Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

After Mail.ru virus CMD starts


  • This topic is locked This topic is locked
12 replies to this topic

#1 StripedDuck

StripedDuck

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 10 January 2018 - 07:05 PM

Hi,

 

Recently I downloaded a suspicious file which slipped through the defence of my laptop. It installed the Mail.ru virus and also a mysterious virus that starts CMD. I have seen in this forum that you guys are able to help people out with this problem, so I would like to request your help.

Here is my logfile as I have seen that this is always the first step.

 

Thanks in advance, Nick.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.01.2018
Ran by Nick (administrator) on LAPTOP-D3C0VHSU (11-01-2018 00:56:11)
Running from C:\Users\Nick\Desktop
Loaded Profiles: Nick (Available Profiles: Nick)
Platform: Windows 10 Home Version 1703 15063.850 (X64) Language: Nederlands (Nederland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki119320.inf_amd64_1636669de50ea477\igfxCUIService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki119320.inf_amd64_1636669de50ea477\igfxEM.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki119320.inf_amd64_1636669de50ea477\IntelCpHeciSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(Lenovo(beijing) Limited) C:\ProgramData\Lenovo\ImController\Plugins\IdeaOSDPackage\x64\utility.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Spotify Ltd) C:\Users\Nick\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Nick\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Nick\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Nick\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Nick\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Nick\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD14\PDVD14Serv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(SweetLabs, Inc) C:\Users\Nick\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11712.1001.11.0_x64__8wekyb3d8bbwe\WinStore.App.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17112.13411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Farbar) C:\Users\Nick\Desktop\FRST64english.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [916184 2014-07-02] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830232 2016-03-08] (Conexant Systems, Inc.)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-10-31] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [295512 2018-01-06] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [LenovoUtility] => C:\ProgramData\Lenovo\ImController\Plugins\IdeaOSDPackage\x64\utility.exe [911272 2017-07-27] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [556136 2017-08-02] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [403048 2017-08-02] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [766464 2016-02-29] (Cisco Systems, Inc.)
HKU\S-1-5-21-2369273020-3306953221-4272594369-1001\...\Run: [Spotify] => C:\Users\Nick\AppData\Roaming\Spotify\Spotify.exe [21070224 2017-12-25] (Spotify Ltd)
HKU\S-1-5-21-2369273020-3306953221-4272594369-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)
HKU\S-1-5-21-2369273020-3306953221-4272594369-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize 
HKU\S-1-5-21-2369273020-3306953221-4272594369-1001\...\Run: [Spotify Web Helper] => C:\Users\Nick\AppData\Roaming\Spotify\SpotifyWebHelper.exe [780688 2017-12-25] (Spotify Ltd)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 84.116.46.21 84.116.46.20
Tcpip\..\Interfaces\{c7177b13-afc7-4c8c-8954-5287f7a4af8f}: [DhcpNameServer] 150.100.0.10
Tcpip\..\Interfaces\{d93074aa-8f98-4de6-8b2c-c8984992070b}: [DhcpNameServer] 84.116.46.21 84.116.46.20
 
Internet Explorer:
==================
HKU\S-1-5-21-2369273020-3306953221-4272594369-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2369273020-3306953221-4272594369-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-12-19] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-12-19] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-12-19] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-12-19] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-19] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-08-02] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-08-02] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-08-02] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-08-02] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-08-02] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-08-02] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-08-02] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-08-02] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-08-02] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-08-02] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-08-02] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-08-02] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-08-02] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-08-02] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-08-02] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-08-02] (Citrix Systems, Inc.)
 
FireFox:
========
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2017-08-02] (Citrix Systems, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-12-19] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-12-19] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://mail.ru/cnt/10445?gp=811138
CHR StartupUrls: Default -> "hxxp://mail.ru/cnt/10445?gp=811138"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default [2018-01-11]
CHR Extension: (Presentaties) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-15]
CHR Extension: (Documenten) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15]
CHR Extension: (Google Drive) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-11]
CHR Extension: (YouTube) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-11]
CHR Extension: (Spreadsheets) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-15]
CHR Extension: (Offline Documenten) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-10-11]
CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-11]
CHR Extension: (Gmail) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-10-11]
CHR Extension: (Chrome Media Router) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-24]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [301720 2018-01-06] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7589200 2018-01-06] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428656 2017-10-31] (AVG Technologies CZ, s.r.o.)
S2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [688992 2017-02-27] (Lenovo)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7761576 2017-12-25] (Microsoft Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [134872 2016-11-10] (ELAN Microelectronics Corp.)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [190216 2016-10-14] (Intel Corporation)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [68408 2017-11-12] (Lenovo Group Limited)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803952 2017-11-09] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-11] (Microsoft Corporation)
S4 mccspsvc; "C:\Program Files\Common Files\McAfee\CSP\2.6.319.0\\McCSPServiceHost.exe" [X]
S2 mrupdsrv; "C:\Program Files (x86)\Mail.Ru\Update Service\mrupdsrv.exe" --s [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 atksgt; C:\WINDOWS\System32\DRIVERS\atksgt.sys [314016 2017-11-24] ()
R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [177536 2018-01-06] (AVG Technologies CZ, s.r.o.)
R1 avgbdisk; C:\WINDOWS\System32\drivers\avgbdiska.sys [166624 2018-01-06] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdrivera.sys [315152 2018-01-06] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsha.sys [193096 2018-01-06] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\WINDOWS\System32\drivers\avgbloga.sys [337408 2018-01-06] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniva.sys [51336 2018-01-06] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\WINDOWS\System32\drivers\avgHwid.sys [39424 2018-01-06] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [139112 2018-01-11] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [102792 2018-01-06] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [76832 2018-01-06] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [1017624 2018-01-06] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [450360 2018-01-11] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [196904 2018-01-06] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [351128 2018-01-06] (AVG Technologies CZ, s.r.o.)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [100624 2015-06-09] (CyberLink)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 ETDSMBus; C:\WINDOWS\system32\DRIVERS\ETDSMBus.sys [32336 2016-11-10] (ELAN Microelectronic Corp.)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [250624 2016-10-14] (Intel Corporation)
R2 lirsgt; C:\WINDOWS\System32\DRIVERS\lirsgt.sys [43680 2017-11-24] ()
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7301392 2016-09-02] (Intel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-08-22] (Realtek )
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [418784 2016-10-27] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3138056 2016-08-04] (Realtek Semiconductor Corp.)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 vpnva; C:\WINDOWS\System32\drivers\vpnva64-6.sys [52592 2016-02-29] (Cisco Systems, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-01-11 00:27 - 2018-01-11 00:27 - 000040249 _____ C:\Users\Nick\Desktop\Addition.txt
2018-01-11 00:26 - 2018-01-11 00:56 - 000019881 _____ C:\Users\Nick\Desktop\FRST.txt
2018-01-11 00:19 - 2018-01-11 00:33 - 000005681 _____ C:\Users\Nick\Desktop\Fixlog.txt
2018-01-11 00:18 - 2018-01-11 00:56 - 000000000 ____D C:\FRST
2018-01-11 00:04 - 2018-01-11 00:04 - 002393088 _____ (Farbar) C:\Users\Nick\Desktop\FRST64english.exe
2018-01-10 19:17 - 2018-01-10 19:17 - 001383693 _____ C:\Users\Nick\Downloads\Bijlage scriptie0001.pdf
2018-01-09 14:26 - 2018-01-09 14:28 - 216979813 _____ C:\Users\Nick\Downloads\3Y analyse (1).xlsx
2018-01-07 23:34 - 2018-01-01 07:03 - 000891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-01-07 23:34 - 2018-01-01 03:27 - 001021336 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-01-07 23:34 - 2018-01-01 03:27 - 000751576 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-01-07 23:34 - 2018-01-01 03:27 - 000544152 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-01-07 23:34 - 2018-01-01 03:27 - 000382864 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-01-07 23:34 - 2018-01-01 03:27 - 000074648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpci.sys
2018-01-07 23:34 - 2018-01-01 03:26 - 000107416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-01-07 23:34 - 2018-01-01 03:25 - 001065608 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-01-07 23:34 - 2018-01-01 03:25 - 000900880 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-01-07 23:34 - 2018-01-01 03:24 - 008345496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-01-07 23:34 - 2018-01-01 03:24 - 002327448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-01-07 23:34 - 2018-01-01 03:24 - 001188544 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-01-07 23:34 - 2018-01-01 03:24 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2018-01-07 23:34 - 2018-01-01 03:24 - 000135576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2018-01-07 23:34 - 2018-01-01 03:24 - 000105880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2018-01-07 23:34 - 2018-01-01 03:24 - 000102808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\disk.sys
2018-01-07 23:34 - 2018-01-01 03:24 - 000052632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pcw.sys
2018-01-07 23:34 - 2018-01-01 03:24 - 000033688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fs_rec.sys
2018-01-07 23:34 - 2018-01-01 03:23 - 000456088 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-01-07 23:34 - 2018-01-01 03:23 - 000386456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2018-01-07 23:34 - 2018-01-01 03:22 - 001239448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-01-07 23:34 - 2018-01-01 03:22 - 001194784 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-01-07 23:34 - 2018-01-01 03:22 - 000181912 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2018-01-07 23:34 - 2018-01-01 03:22 - 000119704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2018-01-07 23:34 - 2018-01-01 03:21 - 000587160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-01-07 23:34 - 2018-01-01 03:21 - 000063896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fsdepends.sys
2018-01-07 23:34 - 2018-01-01 03:20 - 002647216 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-01-07 23:34 - 2018-01-01 03:20 - 000036760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storvsc.sys
2018-01-07 23:34 - 2018-01-01 03:19 - 000870896 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-01-07 23:34 - 2018-01-01 03:19 - 000730008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-01-07 23:34 - 2018-01-01 03:19 - 000714648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-01-07 23:34 - 2018-01-01 03:19 - 000643704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-01-07 23:34 - 2018-01-01 03:19 - 000546712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-01-07 23:34 - 2018-01-01 03:19 - 000184728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2018-01-07 23:34 - 2018-01-01 03:19 - 000164760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2018-01-07 23:34 - 2018-01-01 03:19 - 000082328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2018-01-07 23:34 - 2018-01-01 03:19 - 000054168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vdrvroot.sys
2018-01-07 23:34 - 2018-01-01 03:19 - 000047512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmstorfl.sys
2018-01-07 23:34 - 2018-01-01 03:19 - 000027456 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmbuspipe.dll
2018-01-07 23:34 - 2018-01-01 03:18 - 000966040 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2018-01-07 23:34 - 2018-01-01 03:18 - 000822680 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2018-01-07 23:34 - 2018-01-01 03:18 - 000110600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2018-01-07 23:34 - 2018-01-01 03:18 - 000057752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbios.sys
2018-01-07 23:34 - 2018-01-01 03:16 - 002672024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-01-07 23:34 - 2018-01-01 03:16 - 001107352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-01-07 23:34 - 2018-01-01 03:16 - 000610712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2018-01-07 23:34 - 2018-01-01 03:15 - 001396680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-01-07 23:34 - 2018-01-01 03:15 - 000644696 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2018-01-07 23:34 - 2018-01-01 03:15 - 000083352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-01-07 23:34 - 2018-01-01 03:14 - 000159640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2018-01-07 23:34 - 2018-01-01 03:09 - 000142744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-01-07 23:34 - 2018-01-01 03:09 - 000070224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WindowsTrustedRT.sys
2018-01-07 23:34 - 2018-01-01 03:08 - 001325960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-01-07 23:34 - 2018-01-01 03:07 - 000583688 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp110_win.dll
2018-01-07 23:34 - 2018-01-01 03:03 - 000627584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-01-07 23:34 - 2018-01-01 03:03 - 000311704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2018-01-07 23:34 - 2018-01-01 02:52 - 023680512 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-01-07 23:34 - 2018-01-01 02:52 - 000195768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2018-01-07 23:34 - 2018-01-01 02:50 - 000787704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-01-07 23:34 - 2018-01-01 02:49 - 000267112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2018-01-07 23:34 - 2018-01-01 02:48 - 005828768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-01-07 23:34 - 2018-01-01 02:48 - 002167320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-01-07 23:34 - 2018-01-01 02:48 - 000073896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wwapi.dll
2018-01-07 23:34 - 2018-01-01 02:47 - 001998416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-01-07 23:34 - 2018-01-01 02:47 - 000433888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2018-01-07 23:34 - 2018-01-01 02:47 - 000186520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\logoncli.dll
2018-01-07 23:34 - 2018-01-01 02:47 - 000016592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshhyperv.dll
2018-01-07 23:34 - 2018-01-01 02:46 - 000702032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-01-07 23:34 - 2018-01-01 02:46 - 000087352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2018-01-07 23:34 - 2018-01-01 02:45 - 020374424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-01-07 23:34 - 2018-01-01 02:45 - 000988160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-01-07 23:34 - 2018-01-01 02:44 - 000411184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp110_win.dll
2018-01-07 23:34 - 2018-01-01 02:43 - 000558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2018-01-07 23:34 - 2018-01-01 02:42 - 000480912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2018-01-07 23:34 - 2018-01-01 02:42 - 000099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2018-01-07 23:34 - 2018-01-01 02:42 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2018-01-07 23:34 - 2018-01-01 02:41 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\irda.sys
2018-01-07 23:34 - 2018-01-01 02:41 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenanceClient.dll
2018-01-07 23:34 - 2018-01-01 02:41 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasacd.sys
2018-01-07 23:34 - 2018-01-01 02:41 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmgid.sys
2018-01-07 23:34 - 2018-01-01 02:40 - 000378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-01-07 23:34 - 2018-01-01 02:40 - 000289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2018-01-07 23:34 - 2018-01-01 02:40 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2018-01-07 23:34 - 2018-01-01 02:40 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2018-01-07 23:34 - 2018-01-01 02:40 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2018-01-07 23:34 - 2018-01-01 02:40 - 000118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2018-01-07 23:34 - 2018-01-01 02:40 - 000118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-01-07 23:34 - 2018-01-01 02:40 - 000111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-01-07 23:34 - 2018-01-01 02:40 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-01-07 23:34 - 2018-01-01 02:40 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2018-01-07 23:34 - 2018-01-01 02:40 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\container_xml.dll
2018-01-07 23:34 - 2018-01-01 02:40 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2018-01-07 23:34 - 2018-01-01 02:40 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storqosflt.sys
2018-01-07 23:34 - 2018-01-01 02:40 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2018-01-07 23:34 - 2018-01-01 02:40 - 000072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2018-01-07 23:34 - 2018-01-01 02:40 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-01-07 23:34 - 2018-01-01 02:40 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndisuio.sys
2018-01-07 23:34 - 2018-01-01 02:40 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Synth3dVsc.sys
2018-01-07 23:34 - 2018-01-01 02:40 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-01-07 23:34 - 2018-01-01 02:40 - 000047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dmvsc.sys
2018-01-07 23:34 - 2018-01-01 02:40 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2018-01-07 23:34 - 2018-01-01 02:40 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-01-07 23:34 - 2018-01-01 02:40 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerSvc.dll
2018-01-07 23:34 - 2018-01-01 02:40 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe
2018-01-07 23:34 - 2018-01-01 02:40 - 000012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2018-01-07 23:34 - 2018-01-01 02:39 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-01-07 23:34 - 2018-01-01 02:39 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-01-07 23:34 - 2018-01-01 02:39 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iexpress.exe
2018-01-07 23:34 - 2018-01-01 02:39 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2018-01-07 23:34 - 2018-01-01 02:39 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wextract.exe
2018-01-07 23:34 - 2018-01-01 02:39 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEAdvpack.dll
2018-01-07 23:34 - 2018-01-01 02:39 - 000104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2018-01-07 23:34 - 2018-01-01 02:39 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2018-01-07 23:34 - 2018-01-01 02:39 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll
2018-01-07 23:34 - 2018-01-01 02:39 - 000052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll
2018-01-07 23:34 - 2018-01-01 02:39 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2018-01-07 23:34 - 2018-01-01 02:39 - 000032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2018-01-07 23:34 - 2018-01-01 02:39 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
2018-01-07 23:34 - 2018-01-01 02:38 - 000739840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-01-07 23:34 - 2018-01-01 02:38 - 000457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-01-07 23:34 - 2018-01-01 02:38 - 000417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2018-01-07 23:34 - 2018-01-01 02:38 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2018-01-07 23:34 - 2018-01-01 02:38 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp
2018-01-07 23:34 - 2018-01-01 02:38 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2018-01-07 23:34 - 2018-01-01 02:38 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2018-01-07 23:34 - 2018-01-01 02:38 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2018-01-07 23:34 - 2018-01-01 02:38 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2018-01-07 23:34 - 2018-01-01 02:38 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3dlg.dll
2018-01-07 23:34 - 2018-01-01 02:38 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\nsisvc.dll
2018-01-07 23:34 - 2018-01-01 02:37 - 023683072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-01-07 23:34 - 2018-01-01 02:37 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-01-07 23:34 - 2018-01-01 02:37 - 000739840 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2018-01-07 23:34 - 2018-01-01 02:37 - 000473600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2018-01-07 23:34 - 2018-01-01 02:37 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-01-07 23:34 - 2018-01-01 02:37 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2018-01-07 23:34 - 2018-01-01 02:37 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-01-07 23:34 - 2018-01-01 02:37 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2018-01-07 23:34 - 2018-01-01 02:37 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2018-01-07 23:34 - 2018-01-01 02:37 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2018-01-07 23:34 - 2018-01-01 02:37 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-01-07 23:34 - 2018-01-01 02:37 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2018-01-07 23:34 - 2018-01-01 02:37 - 000072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2018-01-07 23:34 - 2018-01-01 02:37 - 000038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2018-01-07 23:34 - 2018-01-01 02:36 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-01-07 23:34 - 2018-01-01 02:36 - 000626176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2018-01-07 23:34 - 2018-01-01 02:36 - 000548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2018-01-07 23:34 - 2018-01-01 02:36 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcncsvc.dll
2018-01-07 23:34 - 2018-01-01 02:36 - 000457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2018-01-07 23:34 - 2018-01-01 02:36 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-01-07 23:34 - 2018-01-01 02:36 - 000328704 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-01-07 23:34 - 2018-01-01 02:36 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2018-01-07 23:34 - 2018-01-01 02:36 - 000252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3svc.dll
2018-01-07 23:34 - 2018-01-01 02:36 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll
2018-01-07 23:34 - 2018-01-01 02:35 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-01-07 23:34 - 2018-01-01 02:35 - 000692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-01-07 23:34 - 2018-01-01 02:35 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2018-01-07 23:34 - 2018-01-01 02:35 - 000421888 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
2018-01-07 23:34 - 2018-01-01 02:35 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2018-01-07 23:34 - 2018-01-01 02:35 - 000343040 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2018-01-07 23:34 - 2018-01-01 02:35 - 000278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2018-01-07 23:34 - 2018-01-01 02:35 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2018-01-07 23:34 - 2018-01-01 02:35 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2018-01-07 23:34 - 2018-01-01 02:35 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll
2018-01-07 23:34 - 2018-01-01 02:35 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\virtdisk.dll
2018-01-07 23:34 - 2018-01-01 02:34 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-01-07 23:34 - 2018-01-01 02:34 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-01-07 23:34 - 2018-01-01 02:34 - 000585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-01-07 23:34 - 2018-01-01 02:34 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\url.dll
2018-01-07 23:34 - 2018-01-01 02:34 - 000203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2018-01-07 23:34 - 2018-01-01 02:34 - 000148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2018-01-07 23:34 - 2018-01-01 02:34 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wextract.exe
2018-01-07 23:34 - 2018-01-01 02:34 - 000132096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2018-01-07 23:34 - 2018-01-01 02:34 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2018-01-07 23:34 - 2018-01-01 02:34 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2018-01-07 23:34 - 2018-01-01 02:34 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-01-07 23:34 - 2018-01-01 02:34 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2018-01-07 23:34 - 2018-01-01 02:34 - 000072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2018-01-07 23:34 - 2018-01-01 02:34 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-01-07 23:34 - 2018-01-01 02:34 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll
2018-01-07 23:34 - 2018-01-01 02:34 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2018-01-07 23:34 - 2018-01-01 02:34 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2018-01-07 23:34 - 2018-01-01 02:34 - 000013824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedssync.exe
2018-01-07 23:34 - 2018-01-01 02:34 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshta.exe
2018-01-07 23:34 - 2018-01-01 02:34 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2018-01-07 23:34 - 2018-01-01 02:33 - 001627648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2018-01-07 23:34 - 2018-01-01 02:33 - 001177600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2018-01-07 23:34 - 2018-01-01 02:33 - 000687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-01-07 23:34 - 2018-01-01 02:33 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2018-01-07 23:34 - 2018-01-01 02:33 - 000152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iexpress.exe
2018-01-07 23:34 - 2018-01-01 02:33 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IEAdvpack.dll
2018-01-07 23:34 - 2018-01-01 02:33 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2018-01-07 23:34 - 2018-01-01 02:33 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2018-01-07 23:34 - 2018-01-01 02:33 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2018-01-07 23:34 - 2018-01-01 02:33 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pngfilt.dll
2018-01-07 23:34 - 2018-01-01 02:33 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ssdpapi.dll
2018-01-07 23:34 - 2018-01-01 02:33 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imgutil.dll
2018-01-07 23:34 - 2018-01-01 02:33 - 000027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licmgr10.dll
2018-01-07 23:34 - 2018-01-01 02:32 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-01-07 23:34 - 2018-01-01 02:32 - 001094656 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2018-01-07 23:34 - 2018-01-01 02:32 - 000970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-01-07 23:34 - 2018-01-01 02:32 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2018-01-07 23:34 - 2018-01-01 02:32 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-01-07 23:34 - 2018-01-01 02:32 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2018-01-07 23:34 - 2018-01-01 02:32 - 000330240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-01-07 23:34 - 2018-01-01 02:32 - 000253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp
2018-01-07 23:34 - 2018-01-01 02:32 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2018-01-07 23:34 - 2018-01-01 02:32 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2018-01-07 23:34 - 2018-01-01 02:32 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2018-01-07 23:34 - 2018-01-01 02:32 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inseng.dll
2018-01-07 23:34 - 2018-01-01 02:32 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2018-01-07 23:34 - 2018-01-01 02:32 - 000069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\keyiso.dll
2018-01-07 23:34 - 2018-01-01 02:32 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedsbs.dll
2018-01-07 23:34 - 2018-01-01 02:32 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3dlg.dll
2018-01-07 23:34 - 2018-01-01 02:31 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-01-07 23:34 - 2018-01-01 02:31 - 000934912 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2018-01-07 23:34 - 2018-01-01 02:31 - 000757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2018-01-07 23:34 - 2018-01-01 02:31 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2018-01-07 23:34 - 2018-01-01 02:31 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2018-01-07 23:34 - 2018-01-01 02:31 - 000242176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2018-01-07 23:34 - 2018-01-01 02:31 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppLockerCSP.dll
2018-01-07 23:34 - 2018-01-01 02:31 - 000173056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll
2018-01-07 23:34 - 2018-01-01 02:30 - 020514304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-01-07 23:34 - 2018-01-01 02:30 - 019337216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-01-07 23:34 - 2018-01-01 02:30 - 012803584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-01-07 23:34 - 2018-01-01 02:30 - 004719104 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-01-07 23:34 - 2018-01-01 02:30 - 000815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2018-01-07 23:34 - 2018-01-01 02:30 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2018-01-07 23:34 - 2018-01-01 02:30 - 000397824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2018-01-07 23:34 - 2018-01-01 02:30 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-01-07 23:34 - 2018-01-01 02:30 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2018-01-07 23:34 - 2018-01-01 02:29 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-01-07 23:34 - 2018-01-01 02:29 - 001628672 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2018-01-07 23:34 - 2018-01-01 02:29 - 001583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-01-07 23:34 - 2018-01-01 02:29 - 000969728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2018-01-07 23:34 - 2018-01-01 02:29 - 000755200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-01-07 23:34 - 2018-01-01 02:29 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-01-07 23:34 - 2018-01-01 02:29 - 000552960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-01-07 23:34 - 2018-01-01 02:29 - 000497664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-01-07 23:34 - 2018-01-01 02:29 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-01-07 23:34 - 2018-01-01 02:29 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2018-01-07 23:34 - 2018-01-01 02:29 - 000126464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\occache.dll
2018-01-07 23:34 - 2018-01-01 02:28 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-01-07 23:34 - 2018-01-01 02:28 - 001452544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2018-01-07 23:34 - 2018-01-01 02:28 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2018-01-07 23:34 - 2018-01-01 02:28 - 000522752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2018-01-07 23:34 - 2018-01-01 02:28 - 000260096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2018-01-07 23:34 - 2018-01-01 02:28 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2018-01-07 23:34 - 2018-01-01 02:27 - 006249472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-01-07 23:34 - 2018-01-01 02:27 - 000946176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2018-01-07 23:34 - 2018-01-01 02:27 - 000879104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-01-07 23:34 - 2018-01-01 02:27 - 000267264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2018-01-07 23:34 - 2018-01-01 02:26 - 011888640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-01-07 23:34 - 2018-01-01 02:26 - 005964288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-01-07 23:34 - 2018-01-01 02:26 - 000750592 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-01-07 23:34 - 2018-01-01 02:26 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2018-01-07 23:34 - 2018-01-01 02:26 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SessEnv.dll
2018-01-07 23:34 - 2018-01-01 02:26 - 000183296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys
2018-01-07 23:34 - 2018-01-01 02:26 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvvmtransport.dll
2018-01-07 23:34 - 2018-01-01 02:26 - 000027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpbus.sys
2018-01-07 23:34 - 2018-01-01 02:25 - 002010112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-01-07 23:34 - 2018-01-01 02:25 - 000824832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
2018-01-07 23:34 - 2018-01-01 02:25 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\xolehlp.dll
2018-01-07 23:34 - 2018-01-01 02:24 - 003651072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-01-07 23:34 - 2018-01-01 02:24 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-01-07 23:34 - 2018-01-01 02:24 - 001463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-01-07 23:34 - 2018-01-01 02:24 - 000658944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-01-07 23:34 - 2018-01-01 02:24 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2018-01-07 23:34 - 2018-01-01 02:24 - 000017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscproxystub.dll
2018-01-07 23:34 - 2018-01-01 02:23 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-01-07 23:34 - 2018-01-01 02:23 - 000239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2018-01-07 23:34 - 2018-01-01 02:23 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2018-01-07 23:34 - 2018-01-01 02:23 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2018-01-07 23:34 - 2018-01-01 02:23 - 000069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys
2018-01-07 23:34 - 2018-01-01 02:23 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msfs.sys
2018-01-07 23:34 - 2018-01-01 02:23 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\null.sys
2018-01-07 23:34 - 2018-01-01 02:22 - 000367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskcomp.dll
2018-01-07 23:34 - 2018-01-01 02:21 - 000337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SessEnv.dll
2018-01-07 23:34 - 2018-01-01 02:21 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvvmtransport.dll
2018-01-07 23:34 - 2018-01-01 02:20 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2018-01-07 23:34 - 2018-01-01 02:20 - 000052224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xolehlp.dll
2018-01-07 23:34 - 2018-01-01 02:19 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscproxystub.dll
2018-01-07 23:34 - 2018-01-01 02:18 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2018-01-07 23:34 - 2018-01-01 02:18 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdPnp.dll
2018-01-07 23:34 - 2018-01-01 02:18 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmiprop.dll
2018-01-07 23:34 - 2018-01-01 02:18 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWNet.dll
2018-01-07 23:34 - 2018-01-01 02:18 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfhost.exe
2018-01-07 23:33 - 2018-01-01 03:27 - 000264536 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2018-01-07 23:33 - 2018-01-01 03:27 - 000074648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-01-07 23:33 - 2018-01-01 03:27 - 000066712 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll
2018-01-07 23:33 - 2018-01-01 03:27 - 000022800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumbase.dll
2018-01-07 23:33 - 2018-01-01 03:27 - 000022208 _____ (Microsoft Corporation) C:\WINDOWS\system32\IumSdk.dll
2018-01-07 23:33 - 2018-01-01 03:27 - 000020376 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2018-01-07 23:33 - 2018-01-01 03:27 - 000015632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumdll.dll
2018-01-07 23:33 - 2018-01-01 03:22 - 000503704 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-01-07 23:33 - 2018-01-01 03:21 - 000328616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2018-01-07 23:33 - 2018-01-01 03:20 - 007319912 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-01-07 23:33 - 2018-01-01 03:20 - 000524760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2018-01-07 23:33 - 2018-01-01 03:20 - 000459160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2018-01-07 23:33 - 2018-01-01 03:19 - 002466392 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-01-07 23:33 - 2018-01-01 03:19 - 000282520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdyboost.sys
2018-01-07 23:33 - 2018-01-01 03:19 - 000247472 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoncli.dll
2018-01-07 23:33 - 2018-01-01 03:19 - 000123800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mup.sys
2018-01-07 23:33 - 2018-01-01 03:19 - 000118680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2018-01-07 23:33 - 2018-01-01 03:19 - 000031640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhv.sys
2018-01-07 23:33 - 2018-01-01 03:19 - 000018672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshhyperv.dll
2018-01-07 23:33 - 2018-01-01 03:18 - 021354736 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-01-07 23:33 - 2018-01-01 03:18 - 001146776 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-01-07 23:33 - 2018-01-01 03:18 - 000316240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-01-07 23:33 - 2018-01-01 03:18 - 000175800 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2018-01-07 23:33 - 2018-01-01 03:18 - 000059800 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvhostsvc.dll
2018-01-07 23:33 - 2018-01-01 03:17 - 000154520 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2018-01-07 23:33 - 2018-01-01 03:10 - 000100800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwapi.dll
2018-01-07 23:33 - 2018-01-01 03:09 - 000434072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-01-07 23:33 - 2018-01-01 03:09 - 000114584 _____ (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll
2018-01-07 23:33 - 2018-01-01 02:43 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-01-07 23:33 - 2018-01-01 02:42 - 000122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-01-07 23:33 - 2018-01-01 02:42 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhvr.sys
2018-01-07 23:33 - 2018-01-01 02:42 - 000047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2018-01-07 23:33 - 2018-01-01 02:41 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-01-07 23:33 - 2018-01-01 02:41 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2018-01-07 23:33 - 2018-01-01 02:41 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2018-01-07 23:33 - 2018-01-01 02:41 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysntfy.dll
2018-01-07 23:33 - 2018-01-01 02:41 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\VMBusHID.sys
2018-01-07 23:33 - 2018-01-01 02:41 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\nrpsrv.dll
2018-01-07 23:33 - 2018-01-01 02:41 - 000017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmApplicationHealthMonitorProxy.dll
2018-01-07 23:33 - 2018-01-01 02:41 - 000016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hyperkbd.sys
2018-01-07 23:33 - 2018-01-01 02:41 - 000013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmgencounter.sys
2018-01-07 23:33 - 2018-01-01 02:41 - 000009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vms3cap.sys
2018-01-07 23:33 - 2018-01-01 02:40 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2018-01-07 23:33 - 2018-01-01 02:40 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2018-01-07 23:33 - 2018-01-01 02:40 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\efslsaext.dll
2018-01-07 23:33 - 2018-01-01 02:40 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\lltdio.sys
2018-01-07 23:33 - 2018-01-01 02:40 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2018-01-07 23:33 - 2018-01-01 02:40 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\efssvc.dll
2018-01-07 23:33 - 2018-01-01 02:40 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\virtdisk.dll
2018-01-07 23:33 - 2018-01-01 02:40 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2018-01-07 23:33 - 2018-01-01 02:40 - 000047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmictimeprovider.dll
2018-01-07 23:33 - 2018-01-01 02:40 - 000008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\gpuenergydrv.sys
2018-01-07 23:33 - 2018-01-01 02:39 - 000215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2018-01-07 23:33 - 2018-01-01 02:39 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2018-01-07 23:33 - 2018-01-01 02:39 - 000197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2018-01-07 23:33 - 2018-01-01 02:39 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2018-01-07 23:33 - 2018-01-01 02:39 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardDlg.dll
2018-01-07 23:33 - 2018-01-01 02:39 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2018-01-07 23:33 - 2018-01-01 02:39 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ssdpapi.dll
2018-01-07 23:33 - 2018-01-01 02:38 - 000304640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-01-07 23:33 - 2018-01-01 02:38 - 000283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsvc.dll
2018-01-07 23:33 - 2018-01-01 02:38 - 000172032 _____ (Microsoft Corporation) C:\WINDOWS\system32\WPTaskScheduler.dll
2018-01-07 23:33 - 2018-01-01 02:38 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll
2018-01-07 23:33 - 2018-01-01 02:38 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2018-01-07 23:33 - 2018-01-01 02:38 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2018-01-07 23:33 - 2018-01-01 02:38 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\keyiso.dll
2018-01-07 23:33 - 2018-01-01 02:37 - 000723968 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalAuth.dll
2018-01-07 23:33 - 2018-01-01 02:37 - 000582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2018-01-07 23:33 - 2018-01-01 02:37 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmrdvcore.dll
2018-01-07 23:33 - 2018-01-01 02:37 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\APHostService.dll
2018-01-07 23:33 - 2018-01-01 02:37 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
2018-01-07 23:33 - 2018-01-01 02:37 - 000250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2018-01-07 23:33 - 2018-01-01 02:37 - 000250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrokerLib.dll
2018-01-07 23:33 - 2018-01-01 02:37 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2018-01-07 23:33 - 2018-01-01 02:37 - 000210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2018-01-07 23:33 - 2018-01-01 02:37 - 000189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2018-01-07 23:33 - 2018-01-01 02:37 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2018-01-07 23:33 - 2018-01-01 02:36 - 000310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2018-01-07 23:33 - 2018-01-01 02:36 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsvcext.dll
2018-01-07 23:33 - 2018-01-01 02:35 - 000996864 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2018-01-07 23:33 - 2018-01-01 02:35 - 000741376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
2018-01-07 23:33 - 2018-01-01 02:35 - 000538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2018-01-07 23:33 - 2018-01-01 02:35 - 000292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2018-01-07 23:33 - 2018-01-01 02:34 - 000973312 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2018-01-07 23:33 - 2018-01-01 02:34 - 000620032 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2018-01-07 23:33 - 2018-01-01 02:34 - 000399872 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2018-01-07 23:33 - 2018-01-01 02:34 - 000239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ssdpsrv.dll
2018-01-07 23:33 - 2018-01-01 02:33 - 003306496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-01-07 23:33 - 2018-01-01 02:33 - 000877568 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2018-01-07 23:33 - 2018-01-01 02:33 - 000799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2018-01-07 23:33 - 2018-01-01 02:33 - 000583168 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2018-01-07 23:33 - 2018-01-01 02:33 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2018-01-07 23:33 - 2018-01-01 02:33 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2018-01-07 23:33 - 2018-01-01 02:32 - 001028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-01-07 23:33 - 2018-01-01 02:31 - 007339520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-01-07 23:33 - 2018-01-01 02:31 - 001736704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-01-07 23:33 - 2018-01-01 02:31 - 001398272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-01-07 23:33 - 2018-01-01 02:31 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2018-01-07 23:33 - 2018-01-01 02:30 - 003206656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2018-01-07 23:33 - 2018-01-01 02:30 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-01-07 23:33 - 2018-01-01 02:30 - 000690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-01-07 23:33 - 2018-01-01 02:30 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-01-07 23:33 - 2018-01-01 02:30 - 000303104 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2018-01-07 23:33 - 2018-01-01 02:29 - 002426368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-01-07 23:33 - 2018-01-01 02:29 - 001460736 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-01-07 23:33 - 2018-01-01 02:29 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-01-07 23:33 - 2018-01-01 02:29 - 000877568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-01-07 23:33 - 2018-01-01 02:29 - 000272384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2018-01-07 23:33 - 2018-01-01 02:26 - 000722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-01-07 23:33 - 2018-01-01 02:26 - 000502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll
2018-01-07 23:33 - 2018-01-01 02:25 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\beep.sys
2018-01-07 23:33 - 2018-01-01 02:23 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdPnp.dll
2018-01-07 23:33 - 2018-01-01 02:23 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll
2018-01-07 23:33 - 2018-01-01 02:23 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-01-07 23:33 - 2018-01-01 02:23 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWNet.dll
2018-01-07 23:33 - 2018-01-01 02:23 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmiprop.dll
2018-01-06 22:51 - 2018-01-06 22:51 - 000366800 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2018-01-05 13:50 - 2018-01-05 13:50 - 000000902 _____ C:\Users\Nick\Desktop\µTorrent.lnk
2018-01-05 13:50 - 2018-01-05 13:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2018-01-04 17:36 - 2018-01-04 17:36 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-01-04 17:36 - 2018-01-04 17:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-01-04 17:36 - 2018-01-04 17:36 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-01-04 17:36 - 2018-01-04 17:36 - 000000000 ____D C:\Program Files\Malwarebytes
2018-01-04 17:36 - 2017-11-29 09:11 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-01-04 17:35 - 2018-01-04 17:35 - 083316440 _____ (Malwarebytes ) C:\Users\Nick\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374.exe
2018-01-04 14:03 - 2018-01-11 00:36 - 000003532 _____ C:\WINDOWS\System32\Tasks\gaVeAjA
2018-01-04 14:03 - 2018-01-11 00:10 - 000003324 _____ C:\WINDOWS\System32\Tasks\dZYHA
2018-01-04 14:03 - 2018-01-04 14:08 - 000000000 ____D C:\Users\Nick\AppData\Local\Lite
2018-01-04 14:03 - 2018-01-04 14:03 - 000003722 _____ C:\WINDOWS\System32\Tasks\YNXkmsEay
2018-01-04 14:03 - 2018-01-04 14:03 - 000000001 _____ C:\Users\Nick\AppData\Local\WMI.ini
2018-01-04 14:03 - 2017-03-18 21:59 - 000001075 _____ C:\WINDOWS\ooEEodCazB
2018-01-04 14:03 - 2017-03-18 21:59 - 000000077 _____ C:\WINDOWS\tFDipau
2018-01-04 14:03 - 2017-03-18 21:59 - 000000051 _____ C:\WINDOWS\YgoyEOek
2018-01-04 14:03 - 2017-03-18 21:58 - 000174592 _____ (Microsoft Corporation) C:\Users\Nick\AppData\Local\UaHGuou.exe
2018-01-04 14:03 - 2017-03-18 21:58 - 000059392 _____ (Microsoft Corporation) C:\Users\Nick\AppData\Roaming\xianDLVO.exe
2018-01-04 14:02 - 2018-01-04 14:08 - 000000000 ____D C:\Users\Nick\AppData\Local\Mail.Ru
2017-12-29 22:08 - 2017-12-29 22:08 - 000000000 ____D C:\Users\Nick\Documents\Klei
2017-12-29 22:08 - 2010-06-02 04:55 - 000527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll
2017-12-29 22:08 - 2010-06-02 04:55 - 000518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
2017-12-29 22:08 - 2010-06-02 04:55 - 000239960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_7.dll
2017-12-29 22:08 - 2010-06-02 04:55 - 000176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll
2017-12-29 22:08 - 2010-06-02 04:55 - 000077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
2017-12-29 22:08 - 2010-06-02 04:55 - 000074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll
2017-12-29 22:08 - 2010-05-26 11:41 - 002526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2017-12-29 22:08 - 2010-05-26 11:41 - 002401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
2017-12-29 22:08 - 2010-05-26 11:41 - 002106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
2017-12-29 22:08 - 2010-05-26 11:41 - 001998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll
2017-12-29 22:08 - 2010-05-26 11:41 - 001907552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
2017-12-29 22:08 - 2010-05-26 11:41 - 001868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll
2017-12-29 22:08 - 2010-05-26 11:41 - 000511328 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll
2017-12-29 22:08 - 2010-05-26 11:41 - 000470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll
2017-12-29 22:08 - 2010-05-26 11:41 - 000276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2017-12-29 22:08 - 2010-05-26 11:41 - 000248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll
2017-12-29 22:08 - 2010-02-04 10:01 - 000530776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_6.dll
2017-12-29 22:08 - 2010-02-04 10:01 - 000528216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_6.dll
2017-12-29 22:08 - 2010-02-04 10:01 - 000238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_6.dll
2017-12-29 22:08 - 2010-02-04 10:01 - 000176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_6.dll
2017-12-29 22:08 - 2010-02-04 10:01 - 000078680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_4.dll
2017-12-29 22:08 - 2010-02-04 10:01 - 000074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_4.dll
2017-12-29 22:08 - 2010-02-04 10:01 - 000024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll
2017-12-29 22:08 - 2010-02-04 10:01 - 000022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_7.dll
2017-12-29 22:08 - 2009-09-04 17:44 - 000517960 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_5.dll
2017-12-29 22:08 - 2009-09-04 17:44 - 000515416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_5.dll
2017-12-29 22:08 - 2009-09-04 17:44 - 000238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_5.dll
2017-12-29 22:08 - 2009-09-04 17:44 - 000176968 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_5.dll
2017-12-29 22:08 - 2009-09-04 17:44 - 000073544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_3.dll
2017-12-29 22:08 - 2009-09-04 17:44 - 000069464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_3.dll
2017-12-29 22:08 - 2009-09-04 17:29 - 005554512 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_42.dll
2017-12-29 22:08 - 2009-09-04 17:29 - 005501792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_42.dll
2017-12-29 22:08 - 2009-09-04 17:29 - 002582888 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_42.dll
2017-12-29 22:08 - 2009-09-04 17:29 - 002475352 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_42.dll
2017-12-29 22:08 - 2009-09-04 17:29 - 001974616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_42.dll
2017-12-29 22:08 - 2009-09-04 17:29 - 001892184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_42.dll
2017-12-29 22:08 - 2009-09-04 17:29 - 000523088 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll
2017-12-29 22:08 - 2009-09-04 17:29 - 000453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_42.dll
2017-12-29 22:08 - 2009-09-04 17:29 - 000285024 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_42.dll
2017-12-29 22:08 - 2009-09-04 17:29 - 000235344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_42.dll
2017-12-29 22:08 - 2008-10-27 10:04 - 000518480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_3.dll
2017-12-29 22:08 - 2008-10-27 10:04 - 000514384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_3.dll
2017-12-29 22:08 - 2008-10-27 10:04 - 000235856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_3.dll
2017-12-29 22:08 - 2008-10-27 10:04 - 000175440 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_3.dll
2017-12-29 22:08 - 2008-10-27 10:04 - 000074576 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_2.dll
2017-12-29 22:08 - 2008-10-27 10:04 - 000070992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_2.dll
2017-12-29 22:08 - 2008-10-27 10:04 - 000025936 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_5.dll
2017-12-29 22:08 - 2008-10-27 10:04 - 000023376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_5.dll
2017-12-29 22:08 - 2008-07-31 10:41 - 000238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_2.dll
2017-12-29 22:08 - 2008-07-31 10:41 - 000177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll
2017-12-29 22:08 - 2008-07-31 10:41 - 000072200 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll
2017-12-29 22:08 - 2008-07-31 10:41 - 000068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll
2017-12-29 22:08 - 2008-07-31 10:40 - 000513544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll
2017-12-29 22:08 - 2008-07-31 10:40 - 000509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll
2017-12-26 20:44 - 2017-12-26 20:44 - 000000222 _____ C:\Users\Nick\Desktop\Don't Starve Together.url
2017-12-22 15:43 - 2017-12-22 15:43 - 013552322 _____ C:\Users\Nick\Downloads\Colossus Addon Mod2.1.0WindowsInstallerv2.exe
2017-12-21 22:51 - 2017-12-21 22:51 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVG
2017-12-21 22:51 - 2017-12-21 22:51 - 000000000 ____D C:\Program Files\Common Files\AVG
2017-12-21 21:32 - 2017-12-21 21:32 - 000000000 ____D C:\Program Files (x86)\Traffic Simulator Configuration Tool
2017-12-14 13:54 - 2017-12-14 13:54 - 000000000 ____D C:\Users\Nick\Documents\Paradox Interactive
2017-12-13 13:28 - 2017-12-13 13:28 - 166147412 _____ C:\Users\Nick\Downloads\3Y analyse.xlsx
2017-12-13 12:32 - 2017-11-30 04:33 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\OOBEUpdater.exe
2017-12-13 12:32 - 2017-11-30 04:23 - 007910960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-12-13 12:32 - 2017-11-30 04:23 - 001194248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-12-13 12:32 - 2017-11-30 03:58 - 006763128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-12-13 12:32 - 2017-11-30 03:57 - 001123968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-12-13 12:32 - 2017-11-30 03:45 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-12-13 12:32 - 2017-11-30 03:45 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-12-13 12:32 - 2017-11-30 03:44 - 000171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2017-12-13 12:32 - 2017-11-30 03:44 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2017-12-13 12:32 - 2017-11-30 03:43 - 000164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscript.exe
2017-12-13 12:32 - 2017-11-30 03:43 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-12-13 12:32 - 2017-11-30 03:43 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-12-13 12:32 - 2017-11-30 03:42 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-12-13 12:32 - 2017-11-30 03:42 - 000560640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2017-12-13 12:32 - 2017-11-30 03:42 - 000164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscript.exe
2017-12-13 12:32 - 2017-11-30 03:42 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2017-12-13 12:32 - 2017-11-30 03:42 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscript.ocx
2017-12-13 12:32 - 2017-11-30 03:41 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-12-13 12:32 - 2017-11-30 03:41 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2017-12-13 12:32 - 2017-11-30 03:41 - 000222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll
2017-12-13 12:32 - 2017-11-30 03:41 - 000146944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscript.exe
2017-12-13 12:32 - 2017-11-30 03:40 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
2017-12-13 12:32 - 2017-11-30 03:40 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrobj.dll
2017-12-13 12:32 - 2017-11-30 03:40 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscript.exe
2017-12-13 12:32 - 2017-11-30 03:39 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-12-13 12:32 - 2017-11-30 03:39 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-12-13 12:32 - 2017-11-30 03:38 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-12-13 12:32 - 2017-11-30 03:38 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-12-13 12:32 - 2017-11-30 03:37 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-12-13 12:32 - 2017-11-30 03:36 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-12-13 12:32 - 2017-11-30 03:36 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-12-13 12:32 - 2017-11-30 03:34 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-12-13 12:32 - 2017-11-17 10:46 - 002032536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-12-13 12:32 - 2017-11-17 10:46 - 001578904 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-12-13 12:32 - 2017-11-17 10:46 - 000678808 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-12-13 12:32 - 2017-11-17 10:46 - 000613784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-12-13 12:32 - 2017-11-17 10:46 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-12-13 12:32 - 2017-11-17 10:46 - 000484248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-12-13 12:32 - 2017-11-17 10:46 - 000379288 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-12-13 12:32 - 2017-11-17 10:46 - 000259992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-12-13 12:32 - 2017-11-17 10:46 - 000190360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-12-13 12:32 - 2017-11-17 10:46 - 000136088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-12-13 12:32 - 2017-11-17 10:46 - 000067992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2017-12-13 12:32 - 2017-11-17 10:46 - 000034712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-12-13 12:32 - 2017-11-17 10:39 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-12-13 12:32 - 2017-11-17 10:31 - 000223640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-12-13 12:32 - 2017-11-17 09:59 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-12-13 12:32 - 2017-11-17 09:56 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-01-11 00:42 - 2017-10-11 14:43 - 000004282 _____ C:\WINDOWS\System32\Tasks\Antivirus Emergency Update
2018-01-11 00:39 - 2017-10-11 13:07 - 000028859 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
2018-01-11 00:38 - 2017-10-11 14:47 - 000869640 _____ C:\WINDOWS\system32\perfh00C.dat
2018-01-11 00:38 - 2017-10-11 14:47 - 000203318 _____ C:\WINDOWS\system32\perfc00C.dat
2018-01-11 00:38 - 2017-10-11 14:15 - 003257476 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-01-11 00:38 - 2017-03-20 04:54 - 000990580 _____ C:\WINDOWS\system32\perfh013.dat
2018-01-11 00:38 - 2017-03-20 04:54 - 000209740 _____ C:\WINDOWS\system32\perfc013.dat
2018-01-11 00:34 - 2017-11-17 20:31 - 000000000 ____D C:\Program Files (x86)\Steam
2018-01-11 00:34 - 2017-10-11 14:58 - 000000000 ____D C:\Users\Nick\AppData\Roaming\Spotify
2018-01-11 00:33 - 2017-10-11 14:11 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-01-11 00:33 - 2017-10-11 14:07 - 000000000 ____D C:\Users\Nick
2018-01-11 00:33 - 2017-10-11 14:04 - 000394288 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-01-11 00:33 - 2017-10-11 13:01 - 000000000 __SHD C:\Users\Nick\IntelGraphicsProfiles
2018-01-11 00:33 - 2017-03-18 12:40 - 001835008 _____ C:\WINDOWS\system32\config\BBI
2018-01-11 00:32 - 2017-10-11 13:00 - 000000000 ____D C:\Users\Nick\AppData\Local\Host App Service
2018-01-11 00:22 - 2017-10-11 15:25 - 000002466 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2018-01-11 00:22 - 2017-10-11 14:43 - 000450360 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2018-01-11 00:22 - 2017-10-11 14:43 - 000139112 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2018-01-11 00:22 - 2017-03-18 22:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-01-11 00:21 - 2017-10-11 14:59 - 000000000 ____D C:\Users\Nick\AppData\Local\Spotify
2018-01-11 00:21 - 2017-03-30 16:24 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-01-11 00:20 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2018-01-11 00:20 - 2016-07-16 12:47 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2018-01-10 23:54 - 2017-10-11 14:04 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-01-10 16:56 - 2017-10-26 08:51 - 000000000 ____D C:\Users\Nick\AppData\Local\Citrix
2018-01-10 11:55 - 2017-10-11 14:41 - 000003668 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
2018-01-09 20:19 - 2017-10-11 19:25 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-01-09 20:13 - 2017-10-11 19:25 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-01-09 20:13 - 2017-10-11 19:25 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-01-09 20:13 - 2017-03-18 21:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-01-09 16:19 - 2017-03-18 22:03 - 000000000 ___HD C:\Program Files\WindowsApps
2018-01-09 16:19 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-01-09 14:53 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\rescache
2018-01-09 14:30 - 2017-10-11 13:01 - 000000000 ____D C:\Users\Nick\AppData\Local\Packages
2018-01-09 13:35 - 2017-11-16 17:21 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-01-09 12:00 - 2017-03-30 16:22 - 000000000 ____D C:\ProgramData\CyberLink
2018-01-08 22:43 - 2017-10-18 18:34 - 000000000 ____D C:\Users\Nick\AppData\Roaming\uTorrent
2018-01-08 21:07 - 2016-07-29 18:27 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-01-08 21:03 - 2017-03-18 22:01 - 000000000 ____D C:\WINDOWS\INF
2018-01-08 21:02 - 2017-03-18 22:03 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-01-08 21:02 - 2017-03-18 22:03 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-01-08 21:01 - 2017-12-09 01:44 - 000000000 ____D C:\WINDOWS\Minidump
2018-01-06 22:51 - 2017-11-30 10:51 - 000177536 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys
2018-01-06 22:51 - 2017-10-11 14:43 - 001017624 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2018-01-06 22:51 - 2017-10-11 14:43 - 000351128 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2018-01-06 22:51 - 2017-10-11 14:43 - 000337408 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbloga.sys
2018-01-06 22:51 - 2017-10-11 14:43 - 000315152 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdrivera.sys
2018-01-06 22:51 - 2017-10-11 14:43 - 000196904 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys
2018-01-06 22:51 - 2017-10-11 14:43 - 000193096 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsha.sys
2018-01-06 22:51 - 2017-10-11 14:43 - 000166624 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbdiska.sys
2018-01-06 22:51 - 2017-10-11 14:43 - 000102792 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
2018-01-06 22:51 - 2017-10-11 14:43 - 000076832 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2018-01-06 22:51 - 2017-10-11 14:43 - 000051336 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniva.sys
2018-01-06 22:51 - 2017-10-11 14:43 - 000039424 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgHwid.sys
2018-01-06 10:28 - 2017-10-11 14:44 - 000002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-06 10:28 - 2017-10-11 14:44 - 000002287 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-01-04 17:43 - 2017-10-11 15:25 - 000002454 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2017-12-23 20:07 - 2017-11-30 10:51 - 000002060 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG AntiVirus FREE.lnk
2017-12-23 20:07 - 2017-11-30 10:51 - 000002048 _____ C:\Users\Public\Desktop\AVG AntiVirus FREE.lnk
2017-12-21 05:35 - 2017-03-18 22:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-12-21 05:35 - 2017-03-18 22:06 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-12-14 19:05 - 2017-10-11 12:58 - 000000000 ___SD C:\WINDOWS\UpdateAssistantV2
2017-12-14 19:05 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-12-12 13:16 - 2017-11-15 14:00 - 000000000 ____D C:\Users\Nick\AppData\Local\Battle.net
2017-12-12 11:33 - 2017-11-15 14:01 - 000000000 ____D C:\Program Files (x86)\Hearthstone
2017-12-12 11:29 - 2017-11-15 13:59 - 000000000 ____D C:\Program Files (x86)\Battle.net
 
==================== Files in the root of some directories =======
 
2017-10-11 14:05 - 2017-12-08 21:29 - 001388432 _____ () C:\Users\Public\VOIP.dat
2018-01-04 14:03 - 2017-03-18 21:59 - 000000877 _____ () C:\Program Files (x86)\Common Files\aOiLJUtULvx
2017-03-18 21:59 - 2017-03-18 21:59 - 000000877 _____ () C:\Program Files (x86)\Common Files\aOiLJUtULvx.bat
2018-01-04 14:03 - 2017-03-18 21:58 - 000059392 _____ (Microsoft Corporation) C:\Users\Nick\AppData\Roaming\xianDLVO.exe
2018-01-04 14:03 - 2017-03-18 21:58 - 000174592 _____ (Microsoft Corporation) C:\Users\Nick\AppData\Local\UaHGuou.exe
2018-01-04 14:03 - 2018-01-04 14:03 - 000000001 _____ () C:\Users\Nick\AppData\Local\WMI.ini
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-01-05 14:13
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,768 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:19 PM

Posted 10 January 2018 - 08:43 PM

Greetings Nick and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me just a bit of time to review what you have posted. I should be replying with some steps relatively soon.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,768 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:19 PM

Posted 10 January 2018 - 09:00 PM

Greetings,

Could you copy and paste the contents of the Addition.txt report in your reply.

BTW thanks for renaming the file to FRST64english.exe. :thumbsup2:
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 StripedDuck

StripedDuck
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 11 January 2018 - 07:13 AM

Hi Gary,

 

Thanks for your quick response, feel free to call me Nick.

 

I saw some other posts and noticed that you wish for the english files, so I thought I had everything ready but still forgot something (what a shame).

 

Here is the addition report:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
Ran by Nick (11-01-2018 00:56:47)
Running from C:\Users\Nick\Desktop
Windows 10 Home Version 1703 15063.850 (X64) (2017-10-11 13:18:13)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2369273020-3306953221-4272594369-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2369273020-3306953221-4272594369-503 - Limited - Disabled)
Gast (S-1-5-21-2369273020-3306953221-4272594369-501 - Limited - Disabled)
Nick (S-1-5-21-2369273020-3306953221-4272594369-1001 - Administrator - Enabled) => C:\Users\Nick
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2369273020-3306953221-4272594369-1001\...\uTorrent) (Version: 3.5.1.44332 - BitTorrent Inc.)
Adobe Acrobat Reader DC - Nederlands (HKLM-x32\...\{AC76BA86-7AD7-1043-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
ANNO 1404 - Venice (HKLM-x32\...\{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}) (Version: 2.0.5008.0 - Ubisoft)
Anno 1404 (HKLM-x32\...\{09CF6AF5-9206-4FD7-9B08-BA6819FB47E3}) (Version: 1.00.0000 - Ubisoft) Hidden
ANNO 1404 (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.02.0000 - Ubisoft)
AVG (HKLM\...\{BE1A8A5D-8197-48D3-8A41-4360888B7306}) (Version: 1.231.2 - AVG Technologies) Hidden
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 17.9.3040 - AVG Technologies)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.14018 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{C706092D-491F-4D29-BB49-FF7B47CD12F2}) (Version: 3.1.14018 - Cisco Systems, Inc.) Hidden
Citrix Receiver 4.9 (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.9.0.2539 - Citrix Systems, Inc.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.7007 - CyberLink Corp.)
CyberLink PowerDVD 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.1.6714 - CyberLink Corp.)
FMW 1 (HKLM\...\{36133E9F-B129-4206-9FB4-13F707787542}) (Version: 1.226.3 - AVG Technologies) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Intel® Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1025 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4550 - Intel Corporation) Hidden
Lenovo App Explorer (HKU\S-1-5-21-2369273020-3306953221-4272594369-1001\...\Host App Service) (Version: 0.273.2.460 - SweetLabs for Lenovo)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.5708 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.5708 - CyberLink Corp.)
Malwarebytes versie 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft Office 365 ProPlus - nl-nl (HKLM\...\O365ProPlusRetail - nl-nl) (Version: 16.0.8730.2165 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2369273020-3306953221-4272594369-1001\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8730.2165 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2165 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2165 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0413-0000-0000000FF1CE}) (Version: 16.0.8730.2165 - Microsoft Corporation) Hidden
Online Plug-in (HKLM-x32\...\{5C38E4A7-9778-4C51-8021-61759600D96A}) (Version: 14.9.0.2539 - Citrix Systems, Inc.) Hidden
Self-service Plug-in (HKLM-x32\...\{C7E328BE-E4FF-4D07-B848-1179C42C8AD4}) (Version: 4.9.0.2528 - Citrix Systems, Inc.) Hidden
Spotify (HKU\S-1-5-21-2369273020-3306953221-4272594369-1001\...\Spotify) (Version: 1.0.70.388.g8e1ed5af - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.88438 - TeamViewer)
Windows 10-upgradeassistent (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22175 - Microsoft Corporation)
WinRAR 5.50 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2018-01-06] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-10-07] (Cyberlink)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-10-07] (Cyberlink)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki119320.inf_amd64_1636669de50ea477\igfxDTCM.dll [2016-12-16] (Intel Corporation)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2018-01-06] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {06335DF1-B741-4E0B-8AC1-2AF2504C7AD5} - System32\Tasks\App Explorer => C:\Users\Nick\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [2017-11-14] (SweetLabs, Inc) <==== ATTENTION
Task: {1D35FF3E-6B85-4348-B58E-B5FFE334E5D1} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2018-01-08] (AVG Technologies CZ, s.r.o.)
Task: {1D93BCFC-5E9E-4F9F-AD91-2D00911258F6} - System32\Tasks\gaVeAjA => C:\WINDOWS\YgoyEOek.bat [2017-03-18] () <==== ATTENTION
Task: {20D59126-E7D7-40FB-8A37-46774C8E3350} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => %windir%\system32\sc.exe START ImControllerService
Task: {20DFA541-C0FA-48BC-9727-3539EAD02BED} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-01-08] (Microsoft Corporation)
Task: {215A90A5-2339-4EDD-9A49-9266DAA4E298} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\f19714a2-6952-476a-920e-f57cf9193b5b => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-11-12] (Lenovo Group Limited)
Task: {23239DE7-568C-4028-BDFB-31D51858746E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-01-09] (Microsoft Corporation)
Task: {28E94714-8F06-4AB4-AE13-87CEEC5163DD} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-25] (Microsoft Corporation)
Task: {3660981F-FB3E-4DE8-86ED-4620581F667B} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\c6397a8a-1cc7-4ff7-8f32-4d8417cda6a5 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-11-12] (Lenovo Group Limited)
Task: {370A5A18-EE10-4138-AF24-8E4B8CE1525E} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\5a301b08-dfdc-47d6-812a-38c28e7124b8 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-11-12] (Lenovo Group Limited)
Task: {52D67C62-2CB0-4517-B949-E7CC962FB34D} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-01-09] (Microsoft Corporation)
Task: {67DD475E-188F-4404-8DC9-78A2D473808A} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2018-01-06] (AVG Technologies CZ, s.r.o.)
Task: {803C14DC-05DA-445C-8113-46862E743D4E} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\Lenovo\Power2Go\CLVDLauncher.exe [2016-09-20] (CyberLink Corp.)
Task: {8815EDD1-5867-48E7-92FC-2AA1FE90477F} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {95B00611-CAA6-44CA-B9B3-A5DDBF6DD3FA} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-01-09] (Microsoft Corporation)
Task: {9C0016D6-5952-49C8-91DF-22AA95AC8473} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler  /v start /t reg_dword /d 1 /f /reg:32
Task: {9D0DC13B-4B50-4AFD-9D37-A216C54783E5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-11] (Google Inc.)
Task: {A9503176-F6B9-40FE-BA72-405FC21594D1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-01-08] (Microsoft Corporation)
Task: {AA587F4B-077A-4519-8658-337BCFC0B337} - System32\Tasks\dZYHA => C:\WINDOWS\tFDipau.bat [2017-03-18] () <==== ATTENTION
Task: {AC573635-B197-40CF-9194-F1AFE07DBCA1} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\a00f9055-44c6-4cb0-b40d-2c9fcfd95dc1 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-11-12] (Lenovo Group Limited)
Task: {B944EF5B-4FDF-4C48-94B9-48240BD0890F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-11] (Google Inc.)
Task: {BADCBE02-E421-4A54-933B-029482372D35} - System32\Tasks\PDVDServ14 Task => C:\Program Files (x86)\CyberLink\PowerDVD14\PDVD14Serv.exe [2016-07-14] (CyberLink Corp.)
Task: {BE28023E-C52B-4438-B40A-884E57BAB88A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-25] (Microsoft Corporation)
Task: {CA75603A-4661-4511-9DAA-F17F09136B36} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe [2016-10-07] (CyberLink)
Task: {DDB41C53-4063-4320-AB56-6880C6D31FB7} - System32\Tasks\YNXkmsEay => C:\Users\Nick\AppData\Roaming\xianDLVO.exe [2017-03-18] (Microsoft Corporation) <==== ATTENTION
Task: {EA9CAB9C-8DFA-4945-BA23-DE96A967E8DB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-03-18 21:58 - 2017-03-18 21:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 21:59 - 2017-03-20 04:56 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-01-03 19:16 - 2018-01-03 19:16 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-01-03 19:16 - 2018-01-03 19:16 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-01-03 19:16 - 2018-01-03 19:16 - 024670720 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-01-03 19:16 - 2018-01-03 19:16 - 002550272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\skypert.dll
2018-01-03 19:16 - 2018-01-03 19:16 - 000667648 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-01-09 16:19 - 2018-01-09 16:19 - 004698840 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11712.1001.11.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-12-21 20:11 - 2017-12-21 20:11 - 026507776 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17112.13411.0_x64__8wekyb3d8bbwe\Video.UI.exe
2017-12-21 20:11 - 2017-12-21 20:11 - 008370176 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17112.13411.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-10-11 13:38 - 2017-10-11 13:38 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17112.13411.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2016-02-29 11:16 - 2016-02-29 11:16 - 000070144 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2017-10-11 14:41 - 2017-10-11 14:40 - 048920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
2018-01-06 22:51 - 2018-01-06 22:51 - 000207272 _____ () C:\Program Files (x86)\AVG\Antivirus\JsonRpcServer.dll
2018-01-06 22:51 - 2018-01-06 22:51 - 000059136 _____ () C:\Program Files (x86)\AVG\Antivirus\module_lifetime.dll
2018-01-06 22:51 - 2018-01-06 22:51 - 000058624 _____ () C:\Program Files (x86)\AVG\Antivirus\dll_loader.dll
2017-10-11 14:43 - 2017-10-11 14:43 - 067109376 _____ () C:\Program Files (x86)\AVG\Antivirus\libcef.dll
2018-01-06 22:51 - 2018-01-06 22:51 - 000290392 _____ () C:\Program Files (x86)\AVG\Antivirus\tasks_core.dll
2017-12-06 07:35 - 2017-12-06 07:35 - 000102088 _____ () C:\Users\Nick\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\UpdateRingSettings.dll
2017-10-11 14:59 - 2017-12-25 00:15 - 068214160 _____ () C:\Users\Nick\AppData\Roaming\Spotify\libcef.dll
2017-10-11 14:59 - 2017-12-25 00:15 - 003112848 _____ () C:\Users\Nick\AppData\Roaming\Spotify\libglesv2.dll
2017-10-11 14:59 - 2017-12-25 00:15 - 000089488 _____ () C:\Users\Nick\AppData\Roaming\Spotify\libegl.dll
2017-10-11 15:21 - 2017-12-01 12:34 - 001452728 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\ClientTelemetry.dll
2017-03-30 16:35 - 2016-09-21 02:18 - 000763160 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2016-09-21 17:18 - 2016-09-21 17:18 - 000027416 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2369273020-3306953221-4272594369-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2369273020-3306953221-4272594369-1001\...\sharepoint.com -> hxxps://enexis-files.sharepoint.com
IE trusted site: HKU\S-1-5-21-2369273020-3306953221-4272594369-1001\...\webcompanion.com -> hxxp://webcompanion.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-07-16 12:47 - 2016-07-16 12:45 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2369273020-3306953221-4272594369-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{9BAD3C36-1B40-4377-80C8-10C99C590951}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{5423D2D2-2E30-4EC7-9E21-F3B2510C3D71}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{98035309-C613-474D-B928-FD668188F97C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
FirewallRules: [{609AB605-6704-47E3-A020-240688AC0624}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
FirewallRules: [{116A4B59-B540-42DE-B11D-295A79A6F0ED}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [{6C5F67CE-ABAA-4749-BE88-167629347964}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{8A6859C4-B6E1-45F4-93A2-D08555027F0A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{63810A68-CC16-4818-962B-4A5040A3D9C0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{932AA3F2-8FDF-42FA-A3FF-CE22168F383C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{1A90B7E2-1F19-4545-AB28-1C778D8C7BB0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{6E0B3240-B242-49CE-8B31-6AAEF49E8606}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe
FirewallRules: [{C3734C61-C9E6-4DD4-B88E-B1E43F65D91F}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe
FirewallRules: [TCP Query User{1715FCB8-3449-44AB-9FDC-ADF7AC199539}C:\users\nick\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nick\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{C4E7AC0D-80EA-4184-AD7D-4D1B0BBC6E1C}C:\users\nick\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nick\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{7E438C4C-F33A-4BF3-ACFF-14CBBFD1C6EF}C:\users\nick\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\nick\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{A9E6D7F3-F8EB-4DA0-A68D-09FDE2E2B84F}C:\users\nick\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\nick\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{DE27D5EE-9598-44DA-873B-3826EE21186C}C:\program files (x86)\anylogic 8 personal learning edition\anylogic.exe] => (Allow) C:\program files (x86)\anylogic 8 personal learning edition\anylogic.exe
FirewallRules: [UDP Query User{9E8D747A-D9A4-4B06-83ED-4C77FE454270}C:\program files (x86)\anylogic 8 personal learning edition\anylogic.exe] => (Allow) C:\program files (x86)\anylogic 8 personal learning edition\anylogic.exe
FirewallRules: [TCP Query User{D7F1FD3F-A9D6-47EE-9049-1B14000FEBD3}C:\program files (x86)\anylogic 8 personal learning edition\jre\bin\java.exe] => (Allow) C:\program files (x86)\anylogic 8 personal learning edition\jre\bin\java.exe
FirewallRules: [UDP Query User{85A19D6E-6145-49F0-AFD7-7B47C18A15C4}C:\program files (x86)\anylogic 8 personal learning edition\jre\bin\java.exe] => (Allow) C:\program files (x86)\anylogic 8 personal learning edition\jre\bin\java.exe
FirewallRules: [TCP Query User{93AFCAA4-638B-4741-BF64-3D1394465523}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{BAC1D6D4-9090-44CD-9A30-230647386F47}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{D449312E-6BBD-4910-A35D-08AD9F343933}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{1BA088CA-5A87-4C66-A6C6-644735001738}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{060C1F4E-2A7E-4BFE-977C-F6B17482F97D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{D7D82D3E-3E38-413A-9E41-B5824D229920}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F65016F6-06AB-417C-B367-ECD2D2B093C6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{BA8DC36E-2516-44FE-B707-ACEA5CA68C00}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8D43B542-BB55-48D4-8E0D-D9655F2EB3DD}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{94278814-C4D1-4416-AB9C-E1F887FF4198}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{4DFCE8E2-848C-4064-A71A-9E7776A82712}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Northgard\Northgard.exe
FirewallRules: [{B2B0B246-FDD9-43FE-A1D1-13446E6022FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Northgard\Northgard.exe
FirewallRules: [{833A9D71-2B61-47B5-A2C4-A96A4D2A52B3}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404\Anno4.exe
FirewallRules: [{13A75746-6A6C-48E2-96E0-51D5F15E4059}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404\Anno4.exe
FirewallRules: [{D8940539-6AE2-44AA-A06F-EC5A7E095E53}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe
FirewallRules: [{42DFA19F-8AE9-40D2-950C-68C4EE11458E}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe
FirewallRules: [{7AFA8F06-6D85-4B1C-AF2D-627CB550218C}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404\Addon.exe
FirewallRules: [{7CC02292-608B-4F65-BDE4-6034288838FD}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404\Addon.exe
FirewallRules: [{3266704D-3EBA-4FB3-B809-CE1EC5B7EB17}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404\tools\AddonWeb.exe
FirewallRules: [{29333B12-AC87-4AB5-A037-828F14799BB9}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404\tools\AddonWeb.exe
FirewallRules: [{D1152EAC-2908-4B59-9C10-0B691E8D19F5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Anno 1404\Anno4.exe
FirewallRules: [{9BEA1217-3726-49C1-B793-3D0885A2455A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Anno 1404\Anno4.exe
FirewallRules: [{92747C00-4738-4F28-AF0C-689B7C4882D9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Anno 1404\Addon.exe
FirewallRules: [{FAB8F538-0E50-43EC-991E-C9C83122202C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Anno 1404\Addon.exe
FirewallRules: [TCP Query User{DD95BB16-BA89-4AC0-A4B7-B1586349BB51}C:\program files (x86)\steam\steamapps\common\anno 1404\tools\addonweb.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\anno 1404\tools\addonweb.exe
FirewallRules: [UDP Query User{E3AB199B-7BD3-4768-B448-80EB635B8FF3}C:\program files (x86)\steam\steamapps\common\anno 1404\tools\addonweb.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\anno 1404\tools\addonweb.exe
FirewallRules: [{E19C4C27-3BDF-4DDA-90AD-2EBBC492B1C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{113AA371-F00A-44BD-B612-538DBCB8F4EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{5324F52F-5474-4793-AA94-9A8137A0B544}] => (Allow) C:\Users\Nick\AppData\Local\Lite\Application\lite.exe
FirewallRules: [{0305F5DA-67AB-465E-94D1-F47D138EDBD3}] => (Allow) C:\Users\Nick\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{DE88BB75-5251-4A24-830D-CC96633278A3}] => (Allow) C:\Users\Nick\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{DECC8979-C2EE-470C-B1BA-5734284B7E8B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{FFA42504-91C9-4D80-B08D-543C6BB8BF81}C:\program files (x86)\sega\total war - shogun 2\shogun2.exe] => (Allow) C:\program files (x86)\sega\total war - shogun 2\shogun2.exe
FirewallRules: [UDP Query User{9DD8FB41-918B-4935-A2B0-261779A1575F}C:\program files (x86)\sega\total war - shogun 2\shogun2.exe] => (Allow) C:\program files (x86)\sega\total war - shogun 2\shogun2.exe
FirewallRules: [{81BC93BB-9D1B-4247-AB53-4C6652408F34}] => (Block) C:\program files (x86)\sega\total war - shogun 2\shogun2.exe
FirewallRules: [{B85FA031-A881-4966-84D9-888EB27A6EC8}] => (Block) C:\program files (x86)\sega\total war - shogun 2\shogun2.exe
FirewallRules: [{C675DADA-12EC-4F5F-B096-96CD50FBD2EF}] => (Allow) C:\Users\Nick\AppData\Local\Recovery\msiexec64.exe
FirewallRules: [{6E583211-CC30-48C2-83F8-7CD0A0B61F1F}] => (Allow) C:\Users\Nick\AppData\Local\Recovery\msiexec64.exe
 
==================== Restore Points =========================
 
09-01-2018 15:11:07 Gepland controlepunt
11-01-2018 00:19:52 Restore Point Created by FRST
11-01-2018 00:33:03 Restore Point Created by FRST
 
==================== Faulty Device Manager Devices =============
 
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/11/2018 12:34:25 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Kan DLL voor uitbreidbare items rdyboost niet laden. De eerste vier bytes (DWORD) in de sectie Gegevens bevatten de Windows-foutcode.
 
Error: (01/11/2018 12:34:25 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: De openprocedure voor de BITS-service in DLL-bestand C:\Windows\System32\bitsperf.dll is mislukt. Prestatiemetergegevens voor deze service zijn niet beschikbaar. De eerste vier bytes (DWORD) in de sectie Gegevens bevatten de foutcode.
 
Error: (01/11/2018 12:34:03 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Kan activeringscontext voor 'C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest' niet maken. Fout in manifest of beleidsbestand 'C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL op regel 1.
Onderdeel-id in manifest komt niet overeen met de id van het gevraagde onderdeel.
Verwijzing is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definitie is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Gebruik sxstrace.exe voor gedetailleerde diagnose.
 
Error: (01/11/2018 12:33:02 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Fout in de Volume Shadow Copy-service: onverwachte fout bij het uitvoeren van een query voor de IVssWriterCallback-interface. hr = 0x80070005, Toegang geweigerd.
.
Dit wordt vaak veroorzaakt door onjuiste beveiligingsinstellingen in het writer- of requestorproces.
 
 
Bewerking:
   Schrijvergegevens verzamelen
 
Context:
   Klasse-id van schrijver: {e8132975-6f93-4464-a53e-1050253ae220}
   Naam van schrijver: System Writer
   Instantie-id van schrijver: {dbd0479f-a91c-4c42-9636-1c83ffb7edb6}
 
Error: (01/11/2018 12:21:45 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Kan activeringscontext voor 'C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest' niet maken. Fout in manifest of beleidsbestand 'C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL op regel 1.
Onderdeel-id in manifest komt niet overeen met de id van het gevraagde onderdeel.
Verwijzing is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definitie is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Gebruik sxstrace.exe voor gedetailleerde diagnose.
 
Error: (01/11/2018 12:19:52 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Fout in de Volume Shadow Copy-service: onverwachte fout bij het uitvoeren van een query voor de IVssWriterCallback-interface. hr = 0x80070005, Toegang geweigerd.
.
Dit wordt vaak veroorzaakt door onjuiste beveiligingsinstellingen in het writer- of requestorproces.
 
 
Bewerking:
   Schrijvergegevens verzamelen
 
Context:
   Klasse-id van schrijver: {e8132975-6f93-4464-a53e-1050253ae220}
   Naam van schrijver: System Writer
   Instantie-id van schrijver: {e32622a8-4630-4769-8e12-77b565655629}
 
Error: (01/11/2018 12:10:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: 1914132756.exe, versie: 0.0.0.0, tijdstempel: 0x2a425e4d
Naam van module met fout: unknown, versie: 0.0.0.0, tijdstempel: 0x00000000
Uitzonderingscode: 0xc0000005
Foutmarge: 0x25ffc08b
Id van proces met fout: 0x1648
Starttijd van toepassing met fout: 0x01d38a682a56f684
Pad naar toepassing met fout: C:\Users\Nick\AppData\Local\Temp\is-6NF1D.tmp\1914132756.exe
Pad naar module met fout: unknown
Rapport-id: 75379fb3-e8a6-44e3-80d0-75b189a0c139
Volledige pakketnaam met fout: 
Relatieve toepassings-id van pakket met fout:
 
Error: (01/11/2018 12:10:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: 1914132756.exe, versie: 0.0.0.0, tijdstempel: 0x2a425e4d
Naam van module met fout: unknown, versie: 0.0.0.0, tijdstempel: 0x00000000
Uitzonderingscode: 0xc0000005
Foutmarge: 0x25ffc08b
Id van proces met fout: 0x1648
Starttijd van toepassing met fout: 0x01d38a682a56f684
Pad naar toepassing met fout: C:\Users\Nick\AppData\Local\Temp\is-6NF1D.tmp\1914132756.exe
Pad naar module met fout: unknown
Rapport-id: 5565e259-38f4-4bdd-b2ee-7563990fc442
Volledige pakketnaam met fout: 
Relatieve toepassings-id van pakket met fout:
 
Error: (01/11/2018 12:10:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: 1914132756.exe, versie: 0.0.0.0, tijdstempel: 0x2a425e4d
Naam van module met fout: unknown, versie: 0.0.0.0, tijdstempel: 0x00000000
Uitzonderingscode: 0xc0000005
Foutmarge: 0x25ffc08b
Id van proces met fout: 0x1648
Starttijd van toepassing met fout: 0x01d38a682a56f684
Pad naar toepassing met fout: C:\Users\Nick\AppData\Local\Temp\is-6NF1D.tmp\1914132756.exe
Pad naar module met fout: unknown
Rapport-id: f9a8085f-8933-400f-a372-ddb263527413
Volledige pakketnaam met fout: 
Relatieve toepassings-id van pakket met fout:
 
Error: (01/11/2018 12:10:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: 1914132756.exe, versie: 0.0.0.0, tijdstempel: 0x2a425e4d
Naam van module met fout: unknown, versie: 0.0.0.0, tijdstempel: 0x00000000
Uitzonderingscode: 0xc0000005
Foutmarge: 0x25ffc08b
Id van proces met fout: 0x1648
Starttijd van toepassing met fout: 0x01d38a682a56f684
Pad naar toepassing met fout: C:\Users\Nick\AppData\Local\Temp\is-6NF1D.tmp\1914132756.exe
Pad naar module met fout: unknown
Rapport-id: a7e9ae32-d097-42dd-a131-93f59102b7c8
Volledige pakketnaam met fout: 
Relatieve toepassings-id van pakket met fout:
 
 
System errors:
=============
Error: (01/11/2018 12:33:54 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 en APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 aan de gebruiker NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.
 
Error: (01/11/2018 12:33:54 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 en APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 aan de gebruiker NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.
 
Error: (01/11/2018 12:33:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: De SAService-service kan vanwege de volgende fout niet worden gestart: 
Het systeem kan het opgegeven bestand niet vinden.
 
Error: (01/11/2018 12:33:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: De CldFlt-service kan vanwege de volgende fout niet worden gestart: 
De aanvraag wordt niet ondersteund.
 
Error: (01/11/2018 12:33:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: De Windows Search-service kan vanwege de volgende fout niet worden gestart: 
De service is niet gestart vanwege een aanmeldingsfout.
 
Error: (01/11/2018 12:33:32 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: De WSearch-service kan niet als NT AUTHORITY\SYSTEM met het huidig ingestelde wachtwoord worden aangemeld vanwege de volgende fout: 
De aanvraag wordt niet ondersteund.
 
 
Gebruik de module Services in de Microsoft Management Console (MMC) om te controleren of de service juist is geconfigureerd.
 
Error: (01/11/2018 12:33:02 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: De Windows Modules Installer-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 120000 milliseconden worden uitgevoerd: Service opnieuw starten.
 
Error: (01/11/2018 12:33:02 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: De Remote Procedure Call (RPC) Locator-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 120000 milliseconden worden uitgevoerd: Service opnieuw starten.
 
Error: (01/11/2018 12:33:02 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: De Windows Search-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 30000 milliseconden worden uitgevoerd: Service opnieuw starten.
 
Error: (01/11/2018 12:33:02 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: De System Interface Foundation Service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.
 
 
CodeIntegrity:
===================================
  Date: 2017-10-11 15:06:10.677
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-6200U CPU @ 2.30GHz
Percentage of memory in use: 53%
Total physical RAM: 3969.76 MB
Available physical RAM: 1827.7 MB
Total Virtual: 6785.76 MB
Available Virtual: 4209.56 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:103.1 GB) (Free:44.21 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 8A900A25)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,768 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:19 PM

Posted 11 January 2018 - 12:11 PM

Greetings Nick.

Are you familiar with this?

3Y analyse.xlsx

-----

Did you intentionally turn off Smart Screen?

SmartScreenEnabled: Off

-----

Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have Peer 2 Peer (torrent) program(s) installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Peer 2 Peer programs, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about CryptoLocker Ransomware, a type of Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2369273020-3306953221-4272594369-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize 
Tcpip\..\Interfaces\{c7177b13-afc7-4c8c-8954-5287f7a4af8f}: [DhcpNameServer] 150.100.0.10
SearchScopes: HKU\S-1-5-21-2369273020-3306953221-4272594369-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = 
CHR HomePage: Default -> hxxp://mail.ru/cnt/10445?gp=811138
CHR StartupUrls: Default -> "hxxp://mail.ru/cnt/10445?gp=811138"
S4 mccspsvc; "C:\Program Files\Common Files\McAfee\CSP\2.6.319.0\\McCSPServiceHost.exe" [X]
S2 mrupdsrv; "C:\Program Files (x86)\Mail.Ru\Update Service\mrupdsrv.exe" --s [X]
C:\Program Files (x86)\Mail.Ru
2018-01-04 14:03 - 2018-01-11 00:36 - 000003532 _____ C:\WINDOWS\System32\Tasks\gaVeAjA
2018-01-04 14:03 - 2018-01-11 00:10 - 000003324 _____ C:\WINDOWS\System32\Tasks\dZYHA
2018-01-04 14:03 - 2018-01-04 14:08 - 000000000 ____D C:\Users\Nick\AppData\Local\Lite
2018-01-04 14:03 - 2018-01-04 14:03 - 000003722 _____ C:\WINDOWS\System32\Tasks\YNXkmsEay
2018-01-04 14:03 - 2018-01-04 14:03 - 000000001 _____ C:\Users\Nick\AppData\Local\WMI.ini
2018-01-04 14:03 - 2017-03-18 21:59 - 000001075 _____ C:\WINDOWS\ooEEodCazB
2018-01-04 14:03 - 2017-03-18 21:59 - 000000077 _____ C:\WINDOWS\tFDipau
2018-01-04 14:03 - 2017-03-18 21:59 - 000000051 _____ C:\WINDOWS\YgoyEOek
2018-01-04 14:03 - 2017-03-18 21:58 - 000174592 _____ (Microsoft Corporation) C:\Users\Nick\AppData\Local\UaHGuou.exe
2018-01-04 14:03 - 2017-03-18 21:58 - 000059392 _____ (Microsoft Corporation) C:\Users\Nick\AppData\Roaming\xianDLVO.exe
2018-01-04 14:02 - 2018-01-04 14:08 - 000000000 ____D C:\Users\Nick\AppData\Local\Mail.Ru
2017-12-22 15:43 - 2017-12-22 15:43 - 013552322 _____ C:\Users\Nick\Downloads\Colossus Addon Mod2.1.0WindowsInstallerv2.exe
2018-01-04 14:03 - 2017-03-18 21:59 - 000000877 _____ () C:\Program Files (x86)\Common Files\aOiLJUtULvx
2017-03-18 21:59 - 2017-03-18 21:59 - 000000877 _____ () C:\Program Files (x86)\Common Files\aOiLJUtULvx.bat
2018-01-04 14:03 - 2017-03-18 21:58 - 000059392 _____ (Microsoft Corporation) C:\Users\Nick\AppData\Roaming\xianDLVO.exe
2018-01-04 14:03 - 2017-03-18 21:58 - 000174592 _____ (Microsoft Corporation) C:\Users\Nick\AppData\Local\UaHGuou.exe
2018-01-04 14:03 - 2018-01-04 14:03 - 000000001 _____ () C:\Users\Nick\AppData\Local\WMI.ini
Task: {06335DF1-B741-4E0B-8AC1-2AF2504C7AD5} - System32\Tasks\App Explorer => C:\Users\Nick\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [2017-11-14] (SweetLabs, Inc)
C:\Users\Nick\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
Task: {1D93BCFC-5E9E-4F9F-AD91-2D00911258F6} - System32\Tasks\gaVeAjA => C:\WINDOWS\YgoyEOek.bat
Task: {AA587F4B-077A-4519-8658-337BCFC0B337} - System32\Tasks\dZYHA => C:\WINDOWS\tFDipau.bat [2017-03-18]
C:\WINDOWS\tFDipau.bat
Task: {DDB41C53-4063-4320-AB56-6880C6D31FB7} - System32\Tasks\YNXkmsEay => C:\Users\Nick\AppData\Roaming\xianDLVO.exe
C:\Users\Nick\AppData\Roaming\xianDLVO.exe
C:\Users\Nick\AppData\Local\Temp\is-6NF1D.tmp
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: Bitsadmin /Reset /Allusers
cmd: ipconfig /flushdns
Removeproxy:
emptytemp:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Please follow the instructions here to reset Chrome Sync.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Reply to questions
  • Fixlog
  • Chrome reset?
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 StripedDuck

StripedDuck
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 11 January 2018 - 01:27 PM

Hi Gary,

 

Thanks for you help and tips (I will remove the P2P applications as it might be the source as you indicated).

 

To answer your questions, the 3Y analysis is a file that I created for a project (the size is quite big, but only containing data I created) and can be trusted.

I was not aware that SmartScreen was disabled, so I turned this back on. However, I mainly use Chrome so I don't know if that also works cross-browser.

 

For now, I have not seen the cmd back. However, I am going to turn off my internet connection for a few hours now. When my laptop has no connection the cmd cannot finish its tasks and remains open, so I can see whether it returned or not.

I will update you on that later (today or tomorrow morning).

 

Lastly, here is the feedback from the log file. I hope I answered all your questions, if not, please let me know.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
Ran by Nick (11-01-2018 18:37:19) Run:3
Running from C:\Users\Nick\Desktop
Loaded Profiles: Nick (Available Profiles: Nick)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2369273020-3306953221-4272594369-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize 
Tcpip\..\Interfaces\{c7177b13-afc7-4c8c-8954-5287f7a4af8f}: [DhcpNameServer] 150.100.0.10
SearchScopes: HKU\S-1-5-21-2369273020-3306953221-4272594369-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = 
CHR HomePage: Default -> hxxp://mail.ru/cnt/10445?gp=811138
CHR StartupUrls: Default -> "hxxp://mail.ru/cnt/10445?gp=811138"
S4 mccspsvc; "C:\Program Files\Common Files\McAfee\CSP\2.6.319.0\\McCSPServiceHost.exe" [X]
S2 mrupdsrv; "C:\Program Files (x86)\Mail.Ru\Update Service\mrupdsrv.exe" --s [X]
C:\Program Files (x86)\Mail.Ru
2018-01-04 14:03 - 2018-01-11 00:36 - 000003532 _____ C:\WINDOWS\System32\Tasks\gaVeAjA
2018-01-04 14:03 - 2018-01-11 00:10 - 000003324 _____ C:\WINDOWS\System32\Tasks\dZYHA
2018-01-04 14:03 - 2018-01-04 14:08 - 000000000 ____D C:\Users\Nick\AppData\Local\Lite
2018-01-04 14:03 - 2018-01-04 14:03 - 000003722 _____ C:\WINDOWS\System32\Tasks\YNXkmsEay
2018-01-04 14:03 - 2018-01-04 14:03 - 000000001 _____ C:\Users\Nick\AppData\Local\WMI.ini
2018-01-04 14:03 - 2017-03-18 21:59 - 000001075 _____ C:\WINDOWS\ooEEodCazB
2018-01-04 14:03 - 2017-03-18 21:59 - 000000077 _____ C:\WINDOWS\tFDipau
2018-01-04 14:03 - 2017-03-18 21:59 - 000000051 _____ C:\WINDOWS\YgoyEOek
2018-01-04 14:03 - 2017-03-18 21:58 - 000174592 _____ (Microsoft Corporation) C:\Users\Nick\AppData\Local\UaHGuou.exe
2018-01-04 14:03 - 2017-03-18 21:58 - 000059392 _____ (Microsoft Corporation) C:\Users\Nick\AppData\Roaming\xianDLVO.exe
2018-01-04 14:02 - 2018-01-04 14:08 - 000000000 ____D C:\Users\Nick\AppData\Local\Mail.Ru
2017-12-22 15:43 - 2017-12-22 15:43 - 013552322 _____ C:\Users\Nick\Downloads\Colossus Addon Mod2.1.0WindowsInstallerv2.exe
2018-01-04 14:03 - 2017-03-18 21:59 - 000000877 _____ () C:\Program Files (x86)\Common Files\aOiLJUtULvx
2017-03-18 21:59 - 2017-03-18 21:59 - 000000877 _____ () C:\Program Files (x86)\Common Files\aOiLJUtULvx.bat
2018-01-04 14:03 - 2017-03-18 21:58 - 000059392 _____ (Microsoft Corporation) C:\Users\Nick\AppData\Roaming\xianDLVO.exe
2018-01-04 14:03 - 2017-03-18 21:58 - 000174592 _____ (Microsoft Corporation) C:\Users\Nick\AppData\Local\UaHGuou.exe
2018-01-04 14:03 - 2018-01-04 14:03 - 000000001 _____ () C:\Users\Nick\AppData\Local\WMI.ini
Task: {06335DF1-B741-4E0B-8AC1-2AF2504C7AD5} - System32\Tasks\App Explorer => C:\Users\Nick\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [2017-11-14] (SweetLabs, Inc)
C:\Users\Nick\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
Task: {1D93BCFC-5E9E-4F9F-AD91-2D00911258F6} - System32\Tasks\gaVeAjA => C:\WINDOWS\YgoyEOek.bat
Task: {AA587F4B-077A-4519-8658-337BCFC0B337} - System32\Tasks\dZYHA => C:\WINDOWS\tFDipau.bat [2017-03-18]
C:\WINDOWS\tFDipau.bat
Task: {DDB41C53-4063-4320-AB56-6880C6D31FB7} - System32\Tasks\YNXkmsEay => C:\Users\Nick\AppData\Roaming\xianDLVO.exe
C:\Users\Nick\AppData\Roaming\xianDLVO.exe
C:\Users\Nick\AppData\Local\Temp\is-6NF1D.tmp
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: Bitsadmin /Reset /Allusers
cmd: ipconfig /flushdns
Removeproxy:
emptytemp:
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-2369273020-3306953221-4272594369-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Web Companion" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c7177b13-afc7-4c8c-8954-5287f7a4af8f}\\DhcpNameServer" => removed successfully
"HKU\S-1-5-21-2369273020-3306953221-4272594369-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"Chrome HomePage" => removed successfully
"Chrome StartupUrls" => removed successfully
"HKLM\System\CurrentControlSet\Services\mccspsvc" => removed successfully
mccspsvc => service removed successfully
"HKLM\System\CurrentControlSet\Services\mrupdsrv" => removed successfully
mrupdsrv => service removed successfully
"C:\Program Files (x86)\Mail.Ru" => not found
C:\WINDOWS\System32\Tasks\gaVeAjA => moved successfully
C:\WINDOWS\System32\Tasks\dZYHA => moved successfully
C:\Users\Nick\AppData\Local\Lite => moved successfully
C:\WINDOWS\System32\Tasks\YNXkmsEay => moved successfully
C:\Users\Nick\AppData\Local\WMI.ini => moved successfully
C:\WINDOWS\ooEEodCazB => moved successfully
C:\WINDOWS\tFDipau => moved successfully
C:\WINDOWS\YgoyEOek => moved successfully
C:\Users\Nick\AppData\Local\UaHGuou.exe => moved successfully
C:\Users\Nick\AppData\Roaming\xianDLVO.exe => moved successfully
C:\Users\Nick\AppData\Local\Mail.Ru => moved successfully
C:\Users\Nick\Downloads\Colossus Addon Mod2.1.0WindowsInstallerv2.exe => moved successfully
C:\Program Files (x86)\Common Files\aOiLJUtULvx => moved successfully
C:\Program Files (x86)\Common Files\aOiLJUtULvx.bat => moved successfully
"C:\Users\Nick\AppData\Roaming\xianDLVO.exe" => not found
"C:\Users\Nick\AppData\Local\UaHGuou.exe" => not found
"C:\Users\Nick\AppData\Local\WMI.ini" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{06335DF1-B741-4E0B-8AC1-2AF2504C7AD5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{06335DF1-B741-4E0B-8AC1-2AF2504C7AD5}" => removed successfully
C:\WINDOWS\System32\Tasks\App Explorer => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\App Explorer" => removed successfully
C:\Users\Nick\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1D93BCFC-5E9E-4F9F-AD91-2D00911258F6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D93BCFC-5E9E-4F9F-AD91-2D00911258F6}" => removed successfully
"C:\WINDOWS\System32\Tasks\gaVeAjA" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\gaVeAjA" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AA587F4B-077A-4519-8658-337BCFC0B337}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA587F4B-077A-4519-8658-337BCFC0B337}" => removed successfully
"C:\WINDOWS\System32\Tasks\dZYHA" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\dZYHA" => removed successfully
C:\WINDOWS\tFDipau.bat => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DDB41C53-4063-4320-AB56-6880C6D31FB7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DDB41C53-4063-4320-AB56-6880C6D31FB7}" => removed successfully
"C:\WINDOWS\System32\Tasks\YNXkmsEay" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YNXkmsEay" => removed successfully
"C:\Users\Nick\AppData\Roaming\xianDLVO.exe" => not found
"C:\Users\Nick\AppData\Local\Temp\is-6NF1D.tmp" => not found
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset C:\resettcpip.txt =========
 
Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Toegang geweigerd.
 
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= Bitsadmin /Reset /Allusers =========
 
 
BITSADMIN version 3.0
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
{3B3A81A5-F33C-426A-AA71-63380C63AD06} canceled.
{069405C4-A4A0-4077-AC6C-1EDE6E9DB5E9} canceled.
2 out of 2 jobs canceled.
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-2369273020-3306953221-4272594369-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-2369273020-3306953221-4272594369-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
 
 
========= End of RemoveProxy: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 9199616 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8628353 B
Java, Flash, Steam htmlcache => 131113 B
Windows/system/drivers => 231616 B
Edge => 0 B
Chrome => 423283267 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 818 B
NetworkService => 0 B
Nick => 42650265 B
 
RecycleBin => 0 B
EmptyTemp: => 461.7 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 18:37:46 ====


#7 StripedDuck

StripedDuck
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 11 January 2018 - 01:37 PM

I forgot to mention, I turned the Google Chrome sync back on, all worked.

Let MalwareByte do a run, found nothing.



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,768 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:19 PM

Posted 11 January 2018 - 05:51 PM

Thanks for the great information.

I suspect we cleaned what we needed to but time will tell. While we monitor things please do this.

Please do this.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Review the list of entries and if there are any you want to keep stop and copy/paste the ESET.txt report in your reply for my review
  • If you do not wish to keep any of the entries check Uninstall application on close and Delete quarantined files
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

Security Analysis by Rocket Grannie

--------------------
  • Please download Security Analysis by Rocket Grannie and save it to your Desktop
  • Right click on the icon and select Run as admnistrator
  • Click OK on the disclaimer and ignore any security warnings that may appear
  • In your reply, please copy and paste the contents of the Notepad document that will appear on your desktop
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • Security Analysis log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 StripedDuck

StripedDuck
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 14 January 2018 - 08:18 AM

Hi Gary,

Sorry for my late response, I have been out of town for a few days.
This afternoon I am going to run the steps, and will inform you once finished.

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,768 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:19 PM

Posted 14 January 2018 - 10:23 AM

:thumbsup2:
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 StripedDuck

StripedDuck
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 15 January 2018 - 11:05 AM

Hi Gary,

 

It took a while but finally I can show you the results.

Please find the results below.

 

To respond on the performance of my laptop. I have not seen the cmd anymore. Battery usage has decreased (that also suddenly increased) and the cooler runs less active now, which is also a good thing.

In regards of performance, everything is going well.

 

ESET results:

C:\Users\Nick\Downloads\uTorrent.exe a variant of MSIL/WebCompanion.A potentially unwanted application cleaned by deleting
 

 

Security analysis results:

Result of Security Analysis by Rocket Grannie (x86) Updated: 29th December, 2017
Running from:C:\Users\Nick\Downloads (17:01:14 - 01/15/2018)
***---------------------------------------------------------***
Microsoft Windows 10 Home X64
UAC is Enabled
Internet Explorer 11
Default Browser: Google Chrome
***------------Antivirus - Antispyware - Firewall-----------***
Windows Defender (Disabled - up to Date)
AVG Antivirus (Enabled - up to Date)
Windows Defender (Disabled - up to Date)
AVG Antivirus (Enabled - up to Date)
Windows Firewall (Enabled)
No other Firewall Installed
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player NPAPI is not installed
Google Chrome (63.0.3239.132)
Malwarebytes (3.3.1.2183)
 
***----------------Analysis Complete-------------------------***


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,768 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:19 PM

Posted 15 January 2018 - 05:42 PM

Those reports look great. Looks like we are all set.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and we will now remove the tools used and logs created during our steps. Please do this.

===================================================

Delfix by Xplode

--------------------
  • Download Delfix and save it to your Desktop
  • Double click the icon
  • Place checkmarks in:

Remove disinfection tools
Create registry backup
Purge system restore

  • Click Run
===================================================

You may delete any additional programs or logs on your computer which were not automatically removed by Delfix. Simply delete the log files or desktop icons. If we used Emsisoft Emergency Kit just delete the icon on your desktop and the C:\EEK folder.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. ohmy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,768 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:19 PM

Posted 17 January 2018 - 12:01 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users