Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BitDefender detected and deleted Bitcoin Miner, and Trojan Ranserkd Am I Still I


  • This topic is locked This topic is locked
14 replies to this topic

#1 nevans07

nevans07

  • Members
  • 311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:56 AM

Posted 28 February 2018 - 06:16 AM

Dear Bleeping Computer Staff!

 

Thank for what you do. Please let me know if I am still infected.

 

i am running Windows 10 Version 1709 64bit.

 

Hi. I recently noticed Comodo detecting outbound connections. I wasn't sure what to do. Fortunately Comodo is default deny. When I did a Full system scan I was shocked BitDefender had already detected and quarantined Trojan Ranserkd AppData/Local/Temp.

 

Upon Full Custom scan BitDefender detected Bitcoin Miner SX and UB. AppData/Local/Google/Chrome/User Data/Default/Cache f/. 

I deleted all of them.

 

I then ran Eset Online Scanner and it detected-  

Appdata/Local/Google/Chrome/User Data/Default/Cache f/ JS/CoinMiner unwanted application deleted.

 

Can you please help me scrub my pc to make sure I am still not infected?

 

Thank You For What You Do!

 

Very Best Regards,

Nathaniel Evans

 

Am I Still Infected referred me to you.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28.02.2018

Ran by Nate (administrator) on DESKTOP-628Q94M (28-02-2018 05:41:26)
Running from C:\Users\Nate\Downloads
Loaded Profiles: Nate (Available Profiles: Nate)
Platform: Windows 10 Home Version 1709 16299.125 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\vsserv.exe
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igfxEM.exe
(WinPatrol) C:\Program Files\Ruiware\WinAntiRansom\WARSvc.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Windows ® Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(COMODO) C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\vsservp.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(WinPatrol) C:\Program Files\Ruiware\WinAntiRansom\WARgk.exe
(Ruiware) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(WinPatrol) C:\Program Files\Ruiware\WinAntiRansom\WAR_TrayApp.exe
(COMODO) C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Bitdefender) C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(WinPatrol) C:\Program Files\Ruiware\WinAntiRansom\WARWDSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdwtxag.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16695816 2016-08-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_TrueHarmony] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1462792 2016-08-19] (Realtek Semiconductor)
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2182568 2018-01-08] (COMODO)
HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [3632848 2017-08-07] (COMODO)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567936 2018-02-26] (Dropbox, Inc.)
HKU\S-1-5-21-3808504719-902934913-2112380188-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [44016 2018-02-02] (Glarysoft Ltd)
HKU\S-1-5-21-3808504719-902934913-2112380188-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1223560 2017-05-07] (Ruiware)
HKU\S-1-5-21-3808504719-902934913-2112380188-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7964080 2018-01-17] (SUPERAntiSpyware)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WAR Tray Application.lnk [2017-07-20]
ShortcutTarget: WAR Tray Application.lnk -> C:\Program Files\Ruiware\WinAntiRansom\WAR_TrayApp.exe (WinPatrol)
BootExecute: autocheck autochk *  
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{eb5d1fea-b59e-4747-a187-8e31bc5b0d96}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-3808504719-902934913-2112380188-1001 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3808504719-902934913-2112380188-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2018-02-28] (Bitdefender)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2018-02-28] (Bitdefender)
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2018-02-28] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2018-02-28] (Bitdefender)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc.)
 
FireFox:
========
FF DefaultProfile: eha9epo1.default
FF ProfilePath: C:\Users\Nate\AppData\Roaming\Mozilla\Firefox\Profiles\eha9epo1.default [2018-02-28]
FF Extension: (Video DownloadHelper) - C:\Users\Nate\AppData\Roaming\Mozilla\Firefox\Profiles\eha9epo1.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-12-19]
FF Extension: (Adblock Plus) - C:\Users\Nate\AppData\Roaming\Mozilla\Firefox\Profiles\eha9epo1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-19]
FF HKLM\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff [2017-07-14]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext [2017-07-14] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Plugin: @videolan.org/vlc,version=3.0.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-09] (VideoLAN)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default [2018-02-28]
CHR Extension: (Docs) - C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Chrome Media Router) - C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-25]
CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\WINDOWS\system32\DRIVERS\AdminService.exe [347056 2017-04-24] (Windows ® Win 7 DDK provider)
R2 bdredline; C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe [2090152 2017-08-31] (Bitdefender)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [10962648 2018-01-08] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2875816 2018-01-08] (COMODO)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-07-19] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-07-19] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2018-02-26] (Dropbox, Inc.)
R2 DevMgmtService; C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe [103584 2018-01-15] (Bitdefender)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135488 2017-07-19] (SurfRight B.V.)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [4451976 2018-01-09] (SurfRight B.V.)
R2 isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [133840 2017-08-07] (COMODO)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1254736 2017-04-11] (Bitdefender)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe [114968 2018-02-28] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender Security\vsserv.exe [1236696 2018-02-28] (Bitdefender)
R2 vsservp; C:\Program Files\Bitdefender\Bitdefender Security\vsservp.exe [524872 2016-08-25] (Bitdefender)
R2 WARSvc; C:\Program Files\Ruiware\WinAntiRansom\WARSvc.exe [213896 2017-05-02] (WinPatrol)
R2 WARWDSvc; C:\Program Files\Ruiware\WinAntiRansom\WARWDSvc.exe [249224 2017-05-02] (WinPatrol)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
S2 IntelSSTSvc; "C:\WINDOWS\system32\IntelSSTAPO\ParameterService\ParameterService.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [1177720 2018-02-28] (BitDefender S.R.L. Bucharest, ROMANIA)
R0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [1725800 2018-02-28] (BitDefender)
S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [23672 2016-03-15] (Bitdefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [133088 2017-06-06] (BitDefender LLC)
S3 bdprivmon; C:\WINDOWS\System32\DRIVERS\bdprivmon.sys [47376 2017-11-24] (© Bitdefender SRL)
S3 BDVEDISK; C:\WINDOWS\system32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
R3 BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [605616 2017-04-24] (Qualcomm)
R1 CGKDarkWatcher; C:\WINDOWS\System32\drivers\CGKDarkWatcher.sys [15128 2017-03-05] (Ruiware, LLC)
R1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [44056 2017-12-28] (COMODO)
R1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [830448 2017-12-28] (COMODO)
R1 cmdhlp; C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [50776 2017-12-28] (COMODO)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2017-12-11] ()
R1 GUBootStartup; C:\WINDOWS\System32\drivers\GUBootStartup.sys [20160 2017-07-19] (Glarysoft Ltd)
R0 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [191784 2018-02-28] (BitDefender LLC)
R1 hmpalert; C:\WINDOWS\system32\drivers\hmpalert.sys [293560 2018-01-09] (SurfRight B.V.)
R3 hmpnet; C:\WINDOWS\system32\drivers\hmpnet.sys [93800 2018-01-09] (SurfRight B.V.)
S3 Ignis; C:\WINDOWS\system32\DRIVERS\ignis.sys [190752 2018-02-28] (Bitdefender)
R1 inspect; C:\WINDOWS\system32\DRIVERS\inspect.sys [147304 2016-09-08] (COMODO)
R1 isedrv; C:\WINDOWS\system32\drivers\isedrv.sys [62208 2017-03-29] (COMODO)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193968 2017-12-11] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2018-02-28] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2018-02-28] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2018-02-28] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2018-02-28] (Malwarebytes)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [791008 2017-06-21] (Realsil Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [466528 2018-02-28] (BitDefender S.R.L.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-02-28 05:41 - 2018-02-28 05:41 - 000015885 _____ C:\Users\Nate\Downloads\FRST.txt
2018-02-28 05:18 - 2018-02-28 05:18 - 002403840 _____ (Farbar) C:\Users\Nate\Downloads\frst64.exe
2018-02-28 04:06 - 2018-02-28 04:06 - 000046534 _____ C:\ProgramData\dm.update.1519808619.bdinstall.bin
2018-02-28 03:09 - 2018-02-28 03:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-02-26 06:24 - 2018-02-26 06:24 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2018-02-26 06:24 - 2018-02-26 06:24 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2018-02-26 06:24 - 2018-02-26 06:24 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2018-02-26 06:24 - 2018-02-26 06:24 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2018-02-22 20:19 - 2018-02-22 20:19 - 000001208 _____ C:\Users\Public\Desktop\Opera Browser.lnk
2018-02-14 09:51 - 2018-02-28 04:01 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-02-14 09:51 - 2018-02-28 04:01 - 000046008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-02-14 09:50 - 2018-02-28 04:01 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-02-14 04:34 - 2018-02-14 04:34 - 000000000 ____D C:\Program Files (x86)\ESET
2018-02-14 04:00 - 2018-02-28 03:42 - 002669992 _____ C:\WINDOWS\system32\Drivers\fvstore.dat
2018-02-14 04:00 - 2018-02-14 04:00 - 000000000 ___HD C:\VTRoot
2018-02-12 10:31 - 2018-02-12 10:31 - 000000920 _____ C:\Users\Public\Desktop\VLC media player.lnk
2018-02-12 10:31 - 2018-02-12 10:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2018-02-05 14:22 - 2018-02-05 14:22 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-02-05 14:13 - 2018-02-05 14:13 - 000000000 ___RD C:\Users\Nate\3D Objects
2018-02-05 14:12 - 2018-02-05 14:12 - 000000020 ___SH C:\Users\Nate\ntuser.ini
2018-02-05 13:22 - 2018-02-28 04:00 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-02-05 13:22 - 2018-02-22 20:19 - 000003958 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1500476263
2018-02-05 13:22 - 2018-02-05 14:39 - 000003394 _____ C:\WINDOWS\System32\Tasks\GlaryInitialize 5
2018-02-05 13:22 - 2018-02-05 14:39 - 000003040 _____ C:\WINDOWS\System32\Tasks\GU5SkipUAC
2018-02-05 13:22 - 2018-02-05 13:22 - 000003450 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2018-02-05 13:22 - 2018-02-05 13:22 - 000003344 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-02-05 13:22 - 2018-02-05 13:22 - 000003334 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task e482703f-c9ab-4ef3-9b50-722f93c83ce3
2018-02-05 13:22 - 2018-02-05 13:22 - 000003226 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2018-02-05 13:22 - 2018-02-05 13:22 - 000003120 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-02-05 13:22 - 2018-02-05 13:22 - 000003076 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task d425897b-b956-454e-9266-f414d1cd1561
2018-02-05 13:22 - 2018-02-05 13:22 - 000003006 _____ C:\WINDOWS\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2018-02-05 13:22 - 2018-02-05 13:22 - 000002856 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3808504719-902934913-2112380188-1001
2018-02-05 13:22 - 2018-02-05 13:22 - 000002668 _____ C:\WINDOWS\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2018-02-05 13:22 - 2018-02-05 13:22 - 000002404 _____ C:\WINDOWS\System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C
2018-02-05 13:22 - 2018-02-05 13:22 - 000002352 _____ C:\WINDOWS\System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}
2018-02-05 13:22 - 2018-02-05 13:22 - 000002218 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-02-05 13:22 - 2018-02-05 13:22 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2018-02-05 13:22 - 2018-02-05 13:22 - 000000000 ____D C:\WINDOWS\System32\Tasks\COMODO
2018-02-05 13:20 - 2018-02-05 13:21 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2018-02-05 13:20 - 2018-02-05 13:21 - 000007623 _____ C:\WINDOWS\diagerr.xml
2018-02-05 13:13 - 2018-02-28 04:08 - 001020368 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-02-05 13:01 - 2018-02-05 13:01 - 000000000 ____D C:\ProgramData\USOShared
2018-02-05 12:57 - 2018-02-05 12:57 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2018-02-05 12:55 - 2018-02-28 04:00 - 000000000 ____D C:\Users\Nate
2018-02-05 12:55 - 2018-02-05 14:43 - 000000000 ____D C:\Users\Nate\AppData\Local\Packages
2018-02-05 12:53 - 2017-09-29 08:41 - 002241024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2018-02-05 12:53 - 2017-02-07 23:47 - 000122384 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2018-02-05 12:53 - 2017-02-07 23:47 - 000113176 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2018-02-05 12:50 - 2018-02-28 04:00 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-02-05 12:49 - 2018-02-05 13:03 - 000231016 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-02-04 20:14 - 2018-02-28 04:01 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-02-04 20:14 - 2018-02-28 03:07 - 001177720 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\atc.sys
2018-02-04 20:14 - 2018-02-28 03:04 - 000191784 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
2018-02-04 20:14 - 2018-02-28 03:00 - 001725800 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avc3.sys
2018-02-04 20:14 - 2018-02-28 03:00 - 000466528 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys
2018-02-04 20:14 - 2018-02-28 02:59 - 000190752 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\ignis.sys
2018-02-04 20:14 - 2017-12-11 11:18 - 000193968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-02-04 20:14 - 2017-12-11 11:18 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-02-04 20:14 - 2017-11-24 09:14 - 000047376 _____ (© Bitdefender SRL) C:\WINDOWS\system32\Drivers\bdprivmon.sys
2018-02-04 20:14 - 2016-03-15 00:04 - 000023672 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bdelam.sys
2018-02-04 20:14 - 2015-12-04 21:27 - 000087912 _____ (BitDefender) C:\WINDOWS\system32\Drivers\bdvedisk.sys
2018-02-04 20:12 - 2018-02-05 15:46 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2018-02-04 20:06 - 2018-02-04 20:12 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2018-02-04 19:40 - 2018-02-04 19:40 - 013655552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-02-04 19:40 - 2018-02-04 19:40 - 012687360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-02-04 19:40 - 2018-02-04 19:40 - 006015200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2018-02-04 19:40 - 2018-02-04 19:40 - 004648528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-02-04 19:40 - 2018-02-04 19:40 - 004487968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-02-04 19:40 - 2018-02-04 19:40 - 004249600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2018-02-04 19:40 - 2018-02-04 19:40 - 002465848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2018-02-04 19:40 - 2018-02-04 19:40 - 001970520 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-02-04 19:40 - 2018-02-04 19:40 - 001776272 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-02-04 19:40 - 2018-02-04 19:40 - 001558856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2018-02-04 19:40 - 2018-02-04 19:40 - 001522176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-02-04 19:40 - 2018-02-04 19:40 - 001454568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2018-02-04 19:40 - 2018-02-04 19:40 - 001377080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-02-04 19:40 - 2018-02-04 19:40 - 001148216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2018-02-04 19:40 - 2018-02-04 19:40 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-02-04 19:40 - 2018-02-04 19:40 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-02-04 19:40 - 2018-02-04 19:40 - 001015008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-02-04 19:39 - 2018-02-04 19:39 - 006791472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-02-04 19:39 - 2018-02-04 19:39 - 004814848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-02-04 19:39 - 2018-02-04 19:39 - 002717392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2018-02-04 19:39 - 2018-02-04 19:39 - 002269080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2018-02-04 19:39 - 2018-02-04 19:39 - 001507736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-02-04 19:39 - 2018-02-04 19:39 - 001259344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2018-02-04 19:39 - 2018-02-04 19:39 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2018-02-04 19:39 - 2018-02-04 19:39 - 000285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2018-02-04 19:34 - 2018-02-04 19:34 - 006037504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-02-04 19:34 - 2018-02-04 19:34 - 003678208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-02-04 19:34 - 2018-02-04 19:34 - 000754688 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2018-02-04 19:34 - 2018-02-04 19:34 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-02-04 19:34 - 2018-02-04 19:34 - 000661664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2018-02-04 19:34 - 2018-02-04 19:34 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-02-04 19:34 - 2018-02-04 19:34 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-02-04 19:34 - 2018-02-04 19:34 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-02-04 19:33 - 2018-02-04 19:33 - 025245696 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-02-04 19:33 - 2018-02-04 19:33 - 023652864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-02-04 19:33 - 2018-02-04 19:33 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-02-04 19:33 - 2018-02-04 19:33 - 018916352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-02-04 19:33 - 2018-02-04 19:33 - 012829696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-02-04 19:33 - 2018-02-04 19:33 - 011923456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-02-04 19:33 - 2018-02-04 19:33 - 008097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-02-04 19:33 - 2018-02-04 19:33 - 004740608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-02-04 19:33 - 2018-02-04 19:33 - 000815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-02-04 19:33 - 2018-02-04 19:33 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-02-04 19:33 - 2018-02-04 19:33 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-02-04 19:33 - 2018-02-04 19:33 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-02-04 19:32 - 2018-02-04 19:32 - 021754368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-02-04 19:32 - 2018-02-04 19:32 - 017084416 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-02-04 19:32 - 2018-02-04 19:32 - 000666112 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2018-02-04 19:32 - 2018-02-04 19:32 - 000539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2018-02-04 19:32 - 2018-02-04 19:32 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicRuntimes.dll
2018-02-04 19:31 - 2018-02-04 19:31 - 002491112 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2018-02-04 19:31 - 2018-02-04 19:31 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\batmeter.dll
2018-02-04 19:31 - 2018-02-04 19:31 - 000769096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcrt.dll
2018-02-04 19:31 - 2018-02-04 19:31 - 000618496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2018-02-04 19:31 - 2018-02-04 19:31 - 000123512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2018-02-04 19:30 - 2018-02-04 19:31 - 003484840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-02-04 19:30 - 2018-02-04 19:30 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-02-04 19:30 - 2018-02-04 19:30 - 006466048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-02-04 19:30 - 2018-02-04 19:30 - 004385280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2018-02-04 19:30 - 2018-02-04 19:30 - 002393600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-02-04 19:30 - 2018-02-04 19:30 - 001230848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2018-02-04 19:30 - 2018-02-04 19:30 - 000841728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2018-02-04 19:30 - 2018-02-04 19:30 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
2018-02-04 19:30 - 2018-02-04 19:30 - 000487424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2018-02-04 19:30 - 2018-02-04 19:30 - 000481792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2018-02-04 19:30 - 2018-02-04 19:30 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-02-04 19:30 - 2018-02-04 19:30 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrobj.dll
2018-02-04 19:30 - 2018-02-04 19:30 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscript.exe
2018-02-04 19:30 - 2018-02-04 19:30 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscript.exe
2018-02-04 19:30 - 2018-02-04 19:30 - 000101376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscript.ocx
2018-02-04 19:30 - 2018-02-04 19:30 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll
2018-02-04 19:29 - 2018-02-04 19:29 - 006478528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-02-04 19:29 - 2018-02-04 19:29 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-02-04 19:29 - 2018-02-04 19:29 - 002192112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-02-04 19:29 - 2018-02-04 19:29 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-02-04 19:29 - 2018-02-04 19:29 - 001432816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-02-04 19:29 - 2018-02-04 19:29 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2018-02-04 19:29 - 2018-02-04 19:29 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2018-02-04 19:29 - 2018-02-04 19:29 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-02-04 19:29 - 2018-02-04 19:29 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-02-04 19:29 - 2018-02-04 19:29 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2018-02-04 19:29 - 2018-02-04 19:29 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2018-02-04 19:29 - 2018-02-04 19:29 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2018-02-04 19:28 - 2018-02-04 19:28 - 006092664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-02-04 19:28 - 2018-02-04 19:28 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2018-02-04 19:28 - 2018-02-04 19:28 - 002467840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-02-04 19:28 - 2018-02-04 19:28 - 001615720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-02-04 19:28 - 2018-02-04 19:28 - 001509888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2018-02-04 19:28 - 2018-02-04 19:28 - 001490328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2018-02-04 19:28 - 2018-02-04 19:28 - 001474680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2018-02-04 19:28 - 2018-02-04 19:28 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2018-02-04 19:28 - 2018-02-04 19:28 - 001280000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2018-02-04 19:28 - 2018-02-04 19:28 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-02-04 19:28 - 2018-02-04 19:28 - 000791960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-02-04 19:28 - 2018-02-04 19:28 - 000747416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2018-02-04 19:28 - 2018-02-04 19:28 - 000746904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Services.TargetedContent.dll
2018-02-04 19:28 - 2018-02-04 19:28 - 000676352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2018-02-04 19:28 - 2018-02-04 19:28 - 000660480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2018-02-04 19:28 - 2018-02-04 19:28 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-02-04 19:28 - 2018-02-04 19:28 - 000614912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2018-02-04 19:28 - 2018-02-04 19:28 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2018-02-04 19:28 - 2018-02-04 19:28 - 000351232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DictationManager.dll
2018-02-04 19:28 - 2018-02-04 19:28 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2018-02-04 19:28 - 2018-02-04 19:28 - 000293888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WwaApi.dll
2018-02-04 19:28 - 2018-02-04 19:28 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2018-02-04 19:28 - 2018-02-04 19:28 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2018-02-04 19:28 - 2018-02-04 19:28 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2018-02-04 19:28 - 2018-02-04 19:28 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2018-02-04 19:28 - 2018-02-04 19:28 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\acppage.dll
2018-02-04 19:28 - 2018-02-04 19:28 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2018-02-04 19:28 - 2018-02-04 19:28 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcVSp1res.dll
2018-02-04 19:27 - 2018-02-04 19:27 - 013703168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2018-02-04 19:27 - 2018-02-04 19:27 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-02-04 19:27 - 2018-02-04 19:27 - 002339296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2018-02-04 19:27 - 2018-02-04 19:27 - 001528904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2018-02-04 19:27 - 2018-02-04 19:27 - 001321472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2018-02-04 19:27 - 2018-02-04 19:27 - 001261864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2018-02-04 19:27 - 2018-02-04 19:27 - 000590944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2018-02-04 19:27 - 2018-02-04 19:27 - 000557056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9on12.dll
2018-02-04 19:27 - 2018-02-04 19:27 - 000506256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll
2018-02-04 19:27 - 2018-02-04 19:27 - 000354200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2018-02-04 19:27 - 2018-02-04 19:27 - 000242176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExecModelClient.dll
2018-02-04 19:27 - 2018-02-04 19:27 - 000160256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2018-02-04 19:27 - 2018-02-04 19:27 - 000136704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gamingtcui.dll
2018-02-04 19:27 - 2018-02-04 19:27 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2018-02-04 19:27 - 2018-02-04 19:27 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
2018-02-04 19:26 - 2018-02-04 19:26 - 003903784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-02-04 19:26 - 2018-02-04 19:26 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-02-04 19:26 - 2018-02-04 19:26 - 003331520 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2018-02-04 19:26 - 2018-02-04 19:26 - 002864640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2018-02-04 19:26 - 2018-02-04 19:26 - 002709200 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-02-04 19:26 - 2018-02-04 19:26 - 001980928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2018-02-04 19:26 - 2018-02-04 19:26 - 001822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-02-04 19:26 - 2018-02-04 19:26 - 001670656 _____ (Microsoft Corporation) C:\WINDOWS\system32\batmeter.dll
2018-02-04 19:26 - 2018-02-04 19:26 - 001424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-02-04 19:26 - 2018-02-04 19:26 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-02-04 19:26 - 2018-02-04 19:26 - 001124760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContentDeliveryManager.Utilities.dll
2018-02-04 19:26 - 2018-02-04 19:26 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-02-04 19:26 - 2018-02-04 19:26 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-02-04 19:26 - 2018-02-04 19:26 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2018-02-04 19:26 - 2018-02-04 19:26 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-02-04 19:26 - 2018-02-04 19:26 - 000768512 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2018-02-04 19:26 - 2018-02-04 19:26 - 000588288 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2018-02-04 19:26 - 2018-02-04 19:26 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-02-04 19:26 - 2018-02-04 19:26 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2018-02-04 19:26 - 2018-02-04 19:26 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-02-04 19:26 - 2018-02-04 19:26 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2018-02-04 19:26 - 2018-02-04 19:26 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2018-02-04 19:26 - 2018-02-04 19:26 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2018-02-04 19:26 - 2018-02-04 19:26 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-02-04 19:26 - 2018-02-04 19:26 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2018-02-04 19:26 - 2018-02-04 19:26 - 000394752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2018-02-04 19:26 - 2018-02-04 19:26 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SpatializerApo.dll
2018-02-04 19:26 - 2018-02-04 19:26 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2018-02-04 19:26 - 2018-02-04 19:26 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2018-02-04 19:26 - 2018-02-04 19:26 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SIUF.dll
2018-02-04 19:26 - 2018-02-04 19:26 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2018-02-04 19:26 - 2018-02-04 19:26 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2018-02-04 19:26 - 2018-02-04 19:26 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2018-02-04 19:26 - 2018-02-04 19:26 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2018-02-04 19:25 - 2018-02-04 19:25 - 008590744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-02-04 19:25 - 2018-02-04 19:25 - 002395032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-02-04 19:25 - 2018-02-04 19:25 - 001954048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-02-04 19:25 - 2018-02-04 19:25 - 001739264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2018-02-04 19:25 - 2018-02-04 19:25 - 001664000 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2018-02-04 19:25 - 2018-02-04 19:25 - 001642520 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2018-02-04 19:25 - 2018-02-04 19:25 - 001636376 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-02-04 19:25 - 2018-02-04 19:25 - 001277848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-02-04 19:25 - 2018-02-04 19:25 - 000779440 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-02-04 19:25 - 2018-02-04 19:25 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-02-04 19:25 - 2018-02-04 19:25 - 000720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-02-04 19:25 - 2018-02-04 19:25 - 000705944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2018-02-04 19:25 - 2018-02-04 19:25 - 000630752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcrt.dll
2018-02-04 19:25 - 2018-02-04 19:25 - 000556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2018-02-04 19:25 - 2018-02-04 19:25 - 000525208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2018-02-04 19:25 - 2018-02-04 19:25 - 000495000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2018-02-04 19:25 - 2018-02-04 19:25 - 000471960 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-02-04 19:25 - 2018-02-04 19:25 - 000464408 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2018-02-04 19:25 - 2018-02-04 19:25 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2018-02-04 19:25 - 2018-02-04 19:25 - 000428952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-02-04 19:25 - 2018-02-04 19:25 - 000398744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2018-02-04 19:25 - 2018-02-04 19:25 - 000353848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2018-02-04 19:25 - 2018-02-04 19:25 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2018-02-04 19:25 - 2018-02-04 19:25 - 000230296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2018-02-04 19:25 - 2018-02-04 19:25 - 000184984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2018-02-04 19:25 - 2018-02-04 19:25 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2018-02-04 19:25 - 2018-02-04 19:25 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2018-02-04 19:25 - 2018-02-04 19:25 - 000166296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2018-02-04 19:25 - 2018-02-04 19:25 - 000126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptcatsvc.dll
2018-02-04 19:24 - 2018-02-04 19:24 - 005905752 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-02-04 19:24 - 2018-02-04 19:24 - 004592640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2018-02-04 19:24 - 2018-02-04 19:24 - 003578368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2018-02-04 19:24 - 2018-02-04 19:24 - 002972672 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2018-02-04 19:24 - 2018-02-04 19:24 - 002862080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-02-04 19:24 - 2018-02-04 19:24 - 001585376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-02-04 19:24 - 2018-02-04 19:24 - 001498112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-02-04 19:24 - 2018-02-04 19:24 - 001413760 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-02-04 19:24 - 2018-02-04 19:24 - 001208184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-02-04 19:24 - 2018-02-04 19:24 - 001090440 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-02-04 19:24 - 2018-02-04 19:24 - 000924136 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-02-04 19:24 - 2018-02-04 19:24 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2018-02-04 19:24 - 2018-02-04 19:24 - 000654048 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-02-04 19:24 - 2018-02-04 19:24 - 000612760 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-02-04 19:24 - 2018-02-04 19:24 - 000610712 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-02-04 19:24 - 2018-02-04 19:24 - 000534528 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2018-02-04 19:24 - 2018-02-04 19:24 - 000404888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2018-02-04 19:24 - 2018-02-04 19:24 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_ContentDeliveryManager.dll
2018-02-04 19:24 - 2018-02-04 19:24 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acppage.dll
2018-02-04 19:24 - 2018-02-04 19:24 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadjcsp.dll
2018-02-04 19:24 - 2018-02-04 19:24 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcVSp1res.dll
2018-02-04 19:23 - 2018-02-04 19:24 - 001806336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2018-02-04 19:23 - 2018-02-04 19:23 - 007385088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-02-04 19:23 - 2018-02-04 19:23 - 003211776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2018-02-04 19:23 - 2018-02-04 19:23 - 003163648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-02-04 19:23 - 2018-02-04 19:23 - 001495040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-02-04 19:23 - 2018-02-04 19:23 - 000479912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2018-02-04 19:23 - 2018-02-04 19:23 - 000474112 _____ (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll
2018-02-04 19:23 - 2018-02-04 19:23 - 000363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2018-02-04 19:23 - 2018-02-04 19:23 - 000319352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-02-04 19:23 - 2018-02-04 19:23 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2018-02-04 19:23 - 2018-02-04 19:23 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2018-02-04 19:23 - 2018-02-04 19:23 - 000250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2018-02-04 19:22 - 2018-02-04 19:23 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-02-04 19:22 - 2018-02-04 19:22 - 021352136 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-02-04 19:22 - 2018-02-04 19:22 - 007545344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-02-04 19:22 - 2018-02-04 19:22 - 004504456 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-02-04 19:22 - 2018-02-04 19:22 - 003478016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2018-02-04 19:22 - 2018-02-04 19:22 - 002666496 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2018-02-04 19:22 - 2018-02-04 19:22 - 001463856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-02-04 19:22 - 2018-02-04 19:22 - 001353728 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2018-02-04 19:22 - 2018-02-04 19:22 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-02-04 19:22 - 2018-02-04 19:22 - 000721592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2018-02-04 19:22 - 2018-02-04 19:22 - 000496640 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2018-02-04 19:22 - 2018-02-04 19:22 - 000401304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2018-02-04 19:22 - 2018-02-04 19:22 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-02-04 19:22 - 2018-02-04 19:22 - 000198888 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-02-04 19:22 - 2018-02-04 19:22 - 000059800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bam.sys
2018-02-04 19:22 - 2018-02-04 19:22 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2018-02-04 19:22 - 2018-02-04 19:22 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2018-02-04 19:21 - 2018-02-04 19:21 - 004772352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2018-02-04 19:21 - 2018-02-04 19:21 - 002510336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2018-02-04 19:21 - 2018-02-04 19:21 - 002117632 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2018-02-04 19:21 - 2018-02-04 19:21 - 001570816 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2018-02-04 19:21 - 2018-02-04 19:21 - 001425408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-02-04 19:21 - 2018-02-04 19:21 - 001160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2018-02-04 19:21 - 2018-02-04 19:21 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2018-02-04 19:21 - 2018-02-04 19:21 - 000615768 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2018-02-04 19:21 - 2018-02-04 19:21 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2018-02-04 19:21 - 2018-02-04 19:21 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-02-04 19:21 - 2018-02-04 19:21 - 000559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2018-02-04 19:21 - 2018-02-04 19:21 - 000222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll
2018-02-04 19:21 - 2018-02-04 19:21 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscript.exe
2018-02-04 19:21 - 2018-02-04 19:21 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscript.exe
2018-02-04 19:21 - 2018-02-04 19:21 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceUpdateAgent.dll
2018-02-04 19:18 - 2018-02-04 19:18 - 001634288 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2018-02-04 19:18 - 2018-02-04 19:18 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2018-02-04 19:18 - 2018-02-04 19:18 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\hascsp.dll
2018-02-04 19:17 - 2018-02-04 19:18 - 003669504 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-02-04 19:17 - 2018-02-04 19:17 - 007831248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-02-04 19:17 - 2018-02-04 19:17 - 003121664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2018-02-04 19:17 - 2018-02-04 19:17 - 003010720 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-02-04 19:17 - 2018-02-04 19:17 - 002573208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-02-04 19:17 - 2018-02-04 19:17 - 002412168 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-02-04 19:17 - 2018-02-04 19:17 - 002105856 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-02-04 19:17 - 2018-02-04 19:17 - 001925296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2018-02-04 19:17 - 2018-02-04 19:17 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-02-04 19:17 - 2018-02-04 19:17 - 001167360 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2018-02-04 19:17 - 2018-02-04 19:17 - 001012120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Services.TargetedContent.dll
2018-02-04 19:17 - 2018-02-04 19:17 - 000979352 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2018-02-04 19:17 - 2018-02-04 19:17 - 000975872 _____ C:\WINDOWS\system32\FaceProcessor.dll
2018-02-04 19:17 - 2018-02-04 19:17 - 000925184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-02-04 19:17 - 2018-02-04 19:17 - 000891800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-02-04 19:17 - 2018-02-04 19:17 - 000830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9on12.dll
2018-02-04 19:17 - 2018-02-04 19:17 - 000813056 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-02-04 19:17 - 2018-02-04 19:17 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-02-04 19:17 - 2018-02-04 19:17 - 000703536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2018-02-04 19:17 - 2018-02-04 19:17 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-02-04 19:17 - 2018-02-04 19:17 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2018-02-04 19:17 - 2018-02-04 19:17 - 000478208 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2018-02-04 19:17 - 2018-02-04 19:17 - 000442880 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2018-02-04 19:17 - 2018-02-04 19:17 - 000362176 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioIso.exe
2018-02-04 19:17 - 2018-02-04 19:17 - 000354304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WwaApi.dll
2018-02-04 19:17 - 2018-02-04 19:17 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2018-02-04 19:17 - 2018-02-04 19:17 - 000269696 _____ C:\WINDOWS\system32\FaceProcessorCore.dll
2018-02-04 19:17 - 2018-02-04 19:17 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\PushToInstall.dll
2018-02-04 19:17 - 2018-02-04 19:17 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2018-02-04 19:17 - 2018-02-04 19:17 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2018-02-04 19:17 - 2018-02-04 19:17 - 000060824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\urscx01000.sys
2018-02-04 19:17 - 2018-02-04 19:17 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2018-02-04 19:16 - 2018-02-04 19:16 - 017159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-02-04 19:16 - 2018-02-04 19:16 - 003186688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2018-02-04 19:16 - 2018-02-04 19:16 - 002890240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2018-02-04 19:16 - 2018-02-04 19:16 - 002596352 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2018-02-04 19:16 - 2018-02-04 19:16 - 001666048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2018-02-04 19:16 - 2018-02-04 19:16 - 001488792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2018-02-04 19:16 - 2018-02-04 19:16 - 001487872 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-02-04 19:16 - 2018-02-04 19:16 - 001426152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-02-04 19:16 - 2018-02-04 19:16 - 001170000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-02-04 19:16 - 2018-02-04 19:16 - 000887296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2018-02-04 19:16 - 2018-02-04 19:16 - 000840440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Perception.Stub.dll
2018-02-04 19:16 - 2018-02-04 19:16 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-02-04 19:16 - 2018-02-04 19:16 - 000654848 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2018-02-04 19:16 - 2018-02-04 19:16 - 000603920 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-02-04 19:16 - 2018-02-04 19:16 - 000516096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2018-02-04 19:16 - 2018-02-04 19:16 - 000436120 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2018-02-04 19:16 - 2018-02-04 19:16 - 000374032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
2018-02-04 19:16 - 2018-02-04 19:16 - 000361984 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatializerApo.dll
2018-02-04 19:16 - 2018-02-04 19:16 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-02-04 19:16 - 2018-02-04 19:16 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2018-02-04 19:16 - 2018-02-04 19:16 - 000292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExecModelClient.dll
2018-02-04 19:16 - 2018-02-04 19:16 - 000246168 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-02-04 19:16 - 2018-02-04 19:16 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2018-02-04 19:16 - 2018-02-04 19:16 - 000238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll
2018-02-04 19:16 - 2018-02-04 19:16 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2018-02-04 19:16 - 2018-02-04 19:16 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcui.dll
2018-02-04 19:16 - 2018-02-04 19:16 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2018-02-04 19:16 - 2018-02-04 19:16 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2018-02-04 19:16 - 2018-02-04 19:16 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2018-02-04 19:15 - 2018-02-04 19:15 - 002783744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-02-04 19:15 - 2018-02-04 19:15 - 002633216 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-02-04 19:15 - 2018-02-04 19:15 - 002446744 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2018-02-04 19:15 - 2018-02-04 19:15 - 001694224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2018-02-04 19:15 - 2018-02-04 19:15 - 001547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-02-04 19:15 - 2018-02-04 19:15 - 001289216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-02-04 19:15 - 2018-02-04 19:15 - 001200536 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-02-04 19:15 - 2018-02-04 19:15 - 001145104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-02-04 19:15 - 2018-02-04 19:15 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-02-04 19:15 - 2018-02-04 19:15 - 001053592 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-02-04 19:15 - 2018-02-04 19:15 - 000703568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-02-04 19:15 - 2018-02-04 19:15 - 000677272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-02-04 19:15 - 2018-02-04 19:15 - 000597160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2018-02-04 19:15 - 2018-02-04 19:15 - 000559512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-02-04 19:15 - 2018-02-04 19:15 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-02-04 19:15 - 2018-02-04 19:15 - 000418712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2018-02-04 19:15 - 2018-02-04 19:15 - 000373656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2018-02-04 19:15 - 2018-02-04 19:15 - 000327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-02-04 19:15 - 2018-02-04 19:15 - 000264040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-02-04 19:15 - 2018-02-04 19:15 - 000211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-02-04 19:15 - 2018-02-04 19:15 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2018-02-04 19:15 - 2018-02-04 19:15 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2018-02-04 19:15 - 2018-02-04 19:15 - 000097792 _____ C:\WINDOWS\system32\runexehelper.exe
2018-02-04 19:15 - 2018-02-04 19:15 - 000097144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2018-02-04 19:15 - 2018-02-04 19:15 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-02-04 19:15 - 2018-02-04 19:15 - 000048112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2018-02-04 19:15 - 2018-02-04 19:15 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdrleakdiag.exe
2018-02-04 19:15 - 2018-02-04 19:15 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdrleakdiag.exe
2018-02-04 19:15 - 2018-02-04 19:15 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-02-04 19:14 - 2018-02-04 19:14 - 007676296 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-02-04 19:14 - 2018-02-04 19:14 - 002905600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-02-04 19:14 - 2018-02-04 19:14 - 001990160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-02-04 19:14 - 2018-02-04 19:14 - 001554216 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2018-02-04 19:14 - 2018-02-04 19:14 - 001323840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2018-02-04 19:14 - 2018-02-04 19:14 - 001003104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-02-04 19:14 - 2018-02-04 19:14 - 000902416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-02-04 19:14 - 2018-02-04 19:14 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2018-02-04 19:14 - 2018-02-04 19:14 - 000823808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-02-04 19:14 - 2018-02-04 19:14 - 000739696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2018-02-04 19:14 - 2018-02-04 19:14 - 000710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-02-04 19:14 - 2018-02-04 19:14 - 000592280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2018-02-04 19:14 - 2018-02-04 19:14 - 000591872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2018-02-04 19:14 - 2018-02-04 19:14 - 000566272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2018-02-04 19:14 - 2018-02-04 19:14 - 000437144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2018-02-04 19:14 - 2018-02-04 19:14 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2018-02-04 19:14 - 2018-02-04 19:14 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2018-02-04 19:14 - 2018-02-04 19:14 - 000372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2018-02-04 19:14 - 2018-02-04 19:14 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-02-04 19:14 - 2018-02-04 19:14 - 000353688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2018-02-04 19:14 - 2018-02-04 19:14 - 000202240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2018-02-04 19:14 - 2018-02-04 19:14 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2018-02-04 19:14 - 2018-02-04 19:14 - 000147864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-02-04 19:14 - 2018-02-04 19:14 - 000137544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2018-02-04 19:14 - 2018-02-04 19:14 - 000129432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2018-02-04 19:14 - 2018-02-04 19:14 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2018-02-04 19:14 - 2018-02-04 19:14 - 000045464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2018-02-04 19:14 - 2018-02-04 19:14 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2018-02-04 19:14 - 2018-02-04 19:14 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-02-04 19:13 - 2018-02-04 19:14 - 000555416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-02-04 19:13 - 2018-02-04 19:13 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2018-02-04 19:13 - 2018-02-04 19:13 - 000713624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-02-04 19:13 - 2018-02-04 19:13 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-02-04 19:13 - 2018-02-04 19:13 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2018-02-04 19:13 - 2018-02-04 19:13 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-02-04 19:13 - 2018-02-04 19:13 - 000187288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2018-02-04 19:13 - 2018-02-04 19:13 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2018-02-04 19:13 - 2018-02-04 19:13 - 000082840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-02-04 19:13 - 2018-02-04 19:13 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2018-02-04 17:39 - 2018-02-04 17:39 - 000000000 ____D C:\Program Files\Reference Assemblies
2018-02-04 17:39 - 2018-02-04 17:39 - 000000000 ____D C:\Program Files\MSBuild
2018-02-04 17:39 - 2018-02-04 17:39 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2018-02-04 17:39 - 2018-02-04 17:39 - 000000000 ____D C:\Program Files (x86)\MSBuild
2018-02-04 17:30 - 2018-02-04 17:30 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2018-02-04 17:30 - 2018-02-04 17:30 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2018-02-04 17:29 - 2018-02-04 17:29 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2018-02-04 17:29 - 2018-02-04 17:29 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2018-02-04 17:28 - 2018-02-04 17:28 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2018-02-04 17:28 - 2018-02-04 17:28 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2018-02-04 16:06 - 2018-02-04 16:06 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2018-02-03 18:43 - 2018-02-05 14:12 - 000000000 ___DC C:\WINDOWS\Panther
2018-02-03 03:59 - 2018-02-05 15:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antares Audio Technologies
2018-02-03 03:59 - 2018-02-03 03:59 - 000000000 ____D C:\Users\Nate\AppData\Roaming\Antares
2018-02-03 03:59 - 2018-02-03 03:59 - 000000000 ____D C:\Program Files (x86)\Steinberg
2018-02-03 03:59 - 2018-02-03 03:59 - 000000000 ____D C:\Program Files (x86)\Antares Audio Technologies
2018-02-03 03:59 - 2003-03-18 20:14 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp71.dll
2018-02-03 03:59 - 2003-02-21 04:42 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr71.dll
2018-02-03 03:56 - 2018-02-03 03:56 - 004879124 _____ C:\Users\Nate\Downloads\AUTOTUNE EVO.zip
2018-02-03 03:23 - 2018-02-03 03:23 - 000000000 ____D C:\Program Files (x86)\Lame For Audacity
2018-02-03 03:21 - 2018-02-03 03:21 - 000527423 _____ ( ) C:\Users\Nate\Downloads\Lame_v3.99.3_for_Windows.exe
2018-02-03 03:18 - 2018-02-22 22:15 - 000000000 ____D C:\Users\Nate\AppData\Roaming\audacity
2018-02-03 03:18 - 2018-02-03 03:18 - 000001092 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2018-02-03 03:18 - 2018-02-03 03:18 - 000001080 _____ C:\Users\Public\Desktop\Audacity.lnk
2018-02-03 03:18 - 2018-02-03 03:18 - 000000000 ____D C:\Users\Nate\AppData\Local\Audacity
2018-02-03 03:16 - 2018-02-03 03:18 - 000000000 ____D C:\Program Files (x86)\Audacity
2018-02-03 03:04 - 2018-02-03 03:04 - 001512927 _____ (Audacity Team ) C:\Users\Nate\Downloads\LADSPA_plugins-win-0.4.15 (1).exe
2018-02-03 03:03 - 2018-02-03 03:03 - 017750437 _____ C:\Users\Nate\Downloads\audacity-manual-2.2.1.zip
2018-02-03 03:02 - 2018-02-03 03:02 - 001512927 _____ (Audacity Team ) C:\Users\Nate\Downloads\LADSPA_plugins-win-0.4.15.exe
2018-02-03 02:58 - 2018-02-03 02:58 - 024383624 _____ (Audacity Team ) C:\Users\Nate\Downloads\audacity-win-2.2.1.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-02-28 05:41 - 2017-07-25 07:21 - 000000000 ____D C:\FRST
2018-02-28 05:41 - 2017-07-19 11:09 - 000000000 ____D C:\WINDOWS\CryptoGuard
2018-02-28 04:07 - 2017-07-19 09:59 - 000000000 ____D C:\Program Files (x86)\Glary Utilities 5
2018-02-28 04:01 - 2017-07-19 05:45 - 000000000 __SHD C:\Users\Nate\IntelGraphicsProfiles
2018-02-28 03:47 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-02-28 03:43 - 2017-07-19 11:09 - 000000000 ____D C:\ProgramData\HitmanPro.Alert
2018-02-28 03:42 - 2017-09-29 03:45 - 000262144 _____ C:\WINDOWS\system32\config\BBI
2018-02-28 03:42 - 2017-07-19 09:36 - 000000000 ____D C:\ProgramData\HitmanPro
2018-02-28 03:41 - 2016-10-14 12:30 - 000173105 _____ C:\bdlog.txt
2018-02-28 03:15 - 2017-09-29 08:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-02-28 03:15 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-02-28 03:11 - 2017-07-19 10:00 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-02-23 10:43 - 2017-08-08 01:10 - 000002305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-23 10:43 - 2017-08-08 01:10 - 000002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-02-23 10:43 - 2017-07-19 09:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2018-02-23 10:43 - 2017-07-19 09:59 - 000000000 ____D C:\Program Files\FileZilla FTP Client
2018-02-22 20:19 - 2018-01-24 00:31 - 000001208 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2018-02-22 20:19 - 2017-07-19 09:57 - 000000000 ____D C:\Program Files (x86)\Opera
2018-02-16 13:51 - 2017-09-29 08:44 - 000000000 ____D C:\WINDOWS\INF
2018-02-14 09:47 - 2018-01-05 21:19 - 000000000 ____D C:\Users\Nate\Desktop\Legal
2018-02-14 04:04 - 2017-07-19 09:37 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-02-14 03:56 - 2017-10-11 18:53 - 130067560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-02-14 03:56 - 2017-07-19 09:37 - 130067560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-02-14 03:45 - 2017-08-31 09:35 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2018-02-13 11:04 - 2017-07-20 11:40 - 000042168 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2018-02-12 10:30 - 2017-07-19 09:59 - 000000000 ____D C:\Program Files\VideoLAN
2018-02-10 11:51 - 2017-07-19 09:58 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-02-08 21:40 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\rescache
2018-02-07 15:51 - 2017-07-19 09:58 - 000001232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-02-07 15:51 - 2017-07-19 09:58 - 000001220 _____ C:\Users\Public\Desktop\Firefox.lnk
2018-02-07 15:51 - 2017-07-19 09:58 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-02-07 00:36 - 2017-09-29 08:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-02-07 00:12 - 2017-08-01 18:48 - 000000000 ___RD C:\Users\Nate\Dropbox
2018-02-07 00:01 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\appcompat
2018-02-05 21:49 - 2017-09-29 08:49 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-02-05 21:49 - 2017-09-29 08:49 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-02-05 15:48 - 2017-09-29 08:46 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2018-02-05 15:46 - 2017-11-16 22:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-02-05 15:46 - 2017-09-29 08:49 - 000000000 ____D C:\WINDOWS\Setup
2018-02-05 15:46 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2018-02-05 15:46 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\spool
2018-02-05 15:46 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-02-05 15:46 - 2017-09-29 08:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-02-05 15:46 - 2017-09-01 04:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2018-02-05 15:46 - 2017-08-31 09:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2018-02-05 15:46 - 2017-07-24 23:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-02-05 15:46 - 2017-07-21 04:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Win Movie Maker
2018-02-05 15:46 - 2017-07-20 11:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2018-02-05 15:46 - 2017-07-19 11:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2018-02-05 15:46 - 2017-07-19 11:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert
2018-02-05 15:46 - 2017-07-19 10:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2018-02-05 15:46 - 2017-07-19 10:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender Security
2018-02-05 15:46 - 2017-07-19 09:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-02-05 15:46 - 2017-07-19 09:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY (64-bit)
2018-02-05 15:46 - 2017-07-19 09:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2018-02-05 15:46 - 2017-07-19 09:54 - 000000000 ____D C:\WINDOWS\SysWOW64\PolicyDefinitions
2018-02-05 15:46 - 2017-07-19 09:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot Anti-Beacon
2018-02-05 15:46 - 2017-07-19 09:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2018-02-05 15:46 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2018-02-05 14:39 - 2017-07-19 09:59 - 000001165 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2018-02-05 14:13 - 2017-07-19 05:34 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-02-05 14:13 - 2017-07-19 05:33 - 000000000 ____D C:\Users\Nate\AppData\Local\TileDataLayer
2018-02-05 13:24 - 2017-09-29 03:45 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-02-05 13:17 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\Registration
2018-02-05 13:16 - 2017-07-19 07:15 - 000022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2018-02-05 13:01 - 2017-09-29 08:46 - 000000000 ____D C:\ProgramData\USOPrivate
2018-02-05 13:01 - 2017-07-21 04:11 - 000000000 ____D C:\Users\Nate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirusTotal Uploader 2.2
2018-02-05 13:01 - 2017-07-20 11:22 - 000000000 ____D C:\Users\Nate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2018-02-05 13:01 - 2017-07-20 11:18 - 000000000 ____D C:\Users\Nate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\bvcsoft3GP
2018-02-05 13:01 - 2017-07-19 09:59 - 000000000 ____D C:\Users\Nate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-02-05 12:57 - 2017-09-29 08:46 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-02-05 12:53 - 2017-09-29 03:45 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2018-02-05 12:53 - 2017-07-19 07:03 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2018-02-05 12:52 - 2017-07-19 07:02 - 001805173 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2018-02-05 12:52 - 2017-07-19 07:02 - 000000000 ____D C:\ProgramData\rtkSSTSetting
2018-02-05 12:51 - 2017-07-19 07:02 - 000000000 ____D C:\WINDOWS\system32\DAX2
2018-02-05 12:51 - 2017-07-19 07:01 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2018-02-04 20:20 - 2017-09-29 08:46 - 000000000 __RHD C:\Users\Public\Libraries
2018-02-04 20:12 - 2017-07-25 07:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2018-02-04 20:12 - 2017-07-20 12:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tipard
2018-02-04 20:12 - 2017-07-19 09:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2018-02-04 20:12 - 2017-07-19 07:03 - 000000000 ____D C:\Program Files\Intel
2018-02-04 20:12 - 2017-07-19 07:01 - 000000000 ____D C:\Program Files\Realtek
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2018-02-04 19:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2018-02-04 19:51 - 2017-09-29 08:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-02-04 19:51 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-02-04 19:51 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2018-02-04 19:51 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-02-04 19:50 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-02-04 19:50 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-02-04 19:50 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-02-04 19:50 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-02-04 19:50 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2018-02-04 19:50 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-02-04 19:50 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2018-02-04 19:50 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2018-02-04 19:50 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2018-02-04 19:50 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-02-04 19:50 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2018-02-04 19:50 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-02-04 19:50 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-02-04 19:50 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\te-IN
2018-02-04 19:50 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ta-IN
2018-02-04 19:50 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2018-02-04 19:50 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-02-04 19:50 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-02-04 19:50 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2018-02-04 19:50 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\si-LK
2018-02-04 19:50 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-02-04 19:50 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-02-04 19:50 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2018-02-04 19:50 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-02-04 19:50 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2018-02-04 19:50 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2018-02-04 19:50 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-02-04 19:50 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\or-IN
2018-02-04 19:50 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-02-04 19:50 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2018-02-04 19:50 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2018-02-04 19:50 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2018-02-04 19:50 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2018-02-04 19:50 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2018-02-04 19:50 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2018-02-04 19:50 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2018-02-04 19:50 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2018-02-04 19:50 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2018-02-04 19:50 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2018-02-04 19:50 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2018-02-04 19:50 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-02-04 19:50 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2018-02-04 19:50 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-02-04 19:50 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-02-04 19:49 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2018-02-04 19:49 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2018-02-04 19:49 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\km-KH
2018-02-04 19:49 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2018-02-04 19:49 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2018-02-04 19:49 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\is-IS
2018-02-04 19:49 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-02-04 19:49 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\id-ID
2018-02-04 19:49 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2018-02-04 19:49 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-02-04 19:49 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2018-02-04 19:49 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2018-02-04 19:49 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2018-02-04 19:49 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2018-02-04 19:49 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2018-02-04 19:49 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2018-02-04 19:49 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-02-04 19:49 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-02-04 19:49 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-02-04 19:49 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2018-02-04 19:49 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2018-02-04 19:49 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\be-BY
2018-02-04 19:49 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-02-04 19:49 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\as-IN
2018-02-04 19:49 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\am-ET
2018-02-04 19:49 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2018-02-04 19:49 - 2017-09-29 08:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-02-04 19:49 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-02-04 19:49 - 2017-09-29 03:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-02-04 19:48 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-02-04 19:48 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\Provisioning
2018-02-04 19:48 - 2017-09-29 08:46 - 000000000 ____D C:\Program Files\Windows Defender
2018-02-04 19:47 - 2017-09-29 08:46 - 000000000 ____D C:\PerfLogs
2018-01-31 22:07 - 2017-07-21 05:26 - 000000000 ____D C:\Users\Nate\AppData\LocalLow\Mozilla
2018-01-31 15:25 - 2017-07-19 05:37 - 000002364 _____ C:\Users\Nate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-01-31 15:25 - 2017-07-19 05:37 - 000000000 ___RD C:\Users\Nate\OneDrive
2018-01-29 09:13 - 2018-01-11 20:06 - 000000000 ____D C:\Program Files\rempl
 
==================== Files in the root of some directories =======
 
2017-09-13 17:39 - 2017-09-13 17:40 - 000000600 _____ () C:\Users\Nate\AppData\Local\PUTTY.RND
 
Some files in TEMP:
====================
2018-02-22 20:19 - 2018-02-22 20:19 - 002149376 _____ (Opera Software) C:\Users\Nate\AppData\Local\Temp\Opera_installer_20182231934340.dll
2018-02-22 20:19 - 2018-02-22 20:19 - 002149376 _____ (Opera Software) C:\Users\Nate\AppData\Local\Temp\Opera_installer_20182231934980.dll
2018-02-22 20:19 - 2018-02-22 20:19 - 002149376 _____ (Opera Software) C:\Users\Nate\AppData\Local\Temp\Opera_installer_20182231938934.dll
2018-02-22 20:19 - 2018-02-22 20:19 - 002149376 _____ (Opera Software) C:\Users\Nate\AppData\Local\Temp\Opera_installer_20182231939684.dll
2018-02-22 20:19 - 2018-02-22 20:19 - 002149376 _____ (Opera Software) C:\Users\Nate\AppData\Local\Temp\Opera_installer_20182231947151.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-02-15 21:44
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28.02.2018
Ran by Nate (28-02-2018 05:42:31)
Running from C:\Users\Nate\Downloads
Windows 10 Home Version 1709 16299.125 (X64) (2018-02-05 18:29:07)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3808504719-902934913-2112380188-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3808504719-902934913-2112380188-503 - Limited - Disabled)
Guest (S-1-5-21-3808504719-902934913-2112380188-501 - Limited - Disabled)
Nate (S-1-5-21-3808504719-902934913-2112380188-1001 - Administrator - Enabled) => C:\Users\Nate
WDAGUtilityAccount (S-1-5-21-3808504719-902934913-2112380188-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: Bitdefender Antivirus (Disabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antispyware (Disabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall (Enabled) {3083CA8D-8618-5BD3-8A5F-9667D5C8267D}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Antares Autotune Evo VST RTAS v6.0.9 (HKLM-x32\...\Antares Autotune Evo VST RTAS_is1) (Version:  - )
Audacity 2.2.1 (HKLM-x32\...\Audacity_is1) (Version: 2.2.1 - Audacity Team)
AVS Audio Editor 8.4.2 (HKLM-x32\...\AVS Audio Editor_is1) (Version: 8.4.2.519 - Online Media Technologies Ltd.)
AVS Video Editor 7.4.1 (HKLM-x32\...\AVS Video Editor_is1) (Version: 7.4.1.281 - Online Media Technologies Ltd.)
Belarc Advisor 8.5c (HKLM-x32\...\Belarc Advisor) (Version: 8.5.3.0 - Belarc Inc.)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 21.0.24.36 - Bitdefender)
Bitdefender Antivirus Plus (HKLM\...\Bitdefender) (Version: 22.0.8.118 - Bitdefender)
Bitdefender Device Management (HKLM\...\Bitdefender Device Management) (Version: 22.0.8.114 - Bitdefender)
bvcsoft3GP 2.5 (HKLM-x32\...\bvcsoft3GP) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.32 - Piriform)
COMODO Firewall (HKLM\...\{C7C71F0C-4CC1-4B17-943C-96E5196DDA74}) (Version: 10.1.0.6476 - COMODO Security Solutions Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 44.4.58 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.65.1 - Dropbox, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FileZilla Client 3.31.0 (HKLM-x32\...\FileZilla Client) (Version: 3.31.0 - Tim Kosse)
Glary Utilities 5.92 (HKLM-x32\...\Glary Utilities 5) (Version: 5.92.0.114 - Glarysoft Ltd)
Google Chrome (HKLM\...\{E2B4C74E-210E-39AD-872C-DA95D0CCED99}) (Version: 64.0.3282.186 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.20.286 - SurfRight B.V.)
HitmanPro.Alert 3 (HKLM\...\HitmanPro.Alert) (Version: 3.7.3.729 - SurfRight B.V.)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4534 - Intel Corporation)
Internet Security Essentials (HKLM-x32\...\ComodoIse) (Version: 1.2.424651.94 - Comodo)
LADSPA_plugins-win-0.4.15 (HKLM-x32\...\LADSPA_plugins-win_is1) (Version:  - Audacity Team)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-3808504719-902934913-2112380188-1001\...\OneDriveSetup.exe) (Version: 17.3.7294.0108 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 58.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 58.0.2 (x86 en-US)) (Version: 58.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 58.0.2 - Mozilla)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.5 - Notepad++ Team)
Opera Stable 51.0.2830.40 (HKLM-x32\...\Opera 51.0.2830.40) (Version: 51.0.2830.40 - Opera Software)
PuTTY release 0.70 (64-bit) (HKLM\...\{45B3032F-22CC-40CD-9E97-4DA7095FA5A2}) (Version: 0.70.0.0 - Simon Tatham)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.15063.21299 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7910 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.2.0 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.2.0 - VS Revo Group, Ltd.)
RogueKiller version 12.11.8.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.8.0 - Adlice Software)
Spybot Anti-Beacon (HKLM-x32\...\{419A7FCF-93E1-474D-BFE9-987CF3F90C88}_is1) (Version: 1.5 - Safer-Networking Ltd.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1244 - SUPERAntiSpyware.com)
Tipard 3D Converter 6.1.10 (HKLM-x32\...\{4A974195-391A-4c58-BD56-B1C4553F09A0}_is1) (Version:  - )
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.0.4 - Tweaking.com)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{AC0D130B-8809-4125-811F-667893B90644}) (Version: 2.11.0.0 - Microsoft Corporation)
Video Win Movie Maker 2016 (HKLM-x32\...\{3CC29C1A-B5FE-457B-8F22-32A2videowin}}_is1) (Version:  - videowinsoft.com)
VirusTotal Uploader 2.2 (HKLM-x32\...\VTUploader) (Version:  - )
VLC media player (HKLM\...\VLC media player) (Version: 3.0.0 - VideoLAN)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22175 - Microsoft Corporation)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2018-02-27] ()
ContextMenuHandlers1: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2018-01-08] (COMODO)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2016-06-22] (Glarysoft Ltd)
ContextMenuHandlers1: [HitmanPro] -> {D7CF1AF8-E2AD-4DA4-ACE5-77F8A58AB71D} => C:\Program Files\HitmanPro\hmpshext.dll [2017-07-20] (SurfRight B.V.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers2: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2018-01-08] (COMODO)
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2016-06-22] (Glarysoft Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ContextMenuHandlers4: [HitmanPro] -> {D7CF1AF8-E2AD-4DA4-ACE5-77F8A58AB71D} => C:\Program Files\HitmanPro\hmpshext.dll [2017-07-20] (SurfRight B.V.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igfxDTCM.dll [2017-02-07] (Intel Corporation)
ContextMenuHandlers6: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2018-01-08] (COMODO)
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2016-06-22] (Glarysoft Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {07FDDED1-599E-4A40-A40E-F30DF745682C} - System32\Tasks\Safer-Networking\Spybot Anti-Beacon\Refresh Anti-Beacon immunization => C:\Program Files (x86)\Spybot Anti-Beacon\SDAntiBeacon.exe [2015-10-19] (Safer-Networking Ltd.)
Task: {097925D3-9CCE-4FA4-AB61-08EDD95B8BEC} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2018-02-02] (Glarysoft Ltd)
Task: {1DE72FE4-1502-4267-B4A2-D4AA36E20963} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-30] (Piriform Ltd)
Task: {1E146CF6-DAAF-4096-90A4-F5A27553DA96} - System32\Tasks\Opera scheduled Autoupdate 1500476263 => C:\Program Files (x86)\Opera\launcher.exe [2018-02-21] (Opera Software)
Task: {4A9E4506-27CB-4682-8F96-AEB89421DABC} - System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C => C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe [2018-02-28] (Bitdefender)
Task: {4F65D6DA-387F-4784-99CC-22F90A15199E} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2017-04-11] (Bitdefender)
Task: {5832C736-2DD5-4AD2-A1A1-16147A7018A2} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2017-05-02] (Tweaking.com)
Task: {60DEC3C9-3F13-4CE5-8851-02DA1E2B34D4} - System32\Tasks\COMODO\COMODO Maintenance {947247B5-026A-4437-9371-770782BE839D} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2018-01-08] (COMODO)
Task: {625631F8-2522-4B51-A1AC-9B612C602CDC} - System32\Tasks\COMODO\COMODO Telemetry {18AD3DFA-30C0-4B5F-84F7-F1870B1A4921} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [2018-01-08] (COMODO)
Task: {67F8F6E5-2B7D-4772-8675-C477FD6E48BD} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-07-19] (Dropbox, Inc.)
Task: {7F833478-1D83-498E-BC18-AFFAACB5BC0A} - System32\Tasks\SUPERAntiSpyware Scheduled Task d425897b-b956-454e-9266-f414d1cd1561 => C:\Users\Nate\Desktop\SASTask.exe
Task: {895A4FFB-B613-4817-B29C-A32BB42AD090} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-08] (Google Inc.)
Task: {968817FB-BB6D-47C1-81D7-A3BA62446FB0} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2018-01-08] (COMODO)
Task: {9DC8E3CF-7A8E-4A8A-8AAD-12C967E9A3D4} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2018-01-08] (COMODO)
Task: {A3A65E6A-DE08-4C25-9770-97A72906124B} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-07-19] (Dropbox, Inc.)
Task: {A569A494-794E-4421-8CF3-D6B27FBB9B4F} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2018-01-08] (COMODO)
Task: {BE827D69-BC15-4DB3-8EAD-D307A9B9E4E7} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2018-02-02] (Glarysoft Ltd)
Task: {C26168B6-3F1E-4DCB-8964-0F8B1BC25EC9} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2018-01-08] (COMODO)
Task: {D9CD2C71-378B-4E76-8CB8-59E5612C1DC5} - System32\Tasks\SUPERAntiSpyware Scheduled Task e482703f-c9ab-4ef3-9b50-722f93c83ce3 => C:\Users\Nate\Desktop\SASTask.exe
Task: {E144D864-D17C-4804-B798-14DEB4E1E846} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-08] (Google Inc.)
Task: {E5CDDE3F-30D3-4159-ABF7-D7327BAB0279} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2018-01-08] (COMODO)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task d425897b-b956-454e-9266-f414d1cd1561.job => C:\Users\Nate\Desktop\SASTask.exe C:\Users\Nate\Desktop\SUPERANTISPYWARE.EXE
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task e482703f-c9ab-4ef3-9b50-722f93c83ce3.job => C:\Users\Nate\Desktop\SASTask.exe C:\Users\Nate\Desktop\SUPERANTISPYWARE.EXE
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-07-19 10:10 - 2017-02-07 14:34 - 001008448 _____ () C:\Program Files\Bitdefender\Bitdefender Security\otengines_001_001\ashttpbr.mdl
2017-07-19 10:10 - 2017-02-07 14:34 - 000541952 _____ () C:\Program Files\Bitdefender\Bitdefender Security\otengines_001_001\ashttpdsp.mdl
2017-07-19 10:10 - 2017-02-07 14:34 - 003243920 _____ () C:\Program Files\Bitdefender\Bitdefender Security\otengines_001_001\ashttpph.mdl
2017-07-19 10:10 - 2017-02-07 14:34 - 001544568 _____ () C:\Program Files\Bitdefender\Bitdefender Security\otengines_001_001\ashttprbl.mdl
2016-09-15 02:03 - 2018-01-08 19:16 - 000245160 _____ () C:\Program Files\COMODO\COMODO Internet Security\cmdcomps.dll
2017-07-19 09:29 - 2018-01-08 19:17 - 000156584 _____ () C:\Program Files\COMODO\COMODO Internet Security\cmdwrhlp.dll
2016-09-15 02:02 - 2018-01-08 19:16 - 000106408 _____ () C:\Program Files\COMODO\COMODO Internet Security\cavwpps.dll
2017-07-20 20:57 - 2017-05-02 19:54 - 000068488 _____ () C:\Program Files\Ruiware\WinAntiRansom\drvhlpr.DLL
2017-11-16 22:03 - 2017-12-11 11:18 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-11-16 22:03 - 2017-12-11 11:18 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-02-04 19:32 - 2018-02-04 19:32 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-02-04 19:32 - 2018-02-04 19:32 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-02-23 04:44 - 2018-02-23 04:44 - 000076456 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2018-02-28 03:09 - 2018-02-26 06:24 - 000746312 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2018-02-28 03:09 - 2018-02-26 06:24 - 002079048 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2018-02-28 03:09 - 2018-02-26 06:24 - 000100312 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2018-02-28 03:09 - 2018-02-26 06:24 - 000018896 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2018-02-28 03:09 - 2018-02-26 06:26 - 000020808 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2018-02-28 03:09 - 2018-02-26 06:24 - 000035808 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2018-02-28 03:09 - 2018-02-26 06:24 - 000694232 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2018-02-28 03:09 - 2018-02-26 06:26 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2018-02-28 03:09 - 2018-02-26 06:24 - 000130520 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2018-02-28 03:09 - 2018-02-26 06:26 - 001856864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2018-02-28 03:09 - 2018-02-26 06:26 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2018-02-28 03:09 - 2018-02-26 06:24 - 000145880 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2018-02-28 03:09 - 2018-02-26 06:24 - 000116696 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2018-02-28 03:09 - 2018-02-26 06:24 - 000105944 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2018-02-28 03:09 - 2018-02-26 06:26 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2018-02-28 03:09 - 2018-02-26 06:26 - 000063312 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2018-02-28 03:09 - 2018-02-26 06:24 - 000024536 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2018-02-28 03:09 - 2018-02-26 06:26 - 000077120 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2018-02-28 03:09 - 2018-02-26 06:24 - 000020952 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2018-02-28 03:09 - 2018-02-26 06:24 - 000124888 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2018-02-28 03:09 - 2018-02-26 06:24 - 000116184 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2018-02-28 03:09 - 2018-02-26 06:24 - 000392664 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2018-02-28 03:09 - 2018-02-26 06:26 - 000392520 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2018-02-28 03:09 - 2018-02-26 06:26 - 000026464 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2018-02-28 03:09 - 2018-02-26 06:24 - 000024024 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2018-02-28 03:09 - 2018-02-26 06:24 - 000175576 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2018-02-28 03:09 - 2018-02-26 06:24 - 000030168 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2018-02-28 03:09 - 2018-02-26 06:24 - 000043480 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2018-02-28 03:09 - 2018-02-26 06:24 - 000026072 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd
2018-02-28 03:09 - 2018-02-26 06:24 - 000048600 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2018-02-28 03:09 - 2018-02-26 06:24 - 000057816 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2018-02-28 03:09 - 2018-02-26 06:26 - 000021840 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2018-02-28 03:09 - 2018-02-26 06:27 - 000023376 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd
2018-02-28 03:09 - 2018-02-26 06:26 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2018-02-28 03:09 - 2018-02-26 06:26 - 000066400 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2018-02-28 03:09 - 2018-02-26 06:26 - 001798464 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2018-02-28 03:09 - 2018-02-26 06:24 - 000084944 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2018-02-28 03:09 - 2018-02-26 06:26 - 001959232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2018-02-28 03:09 - 2018-02-26 06:26 - 003863880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2018-02-28 03:09 - 2018-02-26 06:26 - 000155472 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2018-02-28 03:09 - 2018-02-26 06:26 - 000521544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2018-02-28 03:09 - 2018-02-26 06:26 - 000051024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2018-02-28 03:09 - 2018-02-26 06:26 - 000043336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2018-02-28 03:09 - 2018-02-26 06:26 - 000131400 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2018-02-28 03:09 - 2018-02-26 06:26 - 000219984 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2018-02-28 03:09 - 2018-02-26 06:26 - 000204104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2018-02-28 03:09 - 2018-02-26 06:27 - 000025440 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2018-02-28 03:09 - 2018-02-26 06:24 - 000060888 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2018-02-28 03:09 - 2018-02-26 06:27 - 000054616 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2018-02-28 03:09 - 2018-02-26 06:24 - 000024024 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2018-02-28 03:09 - 2018-02-26 06:26 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2018-02-28 03:09 - 2018-02-26 06:26 - 000087904 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2018-02-28 03:09 - 2018-02-26 06:24 - 000028632 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2018-02-28 03:09 - 2018-02-26 06:26 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2018-02-28 03:09 - 2018-02-26 06:26 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2018-02-28 03:09 - 2018-02-26 06:27 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2018-02-28 03:09 - 2018-02-26 06:26 - 000027496 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2018-02-28 03:09 - 2018-02-26 06:24 - 000349144 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2018-02-28 03:09 - 2018-02-26 06:26 - 000101704 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2018-02-28 03:09 - 2018-02-26 06:27 - 000023904 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2018-02-28 03:09 - 2018-02-26 06:26 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2018-02-28 03:09 - 2018-02-26 06:24 - 000036312 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2018-02-28 03:09 - 2018-02-26 06:26 - 000032608 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2018-02-28 03:09 - 2018-02-26 06:24 - 000293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2018-02-28 03:09 - 2018-02-26 06:26 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.pyd
2018-02-28 03:09 - 2018-02-26 06:26 - 000181064 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2018-02-28 03:09 - 2018-02-26 06:26 - 000030544 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2018-02-28 03:09 - 2018-02-26 06:26 - 000024384 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2018-02-28 03:09 - 2018-02-26 06:26 - 001638208 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2018-02-28 03:09 - 2018-02-26 06:26 - 000026464 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2018-02-28 03:09 - 2018-02-26 06:26 - 000546632 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2018-02-28 03:09 - 2018-02-26 06:26 - 000359744 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2018-02-28 03:09 - 2018-02-26 06:26 - 000038216 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngine.pyd
2018-02-02 01:30 - 2018-02-02 01:30 - 000087032 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Nate\Desktop\bitdefender_windows_PaidActivation.exe:BDU [0]
AlternateDataStreams: C:\Users\Nate\Desktop\ccsetup512_slim.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Nate\Desktop\ccsetup512_slim.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Nate\Desktop\elementor-pro-1.2.4.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Nate\Desktop\Ninite WinRAR Installer (1).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Nate\Desktop\Ninite WinRAR Installer (1).exe:$CmdZnID [26]
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-07-16 06:47 - 2018-02-28 05:04 - 000004918 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
0.0.0.0 a.ads1.msn.com
0.0.0.0 a.ads2.msads.net
0.0.0.0 a.ads2.msn.com
0.0.0.0 a.rad.msn.com
0.0.0.0 a-0001.a-msedge.net
0.0.0.0 a-0002.a-msedge.net
0.0.0.0 a-0003.a-msedge.net
0.0.0.0 a-0004.a-msedge.net
0.0.0.0 a-0005.a-msedge.net
0.0.0.0 a-0006.a-msedge.net
0.0.0.0 a-0007.a-msedge.net
0.0.0.0 a-0008.a-msedge.net
0.0.0.0 a-0009.a-msedge.net
0.0.0.0 ac3.msn.com
0.0.0.0 ad.doubleclick.net
0.0.0.0 adnexus.net
0.0.0.0 adnxs.com
0.0.0.0 ads.msn.com
0.0.0.0 ads1.msads.net
0.0.0.0 ads1.msn.com
0.0.0.0 aidps.atdmt.com
0.0.0.0 aka-cdn-ns.adtech.de
0.0.0.0 a-msedge.net
0.0.0.0 apps.skype.com
0.0.0.0 az361816.vo.msecnd.net
0.0.0.0 az512334.vo.msecnd.net
0.0.0.0 b.ads1.msn.com
0.0.0.0 b.ads2.msads.net
0.0.0.0 b.rad.msn.com
 
There are 80 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3808504719-902934913-2112380188-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [UDP Query User{43BE1AAA-F4D4-4654-90C7-A44E5F5B1071}C:\xampplite\mysql\bin\mysqld.exe] => (Allow) C:\xampplite\mysql\bin\mysqld.exe
FirewallRules: [TCP Query User{5324E9A5-805D-4D50-9F84-90E27FBEA246}C:\xampplite\mysql\bin\mysqld.exe] => (Allow) C:\xampplite\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{62252AF2-5B60-43B3-B401-D738447C04A0}C:\xampplite\apache\bin\httpd.exe] => (Allow) C:\xampplite\apache\bin\httpd.exe
FirewallRules: [TCP Query User{422FFC56-F9FE-471B-9224-602EF38A195B}C:\xampplite\apache\bin\httpd.exe] => (Allow) C:\xampplite\apache\bin\httpd.exe
FirewallRules: [{98AA4D82-F5C3-4833-8B18-0F65363CB2B9}] => (Allow) C:\Program Files\Ruiware\WinAntiRansom\WARSvc.exe
FirewallRules: [{EE5ABC68-AC92-45AB-AB62-5D2FD1BBEEBC}] => (Allow) C:\Program Files\Ruiware\WinAntiRansom\WARSvc.exe
FirewallRules: [{DDC9C668-0B61-472B-9D07-A2801CFA4C78}] => (Allow) C:\Program Files\Ruiware\WinAntiRansom\WARSvc.exe
FirewallRules: [{B7EE726B-31E7-40CD-B8DA-97B8CFDA384A}] => (Allow) C:\Program Files\Ruiware\WinAntiRansom\WARSvc.exe
FirewallRules: [{CE564871-0F08-4275-8B39-1EFC87EDFAD9}] => (Allow) C:\Program Files\Ruiware\WinAntiRansom\WARSvc.exe
FirewallRules: [{2A0F0BAC-6661-4C1C-AE68-69F92E9D76D5}] => (Allow) C:\Program Files\Ruiware\WinAntiRansom\WARSvc.exe
FirewallRules: [{F72F2A78-642C-4F22-AF8A-3686D6C17904}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A0E5EC1B-7A60-4B0C-9441-828E80E4C145}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F68A6E0E-B411-4E10-90E9-10C2D7F34385}] => (Allow) C:\Program Files (x86)\Opera\51.0.2830.34\opera.exe
FirewallRules: [{DCE6E85C-A7CD-4A34-8C82-B2F5C7827026}] => (Allow) C:\Program Files (x86)\Opera\51.0.2830.40\opera.exe
FirewallRules: [{2ED56E42-E1E3-48A0-A209-B2A6BCA4AEF1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{99BC1353-56CA-4B60-84F5-784145288D33}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/28/2018 04:05:32 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.125_none_15cbcf8893620c09.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.125_none_5d79065fa7de350f.manifest.
 
Error: (02/28/2018 04:01:50 AM) (Source: WARgk) (EventID: 18113) (User: )
Description: Copy of C:\Program Files\Ruiware\WinAntiRansom\Drivers\x64\wariud.exe to C:\Program Files\Ruiware\WinAntiRansom\wariud.exe failed
 
Error: (02/28/2018 04:01:13 AM) (Source: WARSvc) (EventID: 18113) (User: )
Description: Copy of C:\Program Files\Ruiware\WinAntiRansom\Drivers\x64\wariud.exe to C:\Program Files\Ruiware\WinAntiRansom\wariud.exe failed
 
Error: (02/28/2018 03:45:04 AM) (Source: WARgk) (EventID: 18113) (User: )
Description: Copy of C:\Program Files\Ruiware\WinAntiRansom\Drivers\x64\wariud.exe to C:\Program Files\Ruiware\WinAntiRansom\wariud.exe failed
 
Error: (02/28/2018 03:44:30 AM) (Source: WARSvc) (EventID: 18113) (User: )
Description: Copy of C:\Program Files\Ruiware\WinAntiRansom\Drivers\x64\wariud.exe to C:\Program Files\Ruiware\WinAntiRansom\wariud.exe failed
 
Error: (02/28/2018 03:42:08 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: WARWDSvc.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ComponentModel.Win32Exception
 
Exception Info: System.InvalidOperationException
   at System.ServiceProcess.ServiceController.GetDataBaseHandleWithAccess(System.String, Int32)
   at System.ServiceProcess.ServiceController.GetDataBaseHandleWithConnectAccess()
   at System.ServiceProcess.ServiceController.GetServiceHandle(Int32)
   at System.ServiceProcess.ServiceController.GenerateStatus()
   at System.ServiceProcess.ServiceController.get_Status()
   at Ruiware.WAR.Service.WDMainController.MainControllerThread()
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart()
 
Error: (02/28/2018 03:42:08 AM) (Source: WAR) (EventID: 0) (User: )
Description: Cannot open Service Control Manager on computer '.'. This operation might require other privileges.
 
Error: (02/28/2018 03:42:08 AM) (Source: WAR) (EventID: 0) (User: )
Description: Cannot open Service Control Manager on computer '.'. This operation might require other privileges.
 
 
System errors:
=============
Error: (02/28/2018 04:16:07 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/28/2018 04:08:40 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-628Q94M)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-628Q94M\Nate SID (S-1-5-21-3808504719-902934913-2112380188-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/28/2018 04:08:12 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-628Q94M)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-628Q94M\Nate SID (S-1-5-21-3808504719-902934913-2112380188-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/28/2018 04:05:38 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Delivery Optimization service hung on starting.
 
Error: (02/28/2018 04:00:57 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/28/2018 04:00:57 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/28/2018 04:00:57 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/28/2018 04:00:57 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
CodeIntegrity:
===================================
 
Date: 2018-02-28 05:40:28.579
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-02-28 05:33:20.726
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-02-28 05:15:08.728
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-02-28 04:58:54.418
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-02-28 04:58:53.724
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-02-28 04:58:53.362
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-02-28 04:58:52.633
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-02-28 04:56:12.163
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-6200U CPU @ 2.30GHz
Percentage of memory in use: 22%
Total physical RAM: 20353.9 MB
Available physical RAM: 15768.76 MB
Total Virtual: 23425.9 MB
Available Virtual: 19352.14 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:930.11 GB) (Free:526.86 GB) NTFS
 
\\?\Volume{b4c03b45-e6f1-491b-93c4-1390b057e357}\ (ESP) (Fixed) (Total:0.09 GB) (Free:0.05 GB) FAT32
\\?\Volume{52663eaf-1558-4555-bcfd-f953157ab8b9}\ () (Fixed) (Total:0.8 GB) (Free:0.43 GB) NTFS
\\?\Volume{82d23106-20ad-48ef-8c7f-99329eb3d952}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.19 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 24CF9AA6)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

Edited by Platypus, 28 February 2018 - 06:32 AM.
Deleted duplicates


BC AdBot (Login to Remove)

 


#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,849 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:56 AM

Posted 02 March 2018 - 07:22 AM

Nathaniel:

:welcome: to the Bleeping Computer Virus, Trojans, Spyware, and Malware Removal Logs Forum. My name is Phil. May I address you by your first name?

I will be assisting you with your computer issues. I will endeavor to respond within a reasonable time. Forum policy requires that I post within 48 hours after your last post, but I do endeavor to post within 24 hours of your last post.

I would ask that you please continue to copy and paste the contents of all requested log files directly into your replies. Please do not use "code" or "quote" boxes. Thank you for your anticipated cooperation.

I will need some time to review your FRST logs. That could take a day or two.

PLEASE DO NOT RUN ANY ADDITIONAL SCANS OR ANTI-MALWARE REMOVAL TOOLS UNTIL YOU HAVE RECEIVED A RESPONSE FROM ME.
Doing so would complicate the situation and it would cause further delays in resolving your issues. It could also potentially result in harm to your computer because my "fix" will be based on the FRST scan logs you have already submitted.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#3 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,849 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:56 AM

Posted 02 March 2018 - 08:43 AM

Nathaniel:

Thank you for your patience while I analyzed your FRST logs. I think that I worked with you before on another topic that you had, many months ago ... :)

Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I can only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools. Malware removal can cause unpredictable and unintended issues. Also you should be aware that some of the tools and scripts that will be used, will remove malware detected, without notice.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only the tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post(s), unless otherwise instructed. Please do not use code or quote boxes.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and may have been the route the malware used to infect your computer.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

.

OK, let's get started ...

This computer does have a lot of anti-malware applications installed, which can cause conflicts. You should confine yourself to using one real-time anti-virus and one real-time anti-malware application to avoid possible inexplicable computer issues and degraded computer performance. With anti-virus and anti-malware software, more is not better.

.

:step1: I would recommend that you consider uninstalling this Firefox extension:
 

FF Extension: (Video DownloadHelper) - C:\Users\Nate\AppData\Roaming\Mozilla\Firefox\Profiles\eha9epo1.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-12-19]

 

Please see this link for more information. It is your computer, so it is your decision.

.

:step2: Please run a FRST fix for me. I am not seeing any evidence of serious malware on this computer. After you run the FRST "fixlist" script, we will move on and run some standard anti-malware scans to ensure that there is nothing nefarious on the computer. FRST mainly targets serious malware infections.

NOTICE: This FRST "fixlist" script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.
 

Start::
CreateRestorePoint:
CloseProcesses:
Folder: C:\Program Files\rempl
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
End::
  • Please highlight the entire contents of the code box above, from the "Start::" line to the "End::" line, including both of those lines, right click, and select "Copy", which will copy the "fix" script into the Windows clipboard.
  • Right click FRST/FRST64.exe, and select "Run as Administrator".
  • Press Fix button once and wait.
  • Please reboot the computer, if requested.
  • A log file called "fixlog.txt" will be saved in the same folder as the FRST program is located.
  • Please copy and paste the contents of the "fixlog.txt" file into your next reply.

.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#4 nevans07

nevans07
  • Topic Starter

  • Members
  • 311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:56 AM

Posted 03 March 2018 - 01:03 PM

Hi Phil!

 

Thank you soo much for your assistance. Yes I do remember. I need my detectors Phil. But I absolutely respect your warning. 

 

Here is the add log:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 28.02.2018
Ran by Nate (03-03-2018 12:50:19) Run:1
Running from C:\Users\Nate\Downloads\FRST
Loaded Profiles: Nate (Available Profiles: Nate)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Folder: C:\Program Files\rempl
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
 
========================= Folder: C:\Program Files\rempl ========================
 
2018-01-19 10:23 - 2018-01-19 10:23 - 000442872 ____A [8D4F5E83C62E9214AFCBE4D65C8FB2B8] (Microsoft Corporation) C:\Program Files\rempl\drvdbfix.exe
2017-12-20 00:35 - 2017-12-20 00:35 - 000003632 ____A [DA01F3E734C3D73462654E74A1A9539F] () C:\Program Files\rempl\rempl.xml
2018-01-19 10:23 - 2018-01-19 10:23 - 001172984 ____A [CF081C5605238C7D55C3DC4CA90DF7C7] (Microsoft Corporation) C:\Program Files\rempl\remsh.exe
2017-11-27 13:07 - 2017-11-27 13:07 - 000001760 ____A [60981BABCAC4278A033467B6CE941480] () C:\Program Files\rempl\ShellCompact.xml
2017-12-12 11:40 - 2017-12-12 11:40 - 000001736 ____A [33C7589930482CC1B479726840491B5D] () C:\Program Files\rempl\ShellRestore.xml
2017-09-23 22:51 - 2017-09-23 22:51 - 000001931 ____A [466E91272228F070AF7E3C6B4BE50FEB] () C:\Program Files\rempl\Unlock.xml
2017-11-27 13:07 - 2017-11-27 13:07 - 000001896 ____A [446DB8F36FDE7B79ADBA920BC7BBE927] () C:\Program Files\rempl\UnlockSih.xml
2018-01-16 15:59 - 2018-01-16 15:59 - 000001555 ____A [9E51218E3FD22747F90CA19E7E60ECE3] () C:\Program Files\rempl\UnlockStorageSense.xml
2018-01-16 15:59 - 2018-01-16 15:59 - 000001757 ____A [FF21EF1456B2461EA1FCB7D8C53DF14A] () C:\Program Files\rempl\UsoScan.xml
2018-01-11 20:17 - 2018-03-03 12:07 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files\rempl\Logs
2018-03-03 11:37 - 2018-03-03 12:07 - 000131072 ____A [4497FC1339105F4B923264119333AB30] () C:\Program Files\rempl\Logs\Remediation.002.etl
2018-03-03 11:37 - 2018-03-03 12:01 - 000131072 ____A [28BA77ECFEC6183E63CE97018FF18C23] () C:\Program Files\rempl\Logs\Remediation.003.etl
2018-03-03 11:37 - 2018-03-03 11:37 - 000131072 ____A [14C4DB708514E286AE009D82F332077E] () C:\Program Files\rempl\Logs\Remediation.004.etl
2018-03-01 10:30 - 2018-03-03 11:34 - 000196608 ____A [9BBFA0DB0DBA677BAD726BF6C0B5935A] () C:\Program Files\rempl\Logs\Remediation.007.etl
2018-03-01 10:30 - 2018-03-03 11:34 - 000131072 ____A [8BAAFA3D9907716DEFE2EF34396FFB98] () C:\Program Files\rempl\Logs\Remediation.008.etl
2018-03-01 10:30 - 2018-03-01 18:22 - 000131072 ____A [F4622575F43EA540246EFBE1DDFA7791] () C:\Program Files\rempl\Logs\Remediation.009.etl
2018-02-28 02:57 - 2018-03-01 15:10 - 000131072 ____A [04B99455447520F7469E6F1D16DE348B] () C:\Program Files\rempl\Logs\Remediation.010.etl
2018-02-28 02:57 - 2018-03-01 13:55 - 000196608 ____A [7D5CCE9157AECDDDF95E7A89BAB7C915] () C:\Program Files\rempl\Logs\Remediation.012.etl
2018-02-22 19:22 - 2018-03-01 13:54 - 000131072 ____A [83382BB83CB18231D2BDD71726CF803C] () C:\Program Files\rempl\Logs\Remediation.013.etl
2018-02-22 19:22 - 2018-03-01 12:15 - 000131072 ____A [5CFC91A16B6E95364DB1855F1B5F88C8] () C:\Program Files\rempl\Logs\Remediation.015.etl
2018-02-16 13:42 - 2018-03-01 10:30 - 000131072 ____A [9063BE9BA2900CE5C5FA410FBA0BE67D] () C:\Program Files\rempl\Logs\Remediation.016.etl
2018-02-16 13:42 - 2018-03-01 10:28 - 000131072 ____A [88323DE869C38C7EE38F794A924DBB62] () C:\Program Files\rempl\Logs\Remediation.018.etl
2018-02-16 13:42 - 2018-03-01 10:28 - 000131072 ____A [90766ADB8AD520C7B78D94442105E5A8] () C:\Program Files\rempl\Logs\Remediation.019.etl
2018-02-16 09:20 - 2018-02-28 14:09 - 000131072 ____A [A2266FA42410944A2902789AE0B6A0DE] () C:\Program Files\rempl\Logs\Remediation.020.etl
2018-02-16 09:20 - 2018-02-28 14:07 - 000131072 ____A [531E10165E51C43361F86A75F987932A] () C:\Program Files\rempl\Logs\Remediation.021.etl
2018-02-16 09:20 - 2018-02-28 08:21 - 000131072 ____A [FEFB42D56CE1177DB10ADD62486E9C46] () C:\Program Files\rempl\Logs\Remediation.022.etl
2018-02-16 09:20 - 2018-02-28 04:02 - 000131072 ____A [88E7821FA2FACB967C0026BC9B042C7B] () C:\Program Files\rempl\Logs\Remediation.023.etl
2018-02-16 09:20 - 2018-02-28 03:44 - 000131072 ____A [F25B39B1E5DC7BA2B9209D6FFB5F05AE] () C:\Program Files\rempl\Logs\Remediation.024.etl
2018-02-16 09:20 - 2018-02-28 02:57 - 000131072 ____A [3B8A41DC5BC6ACF905CAE67F53367739] () C:\Program Files\rempl\Logs\Remediation.025.etl
2018-02-16 09:20 - 2018-02-28 02:55 - 000131072 ____A [B050B673B22E68AB29A155D02B2768D8] () C:\Program Files\rempl\Logs\Remediation.027.etl
2018-02-12 10:17 - 2018-02-28 02:55 - 000131072 ____A [7BD0C3DFB181EB1B744EBF2F021F2699] () C:\Program Files\rempl\Logs\Remediation.028.etl
2018-02-12 10:17 - 2018-02-28 02:54 - 000131072 ____A [175C2301D5682778AD6DA97C96EBFE35] () C:\Program Files\rempl\Logs\Remediation.030.etl
2018-02-12 10:17 - 2018-02-23 10:13 - 000196608 ____A [58CEC28F1A508458C5A70EF1977D84BF] () C:\Program Files\rempl\Logs\Remediation.032.etl
2018-02-12 10:17 - 2018-02-23 10:12 - 000196608 ____A [3983B8687AD6BD5729171CD132683B41] () C:\Program Files\rempl\Logs\Remediation.034.etl
2018-02-12 10:17 - 2018-02-22 20:24 - 000131072 ____A [A3A0B17088D1789AB52CD13495ADF7FC] () C:\Program Files\rempl\Logs\Remediation.035.etl
2018-02-12 10:17 - 2018-02-22 20:24 - 000131072 ____A [C3F19C2AD1C2689DD7B56A967F59B4A5] () C:\Program Files\rempl\Logs\Remediation.036.etl
2018-02-12 10:17 - 2018-02-22 19:42 - 000131072 ____A [6D3820319B4996A04B232318015660A6] () C:\Program Files\rempl\Logs\Remediation.038.etl
2018-02-12 10:17 - 2018-02-22 19:22 - 000131072 ____A [F9E08100E19B68350AEDD8827897FD2F] () C:\Program Files\rempl\Logs\Remediation.039.etl
2018-02-12 10:17 - 2018-02-22 19:20 - 000131072 ____A [BAF36B92ACD5770177498452819D22F7] () C:\Program Files\rempl\Logs\Remediation.041.etl
2018-02-12 10:17 - 2018-02-22 19:20 - 000131072 ____A [3F31C9FFC3FF67F8CDEA61FCE88CC9C1] () C:\Program Files\rempl\Logs\Remediation.042.etl
2018-02-12 10:17 - 2018-02-22 19:20 - 000131072 ____A [3C03B20C7BC244EE89FD7C2BE877A175] () C:\Program Files\rempl\Logs\Remediation.044.etl
2018-02-12 10:17 - 2018-02-21 18:48 - 000131072 ____A [A457254AEB32D1BCD3E3E763CBC5748F] () C:\Program Files\rempl\Logs\Remediation.045.etl
2018-02-12 10:17 - 2018-02-21 18:46 - 000131072 ____A [D29913D6AEFBF63C3577DF2BEB891D65] () C:\Program Files\rempl\Logs\Remediation.046.etl
2018-02-12 10:17 - 2018-02-21 18:46 - 000196608 ____A [E2C476E566C5139D6872FA3E2E7A52CC] () C:\Program Files\rempl\Logs\Remediation.047.etl
2018-02-12 10:17 - 2018-02-21 18:46 - 000131072 ____A [55277E88F26D60479155C5547F9E1FF0] () C:\Program Files\rempl\Logs\Remediation.049.etl
 
====== End of Folder: ======
 
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found
 
 
The system needed a reboot.
 
==== End of Fixlog 12:50:49 ====
 
Thank You Again!


#5 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,849 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:56 AM

Posted 03 March 2018 - 01:50 PM

Nathaniel:
 
Thank you for posting the content of the "fixlog.txt".  All is good! :thumbup2:
 
Let's proceed to some standard scans.  I know that you have ESET and Malwarebytes installed on your computer, so you can ignore the instructions about installing them that don't apply, but make sure that you have selected the scan settings that I have listed.
 
.
 
:step1: ESET Online Scanner using Internet Explorer:

Note: You will need to disable your currently installed Anti-Virus, how to do so can be found here.

  • Download esetsmartinstaller_enu.exe and save it to your Desktop.
  • Double click the icon.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Then select: "Enable detection of potentially unwanted applications" - Yes.
  • Click Advanced settings.
  • Check the following items.

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Change next to Current scan targets:
  • Place a check mark in any additional drive you wish to scan then click OK.
  • Click Start.
  • ESET will then download updates and begin scanning your computer.
  • If no threats are found simply click Uninstall application on close and hit Finish.
  • If threats are found click List of found threats.
  • Click Export to text file.
  • Save the file on your Desktop as ESET.txt.
  • Click Back.
  • Check Uninstall application on close and Delete quarantined files.
  • Click Finish.
  • Close the ESET Online Scanner window.
  • Copy and paste the contents of ESET.txt into your reply, if any threats were detected. There will be no log, if no threats were detected.

Don't forget to re-enable your antivirus when finished!

.

:step2: Please run a Malwarebytes Anti-Malware scan for me.

  • Please download Malwarebytes to your Desktop.
  • Double-click mb3-setup-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Next, please go to "Settings", "Protection", and turn on "Scan for rootkits", if it is not "On."
  • Ensure that under "Potential Threat Protection", both switches are set to "Always Detect PUPs/PUMs (recommended).
  • Then scroll to the bottom of that page and ensure that "Automatic Quarantine" is turned "On."
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If an update of the definitions is available, it will be downloaded and installed before the scan commences.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.

The Scan log is available through History ->Application logs. Please copy and paste the contents of the log into your next reply.

.

:step3: Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait for it to complete the update.
  • Click on I Agree button.
  • Click on the Scan button.
  • AdwCleaner will begin its scan ... please be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, then make sure that you uncheck it before running the "Clean" process.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • After the scan has finished ...
  • Uncheck any PUP and adware applications that you want to keep.


If you are unsure about one or more of the detected programs, then please copy and paste the scan log, with your questions, and I will provide you with advice about those files.
The Scan logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
Do not follow the remaining "Clean" instructions until directed to do so by me, if you have any questions about one or more of the detections.
If you have no questions about any of the detections, then please proceed to the "Clean" steps below.

  • Then click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Please copy and paste the contents of that logfile into your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#6 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,849 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:56 AM

Posted 06 March 2018 - 07:03 AM

Nathaniel:

 
Are you still there?  Do you still require assistance?  It has been three days since I last posted to you.
 
According to Forum policy, topics must be concluded after five days of non-response from the Topic Starter.
 
If I have not heard from you in another two days, I will conclude your topic.  You can always reopen it by sending a Personal Message to me or to a Moderator.
 
Thank you and have a great day.
 
Regards,
-Phil

Graduate of the Bleeping Computer Malware Removal Study Hall


#7 nevans07

nevans07
  • Topic Starter

  • Members
  • 311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:56 AM

Posted 06 March 2018 - 10:31 AM

Hi Phil!

 

I work weekends and weekday graveyard shift. Sorry didn't get back sooner. I did all the scans everything so far came back clean.

 

Very Best,

Nate Evans

 

# AdwCleaner 7.0.8.0 - Logfile created on Tue Mar 06 15:23:30 2018
# Updated on 2018/08/02 by Malwarebytes 
# Database: 2018-03-05.3
# Running on Windows 10 Home (X64)
# Mode: scan
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries.
 
*************************
 
C:/AdwCleaner/AdwCleaner[C0].txt - [1236 B] - [2017/7/25 4:36:6]
C:/AdwCleaner/AdwCleaner[S0].txt - [1218 B] - [2017/7/25 4:33:31]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt ##########


#8 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,849 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:56 AM

Posted 06 March 2018 - 10:38 AM

Nathaniel:
 
Thank you for your post and for the results of the requested scans.
 
Your computer is clean! :thumbup2:

.

:step1: We will now remove the tools we used during this fix using Delfix.

bwebb7v.jpgDownload Delfix from here and save it to your desktop.

  • Ensure Remove disinfection tools is checked.
  • Also place a checkmark next to:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click the Run button.

When the tool is finished, a log will open in notepad. Please copy and paste the log in your next reply.

.

:step2: . . . Some Final Advice . . .

The most common cause of an infected machine is the Trojan Horse, or programs which appear to be legitimate but which contain malicious payloads, or which are simply malicious in and of themselves. No antivirus, firewall, host-based intrusion prevention system (HIPS), or other security software can fully protect you against this kind of attack. The best way to project yourself is not to run email attachments from untrusted sources, and avoid software downloaded from the internet wherever possible. Remember, when you run an application, you are giving that application permission to do to your machine anything you can do to the machine, including create, modify, or destroy files or other data. In the Windows (and most other systems' such as Unix) security model, applications don't have privileges, users do.

The second most common cause of infection is out of date software. Leaving your system unpatched leaves holes through which attackers can execute code on your behalf without your consent. This goes for far more than common targets such as Windows and Internet Explorer. Most recent threats target other third party software, such as Adobe's Adobe Reader, Shockwave Player, or Flash Player, or Oracle's Java browser plugins. You can check your system for out of date software manually, or by using automated tools such as Secunia's Personal Software Inspector. This goes doubly for security applications such as antivirus and other antimalware products based on definition lists, where out-of-date lists mean no detection of newer malware.

Finally, occasionally you will be forced to run some potentially infected binary, or attackers will use a hole which is unpatched by software vendors, so a last line of defense is needed. That means turning on a firewall (Windows Firewall included with Windows Vista or later is fine) and leaving it on, and using and keeping up-to-date an antivirus solution such as Bitdefender. Antiviral solutions don't even have to cost money; later versions of Windows Defender provide perfectly acceptable protection for free. If for some reason you don't like Windows Defender, there are other free products available as well:

  • Avira (shows nag screen to purchase full product when updating, home use only)
  • Bitdefender Free (home use only)

That should be fine for the majority of users. However, if you absolutely want additional protection, consider one or more of the following products:

If you want more information on methods malware uses to infect your computer, consider browsing our How did I get infected? topic.

.

It has been a pleasure assisting you and I hope that you will avoid any further infections in the future. Your most important protection step is to ALWAYS HAVE MORE THAN ONE RECENT BACKUP OF YOUR ENTIRE SYSTEM on an external drive that is only connected to your computer long enough to backup or restore. I do system images weekly. With the free backup software out there (Easeus ToDo Backup Home, Macrium Reflect, etc.), and the very reasonable prices for external USB hard drives, there is no reason to not have a backup.

Please copy and paste the contents of the Delfix log into your next reply. If that looks good, then we can conclude your topic.

On behalf of the Bleeping Computer Community, thank you for choosing BC to assist you with your computer issues, stay safe out there in cyberspace, and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#9 nevans07

nevans07
  • Topic Starter

  • Members
  • 311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:56 AM

Posted 06 March 2018 - 02:39 PM

Thank You So Much For All Your Help Phil!!!!!

 

Very Best,

Nathaniel Evans



#10 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,849 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:56 AM

Posted 06 March 2018 - 03:13 PM

Nathaniel:

 

Would you please copy and paste a copy of your Delfix log?  I would like to make sure that it executed properly before concluding your topic.

 

You are most welcome for my assistance, as always. :)  Thank you again for choosing Bleeping Computer to assist you with your computer issues.

 

Have a great day.

 

Regards,

-Phil

 

 


Graduate of the Bleeping Computer Malware Removal Study Hall


#11 nevans07

nevans07
  • Topic Starter

  • Members
  • 311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:56 AM

Posted 08 March 2018 - 04:56 PM

Hi Phil!

 

I intend to keep the tools. if I need to uninstall later i'll use your fix or Revo Uninstaller Pro.

 

Thank you again for all your help!!!!

 

very Best,

Nathaniel Evans



#12 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,849 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:56 AM

Posted 08 March 2018 - 05:29 PM

Nathaniel:

 

Thank you for your post.  I would recommend that you use Delfix to remove the tools.

 

REASON: The tools are being constantly updated.  Just yesterday, a new version of Malwarebytes (3.4.4.) was released.  Farbar is constantly issuing updates for FRST, usually several updates per week.  AdwCleaner is also subject to very frequent updates.  It is always best to use the very latest versions of these tools since they have enhanced detection and remediation capabilities, and they have been updated to detect and deal with the latest emerging malware programs.

 

Revo Uninstaller probably won't delete all the logs and such that Delfix does.  It is specifically designed to remove the malware-removal tools, their quarantines, log files, etc., as well delete all previous restore points and create a new malware-free restore point.

 

You are most welcome for my help.  Have a great day.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#13 nevans07

nevans07
  • Topic Starter

  • Members
  • 311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:56 AM

Posted 10 March 2018 - 12:08 AM

Your So Persuasive!!!!

 

Very Best,

Nate Evans

 

 

# DelFix v1.013 - Logfile created 10/03/2018 at 00:05:25
# Updated 17/04/2016 by Xplode
# Username : Nate - DESKTOP-628Q94M
# Operating System : Windows 10 Home  (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\RegBackup
Deleted : C:\Users\Nate\Downloads\FRST-OlderVersion
Deleted : C:\Users\Nate\Desktop\mbar
Deleted : C:\TDSSKiller.3.1.0.11_17.10.2016_22.46.51_log.txt
Deleted : C:\TDSSKiller.3.1.0.11_18.07.2017_19.57.36_log.txt
Deleted : C:\TDSSKiller.3.1.0.11_22.10.2016_13.57.55_log.txt
Deleted : C:\TDSSKiller.3.1.0.11_25.10.2016_20.07.00_log.txt
Deleted : C:\TDSSKiller.3.1.0.11_25.10.2016_20.07.19_log.txt
Deleted : C:\TDSSKiller.3.1.0.15_25.07.2017_00.29.37_log.txt
Deleted : C:\zoek-results.log
Deleted : C:\zoek-results2017-07-29-063153.log
Deleted : C:\Users\Nate\Desktop\AdwCleaner (1).exe
Deleted : C:\Users\Nate\Desktop\esetsmartinstaller_enu (1).exe
Deleted : C:\Users\Nate\Downloads\Addition.txt
Deleted : C:\Users\Nate\Downloads\Addition.txtlatest.txt
Deleted : C:\Users\Nate\Downloads\Addition.txtlatestlatest.txt
Deleted : C:\Users\Nate\Downloads\AdwCleaner (1).exe
Deleted : C:\Users\Nate\Downloads\aswmbr.exe
Deleted : C:\Users\Nate\Downloads\esetsmartinstaller_enu (1).exe
Deleted : C:\Users\Nate\Downloads\esetsmartinstaller_enu.exe
Deleted : C:\Users\Nate\Downloads\FRST.txt
Deleted : C:\Users\Nate\Downloads\frst64.exe
Deleted : C:\Users\Nate\Downloads\JRT.exe
Deleted : C:\Users\Nate\Downloads\RogueKiller_setup_ref3.exe
Deleted : C:\Users\Nate\Downloads\tdsskiller.exe
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
 
New restore point created !
 
########## - EOF - ##########


#14 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,849 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:56 AM

Posted 10 March 2018 - 01:33 PM

Nate:

 

Thank you for running the Delfix app.  All looks good. :thumbup2:

 

Stay safe out there in cyberspace.

 

Have a great weekend.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#15 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,849 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:56 AM

Posted 10 March 2018 - 01:33 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Graduate of the Bleeping Computer Malware Removal Study Hall





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users