12-07 18:31 - 008590744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-01-08 20:20 - 2017-12-07 18:28 - 000710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-01-08 20:20 - 2017-12-07 18:27 - 003903784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-01-08 20:20 - 2017-12-07 18:27 - 000184984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2018-01-08 20:20 - 2017-12-07 18:26 - 007385088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-01-08 20:20 - 2017-12-07 18:26 - 002709200 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-01-08 20:20 - 2017-12-07 18:25 - 000374032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
2018-01-08 20:20 - 2017-12-07 18:24 - 000246168 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-01-08 20:20 - 2017-12-07 18:23 - 005905752 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-01-08 20:20 - 2017-12-07 18:23 - 000677272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-01-08 20:20 - 2017-12-07 18:22 - 000979352 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2018-01-08 20:20 - 2017-12-07 18:21 - 007676296 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-01-08 20:20 - 2017-12-07 18:20 - 001170000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-01-08 20:20 - 2017-12-07 18:19 - 021352136 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-01-08 20:20 - 2017-12-07 18:16 - 001776272 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-01-08 20:20 - 2017-12-07 18:15 - 001426152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-01-08 20:20 - 2017-12-07 18:15 - 000721592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2018-01-08 20:20 - 2017-12-07 17:58 - 000123512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2018-01-08 20:20 - 2017-12-07 17:56 - 001528904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2018-01-08 20:20 - 2017-12-07 17:55 - 001490328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2018-01-08 20:20 - 2017-12-07 17:39 - 006092664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-01-08 20:20 - 2017-12-07 17:34 - 003484840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-01-08 20:20 - 2017-12-07 17:32 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-01-08 20:20 - 2017-12-07 17:31 - 001522176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-01-08 20:20 - 2017-12-07 17:31 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-01-08 20:20 - 2017-12-07 17:23 - 006478528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-01-08 20:20 - 2017-12-07 17:22 - 025245696 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-01-08 20:20 - 2017-12-07 17:11 - 003669504 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-01-08 20:20 - 2017-12-07 17:10 - 018916352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-01-08 20:20 - 2017-12-07 17:10 - 006466048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-01-08 20:20 - 2017-12-07 17:10 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-01-08 20:20 - 2017-12-07 17:08 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-01-08 20:20 - 2017-12-07 17:08 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2018-01-08 20:20 - 2017-12-07 17:07 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-01-08 20:20 - 2017-12-07 17:06 - 023652864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-01-08 20:20 - 2017-12-07 17:05 - 006037504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-01-08 20:20 - 2017-12-07 17:05 - 000539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2018-01-08 20:20 - 2017-12-07 17:04 - 001498112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-01-08 20:20 - 2017-12-07 17:04 - 001321472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2018-01-08 20:20 - 2017-12-07 17:04 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-01-08 20:20 - 2017-12-07 17:03 - 002467840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-01-08 20:20 - 2017-12-07 17:03 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-01-08 20:20 - 2017-12-07 17:03 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-01-08 20:20 - 2017-12-07 17:03 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-01-08 20:20 - 2017-12-07 17:02 - 007545344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-01-08 20:20 - 2017-12-07 17:02 - 002864640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2018-01-08 20:20 - 2017-12-07 17:02 - 002117632 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2018-01-08 20:20 - 2017-12-07 17:02 - 000813056 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-01-08 20:20 - 2017-12-07 17:01 - 008097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-01-08 20:20 - 2017-12-07 17:01 - 004592640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2018-01-08 20:20 - 2017-12-07 17:00 - 004740608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-01-08 20:20 - 2017-12-07 17:00 - 002862080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-01-08 20:20 - 2017-12-07 16:59 - 003121664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2018-01-08 20:20 - 2017-12-07 16:59 - 002105856 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-01-08 20:20 - 2017-12-07 16:59 - 001666048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2018-01-08 20:20 - 2017-12-07 16:58 - 003478016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2018-01-08 20:20 - 2017-12-07 16:58 - 003211776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2018-01-08 20:20 - 2017-12-07 16:58 - 001547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-01-08 20:20 - 2017-12-07 16:58 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-01-08 20:20 - 2017-12-07 16:57 - 001822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-01-08 20:20 - 2017-12-07 16:57 - 001487872 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-01-08 20:20 - 2017-12-07 16:56 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-01-08 20:20 - 2017-12-07 16:54 - 002510336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2018-01-08 20:20 - 2017-11-26 15:35 - 017084416 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-01-08 20:20 - 2017-11-26 15:32 - 021754368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-01-08 20:20 - 2017-11-26 15:15 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2018-01-08 20:20 - 2017-11-26 11:43 - 000618496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2018-01-08 20:20 - 2017-11-26 08:48 - 001200536 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-01-08 20:20 - 2017-11-26 08:47 - 001053592 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-01-08 20:20 - 2017-11-26 08:45 - 001642520 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2018-01-08 20:20 - 2017-11-26 08:38 - 001636376 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-01-08 20:20 - 2017-11-26 08:33 - 002395032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-01-08 20:20 - 2017-11-26 08:30 - 001488792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2018-01-08 20:20 - 2017-11-26 08:29 - 003010720 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-01-08 20:20 - 2017-11-26 08:29 - 002573208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-01-08 20:20 - 2017-11-26 08:29 - 000840440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Perception.Stub.dll
2018-01-08 20:20 - 2017-11-26 08:29 - 000703536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2018-01-08 20:20 - 2017-11-26 08:29 - 000436120 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2018-01-08 20:20 - 2017-11-26 08:28 - 001259344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2018-01-08 20:20 - 2017-11-26 08:28 - 000495000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2018-01-08 20:20 - 2017-11-26 08:27 - 002446744 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2018-01-08 20:20 - 2017-11-26 08:27 - 002412168 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-01-08 20:20 - 2017-11-26 08:27 - 001413760 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-01-08 20:20 - 2017-11-26 08:27 - 000464408 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2018-01-08 20:20 - 2017-11-26 08:27 - 000230296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2018-01-08 20:20 - 2017-11-26 08:26 - 000428952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-01-08 20:20 - 2017-11-26 08:25 - 000902416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-01-08 20:20 - 2017-11-26 08:23 - 001694224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2018-01-08 20:20 - 2017-11-26 08:21 - 001585376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-01-08 20:20 - 2017-11-26 08:20 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-01-08 20:20 - 2017-11-26 07:55 - 001289216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-01-08 20:20 - 2017-11-26 07:55 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-01-08 20:20 - 2017-11-26 07:55 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2018-01-08 20:20 - 2017-11-26 07:55 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2018-01-08 20:20 - 2017-11-26 07:48 - 012829696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-01-08 20:20 - 2017-11-26 07:31 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2018-01-08 20:20 - 2017-11-26 07:26 - 000830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9on12.dll
2018-01-08 20:20 - 2017-11-26 07:26 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2018-01-08 20:20 - 2017-11-26 07:25 - 000516096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2018-01-08 20:20 - 2017-11-26 07:19 - 001167360 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2018-01-08 20:20 - 2017-11-26 07:18 - 003186688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2018-01-08 20:20 - 2017-11-26 07:18 - 001424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-01-08 20:20 - 2017-11-26 07:18 - 000556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2018-01-08 20:20 - 2017-11-26 07:17 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-01-08 20:20 - 2017-11-26 07:17 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-01-08 20:20 - 2017-11-26 07:08 - 017159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-01-08 20:20 - 2017-11-26 07:05 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-01-08 20:20 - 2017-11-26 07:04 - 003578368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2018-01-08 20:20 - 2017-11-26 07:04 - 002596352 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2018-01-08 20:20 - 2017-11-26 07:03 - 004772352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2018-01-08 20:20 - 2017-11-26 07:03 - 002783744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-01-08 20:20 - 2017-11-26 07:01 - 003163648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-01-08 20:20 - 2017-11-26 06:59 - 004814848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-01-08 20:20 - 2017-11-26 06:21 - 001474680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2018-01-08 20:20 - 2017-11-26 06:21 - 001432816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-01-08 20:20 - 2017-11-26 06:02 - 001124760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContentDeliveryManager.Utilities.dll
2018-01-08 20:20 - 2017-11-26 06:01 - 002339296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2018-01-08 20:20 - 2017-11-26 06:01 - 000590944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2018-01-08 20:20 - 2017-11-26 06:01 - 000506256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll
2018-01-08 20:20 - 2017-11-26 06:01 - 000354200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2018-01-08 20:20 - 2017-11-26 06:00 - 001990160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-01-08 20:20 - 2017-11-26 05:59 - 000703568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-01-08 20:20 - 2017-11-26 05:58 - 001148216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2018-01-08 20:20 - 2017-11-26 05:51 - 001558856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2018-01-08 20:20 - 2017-11-26 05:41 - 002393600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-01-08 20:20 - 2017-11-26 05:41 - 000372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2018-01-08 20:20 - 2017-11-26 05:41 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2018-01-08 20:20 - 2017-11-26 05:36 - 013703168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2018-01-08 20:20 - 2017-11-26 05:32 - 011923456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-01-08 20:20 - 2017-11-26 05:30 - 004385280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2018-01-08 20:20 - 2017-11-26 05:29 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-01-08 20:20 - 2017-11-26 05:29 - 000823808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-01-08 20:20 - 2017-11-26 05:28 - 004249600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2018-01-08 20:20 - 2017-11-19 02:35 - 003331520 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2018-01-08 20:20 - 2017-11-18 21:20 - 002491112 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2018-01-08 20:19 - 2017-12-07 18:34 - 000059800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bam.sys
2018-01-08 20:19 - 2017-12-07 18:30 - 000166296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2018-01-08 20:19 - 2017-12-07 18:28 - 000630752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcrt.dll
2018-01-08 20:19 - 2017-12-07 18:27 - 004504456 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-01-08 20:19 - 2017-12-07 18:26 - 000525208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2018-01-08 20:19 - 2017-12-07 18:24 - 000705944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2018-01-08 20:19 - 2017-12-07 18:24 - 000437144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2018-01-08 20:19 - 2017-12-07 18:22 - 001003104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-01-08 20:19 - 2017-12-07 18:22 - 000137544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2018-01-08 20:19 - 2017-12-07 18:22 - 000129432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2018-01-08 20:19 - 2017-12-07 18:14 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-01-08 20:19 - 2017-12-07 18:12 - 000401304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2018-01-08 20:19 - 2017-12-07 18:10 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-01-08 20:19 - 2017-12-07 17:55 - 000097144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2018-01-08 20:19 - 2017-12-07 17:37 - 001145104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-01-08 20:19 - 2017-12-07 17:36 - 000769096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcrt.dll
2018-01-08 20:19 - 2017-12-07 17:34 - 002192112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-01-08 20:19 - 2017-12-07 17:33 - 000747416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2018-01-08 20:19 - 2017-12-07 17:33 - 000592280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2018-01-08 20:19 - 2017-12-07 17:12 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-01-08 20:19 - 2017-12-07 17:12 - 000202240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2018-01-08 20:19 - 2017-12-07 17:12 - 000101376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscript.ocx
2018-01-08 20:19 - 2017-12-07 17:10 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-01-08 20:19 - 2017-12-07 17:10 - 000250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2018-01-08 20:19 - 2017-12-07 17:10 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2018-01-08 20:19 - 2017-12-07 17:10 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-01-08 20:19 - 2017-12-07 17:09 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\batmeter.dll
2018-01-08 20:19 - 2017-12-07 17:09 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2018-01-08 20:19 - 2017-12-07 17:09 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscript.exe
2018-01-08 20:19 - 2017-12-07 17:09 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscript.exe
2018-01-08 20:19 - 2017-12-07 17:09 - 000136704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gamingtcui.dll
2018-01-08 20:19 - 2017-12-07 17:08 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
2018-01-08 20:19 - 2017-12-07 17:08 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-01-08 20:19 - 2017-12-07 17:08 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrobj.dll
2018-01-08 20:19 - 2017-12-07 17:08 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-01-08 20:19 - 2017-12-07 17:07 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-01-08 20:19 - 2017-12-07 17:07 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\PushToInstall.dll
2018-01-08 20:19 - 2017-12-07 17:07 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2018-01-08 20:19 - 2017-12-07 17:07 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-01-08 20:19 - 2017-12-07 17:07 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2018-01-08 20:19 - 2017-12-07 17:07 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2018-01-08 20:19 - 2017-12-07 17:06 - 000676352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2018-01-08 20:19 - 2017-12-07 17:06 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-01-08 20:19 - 2017-12-07 17:06 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcui.dll
2018-01-08 20:19 - 2017-12-07 17:06 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscript.exe
2018-01-08 20:19 - 2017-12-07 17:05 - 001670656 _____ (Microsoft Corporation) C:\WINDOWS\system32\batmeter.dll
2018-01-08 20:19 - 2017-12-07 17:05 - 000559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2018-01-08 20:19 - 2017-12-07 17:05 - 000481792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2018-01-08 20:19 - 2017-12-07 17:05 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-01-08 20:19 - 2017-12-07 17:05 - 000363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2018-01-08 20:19 - 2017-12-07 17:05 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-01-08 20:19 - 2017-12-07 17:05 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2018-01-08 20:19 - 2017-12-07 17:05 - 000222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll
2018-01-08 20:19 - 2017-12-07 17:05 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscript.exe
2018-01-08 20:19 - 2017-12-07 17:05 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll
2018-01-08 20:19 - 2017-12-07 17:03 - 001230848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2018-01-08 20:19 - 2017-12-07 17:03 - 000841728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2018-01-08 20:19 - 2017-12-07 17:03 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2018-01-08 20:19 - 2017-12-07 17:03 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2018-01-08 20:19 - 2017-12-07 17:03 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2018-01-08 20:19 - 2017-12-07 17:03 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\hascsp.dll
2018-01-08 20:19 - 2017-12-07 17:02 - 000815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-01-08 20:19 - 2017-12-07 17:02 - 000496640 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2018-01-08 20:19 - 2017-12-07 17:01 - 001980928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2018-01-08 20:19 - 2017-12-07 17:01 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2018-01-08 20:19 - 2017-12-07 17:01 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2018-01-08 20:19 - 2017-12-07 17:00 - 001509888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2018-01-08 20:19 - 2017-12-07 16:59 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2018-01-08 20:19 - 2017-12-07 16:59 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-01-08 20:19 - 2017-12-07 16:58 - 001353728 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2018-01-08 20:19 - 2017-12-07 16:56 - 002666496 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2018-01-08 20:19 - 2017-12-07 16:56 - 001739264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2018-01-08 20:19 - 2017-12-07 16:54 - 001570816 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2018-01-08 20:19 - 2017-12-07 16:54 - 001160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2018-01-08 20:19 - 2017-11-26 08:45 - 000319352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-01-08 20:19 - 2017-11-26 08:45 - 000264040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-01-08 20:19 - 2017-11-26 08:45 - 000198888 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-01-08 20:19 - 2017-11-26 08:37 - 001277848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-01-08 20:19 - 2017-11-26 08:35 - 001090440 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-01-08 20:19 - 2017-11-26 08:35 - 000924136 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-01-08 20:19 - 2017-11-26 08:33 - 001208184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-01-08 20:19 - 2017-11-26 08:33 - 000471960 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-01-08 20:19 - 2017-11-26 08:33 - 000398744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2018-01-08 20:19 - 2017-11-26 08:32 - 000082840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-01-08 20:19 - 2017-11-26 08:29 - 000891800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-01-08 20:19 - 2017-11-26 08:29 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-01-08 20:19 - 2017-11-26 08:28 - 001012120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Services.TargetedContent.dll
2018-01-08 20:19 - 2017-11-26 08:28 - 000713624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-01-08 20:19 - 2017-11-26 08:28 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2018-01-08 20:19 - 2017-11-26 08:26 - 000048112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2018-01-08 20:19 - 2017-11-26 08:23 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-01-08 20:19 - 2017-11-26 08:23 - 000754688 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2018-01-08 20:19 - 2017-11-26 08:22 - 000404888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2018-01-08 20:19 - 2017-11-26 08:21 - 000654048 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-01-08 20:19 - 2017-11-26 08:20 - 000615768 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2018-01-08 20:19 - 2017-11-26 07:57 - 001664000 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2018-01-08 20:19 - 2017-11-26 07:55 - 000211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-01-08 20:19 - 2017-11-26 07:55 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceUpdateAgent.dll
2018-01-08 20:19 - 2017-11-26 07:54 - 000327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-01-08 20:19 - 2017-11-26 07:54 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-01-08 20:19 - 2017-11-26 07:47 - 002890240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2018-01-08 20:19 - 2017-11-26 07:43 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2018-01-08 20:19 - 2017-11-26 07:36 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2018-01-08 20:19 - 2017-11-26 07:36 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2018-01-08 20:19 - 2017-11-26 07:36 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SIUF.dll
2018-01-08 20:19 - 2017-11-26 07:36 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2018-01-08 20:19 - 2017-11-26 07:35 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_ContentDeliveryManager.dll
2018-01-08 20:19 - 2017-11-26 07:35 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2018-01-08 20:19 - 2017-11-26 07:34 - 000126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptcatsvc.dll
2018-01-08 20:19 - 2017-11-26 07:33 - 000361984 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatializerApo.dll
2018-01-08 20:19 - 2017-11-26 07:31 - 001495040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-01-08 20:19 - 2017-11-26 07:31 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2018-01-08 20:19 - 2017-11-26 07:31 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2018-01-08 20:19 - 2017-11-26 07:29 - 000474112 _____ (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll
2018-01-08 20:19 - 2017-11-26 07:29 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2018-01-08 20:19 - 2017-11-26 07:29 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2018-01-08 20:19 - 2017-11-26 07:29 - 000238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll
2018-01-08 20:19 - 2017-11-26 07:28 - 000394752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2018-01-08 20:19 - 2017-11-26 07:26 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-01-08 20:19 - 2017-11-26 07:25 - 001425408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-01-08 20:19 - 2017-11-26 07:25 - 000354304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WwaApi.dll
2018-01-08 20:19 - 2017-11-26 07:25 - 000292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExecModelClient.dll
2018-01-08 20:19 - 2017-11-26 07:25 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2018-01-08 20:19 - 2017-11-26 07:23 - 000588288 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2018-01-08 20:19 - 2017-11-26 07:22 - 000720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-01-08 20:19 - 2017-11-26 07:19 - 000887296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2018-01-08 20:19 - 2017-11-26 07:19 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadjcsp.dll
2018-01-08 20:19 - 2017-11-26 07:17 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-01-08 20:19 - 2017-11-26 07:00 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2018-01-08 20:19 - 2017-11-26 06:59 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2018-01-08 20:19 - 2017-11-26 06:58 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2018-01-08 20:19 - 2017-11-26 06:48 - 000534528 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2018-01-08 20:19 - 2017-11-26 06:48 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acppage.dll
2018-01-08 20:19 - 2017-11-26 06:01 - 000791960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-01-08 20:19 - 2017-11-26 06:01 - 000746904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Services.TargetedContent.dll
2018-01-08 20:19 - 2017-11-26 06:00 - 000353848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2018-01-08 20:19 - 2017-11-26 05:58 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-01-08 20:19 - 2017-11-26 05:51 - 000661664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2018-01-08 20:19 - 2017-11-26 05:41 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2018-01-08 20:19 - 2017-11-26 05:41 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2018-01-08 20:19 - 2017-11-26 05:40 - 000160256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2018-01-08 20:19 - 2017-11-26 05:38 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SpatializerApo.dll
2018-01-08 20:19 - 2017-11-26 05:37 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2018-01-08 20:19 - 2017-11-26 05:36 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2018-01-08 20:19 - 2017-11-26 05:36 - 000351232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DictationManager.dll
2018-01-08 20:19 - 2017-11-26 05:36 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2018-01-08 20:19 - 2017-11-26 05:35 - 000557056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9on12.dll
2018-01-08 20:19 - 2017-11-26 05:35 - 000293888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WwaApi.dll
2018-01-08 20:19 - 2017-11-26 05:35 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2018-01-08 20:19 - 2017-11-26 05:35 - 000242176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExecModelClient.dll
2018-01-08 20:19 - 2017-11-26 05:31 - 000660480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2018-01-08 20:19 - 2017-11-26 05:31 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2018-01-08 20:19 - 2017-11-26 05:30 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2018-01-08 20:19 - 2017-11-26 05:24 - 000614912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2018-01-08 20:19 - 2017-11-26 05:24 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\acppage.dll
2018-01-08 18:18 - 2018-01-08 18:18 - 000003690 _____ C:\Users\coole\Desktop\boot_into_RE_2.bat
2018-01-05 21:57 - 2018-01-05 21:57 - 000000000 ____D C:\Users\coole\AppData\Local\LenovoServiceBridge
2018-01-04 09:17 - 2018-01-04 09:17 - 000370584 _____ C:\Users\coole\Desktop\2017-MKTS.pdf
2018-01-03 16:47 - 2018-01-03 16:47 - 000002355 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-28 18:45 - 2018-01-05 22:01 - 000000176 _____ C:\WINDOWS\wininit.ini
2017-12-21 12:57 - 2017-12-21 12:57 - 000001823 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-12-21 12:57 - 2017-12-21 12:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-12-21 12:57 - 2017-12-21 12:57 - 000000000 ____D C:\Program Files\iPod
2017-12-21 12:56 - 2017-12-21 12:57 - 000000000 ____D C:\Program Files\iTunes
2017-12-21 12:45 - 2017-12-21 12:45 - 000000000 ____D C:\Program Files\Bonjour
2017-12-21 12:45 - 2017-12-21 12:45 - 000000000 ____D C:\Program Files (x86)\Bonjour
2017-12-18 21:09 - 2018-01-10 20:13 - 000000000 ____D C:\FRST
2017-12-18 20:43 - 2017-12-18 20:43 - 000003938 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2017-12-18 20:43 - 2017-12-18 20:43 - 000002870 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-12-18 20:43 - 2017-12-18 20:43 - 000000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-12-18 20:43 - 2017-12-18 20:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-12-18 20:43 - 2017-12-18 20:43 - 000000000 ____D C:\Program Files\CCleaner
2017-12-18 20:25 - 2017-12-18 20:25 - 000000000 ____D C:\Users\coole\Desktop\Goodwin
2017-12-18 18:40 - 2017-12-07 17:13 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2017-12-18 18:40 - 2017-12-07 17:10 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2017-12-13 19:06 - 2017-12-18 20:31 - 000000000 ____D C:\WINDOWS\system32\MpEngineStore
2017-12-13 19:00 - 2017-12-13 19:01 - 130448288 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\MRT-KB890830.exe
2017-12-13 19:00 - 2017-12-13 19:01 - 130448288 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\MRT.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-10 20:14 - 2017-12-01 17:52 - 000172894 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-01-10 19:48 - 2017-11-21 22:09 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-01-10 19:17 - 2017-09-29 08:44 - 000000000 ____D C:\WINDOWS\INF
2018-01-10 18:13 - 2017-07-20 14:09 - 001388432 _____ C:\Users\Public\VOIP.dat
2018-01-10 17:08 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-01-10 16:57 - 2017-11-21 22:32 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{AE47C9BB-483A-48B0-B35C-584E8A5A4BF9}
2018-01-10 16:55 - 2017-08-28 14:29 - 000000000 ____D C:\Users\coole\AppData\LocalLow\Mozilla
2018-01-10 00:22 - 2017-09-29 08:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-01-10 00:19 - 2017-11-21 22:31 - 002134474 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-01-09 20:38 - 2017-08-28 14:27 - 000088920 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
2018-01-09 20:34 - 2017-12-08 18:07 - 000000000 ____D C:\Users\coole\AppData\Local\Epic Privacy Browser
2018-01-09 20:33 - 2017-09-29 08:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-01-09 20:33 - 2017-08-28 14:22 - 000000000 __SHD C:\Users\coole\IntelGraphicsProfiles
2018-01-09 20:32 - 2017-11-21 22:32 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-01-09 20:31 - 2017-12-09 21:51 - 000000000 ____D C:\AdwCleaner
2018-01-09 20:31 - 2017-09-29 03:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-01-09 19:38 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-01-08 22:21 - 2017-11-21 22:14 - 000000000 ____D C:\Users\coole\AppData\Local\Packages
2018-01-08 22:14 - 2017-08-28 14:32 - 000000000 ____D C:\Users\coole\AppData\Local\Google
2018-01-08 22:14 - 2017-08-28 14:32 - 000000000 ____D C:\Program Files (x86)\Google
2018-01-08 22:07 - 2017-11-17 17:35 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2018-01-08 21:38 - 2017-11-17 17:30 - 000000000 ____D C:\ProgramData\AVAST Software
2018-01-08 20:39 - 2017-11-22 17:03 - 000000000 ___RD C:\Users\coole\3D Objects
2018-01-08 20:39 - 2017-03-23 12:27 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-01-08 20:37 - 2017-11-21 22:09 - 000399424 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-01-08 20:34 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-01-08 20:34 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2018-01-08 20:34 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-01-08 20:34 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2018-01-08 20:34 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-01-08 20:34 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-01-08 20:34 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-01-08 20:34 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\Provisioning
2018-01-08 20:34 - 2017-09-29 08:46 - 000000000 ____D C:\Program Files\Windows Defender
2018-01-08 20:34 - 2017-09-29 08:46 - 000000000 ____D C:\PerfLogs
2018-01-08 20:34 - 2017-09-29 03:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-01-08 20:27 - 2017-09-29 08:42 - 001587200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-01-08 20:27 - 2017-09-29 08:41 - 001856000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-01-08 20:27 - 2017-09-29 08:41 - 000139672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2018-01-08 20:27 - 2017-09-29 08:41 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2018-01-08 18:48 - 2017-12-10 01:06 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-01-08 18:47 - 2017-09-29 03:45 - 022020096 _____ C:\WINDOWS\system32\config\HARDWARE
2018-01-08 18:46 - 2017-11-21 22:13 - 000000000 ____D C:\Users\coole
2018-01-08 17:57 - 2017-12-01 21:19 - 000000000 ____D C:\Users\coole\AppData\Local\ElevatedDiagnostics
2018-01-07 10:35 - 2017-08-28 14:45 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-01-05 22:01 - 2017-12-10 01:06 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-01-05 22:01 - 2017-09-29 08:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-01-05 22:00 - 2017-12-10 01:06 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2018-01-05 21:57 - 2017-07-20 13:20 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-01-05 21:38 - 2017-12-08 19:51 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-01-03 15:40 - 2017-11-17 21:13 - 000000000 ___DC C:\WINDOWS\Panther
2017-12-22 08:45 - 2017-09-29 08:49 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-12-22 08:45 - 2017-09-29 08:49 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-12-19 13:27 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-12-18 20:27 - 2017-10-10 16:41 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-12-18 20:27 - 2017-08-29 08:29 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-12-18 20:26 - 2017-11-05 10:02 - 000000000 ____D C:\Users\coole\Desktop\Jerrica
2017-12-13 18:58 - 2017-12-09 01:12 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-12-13 18:58 - 2017-12-01 17:52 - 000080676 _____ C:\WINDOWS\ZAM.krnl.trace
2017-12-13 06:53 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\rescache
2017-12-12 21:36 - 2017-08-28 14:22 - 000000000 ____D C:\Users\coole\AppData\Local\VirtualStore

==================== Files in the root of some directories =======

2017-07-20 14:09 - 2018-01-10 18:13 - 001388432 _____ () C:\Users\Public\VOIP.dat

Some files in TEMP:
====================
2018-01-08 20:05 - 2017-09-29 08:42 - 000040448 _____ (Microsoft Corporation) C:\Users\coole\AppData\Local\Temp\1787.exe
2018-01-08 18:45 - 2017-09-29 08:42 - 000040448 _____ (Microsoft Corporation) C:\Users\coole\AppData\Local\Temp\18831.exe
2018-01-09 19:41 - 2017-11-22 00:57 - 001954048 _____ (Microsoft Corporation) C:\Users\coole\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-01-03 13:42

==================== End of FRST.txt ============================

 

 

Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
Ran by coole (10-01-2018 20:15:45)
Running from C:\Users\coole\Desktop
Windows 10 Home Version 1709 16299.125 (X64) (2017-11-22 03:35:56)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3417926983-1736898458-3893536348-500 - Administrator - Disabled)
coole (S-1-5-21-3417926983-1736898458-3893536348-1001 - Administrator - Enabled) => C:\Users\coole
DefaultAccount (S-1-5-21-3417926983-1736898458-3893536348-503 - Limited - Disabled)
Guest (S-1-5-21-3417926983-1736898458-3893536348-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3417926983-1736898458-3893536348-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ActivClient CAC x64 (HKLM\...\{86E45973-5352-439F-A115-2E8EE4D40140}) (Version: 6.2 - ActivIdentity)
Adobe Reader XI (11.0.23)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{BC7C46A4-D7A7-48EC-A98C-32A7762B5EFA}) (Version: 6.2.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{F0C4B709-8BF4-4A72-B527-12E7BF5482F8}) (Version: 6.2.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BD6778C5-6FA5-492A-ADD6-E706339C2A7B}) (Version: 11.0.2.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.38 - Piriform)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.7007 - CyberLink Corp.)
CyberLink PowerDVD 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.1.6714 - CyberLink Corp.)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
Grammarly for Microsoft® Office Suite (HKLM\...\{6DBAFB55-B01F-4A71-BB1A-DF2C7EB3C444}) (Version: 6.6.126 - Grammarly) Hidden
Grammarly for Microsoft® Office Suite (HKU\S-1-5-21-3417926983-1736898458-3893536348-1001\...\{6ec94b86-4625-405e-864c-0c1005dee8c0}) (Version: 6.6.126 - Grammarly)
InstallRoot (HKLM-x32\...\{FD7407C6-7DD9-41FA-A155-69AAB85378BC}) (Version: 5.0.1 - DoD PKE)
Intel® Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1025 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4550 - Intel Corporation) Hidden
iTunes (HKLM\...\{D7D4465C-B3B6-4BC1-B336-2803FB57BFAF}) (Version: 12.7.2.60 - Apple Inc.)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.5708 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.5708 - CyberLink Corp.)
Lenovo Service Bridge (HKU\S-1-5-21-3417926983-1736898458-3893536348-1001\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 4.0.5.8 - Lenovo)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.8730.2165 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3417926983-1736898458-3893536348-1001\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Mozilla Firefox 57.0.4 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0.4 (x64 en-US)) (Version: 57.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.2 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8730.2165 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2165 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2165 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8730.2165 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3417926983-1736898458-3893536348-1001_Classes\CLSID\{2AD206F1-152C-4F9D-A24E-6F93FE7A4AFC}\InprocServer32 -> C:\Users\coole\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.6.126\332B997DAB\GrammarlyShim64.dll (CompanyName)
CustomCLSID: HKU\S-1-5-21-3417926983-1736898458-3893536348-1001_Classes\CLSID\{4BE56754-B616-4998-B825-D16983AEE1B2}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-10-07] (Cyberlink)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-10-07] (Cyberlink)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki119320.inf_amd64_1636669de50ea477\igfxDTCM.dll [2016-12-15] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0764A9B7-12DF-4C53-8595-7985A9816A1A} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {0920D02F-2B9C-4EB2-827E-65100DA9395D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {1041E78B-C775-4E55-9A5E-23647C5C1D8E} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\2fa2930d-db73-4f49-8631-eb711d1a6301 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-11-12] (Lenovo Group Limited)
Task: {17747C39-0305-49CE-8C88-C3335821E3EF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-12-13] (Piriform Ltd)
Task: {28B69D50-22A2-4A0B-A9B3-316C4B8332F3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-01-05] (Microsoft Corporation)
Task: {32F8F6A4-4369-471E-A4B0-AF5EED26F8CA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-08] (Microsoft Corporation)
Task: {3B8C520C-CF7D-4A7D-AEA2-18276588E91C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-25] (Microsoft Corporation)
Task: {3E64A16B-BE60-4FDE-BF9E-1686F8215A0F} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-12-13] (Piriform Ltd)
Task: {47251D4F-BDCA-4E8C-B29F-85C1FBA79C05} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-08] (Microsoft Corporation)
Task: {52E8CC7D-74F0-426E-80BA-8E5E3F91B2CD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-08] (Microsoft Corporation)
Task: {574A65EB-2AC3-42B8-B6CD-7CB9DE02D791} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\c8cbfea3-7b05-45b2-8746-ead3a617d9fe => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-11-12] (Lenovo Group Limited)
Task: {63A49F4B-6BE6-4B63-BB6F-67245459DFEE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-08] (Microsoft Corporation)
Task: {649A39D7-0D36-441D-8AAB-41BB4B3A23C1} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-25] (Microsoft Corporation)
Task: {76CC0230-5354-462A-84A6-7B575A2FA395} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\0f4c3210-79b0-42f9-9762-7a6ba0b7316c => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-11-12] (Lenovo Group Limited)
Task: {7CAAE90E-8826-4A09-8E70-0DDCCA05B639} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-3417926983-1736898458-3893536348-1001 => C:\Users\coole\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [2018-01-04] (Lenovo Group Limited)
Task: {9ACE5CDF-6B1B-4275-972F-77D20A913FCA} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\97ab2f28-3d3d-41c7-8100-7ef268e1182c => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-11-12] (Lenovo Group Limited)
Task: {AC0A3AA6-4AA5-4E25-83E6-AB4395A7FAEB} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-01-05] (Microsoft Corporation)
Task: {BDD890B5-A973-4D84-B272-78CBE9572A93} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => %windir%\system32\sc.exe START ImControllerService
Task: {C6C2214A-D90F-4E7F-BD2C-9F1B71426B9E} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler  /v start /t reg_dword /d 1 /f /reg:32
Task: {D133281A-62F9-4ED0-874C-4C995AB69D09} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-01-05] (Microsoft Corporation)
Task: {D84520F0-DE4C-4DF1-8FDC-0C44CEA5ECE3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-01-05] (Microsoft Corporation)
Task: {E8361E07-067F-4FC3-AF46-2764BBF971CC} - System32\Tasks\PDVDServ14 Task => C:\Program Files (x86)\CyberLink\PowerDVD14\PDVD14Serv.exe [2016-07-14] (CyberLink Corp.)
Task: {F776306B-9A04-4DC3-8AA6-0B64F8F87164} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {FA3BC209-2B0B-48BA-A804-C10D667528D6} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\Lenovo\Power2Go\CLVDLauncher.exe [2016-09-20] (CyberLink Corp.)
Task: {FEB7696E-D8E3-4D74-8CD9-5630CAEF358B} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe [2016-10-07] (CyberLink)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-11-30 18:54 - 2017-11-30 18:54 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-11-30 18:54 - 2017-11-30 18:54 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-10-13 08:39 - 2017-12-18 17:04 - 008935088 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2018-01-08 20:20 - 2017-11-26 07:23 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-01-08 20:20 - 2017-11-26 07:01 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-01-03 13:17 - 2018-01-03 13:18 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-01-03 13:17 - 2018-01-03 13:18 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-01-03 13:17 - 2018-01-03 13:18 - 024670720 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-01-03 13:17 - 2018-01-03 13:18 - 002550272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\skypert.dll
2018-01-03 13:17 - 2018-01-03 13:18 - 000667648 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2017-12-11 11:05 - 2017-12-11 11:05 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
2017-12-11 11:05 - 2017-12-11 11:05 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2018-01-09 19:37 - 2018-01-09 19:37 - 004698840 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11712.1001.11.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-12-08 19:51 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-12-08 16:55 - 2017-12-08 16:55 - 000102088 _____ () C:\Users\coole\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\UpdateRingSettings.dll
2017-07-20 13:34 - 2016-09-20 20:18 - 000763160 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2016-09-21 11:18 - 2016-09-21 11:18 - 000027416 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
2012-09-23 19:43 - 2012-09-23 19:43 - 000313992 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\43665326.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\43665326.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 16:03 - 2017-03-18 16:01 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3417926983-1736898458-3893536348-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\coole\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{DF28FC82-1112-4ED8-A6B9-2A742687255E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{A04843B1-44FA-493B-8DE6-DBC3F71E97DB}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{DEAB3F15-D9EC-4C56-BC18-E375E351B28B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{0F00C6EF-EE57-4F11-8AFE-DD740C7BE63C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{769EFD79-E84C-40CF-9DBD-B2C2F544A906}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{7469BB2E-4C52-468B-A1C7-F4E7AB131666}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{632D4024-17C5-471D-B470-20B1BB5C12B0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{57D5C1DC-9675-4C91-8A7B-A7B0A3CF169F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [{AE8CB0AA-AD55-4325-9724-3B56AE8F8854}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{4463D360-4F18-449E-95A8-0A42A95C569D}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{E4C5237C-C21A-4828-9B18-BCD2E5C75197}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DFFCE7DD-E008-44E9-813E-E6EF393CB135}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{91DFEDE3-2B5D-439E-8F60-0E6840325157}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{283F3C0C-4FD3-4F8C-92C7-C885A3A478FF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{52D87BF5-F34C-4D56-8E0E-4C914974B79B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{2E94D527-A7D5-4B61-9FBA-71C0F9076D19}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

08-01-2018 20:14:07 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/10/2018 08:07:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.595, time stamp: 0x59f745cb
Faulting module name: CleanControllerImpl.dll, version: 3.1.0.369, time stamp: 0x5a131123
Exception code: 0xc0000409
Fault offset: 0x000000000035abe0
Faulting process id: 0x1ea4
Faulting application start time: 0x01d38a7813b3947e
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\CleanControllerImpl.dll
Report Id: aa80275b-f50b-478e-9e69-f7e473ac6d79
Faulting package full name:
Faulting package-relative application ID:

Error: (01/10/2018 08:03:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.595, time stamp: 0x59f745cb
Faulting module name: CleanControllerImpl.dll, version: 3.1.0.369, time stamp: 0x5a131123
Exception code: 0xc0000409
Fault offset: 0x000000000035abe0
Faulting process id: 0x1150
Faulting application start time: 0x01d38a76bbfc61bb
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\CleanControllerImpl.dll
Report Id: 8658244d-0607-4ff8-99ea-0d22ebd0dcfd
Faulting package full name:
Faulting package-relative application ID:

Error: (01/10/2018 07:54:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.595, time stamp: 0x59f745cb
Faulting module name: CleanControllerImpl.dll, version: 3.1.0.369, time stamp: 0x5a131123
Exception code: 0xc0000409
Fault offset: 0x000000000035abe0
Faulting process id: 0x1908
Faulting application start time: 0x01d38a737d94d6ef
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\CleanControllerImpl.dll
Report Id: 4309e173-cd16-4137-a864-ad99a516bf31
Faulting package full name:
Faulting package-relative application ID:

Error: (01/10/2018 07:31:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.595, time stamp: 0x59f745cb
Faulting module name: CleanControllerImpl.dll, version: 3.1.0.369, time stamp: 0x5a131123
Exception code: 0xc0000409
Fault offset: 0x000000000035abe0
Faulting process id: 0x1eac
Faulting application start time: 0x01d38a7174206d1d
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\CleanControllerImpl.dll
Report Id: 46d942f6-da2e-46a0-9b75-3e4427941627
Faulting package full name:
Faulting package-relative application ID:

Error: (01/10/2018 07:16:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.595, time stamp: 0x59f745cb
Faulting module name: CleanControllerImpl.dll, version: 3.1.0.369, time stamp: 0x5a131123
Exception code: 0xc0000409
Fault offset: 0x000000000035abe0
Faulting process id: 0x1a98
Faulting application start time: 0x01d38a701dce9e97
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\CleanControllerImpl.dll
Report Id: b9b3e2f0-3c99-4ef3-943c-b3702a03da68
Faulting package full name:
Faulting package-relative application ID:

Error: (01/10/2018 07:07:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.595, time stamp: 0x59f745cb
Faulting module name: CleanControllerImpl.dll, version: 3.1.0.369, time stamp: 0x5a131123
Exception code: 0xc0000409
Fault offset: 0x000000000035abe0
Faulting process id: 0x1994
Faulting application start time: 0x01d38a6aea446927
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\CleanControllerImpl.dll
Report Id: 2f78c528-22a0-4ce5-a61e-70f0285d5c89
Faulting package full name:
Faulting package-relative application ID:

Error: (01/10/2018 06:29:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.595, time stamp: 0x59f745cb
Faulting module name: CleanControllerImpl.dll, version: 3.1.0.369, time stamp: 0x5a131123
Exception code: 0xc0000409
Fault offset: 0x000000000035abe0
Faulting process id: 0x2044
Faulting application start time: 0x01d38a692ad94e0e
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\CleanControllerImpl.dll
Report Id: 3b5d30c3-7aa1-4e58-8bab-875aec26fde2
Faulting package full name:
Faulting package-relative application ID:

Error: (01/10/2018 06:17:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.595, time stamp: 0x59f745cb
Faulting module name: CleanControllerImpl.dll, version: 3.1.0.369, time stamp: 0x5a131123
Exception code: 0xc0000409
Fault offset: 0x000000000035abe0
Faulting process id: 0x2170
Faulting application start time: 0x01d38a67d6ef7395
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\CleanControllerImpl.dll
Report Id: e436e44f-4114-4fa5-8e37-46b9a5173dc3
Faulting package full name:
Faulting package-relative application ID:

Error: (01/10/2018 06:07:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.595, time stamp: 0x59f745cb
Faulting module name: CleanControllerImpl.dll, version: 3.1.0.369, time stamp: 0x5a131123
Exception code: 0xc0000409
Fault offset: 0x000000000035abe0
Faulting process id: 0x280c
Faulting application start time: 0x01d38a66825268c2
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\CleanControllerImpl.dll
Report Id: f497c564-d39f-4ddd-a0bc-9da7b68b6d25
Faulting package full name:
Faulting package-relative application ID:

Error: (01/10/2018 05:58:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.595, time stamp: 0x59f745cb
Faulting module name: CleanControllerImpl.dll, version: 3.1.0.369, time stamp: 0x5a131123
Exception code: 0xc0000409
Fault offset: 0x000000000035abe0
Faulting process id: 0x1b0
Faulting application start time: 0x01d38a66055808b3
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\CleanControllerImpl.dll
Report Id: ac9ba797-9eef-43e1-be3b-580ff0316a94
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (01/10/2018 08:14:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/10/2018 08:14:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/10/2018 08:14:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/10/2018 08:14:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/10/2018 08:12:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/10/2018 08:12:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/10/2018 08:12:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/10/2018 08:12:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/10/2018 08:10:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/10/2018 08:10:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
  Date: 2018-01-10 20:04:40.526
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-10 20:04:40.524
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-10 20:04:40.275
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-10 20:04:40.271
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-10 19:49:53.299
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-10 19:49:53.297
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-10 19:49:40.041
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-10 19:49:40.039
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-10 19:31:55.389
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-10 19:31:55.388
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

Processor: Intel® Pentium® CPU 4405U @ 2.10GHz
Percentage of memory in use: 52%
Total physical RAM: 6017.76 MB
Available physical RAM: 2832.88 MB
Total Virtual: 7361.76 MB
Available Virtual: 3918.28 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:893 GB) (Free:822.15 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.6 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 442CC09A)

Partition: GPT.

==================== End of Addition.txt ============================



#33 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,012 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:09:59 PM

Posted 11 January 2018 - 08:14 AM

Almost done!

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located)
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Fix button
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
  • Copy and paste its content in your next reply
How's your system behaving now? Are there any other issues to address?

Attached Files


unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#34 coolelementskater

coolelementskater
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:59 PM

Posted 11 January 2018 - 08:49 PM

Thank you so much for restoring my PC's function. It used to take 15-25 minutes to power on and now its almost instant. I really appreciate it.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
Ran by coole (11-01-2018 20:36:03) Run:4
Running from C:\Users\coole\Desktop
Loaded Profiles: coole (Available Profiles: coole)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

HKU\S-1-5-21-3417926983-1736898458-3893536348-1001\ DisallowedCertificates: 99C494ECE4FC093EEE13C4D65B1B1E01B9B5D434 (U)
HKU\S-1-5-21-3417926983-1736898458-3893536348-1001\ DisallowedCertificates: DA36FAF56B2F6FBA1604F5BE46D864C9FA013BA3 (U)
HKU\S-1-5-21-3417926983-1736898458-3893536348-1001\ DisallowedCertificates: FCE1B1E25374DD94F5935BEB86CA643D8C8D1FF4 (U)
HKU\S-1-5-21-3417926983-1736898458-3893536348-1001\ DisallowedCertificates: FFAD03329B9E527A43EEC66A56F9CBB5393E6E13 (U)
GroupPolicy: Restriction <==== ATTENTION

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\43665326.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\43665326.sys => ""="Driver"

EmptyTemp:
*****************

Processes closed successfully.
Restore point was successfully created.
"HKU\S-1-5-21-3417926983-1736898458-3893536348-1001\Software\Microsoft\SystemCertificates\Disallowed\Certificates\99C494ECE4FC093EEE13C4D65B1B1E01B9B5D434" => removed successfully
"HKU\S-1-5-21-3417926983-1736898458-3893536348-1001\Software\Microsoft\SystemCertificates\Disallowed\Certificates\DA36FAF56B2F6FBA1604F5BE46D864C9FA013BA3" => removed successfully
"HKU\S-1-5-21-3417926983-1736898458-3893536348-1001\Software\Microsoft\SystemCertificates\Disallowed\Certificates\FCE1B1E25374DD94F5935BEB86CA643D8C8D1FF4" => removed successfully
"HKU\S-1-5-21-3417926983-1736898458-3893536348-1001\Software\Microsoft\SystemCertificates\Disallowed\Certificates\FFAD03329B9E527A43EEC66A56F9CBB5393E6E13" => removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\43665326.sys" => removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\43665326.sys" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 7364608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 43141135 B
Java, Flash, Steam htmlcache => 988 B
Windows/system/drivers => 26402293 B
Edge => 11264 B
Chrome => 0 B
Firefox => 79576450 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 2460 B
NetworkService => 27629184 B
coole => 33619739 B

RecycleBin => 0 B
EmptyTemp: => 207.7 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:37:16 ====



#35 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,012 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:09:59 PM

Posted 12 January 2018 - 08:15 AM

Awesome!

Since there are no signs of infection anymore in your logs, and you just told me that there are no more issues left to address, I guess we're done here. We'll wrap it up by running DelFix to delete the tools and logs that were used in this clean-up.

BWuhenj.pngDelFix
Follow the instructions below to download and execute DelFix.
  • Download DelFix and move the executable to your Desktop;
  • Right-click on DelFix.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Check the following options :
    • Activate UAC;
    • Remove disinfection tools;
    • Create registry backup;
    • Purge system restore;
    • Reset system settings;
  • Once all the options mentionned above are checked, click on Run;
  • After DelFix is done running, a log will open. Please copy/paste the content of the output log in your next reply;
Qt25440.pngTips, tricks, advice and recommendations

Now it's time to give you some tips, tricks, advice and recommendations on how to protect your system and prevent you from being infected in the future. This is where I'll explain basic security measures that you should take to protect and harden your system, and also make sure it stays as safe and secure as possible against hackers and malware. You are free to ignore the recommendations listed below, although I obviously do not recommend it. If you have any questions about one of the points covered in the speech below, feel free to ask me your questions here directly so I can answer them and guide you.

Windows Updates

Keeping Windows up to date is one of the first steps in having a safe and secure system. The Security Updates that Windows receives are meant to fix exploits and flaws in it that makes it more secure and not exploitable by hackers. In order to do that, you should always install the Security Updates, known as "Important Updates" on your Windows system. These updates are released on the second Tuesday of every month, but some are also released before if they are emergency/critical Security Updates. Let's make sure that you have all your Important Updates and Recommended Updates installed and that your Windows Updates are set to be installed automatically.Keeping your programs up-to-date

Like keeping Windows updated, keeping your installed programs up-to-date is another important step in having a safe and secure system. Outdated programs can be exploited by hackers and malware to infect a system and take it over. This is especially true today with the rise of Exploit Kits which is one of the biggest attack vectors to distribute malware. Therefore, you should always keep vulnerable programs like Adobe Flash Player, Adobe Shockwave Player, Java, Silverlight, etc. updated to their most recent version (even better, you don't have to install them if you don't use them). Programs like eLDnJfI.pngSecuniaPSI and y5YE7At.pngHeimdal Free will scan your system for outdated programs, and help you identify them, as well as update them.

Antivirus, Antimalware, Firewall and Anti-Exploit/Ransomware

Having a decent security setup (led by an Antivirus) is the most crucial step to protect a system. These programs are a layer of defence that will prevent a system from being infected, or if it somehow ends up infected, help mitigate the infection and remediate it. Ideally, you should have on your system one Antivirus (never more than one installed at the time), one Antimalware (you can install multiple of these, assuming they do not conflict with each other and the other security programs installed), one Firewall and if you wish, one Anti-Exploit and/or Anti-Ransomware (since Ransomware are currently the most dangerous threat around and it can hit anywhere). Here are a few programs worth checking out if you don't have one yet.

Note: The programs listed below are all free to use or they have some sort of trial. Some of them have a paid version that provides more features, while a lot of other good programs only have a paid version but aren't listed there (such as Kaspersky and ESET Antivirus products).

AntivirusAntimalwareFirewall
Starting in Windows Vista, the Windows Firewall greatly improved and will satisfy the needs of most users. If you do not have an Internet Suite Antivirus program (which includes a firewall) and you want to use a 3rd party firewall, you can consider the options below.
  • 7p3JzTS.pngGlassWire - Has both a free and paid version (with different packages);
  • MQIMh6k.pngWindows Firewall Control - Gives you more control over your Windows Firewall;
  • 5RXGshU.pngTinyWall - Lightweight firewall implementing the Windows Firewall and giving you more control over it;
Anti-Exploit/Anti-RansomwareWeb Browsers and Web Browsing

Web Browsers could be considered as the closest door between a malware and your system. This is where most malware goes through to infect a system, and therefore it should be the program(s) you want to secure the most. There are two ways of going about it: hardening your web browser via extensions, and having good browsing habits.

Hardening your web browser means to install extensions that will help it protect itself (and your system on the same occasion) against Exploit Kits, MiTM attacks, etc. but also you at the same time. Here are a few extensions that I recommend you to install.
  • uBlock Origin: Efficient multi-purpose blocker that is lightweight on RAM and CPU usage (Google Chrome and Mozilla Firefox, called uBlock on Opera);
  • HTTPS Everywhere: Extension that converts your HTTP (unencrypted) requests to HTTPS (encrypted) ones (Google Chrome, Mozilla Firefox and Opera);
  • Web of Trust: Website reputation, rating and review extension that will help you quickly identify bad and suspicious sites from good ones (every web browsers);
  • NoScript: NoScript is a script blocker (Java, Flash, JavaScript, etc.) for Mozilla Firefox and Firefox-based browsers (Mozilla Firefox and Firefox-based web browsers);
  • uMatrix: For advanced users, a point and click matrix-like extensions that allow you to control requests done on a webpage (based on source, destination and type) (Google Chrome, Mozilla Firefox and Opera);
  • LastPass: Secure password manager allowing you to create, manage, and use passwords you save in your LastPass account (every web browser);
As for safe browsing habits, you can find tons of guides, tutorials, articles, etc. online that will highlight the basics you need to follow (only visit websites you trust, do not click on ads, do not download files from untrusted sources, use a password manager, always verify the URL of a website and make sure it's correctly typed, etc.), and even what you can do if you want to take it a step further (create a fake email address for spam emails, browse the web in a privacy mode, etc.). Here are a few:As you can see, there are plenty of resources out there. Simply Googling "good browsing habits" or "safe browsing habits" should allow you to find a lot of them.

Other recommendations

Even if you follow every recommendation that I listed here, in the end, it's also your job to be careful when browsing the web and downloading files if you don't want to get infected. Therefore, if you use your brain (common sense) when browsing the web, downloading programs and files, etc., you have far less chances to get infected by a malware. If for example you're not sure if a website is legitimate or not, or if a file is safe to download and execute, or if a program looks "too good" to be free, I suggest you to avoid going to that website, downloading that file or using that program.

Here are a few guides, tutorials, articles, etc. that you could read in order to learn more about computer protection and security to improve your current computer protection setup but also improve your good web browsing and computer usage practices :gRvSooB.pngThe End!

And that's it! Now that you know more about how to protect your computer and secure it, you're good to go back to your online activities, but in a safe and secure way! You are also free to stay on the forums and ask for help in different topics if you ever need to. Just make sure that you post your question/issue in the right section to get the best assistance possible. And if you ever get infected again (which I hope you wont!), you can always comeback in this section to get another checkup with one of our trained malware removal member.

Do you have any questions before I close this thread? :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#36 coolelementskater

coolelementskater
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:59 PM

Posted 13 January 2018 - 01:54 AM

That is all I needed. Again, thank you so much for your help. You are a life saver!

 

# DelFix v1.013 - Logfile created 13/01/2018 at 01:35:32
# Updated 17/04/2016 by Xplode
# Username : coole - LAPTOP-1EFMGE0S
# Operating System : Windows 10 Home  (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\TDSSKiller.3.1.0.15_08.12.2017_18.20.12_log.txt
Deleted : C:\TDSSKiller.3.1.0.15_09.12.2017_01.33.23_log.txt
Deleted : C:\TDSSKiller.3.1.0.15_09.12.2017_01.37.00_log.txt
Deleted : C:\Users\coole\Downloads\tdsskiller.exe

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #232 [Windows Update | 01/09/2018 01:14:07]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########
 



#37 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,012 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:09:59 PM

Posted 13 January 2018 - 10:48 AM

No problem coolelementskater, you're welcome!

Stay safe :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#38 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,012 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:09:59 PM

Posted 13 January 2018 - 10:49 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users