Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32:Cryptor was found by AVG (Made all files\Folders hidden and system)


  • This topic is locked This topic is locked
17 replies to this topic

#1 isrgish

isrgish

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 11 March 2018 - 07:47 AM

My USB cards started losing there files and folders. I did an AVG scan and it found a win32cryptor on the device. I posted this problem to "Am I infected? What do I do?" and buddy215 suggested a list of steps for me. After following that list and posting the resulting logs he suggested I come here.

 

These are the steps I took.

1. I ran Malwarebytes free version
2. Malwarebytes Anti-Rootkit 
3. AdwCleaner 
4. Free Virus Scan | Online Virus Scan from ESET | ESET (On this one I wasn't able to follow the exact directions from budy215 since the options were different. I think I managed to find all the option that he suggested I set).

 

This is the link to that 

https://www.bleepingcomputer.com/forums/t/672397/win32cryptor-was-found-by-avg

 

I would also like to mention that this is a work computer. We don't have an IT guy its a small company. I inherited this computer about 1 year ago when I started this job. I can install and uninstall and do anything I want on this computer my boss gave me the rights to do as I see fit.

I had someone that started to help on this site but when he found out its a work computer he said he doesn't work with work computers. He suggested I post again and here I am.

 

Following is the log from ESET security (buddy215 said to post it here along with the results from FRST)
 
Log
Scan Log
Version of detection engine: 17012 (20180306)
Date: 3/6/2018  Time: 12:26:58 PM
Scanned disks, folders and files: Operating memory;C:\Boot sector;C:\
C:\Documents and Settings\All Users\Microsoft\Crypto\RSA\MachineKeys\374aa05d6da2df53268cfe7629c03a34_4031c8cf-7c04-411c-b44c-df06585090bf - unable to open [4]
C:\Documents and Settings\All Users\Microsoft\Crypto\RSA\MachineKeys\94261a6da5eaa252b7f90a1b6be6d9dc_4031c8cf-7c04-411c-b44c-df06585090bf - unable to open [4]
C:\Documents and Settings\All Users\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json - unable to open [4]
C:\Documents and Settings\All Users\Microsoft\Diagnosis\DownloadedSettings\utc.app.json - unable to open [4]
C:\Documents and Settings\All Users\Microsoft\Diagnosis\events00.rbs - unable to open [4]
C:\Documents and Settings\All Users\Microsoft\Diagnosis\events01.rbs - unable to open [4]
C:\Documents and Settings\All Users\Microsoft\Diagnosis\events10.rbs - unable to open [4]
C:\Documents and Settings\All Users\Microsoft\Diagnosis\events11.rbs - unable to open [4]
C:\Documents and Settings\beigels\AppData\Roaming\kingsoft\office6\update\down\wpsupdate.exe - a variant of Win32/KingSoft.D potentially unwanted application - action selection postponed until scan completion
C:\Documents and Settings\beigels\AppData\Roaming\uTorrent\updates\3.4.5_41372.exe » ZIP » mediaelement/controls.png - archive damaged - the file could not be extracted.
C:\Documents and Settings\beigels\AppData\Roaming\uTorrent\updates\3.4.5_41372.exe » ZIP »  - archive damaged
C:\Documents and Settings\beigels\AppData\Roaming\uTorrent\updates\3.4.5_41865.exe » ZIP »  - archive damaged
C:\Documents and Settings\beigels\AppData\Roaming\uTorrent\updates\3.4.8_42576.exe » ZIP » mediaelement/bigplay.fw.png - archive damaged - the file could not be extracted.
C:\Documents and Settings\beigels\AppData\Roaming\uTorrent\updates\3.4.8_42576.exe » ZIP »  - archive damaged
C:\Documents and Settings\beigels\AppData\Roaming\uTorrent\updates\3.4.9_43295.exe » ZIP » mediaelement/bigplay.fw.png - archive damaged - the file could not be extracted.
C:\Documents and Settings\beigels\AppData\Roaming\uTorrent\updates\3.4.9_43295.exe » ZIP »  - archive damaged
C:\Documents and Settings\beigels\AppData\Roaming\uTorrent\updates\3.4.9_43388.exe » ZIP » mediaelement/bigplay.fw.png - archive damaged - the file could not be extracted.
C:\Documents and Settings\beigels\AppData\Roaming\uTorrent\updates\3.4.9_43388.exe » ZIP »  - archive damaged
C:\Documents and Settings\beigels\AppData\Roaming\uTorrent\updates\3.5.0_43580.exe » ZIP » mediaelement/bigplay.fw.png - archive damaged - the file could not be extracted.
C:\Documents and Settings\beigels\AppData\Roaming\uTorrent\updates\3.5.0_43580.exe » ZIP »  - archive damaged
C:\Documents and Settings\beigels\AppData\Roaming\uTorrent\updates\3.5.0_43804.exe » ZIP » open-sans-light.eot - archive damaged - the file could not be extracted.
C:\Documents and Settings\beigels\AppData\Roaming\uTorrent\updates\3.5.0_43804.exe » ZIP »  - archive damaged
C:\Documents and Settings\beigels\AppData\Roaming\uTorrent\updates\3.5.0_43916.exe » ZIP » mediaelement/bigplay.fw.png - archive damaged - the file could not be extracted.
C:\Documents and Settings\beigels\AppData\Roaming\uTorrent\updates\3.5.0_43916.exe » ZIP »  - archive damaged
C:\Documents and Settings\beigels\AppData\Roaming\uTorrent\updates\3.5.0_44090.exe » ZIP » open-sans-light.eot - archive damaged - the file could not be extracted.
C:\Documents and Settings\beigels\AppData\Roaming\uTorrent\updates\3.5.0_44090.exe » ZIP »  - archive damaged
C:\Documents and Settings\beigels\AppData\Roaming\uTorrent\updates\3.5.0_44294.exe » ZIP » open-sans-light.eot - archive damaged - the file could not be extracted.
C:\Documents and Settings\beigels\AppData\Roaming\uTorrent\updates\3.5.0_44294.exe » ZIP »  - archive damaged
C:\Documents and Settings\beigels\AppData\Roaming\uTorrent\updates\3.5.1_44332.exe » ZIP » open-sans-light.eot - archive damaged - the file could not be extracted.
C:\Documents and Settings\beigels\AppData\Roaming\uTorrent\updates\3.5.1_44332.exe » ZIP »  - archive damaged
C:\Documents and Settings\beigels\AppData\Roaming\uTorrent\updates\3.5.3_44358.exe » ZIP » mediaelement/bigplay.fw.png - archive damaged - the file could not be extracted.
C:\Documents and Settings\beigels\AppData\Roaming\uTorrent\updates\3.5.3_44358.exe » ZIP »  - archive damaged
C:\Documents and Settings\beigels\Application Data\kingsoft\office6\update\down\wpsupdate.exe - a variant of Win32/KingSoft.D potentially unwanted application - action selection postponed until scan completion
C:\Downloads\ccsetup510.exe » NSIS » PF-Toolbar-W78.exe - Win32/Bundled.Toolbar.Google.D potentially unsafe application - action selection postponed until scan completion
C:\hiberfil.sys - unable to open [4]
C:\Me\Downloads\avc-free.exe » INNO » {tmp}\OCSetupHlp.dll - a variant of Win32/OpenCandy.A potentially unsafe application - action selection postponed until scan completion
C:\Me\Downloads\ccsetup532.exe » NSIS » PF-Toolbar-2016.exe - Win32/Bundled.Toolbar.Google.D potentially unsafe application - action selection postponed until scan completion
C:\Me\Downloads\ccsetup540pro.exe » NSIS » PF-Toolbar-2016.exe - Win32/Bundled.Toolbar.Google.D potentially unsafe application - action selection postponed until scan completion
C:\Me\Downloads\KingoRoot.exe - Win32/InstallCore.Gen.A potentially unwanted application - action selection postponed until scan completion
C:\Me\Downloads\rcsetup152.exe » NSIS » PF-Toolbar-W78.exe - Win32/Bundled.Toolbar.Google.D potentially unsafe application - action selection postponed until scan completion
C:\Me\Lexar\Id.txt.lnk - LNK/Agent.AO trojan - cleaned by deleting [1]
C:\Me\Old Computer\Me\new\Downloads\ccsetup312.exe » NSIS » PRFB-IEToolbar.exe - Win32/Bundled.Toolbar.Google.E potentially unsafe application - action selection postponed until scan completion
C:\Me\Old Computer\Me\new\Downloads\ccsetup324.exe » NSIS » PRFB-IEToolbar.exe - Win32/Bundled.Toolbar.Google.E potentially unsafe application - action selection postponed until scan completion
C:\Me\Old Computer\Me\new\Downloads\ccsetup401.exe » NSIS » PF-Toolbar-W78.exe - Win32/Bundled.Toolbar.Google.D potentially unsafe application - action selection postponed until scan completion
C:\Me\Old Computer\Me\new\Downloads\chromeinstall-6u27.exe » CAB » jusched - archive damaged - the file could not be extracted.
C:\Me\Old Computer\Me\new\Downloads\chromeinstall-6u27.exe » CAB » task.xml - archive damaged - the file could not be extracted.
C:\Me\Old Computer\Me\new\Downloads\chromeinstall-6u27.exe » CAB » task64.xml - archive damaged - the file could not be extracted.
C:\Me\Old Computer\Me\new\Downloads\chromeinstall-7u25.exe » CAB » jusched - archive damaged - the file could not be extracted.
C:\Me\Old Computer\Me\new\Downloads\chromeinstall-7u25.exe » CAB » task.xml - archive damaged - the file could not be extracted.
C:\Me\Old Computer\Me\new\Downloads\chromeinstall-7u25.exe » CAB » task64.xml - archive damaged - the file could not be extracted.
C:\Me\Old Computer\Me\new\Downloads\PhotoScape_V3.6.2.exe » NSIS » Mooii_Toolbar_Omaha.exe - Win32/Bundled.Toolbar.Google.D potentially unsafe application - action selection postponed until scan completion
C:\Me\Old Computer\Me\pdbtools.exe » INNO » setup.data - unsupported option
C:\Microsoft Toolkit 2.5.3 Official Torrent\Microsoft Toolkit.exe » SMARTASSEMBLY » deobfuscated.exe - a variant of MSIL/HackKMS.G potentially unsafe application - action selection postponed until scan completion
C:\pagefile.sys - unable to open [4]
C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\Updates\DBR_17560_1928_x64_Update.exe » INDIGOROSE - archive damaged
C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\Updates\DBRFactorySetupUpdate.exe » INDIGOROSE - archive damaged
C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\Updates\STUpdateNotifier_DBAR18.exe » INDIGOROSE - archive damaged
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\374aa05d6da2df53268cfe7629c03a34_4031c8cf-7c04-411c-b44c-df06585090bf - unable to open [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\94261a6da5eaa252b7f90a1b6be6d9dc_4031c8cf-7c04-411c-b44c-df06585090bf - unable to open [4]
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json - unable to open [4]
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.app.json - unable to open [4]
C:\ProgramData\Microsoft\Diagnosis\events00.rbs - unable to open [4]
C:\ProgramData\Microsoft\Diagnosis\events01.rbs - unable to open [4]
C:\ProgramData\Microsoft\Diagnosis\events10.rbs - unable to open [4]
C:\ProgramData\Microsoft\Diagnosis\events11.rbs - unable to open [4]
C:\System Volume Information\MountPointManagerRemoteDatabase - unable to open [4]
C:\System Volume Information\Syscache.hve - unable to open [4]
C:\System Volume Information\Syscache.hve.LOG1 - unable to open [4]
C:\System Volume Information\Syscache.hve.LOG2 - unable to open [4]
C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} - unable to open [4]
C:\System Volume Information\{71e3fd34-1c23-11e8-9471-b083fea6c97a}{3808876b-c176-4e48-b7ae-04046e6cc752} - unable to open [4]
C:\System Volume Information\{71e3fd38-1c23-11e8-9471-b083fea6c97a}{3808876b-c176-4e48-b7ae-04046e6cc752} - unable to open [4]
C:\System Volume Information\{7bafb500-16af-11e8-8b76-b083fea6c97a}{3808876b-c176-4e48-b7ae-04046e6cc752} - unable to open [4]
C:\System Volume Information\{c5583c19-1b8e-11e8-840f-b083fea6c97a}{3808876b-c176-4e48-b7ae-04046e6cc752} - unable to open [4]
C:\System Volume Information\{c958f212-2097-11e8-9c67-b083fea6c97a}{3808876b-c176-4e48-b7ae-04046e6cc752} - unable to open [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\374aa05d6da2df53268cfe7629c03a34_4031c8cf-7c04-411c-b44c-df06585090bf - unable to open [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\94261a6da5eaa252b7f90a1b6be6d9dc_4031c8cf-7c04-411c-b44c-df06585090bf - unable to open [4]
C:\Users\All Users\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json - unable to open [4]
C:\Users\All Users\Microsoft\Diagnosis\DownloadedSettings\utc.app.json - unable to open [4]
C:\Users\All Users\Microsoft\Diagnosis\events00.rbs - unable to open [4]
C:\Users\All Users\Microsoft\Diagnosis\events01.rbs - unable to open [4]
C:\Users\All Users\Microsoft\Diagnosis\events10.rbs - unable to open [4]
C:\Users\All Users\Microsoft\Diagnosis\events11.rbs - unable to open [4]
C:\Users\beigels\AppData\Roaming\kingsoft\office6\update\down\wpsupdate.exe - a variant of Win32/KingSoft.D potentially unwanted application - action selection postponed until scan completion
C:\Users\beigels\Application Data\kingsoft\office6\update\down\wpsupdate.exe - a variant of Win32/KingSoft.D potentially unwanted application - action selection postponed until scan completion
C:\Windows\AutoKMS\AutoKMS.exe » SMARTASSEMBLY » deobfuscated.exe - a variant of MSIL/HackKMS.H potentially unsafe application - action selection postponed until scan completion
C:\Windows\CSC\v2.0.6\pq - unable to open [4]
C:\Windows\CSC\v2.0.6\temp\ea-{48219d68-ef42-11e4-8465-901e1819ed3f} - unable to open [4]
C:\Windows\Installer\33df7ea6.msi » MSI » Binary.dumper.js - Win32/Adware.Hicosmea.I application - action selection postponed until scan completion
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl - unable to open [4]
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagtrack-Listener.etl - unable to open [4]
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl - unable to open [4]
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl - unable to open [4]
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl - unable to open [4]
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl - unable to open [4]
Number of scanned objects: 842495
Number of threats found: 18
Number of cleaned objects: 15
Time of completion: 2:22:50 PM  Total scanning time: 6952 sec (01:55:52)
 
Notes:
[1] Object has been deleted as it only contained the virus body.
[4] Object cannot be opened. It may be in use by another application or operating system.
 
 
**************END*****************
 
Here are the results from FRST
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.03.2018
Ran by beigels (administrator) on SRULYG (11-03-2018 13:19:16)
Running from C:\Users\beigels\Desktop
Loaded Profiles: beigels (Available Profiles: beigels)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(Paragon Software) C:\Program Files (x86)\Paragon Software\LinuxFS for Windows\Linux File Systems for Windows by Paragon Software.exe
(ContentWatch, Inc.) C:\Program Files (x86)\ContentWatch\Internet Protection\cwsvc.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
() C:\Program Files (x86)\MyTrigger\MyTrigger.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(ContentWatch, Inc.) C:\Program Files (x86)\ContentWatch\Internet Protection\cwtray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Intel® Corporation) C:\Program Files\Intel\BCA\pabeSvc64.exe
(Zhuhai Kingsoft Office Software Co.,Ltd) C:\Users\beigels\AppData\Local\Kingsoft\WPS Office\9.1.0.5200\wtoolex\wpsupdatesvr.exe
(Paragon Software) C:\Program Files (x86)\Paragon Software\LinuxFS for Windows\paragon_service.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncserver.exe
(RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncagent.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncserverui.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(BitTorrent Inc.) C:\Users\beigels\AppData\Roaming\uTorrent\uTorrent.exe
(BitTorrent Inc.) C:\Users\beigels\AppData\Roaming\uTorrent\updates\3.5.3_44358\utorrentie.exe
(BitTorrent Inc.) C:\Users\beigels\AppData\Roaming\uTorrent\updates\3.5.3_44358\utorrentie.exe
(Marek Jasinski) C:\Program Files (x86)\FreeCommander XE\FreeCommander.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [294928 2018-03-05] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-04-10] (Intel Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567936 2018-02-26] (Dropbox, Inc.)
HKLM-x32\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
HKLM-x32\...\Run: [cwcptray] => C:\Program Files (x86)\ContentWatch\Internet Protection\cwtray.exe [676232 2015-01-29] (ContentWatch, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646680 2017-09-27] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2779557678-3830489536-1879980627-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1422248 2018-02-08] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1422248 2018-02-08] (Garmin Ltd. or its subsidiaries)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launch MyTrigger.lnk [2015-07-28]
ShortcutTarget: Launch MyTrigger.lnk -> C:\Program Files (x86)\MyTrigger\MyTrigger.exe ()
GroupPolicy: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog9 01 C:\Windows\SysWOW64\cwalsp.dll [1053576 2015-01-29] (ContentWatch, Inc.)
Winsock: Catalog9 02 C:\Windows\SysWOW64\cwalsp.dll [1053576 2015-01-29] (ContentWatch, Inc.)
Winsock: Catalog9 03 C:\Windows\SysWOW64\cwalsp.dll [1053576 2015-01-29] (ContentWatch, Inc.)
Winsock: Catalog9 04 C:\Windows\SysWOW64\cwalsp.dll [1053576 2015-01-29] (ContentWatch, Inc.)
Winsock: Catalog9 05 C:\Windows\SysWOW64\cwalsp.dll [1053576 2015-01-29] (ContentWatch, Inc.)
Winsock: Catalog9 06 C:\Windows\SysWOW64\cwalsp.dll [1053576 2015-01-29] (ContentWatch, Inc.)
Winsock: Catalog9 07 C:\Windows\SysWOW64\cwalsp.dll [1053576 2015-01-29] (ContentWatch, Inc.)
Winsock: Catalog9 08 C:\Windows\SysWOW64\cwalsp.dll [1053576 2015-01-29] (ContentWatch, Inc.)
Winsock: Catalog9 09 C:\Windows\SysWOW64\cwalsp.dll [1053576 2015-01-29] (ContentWatch, Inc.)
Winsock: Catalog9 10 C:\Windows\SysWOW64\cwalsp.dll [1053576 2015-01-29] (ContentWatch, Inc.)
Winsock: Catalog9 11 C:\Windows\SysWOW64\cwalsp.dll [1053576 2015-01-29] (ContentWatch, Inc.)
Winsock: Catalog9 12 C:\Windows\SysWOW64\cwalsp.dll [1053576 2015-01-29] (ContentWatch, Inc.)
Winsock: Catalog9 23 C:\Windows\SysWOW64\cwalsp.dll [1053576 2015-01-29] (ContentWatch, Inc.)
Winsock: Catalog9 24 C:\Windows\SysWOW64\cwalsp.dll [1053576 2015-01-29] (ContentWatch, Inc.)
Winsock: Catalog9-x64 01 C:\Windows\system32\cwalsp64.dll [1550848 2015-01-29] (ContentWatch, Inc.)
Winsock: Catalog9-x64 02 C:\Windows\system32\cwalsp64.dll [1550848 2015-01-29] (ContentWatch, Inc.)
Winsock: Catalog9-x64 03 C:\Windows\system32\cwalsp64.dll [1550848 2015-01-29] (ContentWatch, Inc.)
Winsock: Catalog9-x64 04 C:\Windows\system32\cwalsp64.dll [1550848 2015-01-29] (ContentWatch, Inc.)
Winsock: Catalog9-x64 05 C:\Windows\system32\cwalsp64.dll [1550848 2015-01-29] (ContentWatch, Inc.)
Winsock: Catalog9-x64 06 C:\Windows\system32\cwalsp64.dll [1550848 2015-01-29] (ContentWatch, Inc.)
Winsock: Catalog9-x64 07 C:\Windows\system32\cwalsp64.dll [1550848 2015-01-29] (ContentWatch, Inc.)
Winsock: Catalog9-x64 08 C:\Windows\system32\cwalsp64.dll [1550848 2015-01-29] (ContentWatch, Inc.)
Winsock: Catalog9-x64 09 C:\Windows\system32\cwalsp64.dll [1550848 2015-01-29] (ContentWatch, Inc.)
Winsock: Catalog9-x64 10 C:\Windows\system32\cwalsp64.dll [1550848 2015-01-29] (ContentWatch, Inc.)
Winsock: Catalog9-x64 11 C:\Windows\system32\cwalsp64.dll [1550848 2015-01-29] (ContentWatch, Inc.)
Winsock: Catalog9-x64 12 C:\Windows\system32\cwalsp64.dll [1550848 2015-01-29] (ContentWatch, Inc.)
Winsock: Catalog9-x64 23 C:\Windows\system32\cwalsp64.dll [1550848 2015-01-29] (ContentWatch, Inc.)
Winsock: Catalog9-x64 24 C:\Windows\system32\cwalsp64.dll [1550848 2015-01-29] (ContentWatch, Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.10.10.1
Tcpip\..\Interfaces\{7976DB39-9272-404F-BD3B-9A7378FE42D3}: [DhcpNameServer] 10.10.10.1
 
Internet Explorer:
==================
HKU\S-1-5-21-2779557678-3830489536-1879980627-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-2779557678-3830489536-1879980627-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2779557678-3830489536-1879980627-1000 -> DefaultScope {7523028F-F02A-4F53-AE78-64F59B7253F3} URL = 
SearchScopes: HKU\S-1-5-21-2779557678-3830489536-1879980627-1000 -> {7523028F-F02A-4F53-AE78-64F59B7253F3} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre-9.0.1\bin\ssv.dll => No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre-9.0.1\bin\jp2ssv.dll [2018-01-15] (Oracle Corporation)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-06-28] (Intel Security)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-06-28] (Intel Security)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: ze2aku6s.default
FF ProfilePath: C:\Users\beigels\AppData\Roaming\Mozilla\Firefox\Profiles\ze2aku6s.default [2018-03-07]
FF Extension: (Disable Crash Auto Submit) - C:\Users\beigels\AppData\Roaming\Mozilla\Firefox\Profiles\ze2aku6s.default\features\{4fbc6dc8-e584-47a6-adf6-6b092c136086}\disable-crash-autosubmit@mozilla.org.xpi [2017-12-29] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_161.dll [2018-02-07] ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin: @java.com/DTPlugin,version=12.0.1.0 -> C:\Program Files\Java\jre-9.0.1\bin\dtplugin\npDeployJava1.dll [2018-01-15] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_161.dll [2018-02-07] ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-11-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-11-10] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\beigels\AppData\Local\Google\Chrome\User Data\Default [2018-03-11]
CHR Extension: (Slides) - C:\Users\beigels\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-17]
CHR Extension: (Docs) - C:\Users\beigels\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-17]
CHR Extension: (Google Drive) - C:\Users\beigels\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (MEGA) - C:\Users\beigels\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2018-03-09]
CHR Extension: (YouTube) - C:\Users\beigels\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-16]
CHR Extension: (Google Search) - C:\Users\beigels\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Timer) - C:\Users\beigels\AppData\Local\Google\Chrome\User Data\Default\Extensions\edebbhkhcaafmolanelponjjanocpacd [2016-02-23]
CHR Extension: (Adobe Acrobat) - C:\Users\beigels\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-05-22]
CHR Extension: (Sheets) - C:\Users\beigels\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-17]
CHR Extension: (Google Docs Offline) - C:\Users\beigels\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-31]
CHR Extension: (Timer Loop) - C:\Users\beigels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdkfiefeoimmobmhdimachkfcpkgahlc [2016-09-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\beigels\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-25]
CHR Extension: (Gmail) - C:\Users\beigels\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-28]
CHR Extension: (Chrome Media Router) - C:\Users\beigels\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-07]
CHR Extension: (Stopwatch / Timer / Alarm) - C:\Users\beigels\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmbmdkichekkmkgbohcbpfehiekdjnpl [2016-02-23]
CHR Profile: C:\Users\beigels\AppData\Local\Google\Chrome\User Data\Profile 1 [2018-03-06]
CHR Extension: (Google Slides) - C:\Users\beigels\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-18]
CHR Extension: (Google Docs) - C:\Users\beigels\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-18]
CHR Extension: (Google Drive) - C:\Users\beigels\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-18]
CHR Extension: (YouTube) - C:\Users\beigels\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-18]
CHR Extension: (Google Search) - C:\Users\beigels\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-18]
CHR Extension: (Adobe Acrobat) - C:\Users\beigels\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-06-15]
CHR Extension: (Google Sheets) - C:\Users\beigels\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-18]
CHR Extension: (Google Docs Offline) - C:\Users\beigels\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-06-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\beigels\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-06-15]
CHR Extension: (Gmail) - C:\Users\beigels\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-18]
CHR Extension: (Chrome Media Router) - C:\Users\beigels\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-15]
CHR Profile: C:\Users\beigels\AppData\Local\Google\Chrome\User Data\System Profile [2018-03-06]
CHR HKU\S-1-5-21-2779557678-3830489536-1879980627-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [304776 2018-03-05] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7607288 2018-03-05] (AVG Technologies CZ, s.r.o.)
S4 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
R2 CwAltaService20; C:\Program Files (x86)\ContentWatch\Internet Protection\cwsvc.exe [3074440 2015-01-29] (ContentWatch, Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2018-02-26] (Dropbox, Inc.)
S4 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell)
S4 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [138768 2013-10-11] (Portrait Displays, Inc.)
S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1162768 2018-02-08] (Garmin Ltd. or its subsidiaries)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Corporation)
R2 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3026584 2016-05-06] (Intel® Corporation)
S4 InvProtectSvc; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [2672328 2014-07-30] (Invincea, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [158496 2014-11-10] (Intel Corporation)
R2 Kingsoft_WPS_UpdateService; C:\Users\beigels\AppData\Local\Kingsoft\WPS Office\9.1.0.5200\wtoolex\wpsupdatesvr.exe [133480 2016-01-22] (Zhuhai Kingsoft Office Software Co.,Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 ParagonLinuxFSMounter; C:\Program Files (x86)\Paragon Software\LinuxFS for Windows\paragon_service.exe [2651328 2017-11-30] (Paragon Software)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145736 2013-08-15] (Nuance Communications, Inc.)
S4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [291032 2014-08-18] (Realtek Semiconductor)
S4 SboxSvc; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [173256 2014-07-30] (Invincea, Inc.)
S4 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [2065808 2016-01-04] (SoftThinks SAS)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10945776 2017-12-15] (TeamViewer GmbH)
R2 vncserver; C:\Program Files\RealVNC\VNC Server\vncserver.exe [5962832 2017-12-01] (RealVNC Ltd)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-04-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [30720 2016-08-24] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [37376 2016-08-24] (LG Electronics Inc.)
R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [189032 2018-03-05] (AVG Technologies CZ, s.r.o.)
R1 avgbdisk; C:\Windows\System32\drivers\avgbdiska.sys [166552 2018-03-05] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdrivera.sys [221096 2018-03-05] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\System32\drivers\avgbidsha.sys [193024 2018-03-05] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\System32\drivers\avgbloga.sys [337344 2018-03-05] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\System32\drivers\avgbuniva.sys [51272 2018-03-05] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\System32\drivers\avgHwid.sys [39352 2018-03-05] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [139040 2018-03-05] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [102720 2018-03-05] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [76760 2018-03-05] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [1019088 2018-03-05] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [452904 2018-03-05] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\System32\drivers\avgStm.sys [198368 2018-03-05] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [372920 2018-03-05] (AVG Technologies CZ, s.r.o.)
S3 blackberryncm; C:\Windows\System32\DRIVERS\blackberryncm6_AMD64.sys [25088 2014-09-08] (BlackBerry) [File not signed]
R2 Dokan; C:\Windows\System32\DRIVERS\dokan.sys [67264 2017-11-30] (Windows ® Win 7 DDK provider)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77432 2017-11-29] ()
S3 FlashUSB; C:\Windows\System32\DRIVERS\FlashUSB.sys [28672 2016-04-29] (Intel Mobile Communications)
S3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [2638808 2014-10-15] (Realtek Semiconductor Corp.)
S3 InvProtectDrv; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [50696 2014-07-30] (Invincea, Inc.)
S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated)
S3 massfilter_hs; C:\Windows\SysWOW64\drivers\massfilter_hs.sys [15896 2011-03-07] (HandSet Incorporated)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193968 2018-03-07] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [110016 2018-03-11] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [46008 2018-03-11] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-03-11] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-11-10] (Intel Corporation)
R2 NPF; C:\Windows\SysWOW64\drivers\npf64.sys [36600 2015-12-16] (Riverbed Technology, Inc.)
R3 PdiPorts; C:\Windows\System32\DRIVERS\PdiPorts.sys [22824 2013-06-18] (Portrait Displays, Inc.)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
S3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [18432 2015-05-26] (BlackBerry Limited) [File not signed]
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 SboxDrv; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [183304 2014-07-30] (Invincea, Inc.)
S3 usbUDisc; C:\Windows\System32\DRIVERS\USBDrv_AMD64.sys [18392 2013-01-25] (Scott)
S3 zghsdiag; C:\Windows\System32\DRIVERS\zghsdiag.sys [129304 2011-03-07] (ZTE Incorporated)
S3 zghsdiag; C:\Windows\SysWOW64\DRIVERS\zghsdiag.sys [113432 2011-03-07] (ZTE Incorporated)
S3 zghsmdm; C:\Windows\System32\DRIVERS\zghsmdm.sys [129304 2011-03-07] (ZTE Incorporated)
S3 zghsmdm; C:\Windows\SysWOW64\DRIVERS\zghsmdm.sys [113432 2011-03-07] (ZTE Incorporated)
S3 zghsnmea; C:\Windows\System32\DRIVERS\zghsnmea.sys [129304 2011-03-07] (ZTE Incorporated)
S3 zghsnmea; C:\Windows\SysWOW64\DRIVERS\zghsnmea.sys [113432 2011-03-07] (ZTE Incorporated)
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 MBAMWebProtection; system32\DRIVERS\mwac.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-11 13:19 - 2018-03-11 13:19 - 000027720 _____ C:\Users\beigels\Desktop\FRST.txt
2018-03-11 13:19 - 2018-03-11 13:19 - 000000000 ____D C:\Users\beigels\Desktop\FRST-OlderVersion
2018-03-11 11:36 - 2018-03-11 11:36 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-03-09 16:57 - 2018-03-09 16:57 - 000188038 _____ C:\Users\beigels\Desktop\1520611024_MuniMeterReciept03012018.pdf.tiff
2018-03-09 15:41 - 2018-03-11 11:36 - 000110016 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-03-09 03:18 - 2018-03-09 03:18 - 000001458 _____ C:\Users\beigels\Desktop\ckfiles.txt
2018-03-09 03:00 - 2018-03-09 03:00 - 000468480 _____ () C:\Users\beigels\Desktop\CKScanner.exe
2018-03-09 01:52 - 2018-03-09 01:59 - 000000000 ____D C:\Program Files (x86)\Cobian Backup 11
2018-03-07 12:01 - 2018-03-11 11:36 - 000046008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-03-07 12:01 - 2018-03-07 12:01 - 000193968 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-03-06 19:44 - 2018-03-06 19:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Attribute Changer
2018-03-06 19:44 - 2018-03-06 19:44 - 000000000 ____D C:\Program Files\Attribute Changer
2018-03-06 17:55 - 2018-03-11 13:19 - 000000000 ____D C:\FRST
2018-03-06 16:28 - 2018-03-11 13:19 - 002403328 _____ (Farbar) C:\Users\beigels\Desktop\FRST64.exe
2018-03-06 15:26 - 2018-03-06 15:28 - 000012528 _____ C:\Users\beigels\Desktop\ESET Log 03062018.txt
2018-03-06 13:26 - 2018-03-06 13:26 - 000000000 ____D C:\Users\beigels\AppData\Roaming\ESET
2018-03-06 13:20 - 2018-03-06 13:20 - 000000000 ____D C:\Users\beigels\AppData\Local\ESET
2018-03-06 12:37 - 2018-03-06 12:39 - 000000000 ____D C:\AdwCleaner
2018-03-06 08:21 - 2018-03-06 12:34 - 000000000 ____D C:\Users\beigels\Desktop\mbar
2018-03-06 08:21 - 2018-03-06 12:34 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-03-06 08:21 - 2018-03-06 08:21 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\75562157.sys
2018-03-06 08:20 - 2018-03-06 08:20 - 000012859 _____ C:\Users\beigels\Desktop\New Text Document.txt
2018-03-06 07:47 - 2018-03-06 07:47 - 004260984 _____ (ESET) C:\Users\beigels\Desktop\eset_smart_security_premium_live_installer.exe
2018-03-06 07:45 - 2018-03-06 07:45 - 014178840 _____ (Malwarebytes Corp.) C:\Users\beigels\Desktop\mbar-1.10.3.1001.exe
2018-03-06 07:45 - 2018-03-06 07:45 - 008222496 _____ (Malwarebytes) C:\Users\beigels\Desktop\AdwCleaner.exe
2018-03-06 07:41 - 2018-03-06 08:22 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-03-06 07:41 - 2018-03-06 07:41 - 000001869 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-03-06 07:41 - 2018-03-06 07:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-03-06 07:41 - 2018-03-06 07:41 - 000000000 ____D C:\Program Files\Malwarebytes
2018-03-06 07:41 - 2017-11-29 10:11 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-03-06 05:52 - 2018-03-06 05:52 - 000001049 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk
2018-03-06 05:52 - 2018-03-06 05:52 - 000001037 _____ C:\Users\Public\Desktop\TeamViewer 13.lnk
2018-03-05 14:24 - 2018-03-05 14:52 - 000000631 _____ C:\Users\beigels\Desktop\Chrome Restore tabs 03052018.txt
2018-03-05 09:02 - 2018-03-05 09:02 - 000381816 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2018-03-05 09:00 - 2018-03-05 09:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-03-02 10:12 - 2018-03-02 10:12 - 000133073 _____ C:\wubildr
2018-02-27 19:08 - 2018-02-27 19:08 - 000000000 ____D C:\ProgramData\Motorola
2018-02-27 19:00 - 2018-02-27 22:52 - 000000000 ____D C:\Program Files (x86)\Motorola Mobility
2018-02-27 19:00 - 2018-02-27 19:00 - 000000000 ____D C:\Users\beigels\AppData\Roaming\Motorola Mobility
2018-02-27 19:00 - 2018-02-27 19:00 - 000000000 ____D C:\Program Files (x86)\Motorola
2018-02-27 18:59 - 2018-02-27 18:59 - 000000000 ____D C:\Program Files\Common Files\Motorola Shared
2018-02-27 18:56 - 2018-02-27 18:56 - 000006128 _____ C:\adb.txt
2018-02-27 18:54 - 2018-02-27 18:54 - 000000000 ____D C:\Users\beigels\AppData\Roaming\Motorola
2018-02-26 18:36 - 2018-02-26 18:36 - 000008192 _____ C:\wubildr.mbr
2018-02-26 18:35 - 2018-02-26 18:35 - 000000000 ____D C:\ubuntu
2018-02-26 07:24 - 2018-02-26 07:24 - 000051024 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2018-02-26 07:24 - 2018-02-26 07:24 - 000045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2018-02-26 07:24 - 2018-02-26 07:24 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2018-02-26 07:24 - 2018-02-26 07:24 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2018-02-23 06:38 - 2017-12-01 13:35 - 000037704 _____ (RealVNC Ltd) C:\Windows\system32\VNCpm.dll
2018-02-23 06:36 - 2018-02-23 06:43 - 000000000 ____D C:\ProgramData\RealVNC-Service
2018-02-23 06:36 - 2018-02-23 06:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealVNC
2018-02-23 06:36 - 2018-02-23 06:36 - 000000000 ____D C:\Program Files\RealVNC
2018-02-23 06:35 - 2018-03-07 12:01 - 000000000 ____D C:\Users\beigels\AppData\Local\RealVNC
2018-02-22 22:31 - 2018-02-22 22:31 - 002572651 _____ C:\Users\beigels\Desktop\man-pages-4.15.tar.gz
2018-02-21 17:07 - 2018-02-22 22:33 - 000000203 _____ C:\Users\beigels\Desktop\Command.txt
2018-02-20 14:26 - 2018-02-20 14:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kutools for Excel
2018-02-18 11:11 - 2018-02-18 11:11 - 000000000 ____D C:\ProgramData\SystemAcCrux
2018-02-18 11:11 - 2018-02-18 11:11 - 000000000 ____D C:\Program Files (x86)\EaseUS
2018-02-16 17:37 - 2018-02-16 17:37 - 000000409 _____ C:\Users\Public\Desktop\HP USB Disk Storage Format Tool.lnk
2018-02-16 17:37 - 2018-02-16 17:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hewlett-Packard Company
2018-02-16 17:37 - 2018-02-16 17:37 - 000000000 ____D C:\DriveKey
2018-02-16 12:52 - 2018-02-16 12:54 - 1563426816 _____ C:\Users\beigels\Downloads\Fedora-Workstation-Live-x86_64-26-1.5.iso
2018-02-16 12:49 - 2018-02-16 12:49 - 000002023 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fedora Media Writer.lnk
2018-02-16 12:49 - 2018-02-16 12:49 - 000000000 ____D C:\Users\beigels\AppData\Local\fedoraproject.org
2018-02-16 12:49 - 2018-02-16 12:49 - 000000000 ____D C:\Program Files (x86)\Fedora Media Writer
2018-02-15 22:58 - 2018-02-16 05:59 - 000000400 __RSH C:\ProgramData\ntuser.pol
2018-02-14 09:19 - 2018-02-10 15:52 - 000395928 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-02-14 09:19 - 2018-02-10 15:03 - 000347296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-02-14 09:19 - 2018-02-10 04:44 - 025740288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-02-14 09:19 - 2018-02-10 03:30 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-02-14 09:19 - 2018-02-10 03:29 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-02-14 09:19 - 2018-02-10 03:19 - 002900480 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-02-14 09:19 - 2018-02-10 03:17 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-02-14 09:19 - 2018-02-10 03:17 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-02-14 09:19 - 2018-02-10 03:17 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-02-14 09:19 - 2018-02-10 03:16 - 000577536 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-02-14 09:19 - 2018-02-10 03:16 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-02-14 09:19 - 2018-02-10 03:10 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-02-14 09:19 - 2018-02-10 03:10 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-02-14 09:19 - 2018-02-10 03:09 - 005782016 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-02-14 09:19 - 2018-02-10 03:07 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-02-14 09:19 - 2018-02-10 03:06 - 000816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-02-14 09:19 - 2018-02-10 03:06 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-02-14 09:19 - 2018-02-10 03:06 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-02-14 09:19 - 2018-02-10 03:06 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-02-14 09:19 - 2018-02-10 03:01 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-02-14 09:19 - 2018-02-10 02:58 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-02-14 09:19 - 2018-02-10 02:52 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-02-14 09:19 - 2018-02-10 02:52 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-02-14 09:19 - 2018-02-10 02:51 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-02-14 09:19 - 2018-02-10 02:49 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-02-14 09:19 - 2018-02-10 02:48 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-02-14 09:19 - 2018-02-10 02:46 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-02-14 09:19 - 2018-02-10 02:45 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-02-14 09:19 - 2018-02-10 02:36 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-02-14 09:19 - 2018-02-10 02:36 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-02-14 09:19 - 2018-02-10 02:34 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-02-14 09:19 - 2018-02-10 02:34 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-02-14 09:19 - 2018-02-10 02:33 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-02-14 09:19 - 2018-02-10 02:32 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-02-14 09:19 - 2018-02-10 02:27 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-02-14 09:19 - 2018-02-10 02:20 - 020274176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-02-14 09:19 - 2018-02-10 02:14 - 001546240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-02-14 09:19 - 2018-02-10 02:08 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-02-14 09:19 - 2018-02-10 02:02 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-02-14 09:19 - 2018-02-10 01:57 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-02-14 09:19 - 2018-02-10 01:57 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-02-14 09:19 - 2018-02-10 01:57 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-02-14 09:19 - 2018-02-10 01:57 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-02-14 09:19 - 2018-02-10 01:56 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-02-14 09:19 - 2018-02-10 01:54 - 002294272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-02-14 09:19 - 2018-02-10 01:52 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-02-14 09:19 - 2018-02-10 01:51 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-02-14 09:19 - 2018-02-10 01:50 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-02-14 09:19 - 2018-02-10 01:49 - 000662528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-02-14 09:19 - 2018-02-10 01:49 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-02-14 09:19 - 2018-02-10 01:49 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-02-14 09:19 - 2018-02-10 01:42 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-02-14 09:19 - 2018-02-10 01:39 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-02-14 09:19 - 2018-02-10 01:38 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-02-14 09:19 - 2018-02-10 01:38 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-02-14 09:19 - 2018-02-10 01:36 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-02-14 09:19 - 2018-02-10 01:35 - 004498944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-02-14 09:19 - 2018-02-10 01:35 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-02-14 09:19 - 2018-02-10 01:35 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-02-14 09:19 - 2018-02-10 01:34 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-02-14 09:19 - 2018-02-10 01:33 - 013680640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-02-14 09:19 - 2018-02-10 01:29 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-02-14 09:19 - 2018-02-10 01:27 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-02-14 09:19 - 2018-02-10 01:27 - 000694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-02-14 09:19 - 2018-02-10 01:26 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-02-14 09:19 - 2018-02-10 01:14 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-02-14 09:19 - 2018-02-10 01:10 - 001314304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-02-14 09:19 - 2018-02-10 01:08 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-02-14 09:19 - 2018-01-12 12:46 - 000631680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-02-14 09:19 - 2018-01-12 12:44 - 005581544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-02-14 09:19 - 2018-01-12 12:44 - 001894120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-02-14 09:19 - 2018-01-12 12:44 - 000708328 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-02-14 09:19 - 2018-01-12 12:44 - 000377064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2018-02-14 09:19 - 2018-01-12 12:44 - 000371432 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2018-02-14 09:19 - 2018-01-12 12:44 - 000287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2018-02-14 09:19 - 2018-01-12 12:44 - 000262376 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-02-14 09:19 - 2018-01-12 12:44 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-02-14 09:19 - 2018-01-12 12:44 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-02-14 09:19 - 2018-01-12 12:40 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000484864 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:33 - 001665384 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-02-14 09:19 - 2018-01-12 12:29 - 004014312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-02-14 09:19 - 2018-01-12 12:29 - 003959016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-02-14 09:19 - 2018-01-12 12:27 - 004834816 _____ (Microsoft Corporation) C:\Windows\system32\xpsrchvw.exe
2018-02-14 09:19 - 2018-01-12 12:27 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:16 - 003405824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xpsrchvw.exe
2018-02-14 09:19 - 2018-01-12 12:16 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2018-02-14 09:19 - 2018-01-12 12:16 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
2018-02-14 09:19 - 2018-01-12 12:15 - 000032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2018-02-14 09:19 - 2018-01-12 12:11 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-02-14 09:19 - 2018-01-12 12:11 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-02-14 09:19 - 2018-01-12 12:11 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-02-14 09:19 - 2018-01-12 12:10 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-02-14 09:19 - 2018-01-12 12:07 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-02-14 09:19 - 2018-01-12 12:06 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-02-14 09:19 - 2018-01-12 12:03 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-02-14 09:19 - 2018-01-12 12:02 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-02-14 09:19 - 2018-01-12 12:02 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-02-14 09:19 - 2018-01-12 12:02 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-02-14 09:19 - 2018-01-12 12:01 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-02-14 09:19 - 2018-01-12 12:01 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-02-14 09:19 - 2018-01-12 11:57 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-02-14 09:19 - 2018-01-12 11:57 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-02-14 09:19 - 2018-01-12 11:57 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-02-14 09:19 - 2018-01-12 11:57 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-02-14 09:19 - 2018-01-12 11:57 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-02-14 09:19 - 2018-01-12 11:56 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 11:56 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 11:56 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 11:56 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-02-14 09:19 - 2018-01-11 12:41 - 001133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2018-02-14 09:19 - 2018-01-11 12:22 - 000805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2018-02-14 09:19 - 2018-01-11 12:09 - 003224064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-02-14 09:19 - 2018-01-05 12:31 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-02-14 09:19 - 2018-01-05 12:31 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-02-14 09:19 - 2018-01-05 12:30 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-02-14 09:19 - 2018-01-05 12:30 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-02-14 09:19 - 2018-01-05 12:30 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-02-14 09:19 - 2018-01-05 12:25 - 000383720 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-02-14 09:19 - 2018-01-05 12:14 - 000309480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2018-02-14 09:19 - 2018-01-05 12:11 - 000111104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2018-02-14 09:19 - 2018-01-05 12:11 - 000071168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2018-02-14 09:19 - 2018-01-05 12:11 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2018-02-14 09:19 - 2018-01-05 12:11 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2018-02-14 09:19 - 2018-01-05 11:50 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2018-02-14 09:19 - 2017-12-31 22:21 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2018-02-14 09:19 - 2017-12-31 22:21 - 000948968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2018-02-14 09:19 - 2017-12-31 22:21 - 000288488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys
2018-02-14 09:19 - 2017-12-31 22:21 - 000213736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys
2018-02-14 09:19 - 2017-12-31 22:21 - 000114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2018-02-14 09:19 - 2017-12-31 22:18 - 014183936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 002066432 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 002004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 001942016 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 001867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 001741312 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 001361408 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistSvc.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 001110528 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000977408 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000961024 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000863232 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2018-02-14 09:19 - 2017-12-31 22:18 - 000842752 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000828928 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000749568 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000705024 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2018-02-14 09:19 - 2017-12-31 22:18 - 000512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000473600 _____ (Microsoft Corporation) C:\Windows\system32\taskcomp.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000439296 _____ (Microsoft Corporation) C:\Windows\system32\p2psvc.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000366592 _____ (Microsoft Corporation) C:\Windows\system32\wcncsvc.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000327168 _____ (Microsoft Corporation) C:\Windows\system32\pnrpsvc.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2018-02-14 09:19 - 2017-12-31 22:18 - 000303104 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000264704 _____ (Microsoft Corporation) C:\Windows\system32\P2P.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000181760 _____ (Microsoft Corporation) C:\Windows\system32\PeerDist.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000131584 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistWSDDiscoProv.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000120320 _____ (Microsoft Corporation) C:\Windows\system32\WcnApi.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000108544 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000101376 _____ (Microsoft Corporation) C:\Windows\system32\fdWCN.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000095744 _____ (Microsoft Corporation) C:\Windows\system32\rascfg.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\rasdiag.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\ndptsp.tsp
2018-02-14 09:19 - 2017-12-31 22:18 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\vmicres.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000051200 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistHttpTrans.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\kmddsp.tsp
2018-02-14 09:19 - 2017-12-31 22:18 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\rasmxs.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000039424 _____ (Microsoft Corporation) C:\Windows\system32\traffic.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\rasser.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\WcnEapPeerProxy.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\WcnEapAuthProxy.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\wshqos.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wshnetbs.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2018-02-14 09:19 - 2017-12-31 22:04 - 000559616 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2018-02-14 09:19 - 2017-12-31 22:00 - 012880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2018-02-14 09:19 - 2017-12-31 22:00 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2018-02-14 09:19 - 2017-12-31 22:00 - 001417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2018-02-14 09:19 - 2017-12-31 22:00 - 001390080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2018-02-14 09:19 - 2017-12-31 22:00 - 000741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2018-02-14 09:19 - 2017-12-31 22:00 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2018-02-14 09:19 - 2017-12-31 22:00 - 000463360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2018-02-14 09:19 - 2017-12-31 22:00 - 000351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2018-02-14 09:19 - 2017-12-31 22:00 - 000304640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskcomp.dll
2018-02-14 09:19 - 2017-12-31 22:00 - 000276992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wcncsvc.dll
2018-02-14 09:19 - 2017-12-31 22:00 - 000217600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\P2P.dll
2018-02-14 09:19 - 2017-12-31 22:00 - 000216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2018-02-14 09:19 - 2017-12-31 22:00 - 000162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2018-02-14 09:19 - 2017-12-31 22:00 - 000139776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PeerDist.dll
2018-02-14 09:19 - 2017-12-31 22:00 - 000084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2018-02-14 09:19 - 2017-12-31 22:00 - 000081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdWCN.dll
2018-02-14 09:19 - 2017-12-31 22:00 - 000081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rascfg.dll
2018-02-14 09:19 - 2017-12-31 22:00 - 000061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdiag.dll
2018-02-14 09:19 - 2017-12-31 22:00 - 000052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2018-02-14 09:19 - 2017-12-31 22:00 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ndptsp.tsp
2018-02-14 09:19 - 2017-12-31 22:00 - 000033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\traffic.dll
2018-02-14 09:19 - 2017-12-31 22:00 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2018-02-14 09:19 - 2017-12-31 22:00 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2018-02-14 09:19 - 2017-12-31 21:59 - 001806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2018-02-14 09:19 - 2017-12-31 21:59 - 000309760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2018-02-14 09:19 - 2017-12-31 21:55 - 000131584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys
2018-02-14 09:19 - 2017-12-31 21:55 - 000088576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2018-02-14 09:19 - 2017-12-31 21:55 - 000058368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2018-02-14 09:19 - 2017-12-31 21:55 - 000045056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys
2018-02-14 09:19 - 2017-12-31 21:55 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys
2018-02-14 09:19 - 2017-12-31 21:54 - 000077312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2018-02-14 09:19 - 2017-12-31 21:50 - 000455680 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2018-02-14 09:19 - 2017-12-31 21:47 - 000244224 _____ (Microsoft Corporation) C:\Windows\system32\vmicsvc.exe
2018-02-14 09:19 - 2017-12-31 21:46 - 000128512 _____ (Microsoft Corporation) C:\Windows\system32\IcCoinstall.dll
2018-02-14 09:19 - 2017-12-31 21:46 - 000051712 _____ (Microsoft Corporation) C:\Windows\system32\vmictimeprovider.dll
2018-02-14 09:19 - 2017-12-31 21:43 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnApi.dll
2018-02-14 09:19 - 2017-12-31 21:43 - 000038912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kmddsp.tsp
2018-02-14 09:19 - 2017-12-31 21:43 - 000033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasmxs.dll
2018-02-14 09:19 - 2017-12-31 21:43 - 000022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasser.dll
2018-02-14 09:19 - 2017-12-31 21:43 - 000020480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnEapPeerProxy.dll
2018-02-14 09:19 - 2017-12-31 21:43 - 000019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnEapAuthProxy.dll
2018-02-14 09:19 - 2017-12-31 21:43 - 000018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfapigp.dll
2018-02-14 09:19 - 2017-12-31 21:43 - 000013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshqos.dll
2018-02-14 09:19 - 2017-12-31 21:42 - 000460288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2018-02-14 09:19 - 2017-12-31 21:42 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2018-02-14 09:19 - 2017-12-31 21:42 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2018-02-14 09:19 - 2017-12-31 21:41 - 000754176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2018-02-14 09:19 - 2017-12-31 21:41 - 000106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2018-02-14 09:19 - 2017-12-31 21:41 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2018-02-14 09:19 - 2017-12-21 02:27 - 000634312 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-02-14 09:19 - 2017-12-05 13:36 - 001484288 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2018-02-14 09:19 - 2017-12-05 13:36 - 000625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2018-02-14 09:19 - 2017-12-05 13:36 - 000250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2018-02-14 09:19 - 2017-12-05 13:36 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2018-02-14 09:19 - 2017-12-05 13:36 - 000218112 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2018-02-14 09:19 - 2017-12-05 13:36 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2018-02-14 09:19 - 2017-12-05 13:36 - 000141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2018-02-14 09:19 - 2017-12-05 13:36 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\TabSvc.dll
2018-02-14 09:19 - 2017-12-05 13:36 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2018-02-14 09:19 - 2017-12-05 13:08 - 001176576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2018-02-14 09:19 - 2017-12-05 13:08 - 000481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2018-02-14 09:19 - 2017-12-05 13:08 - 000215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2018-02-14 09:19 - 2017-12-05 13:08 - 000179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2018-02-14 09:19 - 2017-12-05 13:08 - 000145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2018-02-14 09:19 - 2017-12-05 13:08 - 000135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2018-02-14 09:19 - 2017-12-05 13:08 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2018-02-14 09:19 - 2017-12-05 12:04 - 000404992 _____ (Microsoft Corporation) C:\Windows\system32\wisptis.exe
2018-02-14 09:19 - 2017-12-05 11:49 - 000032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll
2018-02-14 09:19 - 2017-11-07 12:31 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2018-02-14 09:19 - 2017-11-07 12:13 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2018-02-14 09:19 - 2017-11-04 11:31 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll
2018-02-14 09:19 - 2017-11-04 11:31 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
2018-02-14 09:19 - 2017-11-04 11:10 - 000158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itircl.dll
2018-02-14 09:19 - 2017-11-04 11:10 - 000142336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
2018-02-14 09:19 - 2017-11-02 12:55 - 000281600 _____ (Microsoft Corporation) C:\Windows\system32\iprtrmgr.dll
2018-02-14 09:19 - 2017-11-02 12:55 - 000138240 _____ (Microsoft Corporation) C:\Windows\system32\rtm.dll
2018-02-14 09:19 - 2017-11-02 12:55 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\mprdim.dll
2018-02-14 09:19 - 2017-11-02 12:55 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\iprtprio.dll
2018-02-14 09:19 - 2017-11-02 11:11 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtrmgr.dll
2018-02-14 09:19 - 2017-11-02 11:11 - 000115200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtm.dll
2018-02-14 09:19 - 2017-11-02 11:11 - 000075264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprdim.dll
2018-02-14 09:19 - 2017-11-02 10:56 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtprio.dll
2018-02-14 09:19 - 2017-10-17 22:06 - 000344064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2018-02-14 09:19 - 2017-10-17 22:06 - 000327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2018-02-14 09:19 - 2017-10-17 22:06 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2018-02-14 09:19 - 2017-10-17 22:06 - 000056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2018-02-14 09:19 - 2017-10-17 22:06 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2018-02-14 09:19 - 2017-10-17 22:06 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2018-02-14 09:19 - 2017-10-17 22:06 - 000007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2018-02-14 09:19 - 2017-10-16 19:04 - 001001984 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2018-02-14 09:19 - 2017-10-16 18:46 - 000953344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
2018-02-14 09:19 - 2017-10-16 17:55 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2018-02-14 09:19 - 2017-10-11 20:55 - 014635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2018-02-14 09:19 - 2017-10-11 20:55 - 012574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2018-02-14 09:19 - 2017-10-11 20:55 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2018-02-14 09:19 - 2017-10-11 20:55 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2018-02-14 09:19 - 2017-10-11 20:55 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2018-02-14 09:19 - 2017-10-11 20:55 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2018-02-14 09:19 - 2017-10-11 20:55 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2018-02-14 09:19 - 2017-10-11 20:55 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2018-02-14 09:19 - 2017-10-11 20:55 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2018-02-14 09:19 - 2017-10-11 20:55 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2018-02-14 09:19 - 2017-10-11 20:55 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2018-02-14 09:19 - 2017-10-11 20:55 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2018-02-14 09:19 - 2017-10-11 20:55 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2018-02-14 09:19 - 2017-10-11 20:55 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2018-02-14 09:19 - 2017-10-11 20:55 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2018-02-14 09:19 - 2017-10-11 20:39 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2018-02-14 09:19 - 2017-10-11 20:38 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2018-02-14 09:19 - 2017-10-11 20:38 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2018-02-14 09:19 - 2017-10-11 20:37 - 012574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2018-02-14 09:19 - 2017-10-11 20:37 - 011410944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2018-02-14 09:19 - 2017-10-11 20:37 - 001549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2018-02-14 09:19 - 2017-10-11 20:37 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2018-02-14 09:19 - 2017-10-11 20:37 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2018-02-14 09:19 - 2017-10-11 20:37 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2018-02-14 09:19 - 2017-10-11 20:37 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2018-02-14 09:19 - 2017-10-11 20:37 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2018-02-14 09:19 - 2017-10-11 20:37 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2018-02-14 09:19 - 2017-10-11 20:37 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2018-02-14 09:19 - 2017-10-11 20:37 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2018-02-14 09:19 - 2017-10-11 20:26 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2018-02-14 09:19 - 2017-10-11 20:26 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2018-02-14 09:19 - 2017-10-11 20:25 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2018-02-14 09:19 - 2017-10-11 20:25 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2018-02-14 09:19 - 2017-10-11 20:24 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2018-02-14 09:19 - 2017-10-11 20:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2018-02-14 09:19 - 2017-10-11 20:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2018-02-14 09:19 - 2017-10-11 20:20 - 000317440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2018-02-14 09:19 - 2017-10-11 20:20 - 000113152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys
2018-02-14 09:19 - 2017-09-07 09:05 - 000995272 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2018-02-14 09:18 - 2018-01-21 19:50 - 000136424 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-02-14 09:18 - 2018-01-21 19:40 - 000654336 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-02-14 09:18 - 2018-01-19 10:05 - 001994752 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-02-14 09:18 - 2018-01-19 10:05 - 001569280 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-02-14 09:18 - 2018-01-19 10:05 - 000749568 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-02-14 09:18 - 2018-01-19 10:05 - 000604672 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-02-14 09:18 - 2018-01-19 10:05 - 000450048 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-02-14 09:18 - 2018-01-19 10:05 - 000378880 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-02-14 09:18 - 2018-01-19 10:05 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-02-14 09:18 - 2018-01-19 10:05 - 000236544 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-02-14 03:31 - 2018-02-14 03:31 - 000001892 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2018-02-13 15:36 - 2018-03-07 11:56 - 000004128 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-02-13 13:45 - 2018-02-13 13:45 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_LGAirDrive_01_11_00.Wdf
2018-02-13 13:44 - 2018-02-13 13:44 - 002356592 _____ (Microsoft Corporation) C:\Windows\system32\WudfUpdate_01011.dll
2018-02-13 13:42 - 2016-08-24 19:09 - 000037376 _____ (LG Electronics Inc.) C:\Windows\system32\Drivers\lgandnetmodem64.sys
2018-02-13 13:42 - 2016-08-24 19:08 - 000030720 _____ (LG Electronics Inc.) C:\Windows\system32\Drivers\lgandnetdiag64.sys
2018-02-13 13:41 - 2018-02-13 14:30 - 000000000 ____D C:\Users\beigels\AppData\Roaming\LG Electronics
2018-02-13 13:41 - 2018-02-13 14:30 - 000000000 ____D C:\Users\beigels\AppData\Local\LG Electronics
2018-02-13 13:41 - 2018-02-13 13:41 - 000000000 ____D C:\Users\beigels\Documents\LG Bridge
2018-02-13 13:40 - 2018-02-13 14:30 - 000000000 ____D C:\Program Files (x86)\LG Electronics
2018-02-12 09:32 - 2018-02-12 09:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2018-02-12 09:32 - 2018-02-12 09:32 - 000000000 ____D C:\Program Files\7-Zip
2018-02-12 09:18 - 2018-02-12 09:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GnuWin32
2018-02-12 09:18 - 2018-02-12 09:18 - 000000000 ____D C:\Program Files (x86)\GnuWin32
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-11 13:19 - 2015-11-04 17:07 - 000000000 ____D C:\Users\beigels\AppData\Roaming\uTorrent
2018-03-11 13:05 - 2015-10-22 23:42 - 000000910 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2018-03-11 11:57 - 2015-11-13 01:02 - 000000000 ____D C:\Users\beigels\AppData\Roaming\MPC-HC
2018-03-11 11:46 - 2015-10-21 16:49 - 000004958 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for srulyG-beigels srulyG
2018-03-11 11:43 - 2009-07-14 00:45 - 000021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-03-11 11:43 - 2009-07-14 00:45 - 000021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-03-11 11:41 - 2009-07-14 01:13 - 000785942 _____ C:\Windows\system32\PerfStringBackup.INI
2018-03-11 11:41 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2018-03-11 11:33 - 2015-10-22 23:42 - 000000906 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2018-03-11 11:33 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-03-10 19:42 - 2016-02-21 08:44 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-03-09 19:25 - 2015-07-28 09:34 - 000000000 ____D C:\Program Files (x86)\Google
2018-03-09 19:24 - 2015-11-13 00:24 - 000000000 ____D C:\Users\beigels\AppData\Roaming\Anvsoft
2018-03-09 19:16 - 2017-12-20 12:41 - 000000000 ____D C:\Program Files (x86)\Kutools for Excel
2018-03-09 19:16 - 2015-10-22 23:50 - 000000000 ___RD C:\Users\beigels\Documents\Dropbox
2018-03-09 18:21 - 2015-11-19 15:03 - 000000000 ____D C:\Users\beigels\Documents\Outlook Files
2018-03-09 04:39 - 2015-07-28 09:31 - 000000000 ____D C:\WATCHER
2018-03-09 04:39 - 2015-04-30 08:25 - 000000000 ____D C:\Temp
2018-03-09 02:53 - 2015-10-16 00:13 - 000000000 ____D C:\Me
2018-03-09 01:59 - 2015-10-22 18:29 - 000000000 ____D C:\Users\beigels\AppData\Local\CrashDumps
2018-03-07 11:48 - 2015-07-28 09:39 - 000119952 _____ C:\Users\beigels\AppData\Local\GDIPFONTCACHEV1.DAT
2018-03-07 11:47 - 2016-09-08 18:01 - 000000000 ____D C:\Windows\pss
2018-03-07 11:10 - 2017-05-18 00:35 - 000004174 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2018-03-06 19:43 - 2016-12-05 13:39 - 000000000 ____D C:\Users\beigels\AppData\Roaming\Mp3tag
2018-03-06 19:12 - 2015-11-02 14:38 - 000000000 ____D C:\Users\beigels\AppData\Roaming\TeamViewer
2018-03-06 15:22 - 2015-07-28 09:39 - 000000000 ____D C:\Windows\AutoKMS
2018-03-06 15:22 - 2015-07-28 09:29 - 000000000 ____D C:\Microsoft Toolkit 2.5.3 Official Torrent
2018-03-06 08:17 - 2009-07-14 00:45 - 000466184 _____ C:\Windows\system32\FNTCACHE.DAT
2018-03-06 07:40 - 2017-10-02 11:29 - 000000000 ____D C:\Windows\Minidump
2018-03-06 07:37 - 2015-10-22 23:41 - 000000000 ____D C:\Program Files\CCleaner
2018-03-06 06:52 - 2016-02-21 08:45 - 000000000 ____D C:\Users\beigels\AppData\Local\TeamViewer
2018-03-05 17:57 - 2016-06-17 16:24 - 000000000 ____D C:\Users\beigels\.android
2018-03-05 09:02 - 2017-12-05 18:45 - 000189032 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArPot.sys
2018-03-05 09:02 - 2017-05-18 00:35 - 000452904 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2018-03-05 09:02 - 2017-05-18 00:35 - 000372920 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2018-03-05 09:02 - 2017-05-18 00:35 - 000198368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2018-03-05 09:02 - 2017-05-18 00:35 - 000139040 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2018-03-05 09:02 - 2017-05-18 00:35 - 000102720 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2018-03-05 09:02 - 2017-05-18 00:35 - 000076760 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2018-03-05 09:02 - 2017-05-18 00:35 - 000039352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
2018-03-05 09:01 - 2017-05-18 00:35 - 001019088 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2018-03-05 09:01 - 2017-05-18 00:35 - 000337344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbloga.sys
2018-03-05 09:01 - 2017-05-18 00:35 - 000221096 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdrivera.sys
2018-03-05 09:01 - 2017-05-18 00:35 - 000193024 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsha.sys
2018-03-05 09:01 - 2017-05-18 00:35 - 000166552 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbdiska.sys
2018-03-05 09:01 - 2017-05-18 00:35 - 000051272 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniva.sys
2018-03-05 09:00 - 2015-10-22 23:42 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-02-27 22:52 - 2015-04-30 08:25 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-02-27 04:17 - 2015-11-02 12:24 - 000000000 ____D C:\Users\beigels\AppData\Local\ElevatedDiagnostics
2018-02-27 03:36 - 2015-10-16 13:07 - 000000000 ____D C:\Program Files (x86)\FreeCommander XE
2018-02-27 03:35 - 2015-07-28 09:35 - 000002226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-27 03:35 - 2015-07-28 09:35 - 000002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-02-26 15:25 - 2017-05-17 10:47 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-02-26 15:24 - 2016-01-18 11:45 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-02-22 19:57 - 2015-10-16 13:37 - 000002004 ____H C:\Users\beigels\Documents\Default.rdp
2018-02-21 15:05 - 2015-10-23 12:16 - 000000000 ____D C:\ProgramData\Garmin
2018-02-20 14:26 - 2017-12-20 12:41 - 000001116 _____ C:\Users\beigels\Desktop\Kutools for Excel.lnk
2018-02-19 13:37 - 2011-02-10 10:33 - 000778064 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-02-17 12:34 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\rescache
2018-02-16 06:32 - 2009-07-14 01:09 - 000000000 ____D C:\Windows\System32\Tasks\WPD
2018-02-16 06:32 - 2009-07-14 00:57 - 000001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2018-02-16 06:26 - 2015-10-21 18:05 - 000000000 ____D C:\Windows\system32\appraiser
2018-02-16 06:26 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\SysWOW64\Setup
2018-02-16 06:26 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\system32\Setup
2018-02-16 06:23 - 2017-09-28 09:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2018-02-16 06:23 - 2015-10-23 00:14 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-02-16 06:22 - 2015-10-22 15:35 - 000000000 ____D C:\Windows\system32\MRT
2018-02-16 06:18 - 2017-10-17 15:34 - 130067560 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-02-16 06:18 - 2015-10-22 15:35 - 130067560 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-02-15 22:58 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2018-02-14 20:32 - 2018-01-15 17:47 - 000000000 ____D C:\Users\beigels\AppData\Local\Eclipse
2018-02-14 20:32 - 2018-01-15 16:50 - 000000000 ____D C:\Users\beigels\.p2
2018-02-14 13:38 - 2015-10-22 23:32 - 000000000 ____D C:\ProgramData\WinZip
2018-02-14 13:31 - 2015-10-23 00:07 - 000001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinRAR.lnk
2018-02-14 13:31 - 2015-10-23 00:07 - 000001114 _____ C:\Users\Public\Desktop\WinRAR.lnk
2018-02-14 13:31 - 2015-10-23 00:07 - 000000000 ____D C:\Users\beigels\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-02-14 13:31 - 2015-10-23 00:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-02-14 03:31 - 2015-10-23 12:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2018-02-14 03:31 - 2015-10-23 12:16 - 000000000 ____D C:\Program Files (x86)\Garmin
2018-02-14 03:31 - 2015-10-16 14:01 - 000000000 ____D C:\ProgramData\Package Cache
2018-02-14 03:30 - 2015-10-23 12:16 - 000003552 _____ C:\Windows\System32\Tasks\GarminUpdaterTask
2018-02-13 15:36 - 2015-10-22 23:41 - 000000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-02-12 06:36 - 2018-01-03 14:56 - 000001318 _____ C:\Users\Public\Desktop\Minimal ADB and Fastboot.lnk
 
Some files in TEMP:
====================
2016-01-25 04:42 - 2016-01-25 04:42 - 004995416 _____ (Microsoft Corporation) C:\Users\beigels\AppData\Local\Temp\vcredist10_x86.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-03-09 03:40
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10.03.2018
Ran by beigels (11-03-2018 13:19:50)
Running from C:\Users\beigels\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-07-28 13:23:33)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2779557678-3830489536-1879980627-500 - Administrator - Disabled)
beigels (S-1-5-21-2779557678-3830489536-1879980627-1000 - Administrator - Enabled) => C:\Users\beigels
Guest (S-1-5-21-2779557678-3830489536-1879980627-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: AVG Antivirus (Enabled - Up to date) {C50510DE-367A-330C-FD5C-556ACFB11243}
AS: AVG Antivirus (Enabled - Up to date) {7E64F13A-1040-3C82-C7EC-6E18B43658FE}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2779557678-3830489536-1879980627-1000\...\uTorrent) (Version: 3.5.3.44358 - BitTorrent Inc.)
7-Zip 18.01 (x64) (HKLM\...\7-Zip) (Version: 18.01 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Flash Player 28 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
ANT Drivers Installer x64 (HKLM\...\{00EC0123-5EC2-4D75-830C-EF11667E74E8}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Any Video Converter 5.9.9 (HKLM-x32\...\Any Video Converter) (Version: 5.9.9 - Anvsoft)
Attribute Changer 9.0a (HKLM\...\{27263813-8BDE-4CD2-84D3-02536743428A}_is1) (Version: 9.0a - Romain Petges)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Audacity 2.1.3 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 18.2.3046 - AVG Technologies)
Brother MFL-Pro Suite MFC-L2720DW series (HKLM-x32\...\{F8ECC2FD-CE2B-4ED4-BDCC-90D0D34206FD}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.40 - Piriform)
Combined Community Codec Pack 64bit 2015-10-18 (HKLM\...\Combined Community Codec Pack 64bit_is1) (Version: 2015.10.19.0 - CCCP Project)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.9.2.8 - Dell Inc.)
Dell Command | Update (HKLM-x32\...\{EC542D5D-B608-4145-A8F7-749C02BE6D94}) (Version: 2.0.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{BC8233D8-59BA-4D40-92B9-4FDE7452AA8B}) (Version: 3.0.3999.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F173834}) (Version: 3.4.16100.0 - Dell Inc.)
Dell Protected Workspace (HKLM-x32\...\{E2CAA395-66B3-4772-85E3-6134DBAB244E}) (Version: 4.0.18189 - Invincea, Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 44.4.58 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Elevated Installer (HKLM-x32\...\{9AB7E852-655C-4BDE-9042-1D3E6807C85A}) (Version: 6.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
Evernote v. 6.7.5 (HKLM-x32\...\{65B334F4-9E45-11E7-A6A5-005056951CAD}) (Version: 6.7.5.5825 - Evernote Corp.)
Fedora Project - Fedora Media Writer - Tool to write Fedora images to flash drives (HKLM-x32\...\Fedora Media Writer) (Version: "${VERSIONMAJOR}.${VERSIONMINOR}.${VERSIONBUILD}" - "Fedora Project")
FreeCommander XE (HKLM-x32\...\FreeCommander XE_is1) (Version:  - Marek Jasinski)
FreeMouseAutoClicker 3.8 (HKLM-x32\...\{292F00C5-25EF-4FBE-9873-13EF1F69DEED}_is1) (Version:  - Advanced Mouse Auto Clicker ltd.)
Garmin BaseCamp (HKLM-x32\...\{36A0D446-B8E9-4753-BDFE-335F6F4DE59C}) (Version: 4.5.2 - Garmin Ltd or its subsidiaries)
Garmin City Navigator North America NT 2016.20 (HKLM-x32\...\{79A8C65B-0289-45A2-9A8D-6AAE0B64A374}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin City Navigator North America NT 2017.10 (HKLM-x32\...\{08858497-31DE-491F-B21F-95AC17D75CEF}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin City Navigator North America NT 2018.30 (HKLM-x32\...\{152AD9F4-AFBF-417B-AC07-0C6A3EB6D304}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{E695D74A-9567-46DA-A4EE-0E191F21194B}) (Version: 6.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{fb1ff7db-c0d2-43c4-99bf-5b2fa4f9ca0b}) (Version: 6.1.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express Tray (HKLM-x32\...\{7C8FDEF1-F311-459C-B3CC-EEF73C721BFD}) (Version: 6.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM\...\{DC7720F2-98BE-41C1-B0A8-E391362E86B8}) (Version: 2.3.1.1 - Garmin Ltd or its subsidiaries)
GhostMouse (HKLM-x32\...\GhostMouse_is1) (Version: Free V3.2.3 - ghost-mouse.com)
GnuWin32: CoreUtils version 5.3.0 (HKLM-x32\...\CoreUtils-5.3.0_is1) (Version: 5.3.0 - GnuWin32)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.186 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
HP Display Assistant (HKLM-x32\...\{17B371B7-740F-4C83-BDFE-0C3A2C585103}) (Version: 2.11.045 - Portrait Displays, Inc.)
HP USB Disk Storage Format Tool (HKLM-x32\...\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}) (Version:  - )
Intel Android Device USB driver (HKLM\...\Intel Android Device USB driver) (Version: 1.10.0 - Intel)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.31.1000 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3234 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.4.40 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{6230EE50-BD4E-4B39-904D-3E7600053E08}) (Version: 6.2.1 - Intel Corporation)
iVMS-4200(v2.4.1.3) (HKLM-x32\...\{7697245D-2E00-4B83-AD27-C051DE314D1F}) (Version: 2.4.1.3 - hikvision)
Java 9.0.1 (64-bit) (HKLM\...\{2590B9D6-4310-52BC-808E-1A585861A836}) (Version: 9.0.1.0 - Oracle Corporation)
Java™ SE Development Kit 9.0.1 (64-bit) (HKLM\...\{4AC8DBB2-1AE5-5156-83F9-D4E2E6DD564B}) (Version: 9.0.1.0 - Oracle Corporation)
Kol Halashon Download Manager (HKLM-x32\...\{3B5F6507-5620-4136-B4DD-4E7069BE5B4B}) (Version: 3.00.0000 - Kol Halashon)
Kutools for Excel 16.50 (HKLM-x32\...\{A095BA43-4A97-4D55-8E25-A0BC46F10765}_is1) (Version: 16.50 - Addin Technology Inc.)
LG Mobile Driver (HKLM-x32\...\{3F490D0E-3131-438C-BCF9-7549CB88DF41}) (Version: 4.2.0 - LG Electronics)
LG United Mobile Drivers (HKLM-x32\...\{4DE95ED9-0A29-4C4F-8463-35857CF9BA36}) (Version: 3.14.1 - LG Electronics)
Linux File Systems for Windows by Paragon Software (HKLM-x32\...\{F0CF025B-D6F3-4F7C-939B-23291F52875C}) (Version: 5.0.956 - Paragon Software GmbH)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Minimal ADB and Fastboot version 1.4.2 (HKLM-x32\...\{1901BAF7-7E78-4041-BC88-D0EE5DD1DFD9}_is1) (Version: 1.4.2 - Sam Rodberg)
MiniTool Partition Wizard Free 10.2.2 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Mozilla Firefox 56.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 56.0 (x86 en-US)) (Version: 56.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 56.0.0.6478 - Mozilla)
MP3 Diags (HKLM-x32\...\MP3Diags) (Version:  - )
Mp3tag v2.86 (HKLM-x32\...\Mp3tag) (Version: 2.86 - Florian Heidenreich)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyTrigger (HKLM-x32\...\{133D2CE6-0010-457B-A8B7-6E497114CA1C}) (Version: 1.7.188.0 - torgesta.com)
Net Nanny Parental Controls (HKLM-x32\...\ALTACPHOME_is1) (Version: 6.5 - ContentWatch)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.5.4 - Notepad++ Team)
Nuance PaperPort 12 (HKLM-x32\...\{2A770862-7142-4C77-8117-F933E4110A3F}) (Version: 12.1.0006 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
nutraCoster Workstation (HKLM-x32\...\nutraCoster Workstation) (Version:  - )
OpenOffice 4.1.3 (HKLM-x32\...\{EEA30AEB-8BA7-465B-85D4-098BB99733E7}) (Version: 4.13.9783 - Apache Software Foundation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
PdfZip (HKLM-x32\...\{9FD5457C-8F9E-4D40-82F9-AB35FE7A123B}) (Version: 2.0.17 - FaradaySoft)
PhoenixSuit (HKLM-x32\...\{EBF1BED9-4321-40D7-8837-177AE54C457C}) (Version: 1.0.5 - AllWinnertech)
PhoneDeck 1.3 (HKLM-x32\...\PhoneDeck_is1) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6053 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Sansa Updater (HKU\S-1-5-21-2779557678-3830489536-1879980627-1000\...\Sansa Updater) (Version:  - SanDisk Corporation)
Scansoft PDF Professional (HKLM-x32\...\{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}) (Version:  - ) Hidden
SDK (HKLM-x32\...\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}) (Version: 2.38.024 - Portrait Displays, Inc.) Hidden
Tar-1.13 Binaries (GnuWin32) (HKLM-x32\...\Tar-1.13-bin_is1) (Version: 1.13 - GnuWin32)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.0.6447 - TeamViewer)
Ubuntu (HKLM-x32\...\Wubi) (Version: 17.10.1-rev328 - Ubuntu)
VBRFix (Moonbase Edition) (HKLM-x32\...\Vbrfix) (Version: 1(beta) H+Moonbase - Moonbase)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VNC Server 6.2.1 (HKLM\...\{D46A65E0-E741-4DD8-BAC1-F35DDB46C2E0}) (Version: 6.2.1.32538 - RealVNC Ltd)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (08/27/2012 7.0.0000.00001) (HKLM\...\450B7CBC371CAEC6A328083977AA7A09E7AE5D29) (Version: 08/27/2012 7.0.0000.00001 - Google, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinHTTrack Website Copier 3.49-2 (x64) (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.49.2 - HTTrack)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
WPS Office (9.1.0.5200) (HKU\S-1-5-21-2779557678-3830489536-1879980627-1000\...\Kingsoft Office) (Version: 9.1.0.5200 - Kingsoft Corp.)
XML Notepad 2007 (HKLM-x32\...\{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}) (Version: 2.3.0.0 - Microsoft Corporation)
ZTE Handset USB Driver (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2088.1.A02B03 - ZTE Corporation)
כלי ההגהה של Microsoft Office 2013 - עברית (HKLM\...\{90150000-001F-040D-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2779557678-3830489536-1879980627-1000_Classes\CLSID\{53B2AC1B-7B81-47FC-8D3B-595CDE21D0BA}\InprocServer32 -> C:\Users\beigels\AppData\Local\Apps\Evernote\Evernote\EvernoteCCx64.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
CustomCLSID: HKU\S-1-5-21-2779557678-3830489536-1879980627-1000_Classes\CLSID\{67F4D210-BFC2-4ADD-9A2A-C9B9E1F42C4F}\InprocServer32 -> C:\Users\beigels\AppData\Local\Kingsoft\WPS Office\9.1.0.5200\office6\qingshellext64.dll (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-2779557678-3830489536-1879980627-1000_Classes\CLSID\{92EF2EAD-A7CE-4424-B0DB-499CF856608E}\InprocServer32 -> C:\Users\beigels\AppData\Local\Apps\Evernote\Evernote\EvernoteIEx64.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
CustomCLSID: HKU\S-1-5-21-2779557678-3830489536-1879980627-1000_Classes\CLSID\{93c503ec-b307-4339-bca2-37fe3b4836e8}\InprocServer32 -> C:\Users\beigels\AppData\Local\Apps\Evernote\Evernote\EvernoteOLShim64.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\beigels\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\beigels\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\beigels\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2015-12-07] (SoftThinks SAS)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2015-12-07] (SoftThinks SAS)
ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2015-12-07] (SoftThinks SAS)
ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2015-12-07] (SoftThinks SAS)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\beigels\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\beigels\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\beigels\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2017-12-31] ()
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2018-03-05] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\beigels\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-10-25] (Florian Heidenreich)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers2: [ACShell] -> {D3F9A525-8824-497A-BE36-B23E22F141FC} => C:\Program Files\Attribute Changer\acshell.dll [2018-02-28] (Romain Petges)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\beigels\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-10-25] (Florian Heidenreich)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [ACShell] -> {D3F9A525-8824-497A-BE36-B23E22F141FC} => C:\Program Files\Attribute Changer\acshell.dll [2018-02-28] (Romain Petges)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\beigels\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\beigels\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-10-25] (Florian Heidenreich)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2013-07-09] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2018-03-05] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-2779557678-3830489536-1879980627-1000: [qingshellext] -> {67F4D210-BFC2-4ADD-9A2A-C9B9E1F42C4F} => C:\Users\beigels\AppData\Local\Kingsoft\WPS Office\9.1.0.5200\office6\qingshellext64.dll [2016-01-22] (Zhuhai Kingsoft Office Software Co.,Ltd)
ContextMenuHandlers4_S-1-5-21-2779557678-3830489536-1879980627-1000: [qingshellext] -> {67F4D210-BFC2-4ADD-9A2A-C9B9E1F42C4F} => C:\Users\beigels\AppData\Local\Kingsoft\WPS Office\9.1.0.5200\office6\qingshellext64.dll [2016-01-22] (Zhuhai Kingsoft Office Software Co.,Ltd)
ContextMenuHandlers5_S-1-5-21-2779557678-3830489536-1879980627-1000: [qingshellext] -> {67F4D210-BFC2-4ADD-9A2A-C9B9E1F42C4F} => C:\Users\beigels\AppData\Local\Kingsoft\WPS Office\9.1.0.5200\office6\qingshellext64.dll [2016-01-22] (Zhuhai Kingsoft Office Software Co.,Ltd)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {04E5751E-10D7-471B-AE32-48A8F52F518F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {0B3DE149-1774-454F-B30A-7F3C88F4B1C1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-28] (Google Inc.)
Task: {45D6297E-3262-43CC-9F01-BE8331397167} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {580419A8-33F1-454D-82C8-3850DBABA54D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-02-07] (Adobe Systems Incorporated)
Task: {650ACC87-C6B4-4F2C-B972-049A14A51B21} - System32\Tasks\JavaUpdateSched => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2017-09-27] (Oracle Corporation)
Task: {6708A4E2-206C-4F17-9EA9-1EF49C08CAB2} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2018-02-08] ()
Task: {72CA1F8B-59F2-4644-AF7A-2A102795D698} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-03-31] (McAfee, Inc.)
Task: {7A12201C-CFD5-4C34-B1BE-437088FDE397} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {819ECAD1-D4D5-434B-837C-844F7F43109E} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-02-07] (Piriform Ltd)
Task: {86D6BF07-2501-4729-9D34-6B385742A145} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2018-03-05] (AVG Technologies CZ, s.r.o.)
Task: {88E5761B-36E0-40F8-BCCD-C76CD5960101} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
Task: {8BC993D1-4215-42C9-8337-E4B1A259C96B} - System32\Tasks\LinuxFS Updater => C:\Program Files (x86)\Paragon Software\LinuxFS for Windows\Updater.exe [2017-11-30] (Paragon Software)
Task: {9272878B-2B0B-437F-8981-F4BC1EF3153B} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {974FAAAD-667C-46FC-A88C-067F81141A25} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {A7176241-9540-4553-A2BE-7666BBE9E3B9} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {AC0BF97E-ADB8-44EA-AFD8-7F38A398FD43} - System32\Tasks\LinuxFS GUI => C:\Program Files (x86)\Paragon Software\LinuxFS for Windows\Linux File Systems for Windows by Paragon Software.exe [2017-11-30] (Paragon Software)
Task: {D5040E68-5DA6-423B-8205-0F3E811A691D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-02-07] (Piriform Ltd)
Task: {DB73E199-0B43-4CC8-8249-11146CD7D5DE} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2018-02-15] (AVG Technologies CZ, s.r.o.)
Task: {E1DDE9FD-50FB-410B-824E-2C23529999AE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-28] (Google Inc.)
Task: {E8B901E5-0476-4B0A-BBC4-408954DAB70C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {EFF5AE57-220F-46A1-A540-29E9ACB1FAF0} - System32\Tasks\Microsoft Office 15 Sync Maintenance for srulyG-beigels srulyG => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\beigels\Desktop\fixcomputer.lnk -> F:\fixcomputer.bat ()
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-06-07 16:09 - 2017-06-07 16:09 - 000598528 _____ () C:\Users\beigels\AppData\Local\MEGAsync\ShellExtX64.dll
2005-08-30 12:30 - 2005-08-30 12:30 - 000466944 _____ () C:\Program Files (x86)\MyTrigger\MyTrigger.exe
2017-11-30 14:49 - 2017-11-30 14:49 - 000414208 _____ () C:\Program Files (x86)\Paragon Software\LinuxFS for Windows\dokan.dll
2018-03-06 07:41 - 2017-11-29 10:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-03-05 09:01 - 2018-03-05 09:01 - 000722672 _____ () c:\Program Files (x86)\AVG\Antivirus\x64\vaarclient.dll
2018-03-05 09:02 - 2018-03-05 09:02 - 000913136 _____ () C:\Program Files (x86)\AVG\Antivirus\x64\ffl2.dll
2018-03-05 09:02 - 2018-03-05 09:02 - 000342768 _____ () c:\Program Files (x86)\AVG\Antivirus\x64\StreamBack.dll
2018-03-05 09:02 - 2018-03-05 09:02 - 000327920 _____ () C:\Program Files (x86)\AVG\Antivirus\x64\tasks_core.dll
2018-03-05 09:02 - 2018-03-05 09:02 - 000289008 _____ () C:\Program Files (x86)\AVG\Antivirus\streamback.dll
2018-03-05 09:02 - 2018-03-05 09:02 - 000281328 _____ () C:\Program Files (x86)\AVG\Antivirus\tasks_core.dll
2018-03-11 09:45 - 2018-03-11 09:45 - 005796080 _____ () C:\Program Files (x86)\AVG\Antivirus\defs\18031100\algo.dll
2018-03-05 09:02 - 2018-03-05 09:02 - 000758000 _____ () C:\Program Files (x86)\AVG\Antivirus\ffl2.dll
2018-03-05 09:01 - 2018-03-05 09:01 - 000965872 _____ () C:\Program Files (x86)\AVG\Antivirus\shepherdsync.dll
2018-03-05 09:01 - 2018-03-05 09:01 - 000476400 _____ () C:\Program Files (x86)\AVG\Antivirus\gui_cache.dll
2018-03-05 09:02 - 2018-03-05 09:02 - 067127976 _____ () C:\Program Files (x86)\AVG\Antivirus\libcef.dll
2018-03-05 09:00 - 2018-02-26 07:24 - 000746312 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2018-03-05 09:00 - 2018-02-26 07:24 - 002079048 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2017-09-08 18:09 - 2018-02-26 07:24 - 000100312 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-09-08 18:09 - 2018-02-26 07:24 - 000018896 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-09-08 18:09 - 2018-02-26 07:26 - 000020808 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-09-08 18:09 - 2018-02-26 07:24 - 000035808 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-09-08 18:09 - 2018-02-26 07:24 - 000694232 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2018-03-05 09:00 - 2018-02-26 07:26 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-09-08 18:09 - 2018-02-26 07:24 - 000130520 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2018-03-05 09:00 - 2018-02-26 07:26 - 001856864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2018-03-05 09:00 - 2018-02-26 07:26 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2018-03-05 09:00 - 2018-02-26 07:24 - 000145880 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2018-03-05 09:00 - 2018-02-26 07:24 - 000116696 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-09-08 18:09 - 2018-02-26 07:24 - 000105944 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-09-08 18:09 - 2018-02-26 07:26 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2018-03-05 09:00 - 2018-02-26 07:26 - 000063312 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-09-08 18:09 - 2018-02-26 07:24 - 000024536 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2018-03-05 09:00 - 2018-02-26 07:26 - 000077120 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2018-03-05 09:00 - 2018-02-26 07:24 - 000020952 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-09-08 18:09 - 2018-02-26 07:24 - 000124888 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-09-08 18:09 - 2018-02-26 07:24 - 000116184 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2018-03-05 09:00 - 2018-02-26 07:24 - 000392664 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-09-08 18:09 - 2018-02-26 07:26 - 000392520 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-09-08 18:09 - 2018-02-26 07:26 - 000026464 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-09-08 18:09 - 2018-02-26 07:24 - 000024024 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-09-08 18:09 - 2018-02-26 07:24 - 000175576 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-09-08 18:09 - 2018-02-26 07:24 - 000030168 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-09-08 18:09 - 2018-02-26 07:24 - 000043480 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-09-20 17:13 - 2018-02-26 07:24 - 000026072 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd
2017-09-08 18:09 - 2018-02-26 07:24 - 000048600 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-09-08 18:09 - 2018-02-26 07:24 - 000057816 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2018-03-05 09:00 - 2018-02-26 07:26 - 000021840 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-09-08 18:09 - 2018-02-26 07:27 - 000023376 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd
2018-03-05 09:00 - 2018-02-26 07:26 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2017-09-08 18:09 - 2018-02-26 07:26 - 000066400 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2018-03-05 09:00 - 2018-02-26 07:26 - 001798464 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-09-08 18:09 - 2018-02-26 07:24 - 000084944 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2018-03-05 09:00 - 2018-02-26 07:26 - 001959232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2018-03-05 09:00 - 2018-02-26 07:26 - 003863880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2018-03-05 09:00 - 2018-02-26 07:26 - 000155472 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2018-03-05 09:00 - 2018-02-26 07:26 - 000521544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2018-03-05 09:00 - 2018-02-26 07:26 - 000051024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2018-03-05 09:00 - 2018-02-26 07:26 - 000043336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2018-03-05 09:00 - 2018-02-26 07:26 - 000131400 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2018-03-05 09:00 - 2018-02-26 07:26 - 000219984 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2018-03-05 09:00 - 2018-02-26 07:26 - 000204104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-09-08 18:09 - 2018-02-26 07:27 - 000025440 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-09-08 18:09 - 2018-02-26 07:24 - 000060888 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-09-08 18:09 - 2018-02-26 07:27 - 000054616 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-09-08 18:09 - 2018-02-26 07:24 - 000024024 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-09-08 18:09 - 2018-02-26 07:26 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-09-08 18:09 - 2018-02-26 07:24 - 000028632 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-09-08 18:09 - 2018-02-26 07:26 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-09-08 18:09 - 2018-02-26 07:26 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-09-08 18:09 - 2018-02-26 07:27 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2018-03-05 09:00 - 2018-02-26 07:26 - 000027496 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-09-08 18:09 - 2018-02-26 07:24 - 000349144 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-09-08 18:09 - 2018-02-26 07:27 - 000023904 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2018-03-05 09:00 - 2018-02-26 07:26 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2018-03-05 09:00 - 2018-02-26 07:24 - 000036312 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2018-01-10 21:09 - 2018-02-26 07:26 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.pyd
2018-03-05 09:00 - 2018-02-26 07:26 - 000181064 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-09-08 18:09 - 2018-02-26 07:26 - 000030544 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2018-03-05 09:00 - 2018-02-26 07:26 - 000024384 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2018-03-05 09:00 - 2018-02-26 07:26 - 001638208 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-09-08 18:09 - 2018-02-26 07:26 - 000026464 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2018-03-05 09:00 - 2018-02-26 07:26 - 000546632 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2018-03-05 09:00 - 2018-02-26 07:26 - 000359744 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2018-03-05 09:00 - 2018-02-26 07:26 - 000038216 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngine.pyd
2017-07-03 12:50 - 2009-02-27 16:38 - 000139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-11-10 13:12 - 2014-11-10 13:12 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2017-06-07 16:07 - 2017-06-07 16:07 - 000569856 _____ () C:\Users\beigels\AppData\Local\MEGAsync\ShellExtX32.dll
2018-02-27 03:35 - 2018-02-22 00:12 - 003730264 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.186\libglesv2.dll
2018-02-27 03:35 - 2018-02-22 00:12 - 000085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.186\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3873 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3916 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:4014 [0]
AlternateDataStreams: C:\Users\beigels\Documents\Elvenar Press.rms:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\beigels\Documents\_Things to do.doc:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\beigels\Documents\~WRL0413.tmp:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\beigels\Documents\~WRL1438.tmp:com.dropbox.attributes [168]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2016-06-07 10:05 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2779557678-3830489536-1879980627-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\beigels\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.10.10.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: BlackBerry Device Manager => 3
MSCONFIG\Services: BrYNSvc => 3
MSCONFIG\Services: Dell Foundation Services => 2
MSCONFIG\Services: DTSRVC => 2
MSCONFIG\Services: InvProtectSvc => 2
MSCONFIG\Services: Kingsoft_WPS_UpdateService => 2
MSCONFIG\Services: PdiService => 2
MSCONFIG\Services: RIM MDNS => 2
MSCONFIG\Services: RIM Tunnel Service => 2
MSCONFIG\Services: RtkAudioService => 2
MSCONFIG\Services: SboxSvc => 2
MSCONFIG\Services: SftService => 2
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: TrueKey => 2
MSCONFIG\Services: TrueKeyScheduler => 2
MSCONFIG\Services: TrueKeyServiceHelper => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FAH.lnk => C:\Windows\pss\FAH.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Update Notifier.lnk => C:\Windows\pss\Update Notifier.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^beigels^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\Windows\pss\Send to OneNote.lnk.Startup
MSCONFIG\startupreg: BrStsMon00 => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
MSCONFIG\startupreg: DT HWP => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -HWP
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: IndexSearch => "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
MSCONFIG\startupreg: PDF5 Registry Controller => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
MSCONFIG\startupreg: PDFHook => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
MSCONFIG\startupreg: PPort12reminder => "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
MSCONFIG\startupreg: RIM PeerManager => "C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe"
MSCONFIG\startupreg: RIMBBLaunchAgent.exe => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
MSCONFIG\startupreg: RtHDVBg => "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX4 /WAVES_SUBTYPE_FOR_LYNC
MSCONFIG\startupreg: RtHDVCpl => "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" /s
MSCONFIG\startupreg: uTorrent => "C:\Users\beigels\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{DF4A808C-62E0-4357-B6E2-76966A6CA14C}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{238E844B-ADB6-4508-BDAB-EBF40ACCFD19}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{C111B82F-425C-476B-BF89-55F5364835BE}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{1B6C17DA-9271-4E6D-89AA-C3D3992A0904}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{16EE50F0-375F-43B8-B118-4CCD3770F5DE}C:\users\beigels\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\beigels\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{5B887A0F-5DEB-46C9-A2E7-9ADB3BBE12CC}C:\users\beigels\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\beigels\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{D61ADC17-8C7C-41D2-AFA2-2AAC31B90B83}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{20F9A403-88B2-4745-B486-62D806B6C059}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{0AC1202E-6C27-4B71-81E3-F966117AF8AF}C:\program files\ivms-4200 station\ivms-4200\ivms-4200 client\ivms-4200.exe] => (Allow) C:\program files\ivms-4200 station\ivms-4200\ivms-4200 client\ivms-4200.exe
FirewallRules: [UDP Query User{4F37A4FE-5555-4E9F-BE38-93907B000B3C}C:\program files\ivms-4200 station\ivms-4200\ivms-4200 client\ivms-4200.exe] => (Allow) C:\program files\ivms-4200 station\ivms-4200\ivms-4200 client\ivms-4200.exe
FirewallRules: [TCP Query User{88D96294-6AC8-4F79-9974-F6558A4E8D90}C:\users\beigels\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\beigels\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{9C0AB04E-69C4-4CD5-A23F-AB7C6A29ABB0}C:\users\beigels\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\beigels\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{BD861E3E-87C6-4F61-85D1-EAF00E1E098C}C:\program files\android\android studio\jre\bin\java.exe] => (Allow) C:\program files\android\android studio\jre\bin\java.exe
FirewallRules: [UDP Query User{50071994-C820-4F74-8D9D-6C784E09C656}C:\program files\android\android studio\jre\bin\java.exe] => (Allow) C:\program files\android\android studio\jre\bin\java.exe
FirewallRules: [TCP Query User{A914AC5F-FA59-45C9-BCF9-ADB52ECD8D0F}C:\Program Files\Android\android studio\bin\studio64.exe] => (Allow) C:\Program Files\Android\android studio\bin\studio64.exe
FirewallRules: [UDP Query User{942E44CB-45DF-43D1-81C5-BA20665A4D2E}C:\Program Files\Android\android studio\bin\studio64.exe] => (Allow) C:\Program Files\Android\android studio\bin\studio64.exe
FirewallRules: [TCP Query User{B5FD89A4-73F2-4CC9-8F44-4EBC4ACB4D38}C:\users\beigels\eclipse-installer\eclipse-inst.exe] => (Allow) C:\users\beigels\eclipse-installer\eclipse-inst.exe
FirewallRules: [UDP Query User{C306D55E-9DD3-42A4-BE6A-22887CAF7ABF}C:\users\beigels\eclipse-installer\eclipse-inst.exe] => (Allow) C:\users\beigels\eclipse-installer\eclipse-inst.exe
FirewallRules: [TCP Query User{2AFEEEAF-CCF0-4FE6-9796-113423E68A4D}C:\program files (x86)\kol halashon\kol halashon download manager\khl download manager.exe] => (Allow) C:\program files (x86)\kol halashon\kol halashon download manager\khl download manager.exe
FirewallRules: [UDP Query User{B22BBCF9-9703-4013-9AC5-6392BB5CE546}C:\program files (x86)\kol halashon\kol halashon download manager\khl download manager.exe] => (Allow) C:\program files (x86)\kol halashon\kol halashon download manager\khl download manager.exe
FirewallRules: [{72DFFBDF-83B8-4140-B44E-2C7C4CED8D31}] => (Allow) C:\Users\beigels\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B5D1C086-3017-47E8-977F-BA2589503649}] => (Allow) C:\Users\beigels\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7A1A2934-4CE9-4782-8A70-10C830AAFBCF}] => (Allow) C:\Program Files\RealVNC\VNC Server\vncserver.exe
FirewallRules: [{1244F93A-C6D8-40E5-9633-589DE48F623F}] => (Allow) C:\Program Files\RealVNC\VNC Server\vncserver.exe
FirewallRules: [TCP Query User{E41F8081-BF4A-4B7B-8FF6-949BE8C5D0B1}C:\users\beigels\appdata\local\temp\pyl45a9.tmp\pyrun.exe] => (Allow) C:\users\beigels\appdata\local\temp\pyl45a9.tmp\pyrun.exe
FirewallRules: [UDP Query User{53F942A9-ABD3-402F-BD36-7F387B4F8900}C:\users\beigels\appdata\local\temp\pyl45a9.tmp\pyrun.exe] => (Allow) C:\users\beigels\appdata\local\temp\pyl45a9.tmp\pyrun.exe
FirewallRules: [{A9C188A4-3A2D-47B6-B41D-65E77F22C279}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{9E9A7266-C0AF-4108-8168-D94B1C982F0B}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{6F163CA5-D2C6-4458-9B71-88351C275460}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{F5CA7C8A-4068-465B-A78C-7434D1484CA8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B8A83648-504D-42B9-B3F3-D0039179436F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B3F88E61-4796-483B-802A-EFDD9917289E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
 
==================== Restore Points =========================
 
09-03-2018 03:47:31 Scheduled Checkpoint
09-03-2018 19:23:43 Removed inAudible
09-03-2018 19:25:06 Removed Chrome Remote Desktop Host
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/11/2018 11:53:23 AM) (Source: VNC Server) (EventID: 256) (User: )
Description: Agent: DeviceFrameBuffer: BitmapDC: null bitmap
 
Error: (03/11/2018 11:36:26 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (03/11/2018 11:34:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (03/11/2018 11:34:47 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (03/11/2018 11:26:58 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (03/11/2018 11:26:58 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (03/11/2018 04:51:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CompatTelRunner.exe, version: 10.0.17060.1019, time stamp: 0x0206ae46
Faulting module name: ntdll.dll, version: 6.1.7601.24024, time stamp: 0x5a58e571
Exception code: 0xc0000374
Fault offset: 0x00000000000bf6b2
Faulting process id: 0x2564
Faulting application start time: 0x01d3b915fe968f21
Faulting application path: C:\Windows\system32\CompatTelRunner.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 6afdd274-2509-11e8-b79e-b083fea6c97a
 
Error: (03/10/2018 11:40:23 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
 
System errors:
=============
Error: (03/11/2018 11:42:02 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (03/11/2018 11:36:10 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel® Biometric and Context Agent Service service hung on starting.
 
Error: (03/11/2018 11:34:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Device Interaction Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (03/11/2018 11:34:35 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Device Interaction Service service to connect.
 
Error: (03/11/2018 11:28:20 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
Access is denied.
 
Error: (03/09/2018 03:52:02 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (03/09/2018 03:41:02 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel® Biometric and Context Agent Service service hung on starting.
 
Error: (03/09/2018 04:49:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avgbIDSAgent service failed to start due to the following error: 
The pipe has been ended.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4590 CPU @ 3.30GHz
Percentage of memory in use: 46%
Total physical RAM: 8110.53 MB
Available physical RAM: 4341.18 MB
Total Virtual: 16219.23 MB
Available Virtual: 12539.46 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:919.74 GB) (Free:709.55 GB) NTFS
Drive f: (DATA) (Network) (Total:847.95 GB) (Free:403.68 GB) NTFS
 
\\?\Volume{48219d44-ef42-11e4-8465-806e6f6e6963}\ (RECOVERY) (Fixed) (Total:11.73 GB) (Free:3.79 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 55422ED0)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=11.7 GB) - (Type=27)
Partition 3: (Not Active) - (Size=919.7 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

Edited by hamluis, 11 March 2018 - 08:01 AM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:35 AM

Posted 16 March 2018 - 07:50 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> https://www.bleepingcomputer.com/logreply/672903 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 isrgish

isrgish
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 16 March 2018 - 08:35 AM

I may have the original CD somewhere but I am not sure I will try to find it.

 

Here are the new logs from FRST

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by beigels (administrator) on SRULYG (16-03-2018 13:29:36)
Running from C:\Users\beigels\Desktop
Loaded Profiles: beigels (Available Profiles: beigels)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(Paragon Software) C:\Program Files (x86)\Paragon Software\LinuxFS for Windows\Linux File Systems for Windows by Paragon Software.exe
(ContentWatch, Inc.) C:\Program Files (x86)\ContentWatch\Internet Protection\cwsvc.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(ContentWatch, Inc.) C:\Program Files (x86)\ContentWatch\Internet Protection\cwtray.exe
() C:\Program Files (x86)\MyTrigger\MyTrigger.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Intel® Corporation) C:\Program Files\Intel\BCA\pabeSvc64.exe
(Paragon Software) C:\Program Files (x86)\Paragon Software\LinuxFS for Windows\paragon_service.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncserver.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncagent.exe
(RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncserverui.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Users\beigels\AppData\Local\Google\Chrome\User Data\SwReporter\27.146.200\software_reporter_tool.exe
(Google) C:\Users\beigels\AppData\Local\Google\Chrome\User Data\SwReporter\27.146.200\software_reporter_tool.exe
(Google) C:\Users\beigels\AppData\Local\Google\Chrome\User Data\SwReporter\27.146.200\software_reporter_tool.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [294928 2018-03-05] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-04-10] (Intel Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567936 2018-02-26] (Dropbox, Inc.)
HKLM-x32\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
HKLM-x32\...\Run: [cwcptray] => C:\Program Files (x86)\ContentWatch\Internet Protection\cwtray.exe [676232 2015-01-29] (ContentWatch, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646680 2017-09-27] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2779557678-3830489536-1879980627-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1422248 2018-02-08] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1422248 2018-02-08] (Garmin Ltd. or its subsidiaries)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launch MyTrigger.lnk [2015-07-28]
ShortcutTarget: Launch MyTrigger.lnk -> C:\Program Files (x86)\MyTrigger\MyTrigger.exe ()
GroupPolicy: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog9 01 C:\Windows\SysWOW64\cwalsp.dll [1053576 2015-01-29] (ContentWatch, Inc.)
Winsock: Catalog9 02 C:\Windows\SysWOW64\cwalsp.dll [1053576 2015-01-29] (ContentWatch, Inc.)
Winsock: Catalog9 03 C:\Windows\SysWOW64\cwalsp.dll [1053576 2015-01-29] (ContentWatch, Inc.)
Winsock: Catalog9 04 C:\Windows\SysWOW64\cwalsp.dll [1053576 2015-01-29] (ContentWatch, Inc.)
Winsock: Catalog9 05 C:\Windows\SysWOW64\cwalsp.dll [1053576 2015-01-29] (ContentWatch, Inc.)
Winsock: Catalog9 06 C:\Windows\SysWOW64\cwalsp.dll [1053576 2015-01-29] (ContentWatch, Inc.)
Winsock: Catalog9 07 C:\Windows\SysWOW64\cwalsp.dll [1053576 2015-01-29] (ContentWatch, Inc.)
Winsock: Catalog9 08 C:\Windows\SysWOW64\cwalsp.dll [1053576 2015-01-29] (ContentWatch, Inc.)
Winsock: Catalog9 09 C:\Windows\SysWOW64\cwalsp.dll [1053576 2015-01-29] (ContentWatch, Inc.)
Winsock: Catalog9 10 C:\Windows\SysWOW64\cwalsp.dll [1053576 2015-01-29] (ContentWatch, Inc.)
Winsock: Catalog9 11 C:\Windows\SysWOW64\cwalsp.dll [1053576 2015-01-29] (ContentWatch, Inc.)
Winsock: Catalog9 12 C:\Windows\SysWOW64\cwalsp.dll [1053576 2015-01-29] (ContentWatch, Inc.)
Winsock: Catalog9 23 C:\Windows\SysWOW64\cwalsp.dll [1053576 2015-01-29] (ContentWatch, Inc.)
Winsock: Catalog9 24 C:\Windows\SysWOW64\cwalsp.dll [1053576 2015-01-29] (ContentWatch, Inc.)
Winsock: Catalog9-x64 01 C:\Windows\system32\cwalsp64.dll [1550848 2015-01-29] (ContentWatch, Inc.)
Winsock: Catalog9-x64 02 C:\Windows\system32\cwalsp64.dll [1550848 2015-01-29] (ContentWatch, Inc.)
Winsock: Catalog9-x64 03 C:\Windows\system32\cwalsp64.dll [1550848 2015-01-29] (ContentWatch, Inc.)
Winsock: Catalog9-x64 04 C:\Windows\system32\cwalsp64.dll [1550848 2015-01-29] (ContentWatch, Inc.)
Winsock: Catalog9-x64 05 C:\Windows\system32\cwalsp64.dll [1550848 2015-01-29] (ContentWatch, Inc.)
Winsock: Catalog9-x64 06 C:\Windows\system32\cwalsp64.dll [1550848 2015-01-29] (ContentWatch, Inc.)
Winsock: Catalog9-x64 07 C:\Windows\system32\cwalsp64.dll [1550848 2015-01-29] (ContentWatch, Inc.)
Winsock: Catalog9-x64 08 C:\Windows\system32\cwalsp64.dll [1550848 2015-01-29] (ContentWatch, Inc.)
Winsock: Catalog9-x64 09 C:\Windows\system32\cwalsp64.dll [1550848 2015-01-29] (ContentWatch, Inc.)
Winsock: Catalog9-x64 10 C:\Windows\system32\cwalsp64.dll [1550848 2015-01-29] (ContentWatch, Inc.)
Winsock: Catalog9-x64 11 C:\Windows\system32\cwalsp64.dll [1550848 2015-01-29] (ContentWatch, Inc.)
Winsock: Catalog9-x64 12 C:\Windows\system32\cwalsp64.dll [1550848 2015-01-29] (ContentWatch, Inc.)
Winsock: Catalog9-x64 23 C:\Windows\system32\cwalsp64.dll [1550848 2015-01-29] (ContentWatch, Inc.)
Winsock: Catalog9-x64 24 C:\Windows\system32\cwalsp64.dll [1550848 2015-01-29] (ContentWatch, Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.10.10.1
Tcpip\..\Interfaces\{7976DB39-9272-404F-BD3B-9A7378FE42D3}: [DhcpNameServer] 10.10.10.1
 
Internet Explorer:
==================
HKU\S-1-5-21-2779557678-3830489536-1879980627-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-2779557678-3830489536-1879980627-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2779557678-3830489536-1879980627-1000 -> DefaultScope {7523028F-F02A-4F53-AE78-64F59B7253F3} URL = 
SearchScopes: HKU\S-1-5-21-2779557678-3830489536-1879980627-1000 -> {7523028F-F02A-4F53-AE78-64F59B7253F3} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre-9.0.1\bin\ssv.dll => No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre-9.0.1\bin\jp2ssv.dll [2018-01-15] (Oracle Corporation)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-06-28] (Intel Security)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-06-28] (Intel Security)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: ze2aku6s.default
FF ProfilePath: C:\Users\beigels\AppData\Roaming\Mozilla\Firefox\Profiles\ze2aku6s.default [2018-03-07]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_113.dll [2018-03-14] ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin: @java.com/DTPlugin,version=12.0.1.0 -> C:\Program Files\Java\jre-9.0.1\bin\dtplugin\npDeployJava1.dll [2018-01-15] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_113.dll [2018-03-14] ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-11-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-11-10] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\beigels\AppData\Local\Google\Chrome\User Data\Default [2018-03-16]
CHR Extension: (Slides) - C:\Users\beigels\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-17]
CHR Extension: (Docs) - C:\Users\beigels\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-17]
CHR Extension: (Google Drive) - C:\Users\beigels\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (MEGA) - C:\Users\beigels\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2018-03-15]
CHR Extension: (YouTube) - C:\Users\beigels\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-16]
CHR Extension: (Google Search) - C:\Users\beigels\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Timer) - C:\Users\beigels\AppData\Local\Google\Chrome\User Data\Default\Extensions\edebbhkhcaafmolanelponjjanocpacd [2016-02-23]
CHR Extension: (Adobe Acrobat) - C:\Users\beigels\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-05-22]
CHR Extension: (Sheets) - C:\Users\beigels\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-17]
CHR Extension: (Google Docs Offline) - C:\Users\beigels\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-31]
CHR Extension: (Timer Loop) - C:\Users\beigels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdkfiefeoimmobmhdimachkfcpkgahlc [2016-09-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\beigels\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-25]
CHR Extension: (Gmail) - C:\Users\beigels\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-28]
CHR Extension: (Chrome Media Router) - C:\Users\beigels\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-07]
CHR Extension: (Stopwatch / Timer / Alarm) - C:\Users\beigels\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmbmdkichekkmkgbohcbpfehiekdjnpl [2016-02-23]
CHR Profile: C:\Users\beigels\AppData\Local\Google\Chrome\User Data\Profile 1 [2018-03-06]
CHR Extension: (Google Slides) - C:\Users\beigels\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-18]
CHR Extension: (Google Docs) - C:\Users\beigels\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-18]
CHR Extension: (Google Drive) - C:\Users\beigels\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-18]
CHR Extension: (YouTube) - C:\Users\beigels\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-18]
CHR Extension: (Google Search) - C:\Users\beigels\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-18]
CHR Extension: (Adobe Acrobat) - C:\Users\beigels\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-06-15]
CHR Extension: (Google Sheets) - C:\Users\beigels\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-18]
CHR Extension: (Google Docs Offline) - C:\Users\beigels\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-06-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\beigels\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-06-15]
CHR Extension: (Gmail) - C:\Users\beigels\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-18]
CHR Extension: (Chrome Media Router) - C:\Users\beigels\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-15]
CHR Profile: C:\Users\beigels\AppData\Local\Google\Chrome\User Data\System Profile [2018-03-06]
CHR HKU\S-1-5-21-2779557678-3830489536-1879980627-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [304776 2018-03-05] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7607288 2018-03-05] (AVG Technologies CZ, s.r.o.)
S4 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
R2 CwAltaService20; C:\Program Files (x86)\ContentWatch\Internet Protection\cwsvc.exe [3074440 2015-01-29] (ContentWatch, Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2018-02-26] (Dropbox, Inc.)
S4 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell)
S4 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [138768 2013-10-11] (Portrait Displays, Inc.)
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1162768 2018-02-08] (Garmin Ltd. or its subsidiaries)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Corporation)
R2 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3026584 2016-05-06] (Intel® Corporation)
S4 InvProtectSvc; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [2672328 2014-07-30] (Invincea, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [158496 2014-11-10] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes)
R2 ParagonLinuxFSMounter; C:\Program Files (x86)\Paragon Software\LinuxFS for Windows\paragon_service.exe [2651328 2017-11-30] (Paragon Software)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145736 2013-08-15] (Nuance Communications, Inc.)
S4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [291032 2014-08-18] (Realtek Semiconductor)
S4 SboxSvc; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [173256 2014-07-30] (Invincea, Inc.)
S4 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [2065808 2016-01-04] (SoftThinks SAS)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11294448 2018-03-09] (TeamViewer GmbH)
R2 vncserver; C:\Program Files\RealVNC\VNC Server\vncserver.exe [5962832 2017-12-01] (RealVNC Ltd)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-04-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [30720 2016-08-24] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [37376 2016-08-24] (LG Electronics Inc.)
R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [189032 2018-03-05] (AVG Technologies CZ, s.r.o.)
R1 avgbdisk; C:\Windows\System32\drivers\avgbdiska.sys [166552 2018-03-05] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdrivera.sys [221096 2018-03-05] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\System32\drivers\avgbidsha.sys [193024 2018-03-05] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\System32\drivers\avgbloga.sys [337344 2018-03-05] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\System32\drivers\avgbuniva.sys [51272 2018-03-05] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\System32\drivers\avgHwid.sys [39352 2018-03-05] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [139040 2018-03-05] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [102720 2018-03-05] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [76760 2018-03-05] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [1019088 2018-03-05] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [452904 2018-03-05] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\System32\drivers\avgStm.sys [198368 2018-03-05] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [372920 2018-03-05] (AVG Technologies CZ, s.r.o.)
S3 blackberryncm; C:\Windows\System32\DRIVERS\blackberryncm6_AMD64.sys [25088 2014-09-08] (BlackBerry) [File not signed]
R2 Dokan; C:\Windows\System32\DRIVERS\dokan.sys [67264 2017-11-30] (Windows ® Win 7 DDK provider)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [76200 2018-01-18] ()
S3 FlashUSB; C:\Windows\System32\DRIVERS\FlashUSB.sys [28672 2016-04-29] (Intel Mobile Communications)
S3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [2638808 2014-10-15] (Realtek Semiconductor Corp.)
S3 InvProtectDrv; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [50696 2014-07-30] (Invincea, Inc.)
S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated)
S3 massfilter_hs; C:\Windows\SysWOW64\drivers\massfilter_hs.sys [15896 2011-03-07] (HandSet Incorporated)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193248 2018-03-14] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [109800 2018-03-16] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [45960 2018-03-16] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-03-14] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [92280 2018-03-16] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-11-10] (Intel Corporation)
R2 NPF; C:\Windows\SysWOW64\drivers\npf64.sys [36600 2015-12-16] (Riverbed Technology, Inc.)
R3 PdiPorts; C:\Windows\System32\DRIVERS\PdiPorts.sys [22824 2013-06-18] (Portrait Displays, Inc.)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
S3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [18432 2015-05-26] (BlackBerry Limited) [File not signed]
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 SboxDrv; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [183304 2014-07-30] (Invincea, Inc.)
S3 usbUDisc; C:\Windows\System32\DRIVERS\USBDrv_AMD64.sys [18392 2013-01-25] (Scott)
S3 zghsdiag; C:\Windows\SysWOW64\DRIVERS\zghsdiag.sys [113432 2011-03-07] (ZTE Incorporated)
S3 zghsmdm; C:\Windows\SysWOW64\DRIVERS\zghsmdm.sys [113432 2011-03-07] (ZTE Incorporated)
S3 zghsnmea; C:\Windows\SysWOW64\DRIVERS\zghsnmea.sys [113432 2011-03-07] (ZTE Incorporated)
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-16 13:29 - 2018-03-16 13:30 - 000027428 _____ C:\Users\beigels\Desktop\FRST.txt
2018-03-16 13:29 - 2018-03-16 13:29 - 000000000 ____D C:\FRST
2018-03-16 13:26 - 2018-03-16 13:26 - 002403328 _____ (Farbar) C:\Users\beigels\Desktop\FRST64.exe
2018-03-16 13:21 - 2018-03-16 13:26 - 000092280 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-03-16 13:18 - 2018-03-16 13:26 - 000045960 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-03-14 22:02 - 2018-03-14 22:02 - 000001025 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2018-03-14 22:02 - 2018-03-14 22:02 - 000001013 _____ C:\Users\Public\Desktop\Audacity.lnk
2018-03-14 21:25 - 2018-03-14 21:25 - 000000000 ____D C:\Users\beigels\AppData\Roaming\wps
2018-03-14 21:25 - 2018-03-14 21:25 - 000000000 ____D C:\Users\beigels\AppData\Roaming\office6
2018-03-14 21:20 - 2018-03-14 21:20 - 000003158 _____ C:\Windows\System32\Tasks\{BFB6C4C6-6BC5-456F-AD1B-7AAE7D3740D7}
2018-03-14 16:46 - 2018-03-14 17:19 - 000000000 ____D C:\Program Files (x86)\AirDroid
2018-03-14 16:46 - 2018-03-14 17:17 - 000000000 ____D C:\Users\beigels\AppData\Roaming\AirDroid
2018-03-14 16:46 - 2018-03-14 16:47 - 000001951 _____ C:\Users\Public\Desktop\AirDroid.lnk
2018-03-14 16:46 - 2018-03-14 16:47 - 000000000 ____D C:\Users\Public\Documents\AirDroid
2018-03-14 16:46 - 2018-03-14 16:46 - 000000000 ____D C:\Users\beigels\Documents\AirDroid
2018-03-14 16:46 - 2018-03-14 16:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AirDroid
2018-03-14 16:46 - 2018-03-14 16:46 - 000000000 ____D C:\ProgramData\AirDroid
2018-03-14 16:04 - 2018-03-16 13:17 - 000109800 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-03-14 16:04 - 2018-03-14 16:04 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-03-14 16:04 - 2018-03-14 16:04 - 000193248 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-03-14 16:03 - 2018-03-14 16:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-03-14 15:48 - 2018-03-14 15:48 - 000004462 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-03-13 21:29 - 2018-03-13 20:33 - 000446719 _____ C:\Users\beigels\Documents\Tax 2017 - 1P000373100-1520969249-YOY.pdf
2018-03-13 21:29 - 2018-03-13 20:33 - 000135924 _____ C:\Users\beigels\Documents\Tax 2017 - 1P000373100-1520969248-NY_215.pdf
2018-03-13 21:29 - 2018-03-13 20:33 - 000002246 _____ C:\Users\beigels\Documents\Tax 2017 - 1P000373100-1520969248ny_stmt_rec1.pdf
2018-03-13 21:29 - 2018-03-13 20:32 - 000147529 _____ C:\Users\beigels\Documents\Tax 2017 - 1P000373100-1520969248-NY_201.pdf
2018-03-13 21:29 - 2018-03-13 20:32 - 000116923 _____ C:\Users\beigels\Documents\Tax 2017 - 1P000373100-1520969248-NYIT2.pdf
2018-03-13 21:29 - 2018-03-13 20:32 - 000042513 _____ C:\Users\beigels\Documents\Tax 2017 - 1P000373100-1520969248-EicWkShtA.pdf
2018-03-13 21:29 - 2018-03-13 20:32 - 000040695 _____ C:\Users\beigels\Documents\Tax 2017 - 1P000373100-1520969248-NY_213.pdf
2018-03-13 21:29 - 2018-03-13 20:31 - 000099445 _____ C:\Users\beigels\Documents\Tax 2017 - 1P000373100-15209692478812.pdf
2018-03-13 21:29 - 2018-03-13 20:31 - 000084093 _____ C:\Users\beigels\Documents\Tax 2017 - 1P000373100-1520969247-f1040sei.pdf
2018-03-13 21:29 - 2018-03-13 20:31 - 000078295 _____ C:\Users\beigels\Documents\Tax 2017 - 1P000373100-1520969247-ws_chld_tax_crd.pdf
2018-03-13 21:29 - 2018-03-13 20:31 - 000077976 _____ C:\Users\beigels\Documents\Tax 2017 - 1P000373100-1520969246-1040A.pdf
2018-03-09 03:18 - 2018-03-09 03:18 - 000001458 _____ C:\Users\beigels\Desktop\ckfiles.txt
2018-03-09 03:00 - 2018-03-09 03:00 - 000468480 _____ () C:\Users\beigels\Desktop\CKScanner.exe
2018-03-09 01:52 - 2018-03-09 01:59 - 000000000 ____D C:\Program Files (x86)\Cobian Backup 11
2018-03-06 19:44 - 2018-03-06 19:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Attribute Changer
2018-03-06 19:44 - 2018-03-06 19:44 - 000000000 ____D C:\Program Files\Attribute Changer
2018-03-06 15:26 - 2018-03-06 15:28 - 000012528 _____ C:\Users\beigels\Desktop\ESET Log 03062018.txt
2018-03-06 13:26 - 2018-03-06 13:26 - 000000000 ____D C:\Users\beigels\AppData\Roaming\ESET
2018-03-06 13:20 - 2018-03-06 13:20 - 000000000 ____D C:\Users\beigels\AppData\Local\ESET
2018-03-06 12:37 - 2018-03-06 12:39 - 000000000 ____D C:\AdwCleaner
2018-03-06 08:21 - 2018-03-06 12:34 - 000000000 ____D C:\Users\beigels\Desktop\mbar
2018-03-06 08:21 - 2018-03-06 12:34 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-03-06 08:21 - 2018-03-06 08:21 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\75562157.sys
2018-03-06 08:20 - 2018-03-06 08:20 - 000012859 _____ C:\Users\beigels\Desktop\New Text Document.txt
2018-03-06 07:47 - 2018-03-06 07:47 - 004260984 _____ (ESET) C:\Users\beigels\Desktop\eset_smart_security_premium_live_installer.exe
2018-03-06 07:45 - 2018-03-06 07:45 - 014178840 _____ (Malwarebytes Corp.) C:\Users\beigels\Desktop\mbar-1.10.3.1001.exe
2018-03-06 07:45 - 2018-03-06 07:45 - 008222496 _____ (Malwarebytes) C:\Users\beigels\Desktop\AdwCleaner.exe
2018-03-06 07:41 - 2018-03-14 16:03 - 000001869 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-03-06 07:41 - 2018-03-14 16:03 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-03-06 07:41 - 2018-03-06 07:41 - 000000000 ____D C:\Program Files\Malwarebytes
2018-03-06 07:41 - 2018-01-18 09:03 - 000076200 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-03-06 05:52 - 2018-03-14 17:08 - 000000973 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk
2018-03-06 05:52 - 2018-03-14 17:08 - 000000961 _____ C:\Users\Public\Desktop\TeamViewer 13.lnk
2018-03-05 14:24 - 2018-03-05 14:52 - 000000631 _____ C:\Users\beigels\Desktop\Chrome Restore tabs 03052018.txt
2018-03-05 09:02 - 2018-03-05 09:02 - 000381816 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2018-03-05 09:00 - 2018-03-05 09:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-03-02 10:12 - 2018-03-02 10:12 - 000133073 _____ C:\wubildr
2018-02-27 19:08 - 2018-02-27 19:08 - 000000000 ____D C:\ProgramData\Motorola
2018-02-27 19:00 - 2018-02-27 22:52 - 000000000 ____D C:\Program Files (x86)\Motorola Mobility
2018-02-27 19:00 - 2018-02-27 19:00 - 000000000 ____D C:\Users\beigels\AppData\Roaming\Motorola Mobility
2018-02-27 19:00 - 2018-02-27 19:00 - 000000000 ____D C:\Program Files (x86)\Motorola
2018-02-27 18:59 - 2018-02-27 18:59 - 000000000 ____D C:\Program Files\Common Files\Motorola Shared
2018-02-27 18:54 - 2018-02-27 18:54 - 000000000 ____D C:\Users\beigels\AppData\Roaming\Motorola
2018-02-26 18:36 - 2018-02-26 18:36 - 000008192 _____ C:\wubildr.mbr
2018-02-26 18:35 - 2018-02-26 18:35 - 000000000 ____D C:\ubuntu
2018-02-26 07:24 - 2018-02-26 07:24 - 000051024 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2018-02-26 07:24 - 2018-02-26 07:24 - 000045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2018-02-26 07:24 - 2018-02-26 07:24 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2018-02-26 07:24 - 2018-02-26 07:24 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2018-02-23 06:38 - 2017-12-01 13:35 - 000037704 _____ (RealVNC Ltd) C:\Windows\system32\VNCpm.dll
2018-02-23 06:36 - 2018-02-23 06:43 - 000000000 ____D C:\ProgramData\RealVNC-Service
2018-02-23 06:36 - 2018-02-23 06:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealVNC
2018-02-23 06:36 - 2018-02-23 06:36 - 000000000 ____D C:\Program Files\RealVNC
2018-02-23 06:35 - 2018-03-07 12:01 - 000000000 ____D C:\Users\beigels\AppData\Local\RealVNC
2018-02-22 22:31 - 2018-02-22 22:31 - 002572651 _____ C:\Users\beigels\Desktop\man-pages-4.15.tar.gz
2018-02-21 17:07 - 2018-02-22 22:33 - 000000203 _____ C:\Users\beigels\Desktop\Command.txt
2018-02-20 14:26 - 2018-02-20 14:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kutools for Excel
2018-02-18 11:11 - 2018-02-18 11:11 - 000000000 ____D C:\ProgramData\SystemAcCrux
2018-02-18 11:11 - 2018-02-18 11:11 - 000000000 ____D C:\Program Files (x86)\EaseUS
2018-02-16 12:52 - 2018-02-16 12:54 - 1563426816 _____ C:\Users\beigels\Downloads\Fedora-Workstation-Live-x86_64-26-1.5.iso
2018-02-16 12:49 - 2018-02-16 12:49 - 000002023 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fedora Media Writer.lnk
2018-02-16 12:49 - 2018-02-16 12:49 - 000000000 ____D C:\Users\beigels\AppData\Local\fedoraproject.org
2018-02-16 12:49 - 2018-02-16 12:49 - 000000000 ____D C:\Program Files (x86)\Fedora Media Writer
2018-02-15 22:58 - 2018-02-16 05:59 - 000000400 __RSH C:\ProgramData\ntuser.pol
2018-02-14 09:19 - 2018-02-10 15:52 - 000395928 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-02-14 09:19 - 2018-02-10 15:03 - 000347296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-02-14 09:19 - 2018-02-10 04:44 - 025740288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-02-14 09:19 - 2018-02-10 03:30 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-02-14 09:19 - 2018-02-10 03:29 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-02-14 09:19 - 2018-02-10 03:19 - 002900480 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-02-14 09:19 - 2018-02-10 03:17 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-02-14 09:19 - 2018-02-10 03:17 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-02-14 09:19 - 2018-02-10 03:17 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-02-14 09:19 - 2018-02-10 03:16 - 000577536 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-02-14 09:19 - 2018-02-10 03:16 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-02-14 09:19 - 2018-02-10 03:10 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-02-14 09:19 - 2018-02-10 03:10 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-02-14 09:19 - 2018-02-10 03:09 - 005782016 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-02-14 09:19 - 2018-02-10 03:07 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-02-14 09:19 - 2018-02-10 03:06 - 000816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-02-14 09:19 - 2018-02-10 03:06 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-02-14 09:19 - 2018-02-10 03:06 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-02-14 09:19 - 2018-02-10 03:06 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-02-14 09:19 - 2018-02-10 03:01 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-02-14 09:19 - 2018-02-10 02:58 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-02-14 09:19 - 2018-02-10 02:52 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-02-14 09:19 - 2018-02-10 02:52 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-02-14 09:19 - 2018-02-10 02:51 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-02-14 09:19 - 2018-02-10 02:49 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-02-14 09:19 - 2018-02-10 02:48 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-02-14 09:19 - 2018-02-10 02:46 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-02-14 09:19 - 2018-02-10 02:45 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-02-14 09:19 - 2018-02-10 02:36 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-02-14 09:19 - 2018-02-10 02:36 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-02-14 09:19 - 2018-02-10 02:34 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-02-14 09:19 - 2018-02-10 02:34 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-02-14 09:19 - 2018-02-10 02:33 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-02-14 09:19 - 2018-02-10 02:32 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-02-14 09:19 - 2018-02-10 02:27 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-02-14 09:19 - 2018-02-10 02:20 - 020274176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-02-14 09:19 - 2018-02-10 02:14 - 001546240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-02-14 09:19 - 2018-02-10 02:08 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-02-14 09:19 - 2018-02-10 02:02 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-02-14 09:19 - 2018-02-10 01:57 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-02-14 09:19 - 2018-02-10 01:57 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-02-14 09:19 - 2018-02-10 01:57 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-02-14 09:19 - 2018-02-10 01:57 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-02-14 09:19 - 2018-02-10 01:56 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-02-14 09:19 - 2018-02-10 01:54 - 002294272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-02-14 09:19 - 2018-02-10 01:52 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-02-14 09:19 - 2018-02-10 01:51 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-02-14 09:19 - 2018-02-10 01:50 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-02-14 09:19 - 2018-02-10 01:49 - 000662528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-02-14 09:19 - 2018-02-10 01:49 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-02-14 09:19 - 2018-02-10 01:49 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-02-14 09:19 - 2018-02-10 01:42 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-02-14 09:19 - 2018-02-10 01:39 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-02-14 09:19 - 2018-02-10 01:38 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-02-14 09:19 - 2018-02-10 01:38 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-02-14 09:19 - 2018-02-10 01:36 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-02-14 09:19 - 2018-02-10 01:35 - 004498944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-02-14 09:19 - 2018-02-10 01:35 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-02-14 09:19 - 2018-02-10 01:35 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-02-14 09:19 - 2018-02-10 01:34 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-02-14 09:19 - 2018-02-10 01:33 - 013680640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-02-14 09:19 - 2018-02-10 01:29 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-02-14 09:19 - 2018-02-10 01:27 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-02-14 09:19 - 2018-02-10 01:27 - 000694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-02-14 09:19 - 2018-02-10 01:26 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-02-14 09:19 - 2018-02-10 01:14 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-02-14 09:19 - 2018-02-10 01:10 - 001314304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-02-14 09:19 - 2018-02-10 01:08 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-02-14 09:19 - 2018-01-12 12:46 - 000631680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-02-14 09:19 - 2018-01-12 12:44 - 005581544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-02-14 09:19 - 2018-01-12 12:44 - 001894120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-02-14 09:19 - 2018-01-12 12:44 - 000708328 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-02-14 09:19 - 2018-01-12 12:44 - 000377064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2018-02-14 09:19 - 2018-01-12 12:44 - 000371432 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2018-02-14 09:19 - 2018-01-12 12:44 - 000287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2018-02-14 09:19 - 2018-01-12 12:44 - 000262376 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-02-14 09:19 - 2018-01-12 12:44 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-02-14 09:19 - 2018-01-12 12:44 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-02-14 09:19 - 2018-01-12 12:40 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000484864 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:33 - 001665384 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-02-14 09:19 - 2018-01-12 12:29 - 004014312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-02-14 09:19 - 2018-01-12 12:29 - 003959016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-02-14 09:19 - 2018-01-12 12:27 - 004834816 _____ (Microsoft Corporation) C:\Windows\system32\xpsrchvw.exe
2018-02-14 09:19 - 2018-01-12 12:27 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 12:16 - 003405824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xpsrchvw.exe
2018-02-14 09:19 - 2018-01-12 12:16 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2018-02-14 09:19 - 2018-01-12 12:16 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
2018-02-14 09:19 - 2018-01-12 12:15 - 000032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2018-02-14 09:19 - 2018-01-12 12:11 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-02-14 09:19 - 2018-01-12 12:11 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-02-14 09:19 - 2018-01-12 12:11 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-02-14 09:19 - 2018-01-12 12:10 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-02-14 09:19 - 2018-01-12 12:07 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-02-14 09:19 - 2018-01-12 12:06 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-02-14 09:19 - 2018-01-12 12:03 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-02-14 09:19 - 2018-01-12 12:02 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-02-14 09:19 - 2018-01-12 12:02 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-02-14 09:19 - 2018-01-12 12:02 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-02-14 09:19 - 2018-01-12 12:01 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-02-14 09:19 - 2018-01-12 12:01 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-02-14 09:19 - 2018-01-12 11:57 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-02-14 09:19 - 2018-01-12 11:57 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-02-14 09:19 - 2018-01-12 11:57 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-02-14 09:19 - 2018-01-12 11:57 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-02-14 09:19 - 2018-01-12 11:57 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-02-14 09:19 - 2018-01-12 11:56 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 11:56 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 11:56 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-02-14 09:19 - 2018-01-12 11:56 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-02-14 09:19 - 2018-01-11 12:41 - 001133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2018-02-14 09:19 - 2018-01-11 12:22 - 000805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2018-02-14 09:19 - 2018-01-11 12:09 - 003224064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-02-14 09:19 - 2018-01-05 12:31 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-02-14 09:19 - 2018-01-05 12:31 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-02-14 09:19 - 2018-01-05 12:30 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-02-14 09:19 - 2018-01-05 12:30 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-02-14 09:19 - 2018-01-05 12:30 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-02-14 09:19 - 2018-01-05 12:25 - 000383720 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-02-14 09:19 - 2018-01-05 12:14 - 000309480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2018-02-14 09:19 - 2018-01-05 12:11 - 000111104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2018-02-14 09:19 - 2018-01-05 12:11 - 000071168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2018-02-14 09:19 - 2018-01-05 12:11 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2018-02-14 09:19 - 2018-01-05 12:11 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2018-02-14 09:19 - 2018-01-05 11:50 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2018-02-14 09:19 - 2017-12-31 22:21 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2018-02-14 09:19 - 2017-12-31 22:21 - 000948968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2018-02-14 09:19 - 2017-12-31 22:21 - 000288488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys
2018-02-14 09:19 - 2017-12-31 22:21 - 000213736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys
2018-02-14 09:19 - 2017-12-31 22:21 - 000114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2018-02-14 09:19 - 2017-12-31 22:18 - 014183936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 002066432 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 002004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 001942016 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 001867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 001741312 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 001361408 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistSvc.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 001110528 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000977408 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000961024 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000863232 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2018-02-14 09:19 - 2017-12-31 22:18 - 000842752 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000828928 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000749568 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000705024 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2018-02-14 09:19 - 2017-12-31 22:18 - 000512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000473600 _____ (Microsoft Corporation) C:\Windows\system32\taskcomp.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000439296 _____ (Microsoft Corporation) C:\Windows\system32\p2psvc.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000366592 _____ (Microsoft Corporation) C:\Windows\system32\wcncsvc.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000327168 _____ (Microsoft Corporation) C:\Windows\system32\pnrpsvc.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2018-02-14 09:19 - 2017-12-31 22:18 - 000303104 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000264704 _____ (Microsoft Corporation) C:\Windows\system32\P2P.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000181760 _____ (Microsoft Corporation) C:\Windows\system32\PeerDist.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000131584 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistWSDDiscoProv.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000120320 _____ (Microsoft Corporation) C:\Windows\system32\WcnApi.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000108544 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000101376 _____ (Microsoft Corporation) C:\Windows\system32\fdWCN.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000095744 _____ (Microsoft Corporation) C:\Windows\system32\rascfg.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\rasdiag.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\ndptsp.tsp
2018-02-14 09:19 - 2017-12-31 22:18 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\vmicres.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000051200 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistHttpTrans.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\kmddsp.tsp
2018-02-14 09:19 - 2017-12-31 22:18 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\rasmxs.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000039424 _____ (Microsoft Corporation) C:\Windows\system32\traffic.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\rasser.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\WcnEapPeerProxy.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\WcnEapAuthProxy.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\wshqos.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wshnetbs.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2018-02-14 09:19 - 2017-12-31 22:18 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2018-02-14 09:19 - 2017-12-31 22:04 - 000559616 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2018-02-14 09:19 - 2017-12-31 22:00 - 012880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2018-02-14 09:19 - 2017-12-31 22:00 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2018-02-14 09:19 - 2017-12-31 22:00 - 001417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2018-02-14 09:19 - 2017-12-31 22:00 - 001390080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2018-02-14 09:19 - 2017-12-31 22:00 - 000741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2018-02-14 09:19 - 2017-12-31 22:00 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2018-02-14 09:19 - 2017-12-31 22:00 - 000463360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2018-02-14 09:19 - 2017-12-31 22:00 - 000351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2018-02-14 09:19 - 2017-12-31 22:00 - 000304640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskcomp.dll
2018-02-14 09:19 - 2017-12-31 22:00 - 000276992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wcncsvc.dll
2018-02-14 09:19 - 2017-12-31 22:00 - 000217600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\P2P.dll
2018-02-14 09:19 - 2017-12-31 22:00 - 000216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2018-02-14 09:19 - 2017-12-31 22:00 - 000162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2018-02-14 09:19 - 2017-12-31 22:00 - 000139776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PeerDist.dll
2018-02-14 09:19 - 2017-12-31 22:00 - 000084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2018-02-14 09:19 - 2017-12-31 22:00 - 000081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdWCN.dll
2018-02-14 09:19 - 2017-12-31 22:00 - 000081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rascfg.dll
2018-02-14 09:19 - 2017-12-31 22:00 - 000061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdiag.dll
2018-02-14 09:19 - 2017-12-31 22:00 - 000052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2018-02-14 09:19 - 2017-12-31 22:00 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ndptsp.tsp
2018-02-14 09:19 - 2017-12-31 22:00 - 000033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\traffic.dll
2018-02-14 09:19 - 2017-12-31 22:00 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2018-02-14 09:19 - 2017-12-31 22:00 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2018-02-14 09:19 - 2017-12-31 21:59 - 001806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2018-02-14 09:19 - 2017-12-31 21:59 - 000309760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2018-02-14 09:19 - 2017-12-31 21:55 - 000131584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys
2018-02-14 09:19 - 2017-12-31 21:55 - 000088576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2018-02-14 09:19 - 2017-12-31 21:55 - 000058368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2018-02-14 09:19 - 2017-12-31 21:55 - 000045056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys
2018-02-14 09:19 - 2017-12-31 21:55 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys
2018-02-14 09:19 - 2017-12-31 21:54 - 000077312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2018-02-14 09:19 - 2017-12-31 21:50 - 000455680 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2018-02-14 09:19 - 2017-12-31 21:47 - 000244224 _____ (Microsoft Corporation) C:\Windows\system32\vmicsvc.exe
2018-02-14 09:19 - 2017-12-31 21:46 - 000128512 _____ (Microsoft Corporation) C:\Windows\system32\IcCoinstall.dll
2018-02-14 09:19 - 2017-12-31 21:46 - 000051712 _____ (Microsoft Corporation) C:\Windows\system32\vmictimeprovider.dll
2018-02-14 09:19 - 2017-12-31 21:43 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnApi.dll
2018-02-14 09:19 - 2017-12-31 21:43 - 000038912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kmddsp.tsp
2018-02-14 09:19 - 2017-12-31 21:43 - 000033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasmxs.dll
2018-02-14 09:19 - 2017-12-31 21:43 - 000022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasser.dll
2018-02-14 09:19 - 2017-12-31 21:43 - 000020480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnEapPeerProxy.dll
2018-02-14 09:19 - 2017-12-31 21:43 - 000019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnEapAuthProxy.dll
2018-02-14 09:19 - 2017-12-31 21:43 - 000018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfapigp.dll
2018-02-14 09:19 - 2017-12-31 21:43 - 000013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshqos.dll
2018-02-14 09:19 - 2017-12-31 21:42 - 000460288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2018-02-14 09:19 - 2017-12-31 21:42 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2018-02-14 09:19 - 2017-12-31 21:42 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2018-02-14 09:19 - 2017-12-31 21:41 - 000754176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2018-02-14 09:19 - 2017-12-31 21:41 - 000106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2018-02-14 09:19 - 2017-12-31 21:41 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2018-02-14 09:19 - 2017-12-21 02:27 - 000634312 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-02-14 09:19 - 2017-12-05 13:36 - 001484288 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2018-02-14 09:19 - 2017-12-05 13:36 - 000625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2018-02-14 09:19 - 2017-12-05 13:36 - 000250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2018-02-14 09:19 - 2017-12-05 13:36 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2018-02-14 09:19 - 2017-12-05 13:36 - 000218112 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2018-02-14 09:19 - 2017-12-05 13:36 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2018-02-14 09:19 - 2017-12-05 13:36 - 000141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2018-02-14 09:19 - 2017-12-05 13:36 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\TabSvc.dll
2018-02-14 09:19 - 2017-12-05 13:36 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2018-02-14 09:19 - 2017-12-05 13:08 - 001176576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2018-02-14 09:19 - 2017-12-05 13:08 - 000481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2018-02-14 09:19 - 2017-12-05 13:08 - 000215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2018-02-14 09:19 - 2017-12-05 13:08 - 000179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2018-02-14 09:19 - 2017-12-05 13:08 - 000145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2018-02-14 09:19 - 2017-12-05 13:08 - 000135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2018-02-14 09:19 - 2017-12-05 13:08 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2018-02-14 09:19 - 2017-12-05 12:04 - 000404992 _____ (Microsoft Corporation) C:\Windows\system32\wisptis.exe
2018-02-14 09:19 - 2017-12-05 11:49 - 000032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll
2018-02-14 09:19 - 2017-11-07 12:31 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2018-02-14 09:19 - 2017-11-07 12:13 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2018-02-14 09:19 - 2017-11-04 11:31 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll
2018-02-14 09:19 - 2017-11-04 11:31 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
2018-02-14 09:19 - 2017-11-04 11:10 - 000158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itircl.dll
2018-02-14 09:19 - 2017-11-04 11:10 - 000142336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
2018-02-14 09:19 - 2017-11-02 12:55 - 000281600 _____ (Microsoft Corporation) C:\Windows\system32\iprtrmgr.dll
2018-02-14 09:19 - 2017-11-02 12:55 - 000138240 _____ (Microsoft Corporation) C:\Windows\system32\rtm.dll
2018-02-14 09:19 - 2017-11-02 12:55 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\mprdim.dll
2018-02-14 09:19 - 2017-11-02 12:55 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\iprtprio.dll
2018-02-14 09:19 - 2017-11-02 11:11 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtrmgr.dll
2018-02-14 09:19 - 2017-11-02 11:11 - 000115200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtm.dll
2018-02-14 09:19 - 2017-11-02 11:11 - 000075264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprdim.dll
2018-02-14 09:19 - 2017-11-02 10:56 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtprio.dll
2018-02-14 09:19 - 2017-10-17 22:06 - 000344064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2018-02-14 09:19 - 2017-10-17 22:06 - 000327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2018-02-14 09:19 - 2017-10-17 22:06 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2018-02-14 09:19 - 2017-10-17 22:06 - 000056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2018-02-14 09:19 - 2017-10-17 22:06 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2018-02-14 09:19 - 2017-10-17 22:06 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2018-02-14 09:19 - 2017-10-17 22:06 - 000007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2018-02-14 09:19 - 2017-10-16 19:04 - 001001984 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2018-02-14 09:19 - 2017-10-16 18:46 - 000953344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
2018-02-14 09:19 - 2017-10-16 17:55 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2018-02-14 09:19 - 2017-10-11 20:55 - 014635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2018-02-14 09:19 - 2017-10-11 20:55 - 012574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2018-02-14 09:19 - 2017-10-11 20:55 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2018-02-14 09:19 - 2017-10-11 20:55 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2018-02-14 09:19 - 2017-10-11 20:55 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2018-02-14 09:19 - 2017-10-11 20:55 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2018-02-14 09:19 - 2017-10-11 20:55 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2018-02-14 09:19 - 2017-10-11 20:55 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2018-02-14 09:19 - 2017-10-11 20:55 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2018-02-14 09:19 - 2017-10-11 20:55 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2018-02-14 09:19 - 2017-10-11 20:55 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2018-02-14 09:19 - 2017-10-11 20:55 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2018-02-14 09:19 - 2017-10-11 20:55 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2018-02-14 09:19 - 2017-10-11 20:55 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2018-02-14 09:19 - 2017-10-11 20:55 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2018-02-14 09:19 - 2017-10-11 20:39 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2018-02-14 09:19 - 2017-10-11 20:38 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2018-02-14 09:19 - 2017-10-11 20:38 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2018-02-14 09:19 - 2017-10-11 20:37 - 012574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2018-02-14 09:19 - 2017-10-11 20:37 - 011410944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2018-02-14 09:19 - 2017-10-11 20:37 - 001549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2018-02-14 09:19 - 2017-10-11 20:37 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2018-02-14 09:19 - 2017-10-11 20:37 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2018-02-14 09:19 - 2017-10-11 20:37 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2018-02-14 09:19 - 2017-10-11 20:37 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2018-02-14 09:19 - 2017-10-11 20:37 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2018-02-14 09:19 - 2017-10-11 20:37 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2018-02-14 09:19 - 2017-10-11 20:37 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2018-02-14 09:19 - 2017-10-11 20:37 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2018-02-14 09:19 - 2017-10-11 20:26 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2018-02-14 09:19 - 2017-10-11 20:26 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2018-02-14 09:19 - 2017-10-11 20:25 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2018-02-14 09:19 - 2017-10-11 20:25 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2018-02-14 09:19 - 2017-10-11 20:24 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2018-02-14 09:19 - 2017-10-11 20:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2018-02-14 09:19 - 2017-10-11 20:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2018-02-14 09:19 - 2017-10-11 20:20 - 000317440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2018-02-14 09:19 - 2017-10-11 20:20 - 000113152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys
2018-02-14 09:19 - 2017-09-07 09:05 - 000995272 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2018-02-14 09:19 - 2017-09-07 09:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2018-02-14 09:18 - 2018-01-21 19:50 - 000136424 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-02-14 09:18 - 2018-01-21 19:40 - 000654336 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-02-14 09:18 - 2018-01-19 10:05 - 001994752 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-02-14 09:18 - 2018-01-19 10:05 - 001569280 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-02-14 09:18 - 2018-01-19 10:05 - 000749568 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-02-14 09:18 - 2018-01-19 10:05 - 000604672 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-02-14 09:18 - 2018-01-19 10:05 - 000450048 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-02-14 09:18 - 2018-01-19 10:05 - 000378880 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-02-14 09:18 - 2018-01-19 10:05 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-02-14 09:18 - 2018-01-19 10:05 - 000236544 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-02-14 03:31 - 2018-02-14 03:31 - 000001892 _____ C:\Users\Public\Desktop\Garmin Express.lnk
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-16 13:28 - 2015-10-21 16:49 - 000004958 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for srulyG-beigels srulyG
2018-03-16 13:25 - 2009-07-14 00:45 - 000021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-03-16 13:25 - 2009-07-14 00:45 - 000021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-03-16 13:22 - 2009-07-14 01:13 - 000785942 _____ C:\Windows\system32\PerfStringBackup.INI
2018-03-16 13:22 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2018-03-16 13:16 - 2016-02-21 08:44 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-03-16 13:15 - 2015-10-22 23:42 - 000000906 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2018-03-16 13:15 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-03-16 03:05 - 2015-10-22 23:42 - 000000910 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2018-03-16 02:24 - 2015-07-28 09:31 - 000000000 ____D C:\WATCHER
2018-03-16 02:23 - 2017-12-20 12:41 - 000000000 ____D C:\Program Files (x86)\Kutools for Excel
2018-03-16 02:12 - 2015-07-28 09:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2018-03-15 20:54 - 2009-07-14 00:45 - 000437976 _____ C:\Windows\system32\FNTCACHE.DAT
2018-03-15 20:20 - 2015-07-28 09:39 - 000113512 _____ C:\Users\beigels\AppData\Local\GDIPFONTCACHEV1.DAT
2018-03-15 20:15 - 2015-11-02 12:24 - 000000000 ____D C:\Users\beigels\AppData\Local\ElevatedDiagnostics
2018-03-15 20:13 - 2016-12-05 13:39 - 000000000 ____D C:\Users\beigels\AppData\Roaming\Mp3tag
2018-03-14 22:02 - 2015-10-23 00:13 - 000000000 ____D C:\Program Files (x86)\Audacity
2018-03-14 21:59 - 2016-11-28 13:22 - 000000000 ____D C:\Program Files (x86)\OpenOffice 4
2018-03-14 21:27 - 2016-01-22 11:22 - 000000000 ____D C:\Users\beigels\AppData\Local\Kingsoft
2018-03-14 21:27 - 2016-01-22 11:22 - 000000000 ____D C:\ProgramData\Kingsoft
2018-03-14 21:04 - 2015-04-30 08:25 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-03-14 18:14 - 2015-10-22 23:50 - 000000000 ___RD C:\Users\beigels\Documents\Dropbox
2018-03-14 18:09 - 2015-04-30 08:25 - 000000000 ____D C:\Temp
2018-03-14 15:48 - 2015-04-30 08:15 - 000804352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-03-14 15:48 - 2015-04-30 08:15 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-03-14 15:48 - 2015-04-30 08:15 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-03-14 15:48 - 2015-04-30 08:15 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-03-14 15:48 - 2015-04-30 08:15 - 000000000 ____D C:\Windows\system32\Macromed
2018-03-13 23:26 - 2009-07-14 01:32 - 000000000 ____D C:\Windows\system32\FxsTmp
2018-03-13 18:08 - 2015-10-16 13:37 - 000002000 ____H C:\Users\beigels\Documents\Default.rdp
2018-03-11 13:19 - 2015-11-04 17:07 - 000000000 ____D C:\Users\beigels\AppData\Roaming\uTorrent
2018-03-11 11:57 - 2015-11-13 01:02 - 000000000 ____D C:\Users\beigels\AppData\Roaming\MPC-HC
2018-03-09 19:25 - 2015-07-28 09:34 - 000000000 ____D C:\Program Files (x86)\Google
2018-03-09 19:24 - 2015-11-13 00:24 - 000000000 ____D C:\Users\beigels\AppData\Roaming\Anvsoft
2018-03-09 18:21 - 2015-11-19 15:03 - 000000000 ____D C:\Users\beigels\Documents\Outlook Files
2018-03-09 02:53 - 2015-10-16 00:13 - 000000000 ____D C:\Me
2018-03-09 01:59 - 2015-10-22 18:29 - 000000000 ____D C:\Users\beigels\AppData\Local\CrashDumps
2018-03-07 11:56 - 2018-02-13 15:36 - 000004128 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-03-07 11:47 - 2016-09-08 18:01 - 000000000 ____D C:\Windows\pss
2018-03-07 11:10 - 2017-05-18 00:35 - 000004174 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2018-03-06 19:12 - 2015-11-02 14:38 - 000000000 ____D C:\Users\beigels\AppData\Roaming\TeamViewer
2018-03-06 15:22 - 2015-07-28 09:39 - 000000000 ____D C:\Windows\AutoKMS
2018-03-06 15:22 - 2015-07-28 09:29 - 000000000 ____D C:\Microsoft Toolkit 2.5.3 Official Torrent
2018-03-06 07:40 - 2017-10-02 11:29 - 000000000 ____D C:\Windows\Minidump
2018-03-06 07:37 - 2015-10-22 23:41 - 000000000 ____D C:\Program Files\CCleaner
2018-03-06 06:52 - 2016-02-21 08:45 - 000000000 ____D C:\Users\beigels\AppData\Local\TeamViewer
2018-03-05 17:57 - 2016-06-17 16:24 - 000000000 ____D C:\Users\beigels\.android
2018-03-05 09:02 - 2017-12-05 18:45 - 000189032 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArPot.sys
2018-03-05 09:02 - 2017-05-18 00:35 - 000452904 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2018-03-05 09:02 - 2017-05-18 00:35 - 000372920 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2018-03-05 09:02 - 2017-05-18 00:35 - 000198368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2018-03-05 09:02 - 2017-05-18 00:35 - 000139040 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2018-03-05 09:02 - 2017-05-18 00:35 - 000102720 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2018-03-05 09:02 - 2017-05-18 00:35 - 000076760 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2018-03-05 09:02 - 2017-05-18 00:35 - 000039352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
2018-03-05 09:01 - 2017-05-18 00:35 - 001019088 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2018-03-05 09:01 - 2017-05-18 00:35 - 000337344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbloga.sys
2018-03-05 09:01 - 2017-05-18 00:35 - 000221096 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdrivera.sys
2018-03-05 09:01 - 2017-05-18 00:35 - 000193024 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsha.sys
2018-03-05 09:01 - 2017-05-18 00:35 - 000166552 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbdiska.sys
2018-03-05 09:01 - 2017-05-18 00:35 - 000051272 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniva.sys
2018-03-05 09:00 - 2015-10-22 23:42 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-02-27 03:36 - 2015-10-16 13:07 - 000000000 ____D C:\Program Files (x86)\FreeCommander XE
2018-02-27 03:35 - 2015-07-28 09:35 - 000002226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-27 03:35 - 2015-07-28 09:35 - 000002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-02-26 15:25 - 2017-05-17 10:47 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-02-26 15:24 - 2016-01-18 11:45 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-02-21 15:05 - 2015-10-23 12:16 - 000000000 ____D C:\ProgramData\Garmin
2018-02-20 14:26 - 2017-12-20 12:41 - 000001116 _____ C:\Users\beigels\Desktop\Kutools for Excel.lnk
2018-02-19 13:37 - 2011-02-10 10:33 - 000778064 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-02-17 12:34 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\rescache
2018-02-16 06:32 - 2009-07-14 01:09 - 000000000 ____D C:\Windows\System32\Tasks\WPD
2018-02-16 06:32 - 2009-07-14 00:57 - 000001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2018-02-16 06:26 - 2015-10-21 18:05 - 000000000 ____D C:\Windows\system32\appraiser
2018-02-16 06:26 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\SysWOW64\Setup
2018-02-16 06:26 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\system32\Setup
2018-02-16 06:23 - 2017-09-28 09:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2018-02-16 06:23 - 2015-10-23 00:14 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-02-16 06:22 - 2015-10-22 15:35 - 000000000 ____D C:\Windows\system32\MRT
2018-02-16 06:18 - 2017-10-17 15:34 - 130067560 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-02-16 06:18 - 2015-10-22 15:35 - 130067560 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-02-15 22:58 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2018-02-14 20:32 - 2018-01-15 17:47 - 000000000 ____D C:\Users\beigels\AppData\Local\Eclipse
2018-02-14 20:32 - 2018-01-15 16:50 - 000000000 ____D C:\Users\beigels\.p2
2018-02-14 13:38 - 2015-10-22 23:32 - 000000000 ____D C:\ProgramData\WinZip
2018-02-14 13:31 - 2015-10-23 00:07 - 000001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinRAR.lnk
2018-02-14 13:31 - 2015-10-23 00:07 - 000001114 _____ C:\Users\Public\Desktop\WinRAR.lnk
2018-02-14 13:31 - 2015-10-23 00:07 - 000000000 ____D C:\Users\beigels\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-02-14 13:31 - 2015-10-23 00:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-02-14 03:31 - 2015-10-23 12:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2018-02-14 03:31 - 2015-10-23 12:16 - 000000000 ____D C:\Program Files (x86)\Garmin
2018-02-14 03:31 - 2015-10-16 14:01 - 000000000 ____D C:\ProgramData\Package Cache
2018-02-14 03:30 - 2015-10-23 12:16 - 000003552 _____ C:\Windows\System32\Tasks\GarminUpdaterTask
 
Some files in TEMP:
====================
2016-01-25 04:42 - 2016-01-25 04:42 - 004995416 _____ (Microsoft Corporation) C:\Users\beigels\AppData\Local\Temp\vcredist10_x86.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-03-09 03:40
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by beigels (16-03-2018 13:30:40)
Running from C:\Users\beigels\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-07-28 13:23:33)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2779557678-3830489536-1879980627-500 - Administrator - Disabled)
beigels (S-1-5-21-2779557678-3830489536-1879980627-1000 - Administrator - Enabled) => C:\Users\beigels
Guest (S-1-5-21-2779557678-3830489536-1879980627-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: AVG Antivirus (Enabled - Up to date) {C50510DE-367A-330C-FD5C-556ACFB11243}
AS: AVG Antivirus (Enabled - Up to date) {7E64F13A-1040-3C82-C7EC-6E18B43658FE}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2779557678-3830489536-1879980627-1000\...\uTorrent) (Version: 3.5.3.44358 - BitTorrent Inc.)
7-Zip 18.01 (x64) (HKLM\...\7-Zip) (Version: 18.01 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Flash Player 29 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 29.0.0.113 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.113 - Adobe Systems Incorporated)
AirDroid 3.6.2.0 (HKLM-x32\...\AirDroid) (Version: 3.6.2.0 - Sand Studio)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
ANT Drivers Installer x64 (HKLM\...\{00EC0123-5EC2-4D75-830C-EF11667E74E8}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Any Video Converter 5.9.9 (HKLM-x32\...\Any Video Converter) (Version: 5.9.9 - Anvsoft)
Attribute Changer 9.0a (HKLM\...\{27263813-8BDE-4CD2-84D3-02536743428A}_is1) (Version: 9.0a - Romain Petges)
Audacity 2.2.2 (HKLM-x32\...\Audacity_is1) (Version: 2.2.2 - Audacity Team)
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 18.2.3046 - AVG Technologies)
Brother MFL-Pro Suite MFC-L2720DW series (HKLM-x32\...\{F8ECC2FD-CE2B-4ED4-BDCC-90D0D34206FD}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.40 - Piriform)
Combined Community Codec Pack 64bit 2015-10-18 (HKLM\...\Combined Community Codec Pack 64bit_is1) (Version: 2015.10.19.0 - CCCP Project)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.9.2.8 - Dell Inc.)
Dell Command | Update (HKLM-x32\...\{EC542D5D-B608-4145-A8F7-749C02BE6D94}) (Version: 2.0.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{BC8233D8-59BA-4D40-92B9-4FDE7452AA8B}) (Version: 3.0.3999.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F173834}) (Version: 3.4.16100.0 - Dell Inc.)
Dell Protected Workspace (HKLM-x32\...\{E2CAA395-66B3-4772-85E3-6134DBAB244E}) (Version: 4.0.18189 - Invincea, Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 44.4.58 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Elevated Installer (HKLM-x32\...\{9AB7E852-655C-4BDE-9042-1D3E6807C85A}) (Version: 6.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
Evernote v. 6.7.5 (HKLM-x32\...\{65B334F4-9E45-11E7-A6A5-005056951CAD}) (Version: 6.7.5.5825 - Evernote Corp.)
Fedora Project - Fedora Media Writer - Tool to write Fedora images to flash drives (HKLM-x32\...\Fedora Media Writer) (Version: "${VERSIONMAJOR}.${VERSIONMINOR}.${VERSIONBUILD}" - "Fedora Project")
FreeCommander XE (HKLM-x32\...\FreeCommander XE_is1) (Version:  - Marek Jasinski)
FreeMouseAutoClicker 3.8 (HKLM-x32\...\{292F00C5-25EF-4FBE-9873-13EF1F69DEED}_is1) (Version:  - Advanced Mouse Auto Clicker ltd.)
Garmin BaseCamp (HKLM-x32\...\{36A0D446-B8E9-4753-BDFE-335F6F4DE59C}) (Version: 4.5.2 - Garmin Ltd or its subsidiaries)
Garmin City Navigator North America NT 2016.20 (HKLM-x32\...\{79A8C65B-0289-45A2-9A8D-6AAE0B64A374}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin City Navigator North America NT 2017.10 (HKLM-x32\...\{08858497-31DE-491F-B21F-95AC17D75CEF}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin City Navigator North America NT 2018.30 (HKLM-x32\...\{152AD9F4-AFBF-417B-AC07-0C6A3EB6D304}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{E695D74A-9567-46DA-A4EE-0E191F21194B}) (Version: 6.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{fb1ff7db-c0d2-43c4-99bf-5b2fa4f9ca0b}) (Version: 6.1.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express Tray (HKLM-x32\...\{7C8FDEF1-F311-459C-B3CC-EEF73C721BFD}) (Version: 6.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM\...\{DC7720F2-98BE-41C1-B0A8-E391362E86B8}) (Version: 2.3.1.1 - Garmin Ltd or its subsidiaries)
GhostMouse (HKLM-x32\...\GhostMouse_is1) (Version: Free V3.2.3 - ghost-mouse.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.186 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
HP Display Assistant (HKLM-x32\...\{17B371B7-740F-4C83-BDFE-0C3A2C585103}) (Version: 2.11.045 - Portrait Displays, Inc.)
Intel Android Device USB driver (HKLM\...\Intel Android Device USB driver) (Version: 1.10.0 - Intel)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.31.1000 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3234 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.4.40 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{6230EE50-BD4E-4B39-904D-3E7600053E08}) (Version: 6.2.1 - Intel Corporation)
iVMS-4200(v2.4.1.3) (HKLM-x32\...\{7697245D-2E00-4B83-AD27-C051DE314D1F}) (Version: 2.4.1.3 - hikvision)
Java 9.0.1 (64-bit) (HKLM\...\{2590B9D6-4310-52BC-808E-1A585861A836}) (Version: 9.0.1.0 - Oracle Corporation)
Java™ SE Development Kit 9.0.1 (64-bit) (HKLM\...\{4AC8DBB2-1AE5-5156-83F9-D4E2E6DD564B}) (Version: 9.0.1.0 - Oracle Corporation)
Kol Halashon Download Manager (HKLM-x32\...\{3B5F6507-5620-4136-B4DD-4E7069BE5B4B}) (Version: 3.00.0000 - Kol Halashon)
Kutools for Excel 16.50 (HKLM-x32\...\{A095BA43-4A97-4D55-8E25-A0BC46F10765}_is1) (Version: 16.50 - Addin Technology Inc.)
LG Mobile Driver (HKLM-x32\...\{3F490D0E-3131-438C-BCF9-7549CB88DF41}) (Version: 4.2.0 - LG Electronics)
LG United Mobile Drivers (HKLM-x32\...\{4DE95ED9-0A29-4C4F-8463-35857CF9BA36}) (Version: 3.14.1 - LG Electronics)
Linux File Systems for Windows by Paragon Software (HKLM-x32\...\{F0CF025B-D6F3-4F7C-939B-23291F52875C}) (Version: 5.0.956 - Paragon Software GmbH)
Malwarebytes version 3.4.4.2398 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.4.2398 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Minimal ADB and Fastboot version 1.4.2 (HKLM-x32\...\{1901BAF7-7E78-4041-BC88-D0EE5DD1DFD9}_is1) (Version: 1.4.2 - Sam Rodberg)
MiniTool Partition Wizard Free 10.2.2 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Mozilla Firefox 56.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 56.0 (x86 en-US)) (Version: 56.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 56.0.0.6478 - Mozilla)
Mp3tag v2.86 (HKLM-x32\...\Mp3tag) (Version: 2.86 - Florian Heidenreich)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyTrigger (HKLM-x32\...\{133D2CE6-0010-457B-A8B7-6E497114CA1C}) (Version: 1.7.188.0 - torgesta.com)
Net Nanny Parental Controls (HKLM-x32\...\ALTACPHOME_is1) (Version: 6.5 - ContentWatch)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.5.4 - Notepad++ Team)
Nuance PaperPort 12 (HKLM-x32\...\{2A770862-7142-4C77-8117-F933E4110A3F}) (Version: 12.1.0006 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
nutraCoster Workstation (HKLM-x32\...\nutraCoster Workstation) (Version:  - )
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
PdfZip (HKLM-x32\...\{9FD5457C-8F9E-4D40-82F9-AB35FE7A123B}) (Version: 2.0.17 - FaradaySoft)
PhoneDeck 1.3 (HKLM-x32\...\PhoneDeck_is1) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6053 - Realtek Semiconductor Corp.)
Sansa Updater (HKU\S-1-5-21-2779557678-3830489536-1879980627-1000\...\Sansa Updater) (Version:  - SanDisk Corporation)
Scansoft PDF Professional (HKLM-x32\...\{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}) (Version:  - ) Hidden
SDK (HKLM-x32\...\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}) (Version: 2.38.024 - Portrait Displays, Inc.) Hidden
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.1.1548 - TeamViewer)
Ubuntu (HKLM-x32\...\Wubi) (Version: 17.10.1-rev328 - Ubuntu)
VBRFix (Moonbase Edition) (HKLM-x32\...\Vbrfix) (Version: 1(beta) H+Moonbase - Moonbase)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VNC Server 6.2.1 (HKLM\...\{D46A65E0-E741-4DD8-BAC1-F35DDB46C2E0}) (Version: 6.2.1.32538 - RealVNC Ltd)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (08/27/2012 7.0.0000.00001) (HKLM\...\450B7CBC371CAEC6A328083977AA7A09E7AE5D29) (Version: 08/27/2012 7.0.0000.00001 - Google, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinHTTrack Website Copier 3.49-2 (x64) (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.49.2 - HTTrack)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
XML Notepad 2007 (HKLM-x32\...\{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}) (Version: 2.3.0.0 - Microsoft Corporation)
כלי ההגהה של Microsoft Office 2013 - עברית (HKLM\...\{90150000-001F-040D-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2779557678-3830489536-1879980627-1000_Classes\CLSID\{53B2AC1B-7B81-47FC-8D3B-595CDE21D0BA}\InprocServer32 -> C:\Users\beigels\AppData\Local\Apps\Evernote\Evernote\EvernoteCCx64.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
CustomCLSID: HKU\S-1-5-21-2779557678-3830489536-1879980627-1000_Classes\CLSID\{92EF2EAD-A7CE-4424-B0DB-499CF856608E}\InprocServer32 -> C:\Users\beigels\AppData\Local\Apps\Evernote\Evernote\EvernoteIEx64.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
CustomCLSID: HKU\S-1-5-21-2779557678-3830489536-1879980627-1000_Classes\CLSID\{93c503ec-b307-4339-bca2-37fe3b4836e8}\InprocServer32 -> C:\Users\beigels\AppData\Local\Apps\Evernote\Evernote\EvernoteOLShim64.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\beigels\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\beigels\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\beigels\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2015-12-07] (SoftThinks SAS)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2015-12-07] (SoftThinks SAS)
ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2015-12-07] (SoftThinks SAS)
ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2015-12-07] (SoftThinks SAS)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\beigels\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\beigels\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\beigels\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2017-12-31] ()
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2018-03-05] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\beigels\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-10-25] (Florian Heidenreich)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers2: [ACShell] -> {D3F9A525-8824-497A-BE36-B23E22F141FC} => C:\Program Files\Attribute Changer\acshell.dll [2018-02-28] (Romain Petges)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\beigels\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-10-25] (Florian Heidenreich)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [ACShell] -> {D3F9A525-8824-497A-BE36-B23E22F141FC} => C:\Program Files\Attribute Changer\acshell.dll [2018-02-28] (Romain Petges)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\beigels\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\beigels\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] ()
ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-10-25] (Florian Heidenreich)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2013-07-09] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2018-03-05] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {04E5751E-10D7-471B-AE32-48A8F52F518F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {0B3DE149-1774-454F-B30A-7F3C88F4B1C1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-28] (Google Inc.)
Task: {1DE633F2-8680-4407-8829-17CBD385A206} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_Plugin.exe [2018-03-14] (Adobe Systems Incorporated)
Task: {45D6297E-3262-43CC-9F01-BE8331397167} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {580419A8-33F1-454D-82C8-3850DBABA54D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-03-14] (Adobe Systems Incorporated)
Task: {650ACC87-C6B4-4F2C-B972-049A14A51B21} - System32\Tasks\JavaUpdateSched => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2017-09-27] (Oracle Corporation)
Task: {6708A4E2-206C-4F17-9EA9-1EF49C08CAB2} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2018-02-08] ()
Task: {72CA1F8B-59F2-4644-AF7A-2A102795D698} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-03-31] (McAfee, Inc.)
Task: {7A12201C-CFD5-4C34-B1BE-437088FDE397} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {80727493-4937-4DAF-B3CC-824185451150} - System32\Tasks\{BFB6C4C6-6BC5-456F-AD1B-7AAE7D3740D7} => C:\Windows\system32\pcalua.exe -a "C:\Users\beigels\AppData\Local\Kingsoft\WPS Office\9.1.0.5200\utility\uninst.exe"
Task: {819ECAD1-D4D5-434B-837C-844F7F43109E} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-02-07] (Piriform Ltd)
Task: {86D6BF07-2501-4729-9D34-6B385742A145} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2018-03-05] (AVG Technologies CZ, s.r.o.)
Task: {88E5761B-36E0-40F8-BCCD-C76CD5960101} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
Task: {8BC993D1-4215-42C9-8337-E4B1A259C96B} - System32\Tasks\LinuxFS Updater => C:\Program Files (x86)\Paragon Software\LinuxFS for Windows\Updater.exe [2017-11-30] (Paragon Software)
Task: {9272878B-2B0B-437F-8981-F4BC1EF3153B} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {974FAAAD-667C-46FC-A88C-067F81141A25} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {A7176241-9540-4553-A2BE-7666BBE9E3B9} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {AC0BF97E-ADB8-44EA-AFD8-7F38A398FD43} - System32\Tasks\LinuxFS GUI => C:\Program Files (x86)\Paragon Software\LinuxFS for Windows\Linux File Systems for Windows by Paragon Software.exe [2017-11-30] (Paragon Software)
Task: {D5040E68-5DA6-423B-8205-0F3E811A691D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-02-07] (Piriform Ltd)
Task: {DB73E199-0B43-4CC8-8249-11146CD7D5DE} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2018-02-15] (AVG Technologies CZ, s.r.o.)
Task: {E1DDE9FD-50FB-410B-824E-2C23529999AE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-28] (Google Inc.)
Task: {E8B901E5-0476-4B0A-BBC4-408954DAB70C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {EFF5AE57-220F-46A1-A540-29E9ACB1FAF0} - System32\Tasks\Microsoft Office 15 Sync Maintenance for srulyG-beigels srulyG => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\beigels\Desktop\fixcomputer.lnk -> F:\fixcomputer.bat ()
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-06-07 16:09 - 2017-06-07 16:09 - 000598528 _____ () C:\Users\beigels\AppData\Local\MEGAsync\ShellExtX64.dll
2005-08-30 12:30 - 2005-08-30 12:30 - 000466944 _____ () C:\Program Files (x86)\MyTrigger\MyTrigger.exe
2017-11-30 14:49 - 2017-11-30 14:49 - 000414208 _____ () C:\Program Files (x86)\Paragon Software\LinuxFS for Windows\dokan.dll
2018-03-06 07:41 - 2018-02-05 15:44 - 002299168 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-03-06 07:41 - 2018-03-01 11:31 - 002488608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-03-05 09:01 - 2018-03-05 09:01 - 000722672 _____ () c:\Program Files (x86)\AVG\Antivirus\x64\vaarclient.dll
2018-03-05 09:02 - 2018-03-05 09:02 - 000913136 _____ () C:\Program Files (x86)\AVG\Antivirus\x64\ffl2.dll
2018-03-05 09:02 - 2018-03-05 09:02 - 000342768 _____ () c:\Program Files (x86)\AVG\Antivirus\x64\StreamBack.dll
2018-03-05 09:02 - 2018-03-05 09:02 - 000289008 _____ () C:\Program Files (x86)\AVG\Antivirus\streamback.dll
2018-03-05 09:02 - 2018-03-05 09:02 - 000281328 _____ () C:\Program Files (x86)\AVG\Antivirus\tasks_core.dll
2018-03-15 20:39 - 2018-03-15 20:39 - 005796080 _____ () C:\Program Files (x86)\AVG\Antivirus\defs\18031508\algo.dll
2018-03-05 09:02 - 2018-03-05 09:02 - 000758000 _____ () C:\Program Files (x86)\AVG\Antivirus\ffl2.dll
2018-03-05 09:01 - 2018-03-05 09:01 - 000965872 _____ () C:\Program Files (x86)\AVG\Antivirus\shepherdsync.dll
2018-03-05 09:01 - 2018-03-05 09:01 - 000476400 _____ () C:\Program Files (x86)\AVG\Antivirus\gui_cache.dll
2018-03-16 13:17 - 2018-03-16 13:17 - 005796080 _____ () C:\Program Files (x86)\AVG\Antivirus\defs\18031602\algo.dll
2017-05-08 10:35 - 2017-05-08 10:35 - 000325632 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\GpsImgWrapper.dll
2018-02-08 14:32 - 2018-02-08 14:32 - 000073216 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\FixBootSector.dll
2018-03-05 09:02 - 2018-03-05 09:02 - 067127976 _____ () C:\Program Files (x86)\AVG\Antivirus\libcef.dll
2018-03-05 09:00 - 2018-02-26 07:24 - 000746312 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2018-03-05 09:00 - 2018-02-26 07:24 - 002079048 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2017-09-08 18:09 - 2018-02-26 07:24 - 000100312 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-09-08 18:09 - 2018-02-26 07:24 - 000018896 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-09-08 18:09 - 2018-02-26 07:26 - 000020808 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-09-08 18:09 - 2018-02-26 07:24 - 000035808 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-09-08 18:09 - 2018-02-26 07:24 - 000694232 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2018-03-05 09:00 - 2018-02-26 07:26 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-09-08 18:09 - 2018-02-26 07:24 - 000130520 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2018-03-05 09:00 - 2018-02-26 07:26 - 001856864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2018-03-05 09:00 - 2018-02-26 07:26 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2018-03-05 09:00 - 2018-02-26 07:24 - 000145880 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2018-03-05 09:00 - 2018-02-26 07:24 - 000116696 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-09-08 18:09 - 2018-02-26 07:24 - 000105944 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-09-08 18:09 - 2018-02-26 07:26 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2018-03-05 09:00 - 2018-02-26 07:26 - 000063312 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-09-08 18:09 - 2018-02-26 07:24 - 000024536 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2018-03-05 09:00 - 2018-02-26 07:26 - 000077120 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2018-03-05 09:00 - 2018-02-26 07:24 - 000020952 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-09-08 18:09 - 2018-02-26 07:24 - 000124888 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-09-08 18:09 - 2018-02-26 07:24 - 000116184 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2018-03-05 09:00 - 2018-02-26 07:24 - 000392664 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-09-08 18:09 - 2018-02-26 07:26 - 000392520 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-09-08 18:09 - 2018-02-26 07:26 - 000026464 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-09-08 18:09 - 2018-02-26 07:24 - 000024024 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-09-08 18:09 - 2018-02-26 07:24 - 000175576 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-09-08 18:09 - 2018-02-26 07:24 - 000030168 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-09-08 18:09 - 2018-02-26 07:24 - 000043480 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-09-20 17:13 - 2018-02-26 07:24 - 000026072 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd
2017-09-08 18:09 - 2018-02-26 07:24 - 000048600 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-09-08 18:09 - 2018-02-26 07:24 - 000057816 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2018-03-05 09:00 - 2018-02-26 07:26 - 000021840 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-09-08 18:09 - 2018-02-26 07:27 - 000023376 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd
2018-03-05 09:00 - 2018-02-26 07:26 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2017-09-08 18:09 - 2018-02-26 07:26 - 000066400 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2018-03-05 09:00 - 2018-02-26 07:26 - 001798464 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-09-08 18:09 - 2018-02-26 07:24 - 000084944 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2018-03-05 09:00 - 2018-02-26 07:26 - 001959232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2018-03-05 09:00 - 2018-02-26 07:26 - 003863880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2018-03-05 09:00 - 2018-02-26 07:26 - 000155472 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2018-03-05 09:00 - 2018-02-26 07:26 - 000521544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2018-03-05 09:00 - 2018-02-26 07:26 - 000051024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2018-03-05 09:00 - 2018-02-26 07:26 - 000043336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2018-03-05 09:00 - 2018-02-26 07:26 - 000131400 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2018-03-05 09:00 - 2018-02-26 07:26 - 000219984 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2018-03-05 09:00 - 2018-02-26 07:26 - 000204104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-09-08 18:09 - 2018-02-26 07:27 - 000025440 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-09-08 18:09 - 2018-02-26 07:24 - 000060888 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-09-08 18:09 - 2018-02-26 07:27 - 000054616 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-09-08 18:09 - 2018-02-26 07:24 - 000024024 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-09-08 18:09 - 2018-02-26 07:26 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-09-08 18:09 - 2018-02-26 07:24 - 000028632 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-09-08 18:09 - 2018-02-26 07:26 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-09-08 18:09 - 2018-02-26 07:26 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-09-08 18:09 - 2018-02-26 07:27 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2018-03-05 09:00 - 2018-02-26 07:26 - 000027496 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-09-08 18:09 - 2018-02-26 07:24 - 000349144 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-09-08 18:09 - 2018-02-26 07:27 - 000023904 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2018-03-05 09:00 - 2018-02-26 07:26 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2018-03-05 09:00 - 2018-02-26 07:24 - 000036312 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2018-01-10 21:09 - 2018-02-26 07:26 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.pyd
2018-03-05 09:00 - 2018-02-26 07:26 - 000181064 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-09-08 18:09 - 2018-02-26 07:26 - 000030544 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2018-03-05 09:00 - 2018-02-26 07:26 - 000024384 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2018-03-05 09:00 - 2018-02-26 07:26 - 001638208 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-09-08 18:09 - 2018-02-26 07:26 - 000026464 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2018-03-05 09:00 - 2018-02-26 07:26 - 000546632 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2018-03-05 09:00 - 2018-02-26 07:26 - 000359744 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2018-03-05 09:00 - 2018-02-26 07:26 - 000038216 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngine.pyd
2017-07-03 12:50 - 2009-02-27 16:38 - 000139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2017-06-07 16:07 - 2017-06-07 16:07 - 000569856 _____ () C:\Users\beigels\AppData\Local\MEGAsync\ShellExtX32.dll
2018-02-27 03:35 - 2018-02-22 00:12 - 003730264 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.186\libglesv2.dll
2018-02-27 03:35 - 2018-02-22 00:12 - 000085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.186\libegl.dll
2014-11-10 13:12 - 2014-11-10 13:12 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2018-02-22 12:57 - 2018-02-22 12:57 - 024028656 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll
2018-02-11 18:53 - 2018-02-11 18:53 - 000392688 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\sqlite.dll
2017-07-31 18:31 - 2017-07-31 18:31 - 072940016 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3873 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3916 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:4014 [0]
AlternateDataStreams: C:\Users\beigels\Documents\Elvenar Press.rms:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\beigels\Documents\_Things to do.doc:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\beigels\Documents\~WRL0413.tmp:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\beigels\Documents\~WRL1438.tmp:com.dropbox.attributes [168]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2016-06-07 10:05 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2779557678-3830489536-1879980627-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\beigels\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.10.10.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: BlackBerry Device Manager => 3
MSCONFIG\Services: BrYNSvc => 3
MSCONFIG\Services: Dell Foundation Services => 2
MSCONFIG\Services: DTSRVC => 2
MSCONFIG\Services: InvProtectSvc => 2
MSCONFIG\Services: Kingsoft_WPS_UpdateService => 2
MSCONFIG\Services: PdiService => 2
MSCONFIG\Services: RIM MDNS => 2
MSCONFIG\Services: RIM Tunnel Service => 2
MSCONFIG\Services: RtkAudioService => 2
MSCONFIG\Services: SboxSvc => 2
MSCONFIG\Services: SftService => 2
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: TrueKey => 2
MSCONFIG\Services: TrueKeyScheduler => 2
MSCONFIG\Services: TrueKeyServiceHelper => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FAH.lnk => C:\Windows\pss\FAH.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Update Notifier.lnk => C:\Windows\pss\Update Notifier.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^beigels^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\Windows\pss\Send to OneNote.lnk.Startup
MSCONFIG\startupreg: BrStsMon00 => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
MSCONFIG\startupreg: DT HWP => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -HWP
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: IndexSearch => "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
MSCONFIG\startupreg: PDF5 Registry Controller => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
MSCONFIG\startupreg: PDFHook => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
MSCONFIG\startupreg: PPort12reminder => "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
MSCONFIG\startupreg: RIM PeerManager => "C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe"
MSCONFIG\startupreg: RIMBBLaunchAgent.exe => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
MSCONFIG\startupreg: RtHDVBg => "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX4 /WAVES_SUBTYPE_FOR_LYNC
MSCONFIG\startupreg: RtHDVCpl => "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" /s
MSCONFIG\startupreg: uTorrent => "C:\Users\beigels\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{DF4A808C-62E0-4357-B6E2-76966A6CA14C}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{238E844B-ADB6-4508-BDAB-EBF40ACCFD19}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{C111B82F-425C-476B-BF89-55F5364835BE}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{1B6C17DA-9271-4E6D-89AA-C3D3992A0904}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{16EE50F0-375F-43B8-B118-4CCD3770F5DE}C:\users\beigels\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\beigels\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{5B887A0F-5DEB-46C9-A2E7-9ADB3BBE12CC}C:\users\beigels\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\beigels\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{D61ADC17-8C7C-41D2-AFA2-2AAC31B90B83}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{20F9A403-88B2-4745-B486-62D806B6C059}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{0AC1202E-6C27-4B71-81E3-F966117AF8AF}C:\program files\ivms-4200 station\ivms-4200\ivms-4200 client\ivms-4200.exe] => (Allow) C:\program files\ivms-4200 station\ivms-4200\ivms-4200 client\ivms-4200.exe
FirewallRules: [UDP Query User{4F37A4FE-5555-4E9F-BE38-93907B000B3C}C:\program files\ivms-4200 station\ivms-4200\ivms-4200 client\ivms-4200.exe] => (Allow) C:\program files\ivms-4200 station\ivms-4200\ivms-4200 client\ivms-4200.exe
FirewallRules: [TCP Query User{88D96294-6AC8-4F79-9974-F6558A4E8D90}C:\users\beigels\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\beigels\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{9C0AB04E-69C4-4CD5-A23F-AB7C6A29ABB0}C:\users\beigels\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\beigels\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{BD861E3E-87C6-4F61-85D1-EAF00E1E098C}C:\program files\android\android studio\jre\bin\java.exe] => (Allow) C:\program files\android\android studio\jre\bin\java.exe
FirewallRules: [UDP Query User{50071994-C820-4F74-8D9D-6C784E09C656}C:\program files\android\android studio\jre\bin\java.exe] => (Allow) C:\program files\android\android studio\jre\bin\java.exe
FirewallRules: [TCP Query User{A914AC5F-FA59-45C9-BCF9-ADB52ECD8D0F}C:\Program Files\Android\android studio\bin\studio64.exe] => (Allow) C:\Program Files\Android\android studio\bin\studio64.exe
FirewallRules: [UDP Query User{942E44CB-45DF-43D1-81C5-BA20665A4D2E}C:\Program Files\Android\android studio\bin\studio64.exe] => (Allow) C:\Program Files\Android\android studio\bin\studio64.exe
FirewallRules: [TCP Query User{B5FD89A4-73F2-4CC9-8F44-4EBC4ACB4D38}C:\users\beigels\eclipse-installer\eclipse-inst.exe] => (Allow) C:\users\beigels\eclipse-installer\eclipse-inst.exe
FirewallRules: [UDP Query User{C306D55E-9DD3-42A4-BE6A-22887CAF7ABF}C:\users\beigels\eclipse-installer\eclipse-inst.exe] => (Allow) C:\users\beigels\eclipse-installer\eclipse-inst.exe
FirewallRules: [TCP Query User{2AFEEEAF-CCF0-4FE6-9796-113423E68A4D}C:\program files (x86)\kol halashon\kol halashon download manager\khl download manager.exe] => (Allow) C:\program files (x86)\kol halashon\kol halashon download manager\khl download manager.exe
FirewallRules: [UDP Query User{B22BBCF9-9703-4013-9AC5-6392BB5CE546}C:\program files (x86)\kol halashon\kol halashon download manager\khl download manager.exe] => (Allow) C:\program files (x86)\kol halashon\kol halashon download manager\khl download manager.exe
FirewallRules: [{72DFFBDF-83B8-4140-B44E-2C7C4CED8D31}] => (Allow) C:\Users\beigels\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B5D1C086-3017-47E8-977F-BA2589503649}] => (Allow) C:\Users\beigels\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7A1A2934-4CE9-4782-8A70-10C830AAFBCF}] => (Allow) C:\Program Files\RealVNC\VNC Server\vncserver.exe
FirewallRules: [{1244F93A-C6D8-40E5-9633-589DE48F623F}] => (Allow) C:\Program Files\RealVNC\VNC Server\vncserver.exe
FirewallRules: [TCP Query User{E41F8081-BF4A-4B7B-8FF6-949BE8C5D0B1}C:\users\beigels\appdata\local\temp\pyl45a9.tmp\pyrun.exe] => (Allow) C:\users\beigels\appdata\local\temp\pyl45a9.tmp\pyrun.exe
FirewallRules: [UDP Query User{53F942A9-ABD3-402F-BD36-7F387B4F8900}C:\users\beigels\appdata\local\temp\pyl45a9.tmp\pyrun.exe] => (Allow) C:\users\beigels\appdata\local\temp\pyl45a9.tmp\pyrun.exe
FirewallRules: [{A9C188A4-3A2D-47B6-B41D-65E77F22C279}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{9E9A7266-C0AF-4108-8168-D94B1C982F0B}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [TCP Query User{C45F4A9A-E432-4FAA-9B80-80745A1EA6BF}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe
FirewallRules: [UDP Query User{4DF2CDF2-E024-49D5-86D7-BC8E0BE3650A}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe
FirewallRules: [{A3DBBFD4-ABDC-4C8B-BC90-1835D1D77AD3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{83FF524B-6152-4AEF-8CAD-A5CCDEDAA738}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{A4036CD3-832E-43AA-98F2-FED46AB053DF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{667D132C-F958-4180-BFD0-6968F4EA3322}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
 
==================== Restore Points =========================
 
09-03-2018 03:47:31 Scheduled Checkpoint
09-03-2018 19:23:43 Removed inAudible
09-03-2018 19:25:06 Removed Chrome Remote Desktop Host
14-03-2018 21:03:54 Removed HP USB Disk Storage Format Tool
14-03-2018 21:58:36 Removed OpenOffice 4.1.3
14-03-2018 22:18:36 Removed PhoenixSuit
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/16/2018 01:16:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (03/15/2018 08:54:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (03/14/2018 09:27:41 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (03/14/2018 09:23:06 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (03/14/2018 09:23:06 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (03/14/2018 09:18:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 64.0.3282.186 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: f88
 
Start Time: 01d3bbfb7415c0ed
 
Termination Time: 0
 
Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
Report Id: ca02f3f4-27ee-11e8-8dba-b083fea6c97a
 
Error: (03/14/2018 09:17:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 64.0.3282.186 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1a18
 
Start Time: 01d3bbfab9301fd1
 
Termination Time: 2
 
Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
Report Id: 8f024586-27ee-11e8-8dba-b083fea6c97a
 
Error: (03/14/2018 09:05:18 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
 
System errors:
=============
Error: (03/16/2018 01:24:18 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (03/16/2018 01:17:52 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel® Biometric and Context Agent Service service hung on starting.
 
Error: (03/15/2018 09:03:07 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (03/15/2018 08:56:00 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel® Biometric and Context Agent Service service hung on starting.
 
Error: (03/15/2018 08:50:34 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.
 
Error: (03/14/2018 09:10:17 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT AUTHORITY)
Description: Encrypted volume check: Volume information on \\?\Volume{0a22689d-818f-11e5-a778-0260e0540801} cannot be read.
 
Error: (03/14/2018 09:10:10 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT AUTHORITY)
Description: Encrypted volume check: Volume information on \\?\Volume{0a22689d-818f-11e5-a778-0260e0540801} cannot be read.
 
Error: (03/14/2018 09:08:31 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT AUTHORITY)
Description: Encrypted volume check: Volume information on \\?\Volume{0a22689d-818f-11e5-a778-0260e0540801} cannot be read.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4590 CPU @ 3.30GHz
Percentage of memory in use: 48%
Total physical RAM: 8110.53 MB
Available physical RAM: 4188.2 MB
Total Virtual: 16219.23 MB
Available Virtual: 12434.71 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:919.74 GB) (Free:701.21 GB) NTFS
Drive f: (DATA) (Network) (Total:847.95 GB) (Free:391.83 GB) NTFS
 
\\?\Volume{48219d44-ef42-11e4-8465-806e6f6e6963}\ (RECOVERY) (Fixed) (Total:11.73 GB) (Free:3.79 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 55422ED0)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=11.7 GB) - (Type=27)
Partition 3: (Not Active) - (Size=919.7 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#4 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:35 AM

Posted 18 March 2018 - 05:41 AM

isrgish:

 
 
:welcome: to the Bleeping Computer Virus, Trojans, Spyware, and Malware Removal Logs Forum.  My name is Phil.  May I address you by your first name?
 
I will be assisting you with your computer issues.  I will endeavor to respond within a reasonable time.   Forum policy requires that I post within 48 hours after your last post, but I do endeavor to post within 24 hours of your last post.
 
I apologize for the delay you have encountered in getting assisted.  This Forum is very busy and there are a limited number of qualified malware removal specialists available.
 
I would ask that you please continue to copy and paste the contents of all requested log files directly into your replies.   Please do not use "code" or "quote" boxes.  Thank you for your anticipated cooperation.
 
I will need some time to review your FRST logs.  That could take a day or two, but I do hope to respond to you later this afternoon.
 
PLEASE DO NOT RUN ANY ADDITIONAL SCANS OR ANTI-MALWARE REMOVAL TOOLS UNTIL YOU HAVE RECEIVED A RESPONSE FROM ME.
Doing so would complicate the situation and it would cause further delays in resolving your issues.  It could also potentially result in harm to your computer because my "fix" will be based on the FRST scan logs you have already submitted.
 
Thank you and have a great day.
 
Regards,
-Phil

Graduate of the Bleeping Computer Malware Removal Study Hall


#5 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:35 AM

Posted 18 March 2018 - 11:16 AM

isrgish:

Thank you for your patience while I analyzed your FRST logs.

Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I can only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools. Malware removal can cause unpredictable and unintended issues. Also you should be aware that some of the tools and scripts that will be used, will remove malware detected, without notice.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only the tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post(s), unless otherwise instructed. Please do not use code or quote boxes.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and may have been the route the malware used to infect your computer.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

.

OK, let's get started ...

.

:step1: In going over your logs I noticed that you have µTorrent installed. Please consider the following advice to reduce the possibility of being infected when surfing the web.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, your computer will get infected.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.

.

:step2: I am seeing errors in the "Addition.txt" file relating to Bitlocker. Are you using Bitlocker on this computer? If so, have you used it to encrypt the entire drive?

.

:step3: Please run a FRST fix for me.

NOTICE: This FRST "fixlist" script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.
 

Start::
CreateRestorePoint:
CloseProcesses:
VirusTotal: C:\Program Files (x86)\MyTrigger\MyTrigger.exe
File: C:\Program Files (x86)\Paragon Software\LinuxFS for Windows\paragon_service.exe
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
Folder: C:\ProgramData\SystemAcCrux
Folder: C:\Windows\AutoKMS
Folder: C:\Users\beigels\.p2
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Task: {72CA1F8B-59F2-4644-AF7A-2A102795D698} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-03-31] (McAfee, Inc.)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
End::
  • Please highlight the entire contents of the code box above, from the "Start::" line to the "End::" line, including both of those lines, right click, and select "Copy", which will copy the "fix" script into the Windows clipboard.
  • Right click FRST64.exe, and select "Run as Administrator".
  • Press Fix button once and wait.
  • Please reboot the computer, if requested.
  • A log file called "fixlog.txt" will be saved in the same folder as the FRST program is located.
  • Please copy and paste the contents of the "fixlog.txt" file into your next reply.

.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#6 isrgish

isrgish
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 19 March 2018 - 03:22 PM

Hi Phil,

 

First I would like to thank you for your help, I greatly appreciate it.

 

Yes you can call me by my name which is Isr.

 

Now to answer you last post.

 

1. I uninstalled µTorrent as you suggested.

 

2. As far as I know I don't use Bitlocker .

 

3. I was not able to post with the log directly in the post. I got a message unable to post so I'm attaching the file. I hope this is acceptable.

Attached Files



#7 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:35 AM

Posted 20 March 2018 - 10:41 AM

Isr:

Thank you for the FRST "fixlog.txt" file, and also for permission to address you by your first name.

Thank you for uninstalling µTorrent. Peer-to-Peer (P2P) programs are a major attack vector used by malware.

The FRST "fixlog.txt" file was very long, due a folder search that I did, which returned many, many files.

It is very interesting that you are not using Bitlocker, but that it is reporting errors. We will have to investigate that further after we have disinfected your computer.

Are you familiar with this folder/program and its contents?

C:\Users\beigels\.p2

:step1: There are a lot of "C:\Users\beigels\.p2.org.eclipse\ ..." files in that folder. I am guessing that the folder, and its contents, are related to this legitimate program: http://www.eclipse.org/eclipse/. Please confirm that "guess."

.

:step2: Please run a FRST fix for me.

NOTICE: This FRST "fixlist" script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.

Start::
CreateRestorePoint:
CloseProcesses:
VirusTotal: C:\ProgramData\SystemAcCrux\1a530a830cb61980ac.bin
C:\Windows\AutoKMS
EmptyTemp:
End::
  • Please highlight the entire contents of the code box above, from the "Start::" line to the "End::" line, including both of those lines, right click, and select "Copy", which will copy the "fix" script into the Windows clipboard.
  • Right click FRST64.exe, and select "Run as Administrator".
  • Press Fix button once and wait.
  • Please reboot the computer, if requested.
  • A log file called "fixlog.txt" will be saved in the same folder as the FRST program is located.
  • Please copy and paste the contents of the "fixlog.txt" file into your next reply.

.

:step3: Emsisoft Emergency Kit

Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).

  • After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
  • The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates.
  • When update is complete, click Malware Scan. When asked if you want the scanner to scan for Potentially Unwanted Programs, click Yes. Emsisoft Emergency Kit will start scanning.
  • When the scan is completed click Quarantine selected objects. Note, this option is only available if malicious objects were detected during the scan.
  • When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
  • Please save the log in Notepad on your desktop and post the contents in your next reply.
  • When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.

.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#8 isrgish

isrgish
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 20 March 2018 - 06:36 PM

Hi Phil,

 

Thanks for your continued help.

 

1. After some research it seems to me that this folder does belong to a program I use called Eclipse. This is a java compiler with an IDE. I'm not sure how to confirm this for sure.

 

2. Here is the FRST fix log

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by beigels (20-03-2018 19:11:44) Run:2
Running from C:\Users\beigels\Desktop
Loaded Profiles: beigels (Available Profiles: beigels)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
VirusTotal: C:\ProgramData\SystemAcCrux\1a530a830cb61980ac.bin
C:\Windows\AutoKMS
EmptyTemp:
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Windows\AutoKMS => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10804000 B
Java, Flash, Steam htmlcache => 523 B
Windows/system/drivers => 6715471 B
Edge => 0 B
Chrome => 471398320 B
Firefox => 18845766 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16802 B
systemprofile32 => 66356 B
LocalService => 0 B
NetworkService => 0 B
beigels => 53240612 B
 
RecycleBin => 0 B
EmptyTemp: => 543.1 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 19:12:51 ====
 

 

3. Here is the Emsisoft log

 

Emsisoft Emergency Kit - Version 2017.12

Last update: 3/20/2018 7:25:06 PM
User account: srulyG\beigels
Computer name: SRULYG
OS version: Windows 7x64 Service Pack 1
 
Scan settings:
 
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
 
Detect PUPs: On
Scan archives: Off
Scan mail archives: Off
ADS Scan: On
File extension filter: Off
Direct disk access: Off
 
Scan start: 3/20/2018 7:26:26 PM
 
Scanned 74337
Found 0
 
Scan end: 3/20/2018 7:29:42 PM
Scan time: 0:03:16


#9 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:35 AM

Posted 21 March 2018 - 12:42 PM

Isr:
 
Thank you for running the FRST "fixlist" script and for copying and pasting the contents of the resulting "fixlog.txt" file.  That is all looking good! :thumbup2:

Thank you also for explaining that you do use the "Eclipse" program. That's great news.
 
OK, let's move on and run a couple of more standard anti-malware scans.
 
,
 
:step1: I see you have Malwarebytes installed on your computer. Please run a "Threat Scan" for me. Please ensure that the following settings are selected, and follow the rest of the instructions to obtain a scan log.
  • Please go to "Settings", "Protection", and turn on "Scan for rootkits", if it is not "On."
  • Ensure that under "Potential Threat Protection", both switches are set to "Always Detect PUPs/PUMs (recommended).
  • Then scroll to the bottom of that page and ensure that "Automatic Quarantine" is turned "On."
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If an update of the definitions is available, it will be downloaded and installed before the scan commences.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
The Scan log is available through Reports (double-click the appropriate scan log) or you can just double-click the "Last Scan" entry on the Dashboard. Click "Export"., and then select "Copy to Clipboard". Next, please paste the contents of the log into your next reply.

.

:step2: Please download AdwCleaner by Malwarebytes and save the file to your Desktop.
  • Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait for it to complete the update.
  • Click on I Agree button.
  • Click on the Scan button.
  • AdwCleaner will begin its scan ... please be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, then make sure that you uncheck it before running the "Clean" process.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • After the scan has finished ...
  • Uncheck any PUP and adware applications that you want to keep.


If you are unsure about one or more of the detected programs, then please copy and paste the scan log, with your questions, and I will provide you with advice about those files.
The Scan logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
Do not follow the remaining "Clean" instructions until directed to do so by me, if you have any questions about one or more of the detections.
If you have no questions about any of the detections, then please proceed to the "Clean" steps below.

  • Then click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Please copy and paste the contents of that logfile into your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
.

Thank you and have a great day.

Regards,
-Phil

Graduate of the Bleeping Computer Malware Removal Study Hall


#10 isrgish

isrgish
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 21 March 2018 - 02:18 PM

Hi Phil,

 

In Malwarebytes I can't set the automatic quarantine its says its unavailable. Should i run it anyway?

 

Also you mention "after the program is fully updated, am I supposed to update the program? If yes how do I do that?

 

All the Best

Isr


Edited by isrgish, 21 March 2018 - 02:21 PM.


#11 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:35 AM

Posted 22 March 2018 - 05:58 AM

Isr:
 
Thank you for your post.  I am guessing that you might be running the free version of Malwarebytes.  Please run the scan any ways, so that we can see if anything is detected.  If there are detections, you should get the option to quarantine or ignore them.  Quarantine them, unless it is a program that you use, or you think it is a "false positive."
 
Malwarebytes should update itself when you start the Threat Scan, but you can update it manually.  On the first screen, to the right of "Scan Status", the second from the rightmost icon is a circle with an arrow.  Click that, and it will check for updates.
 
You might want to consider upgrading to Malwarebytes Premium.  It is much better, and easier, to prevent malware infections, than to clean up after your computer has been infected.  I use Malwarebytes Premium, in conjunction with Bitdefender 2018 Total Security.
 
Thank you and have a great day.
 
Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#12 isrgish

isrgish
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 22 March 2018 - 07:31 PM

Hi Phil,
 
Thanks for your response. I will look into you suggestion about malwarebytes premium and Bitdefender.
 
Here are the results of the scans.
 
1. Malwarebytes log.
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 3/22/18
Scan Time: 7:17 PM
Log File: 2e947359-2e27-11e8-9d60-b083fea6c97a.json
Administrator: Yes
 
-Software Information-
Version: 3.4.4.2398
Components Version: 1.0.322
Update Package Version: 1.0.4452
License: Free
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: srulyG\beigels
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 261475
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 6 min, 17 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)
 
2. AdwCleaner Log.
 
# AdwCleaner 7.0.8.0 - Logfile created on Fri Mar 23 00:21:15 2018
# Updated on 2018/08/02 by Malwarebytes 
# Running on Windows 7 Professional (X64)
# Mode: clean
 
***** [ Services ] *****
 
No malicious services deleted.
 
***** [ Folders ] *****
 
No malicious folders deleted.
 
***** [ Files ] *****
 
No malicious files deleted.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks deleted.
 
***** [ Registry ] *****
 
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries deleted.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries deleted.
 
*************************
 
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
 
 
 
*************************
 
C:/AdwCleaner/AdwCleaner[S0].txt - [1118 B] - [2018/3/23 0:19:47]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########+
 
Have a great evening.
Isr


#13 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:35 AM

Posted 23 March 2018 - 06:00 AM

Isr:

 

Thank you for the Malwarebytes and AdwCleaner scan logs.  They look good! :thumbup2:

 

You might also want to check out this topic by quietman7, one of the foremost computer security experts here at Bleeping Computer, for advice about choosing security software.

 

I would also check out Emsisoft Anti-Malware, which uses the Bitdefender anti-virus scanning engine, coupled with their own anti-malware engine.  So you purchase one product that does both, for a single price.  At the end of the day, it is a PERSONAL decision as to what works best for you, in terms of price, detection, computer resource load, user interface, etc.  There is no one right product(s) for everyone.

 

.

 

How is your computer running now?  Are there any issues?  If so, please describe them in as much detail as possible, and also provide any error code information that might be displayed.

 

Thank you and have a great day.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#14 isrgish

isrgish
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 23 March 2018 - 06:35 AM

Hi Phil,

 

Thanks for your reply.

 

My computer seems to be running fine as far as I can tell. I was just concerned that I have a virus, since Mal sent me here. Do you think my computer is clean now?

 

Thank You for all your help,

Isr



#15 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:35 AM

Posted 23 March 2018 - 07:47 AM

Isr:
 
Thank you for your post.  We did do some clean up and every thing is looking good as far as I can see.

Your computer appears clean!

Are you having any computer problems now? If so, please let me know. Otherwise, ENJOY your repaired computer :thumbsup:

.

:step1: We will now remove the tools we used during this fix using Delfix.

bwebb7v.jpgDownload Delfix from here and save it to your desktop.
  • Ensure Remove disinfection tools is checked.
  • Also place a checkmark next to:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click the Run button.
When the tool is finished, a log will open in Notepad. Please copy and paste the log in your next reply.

.

:step2: . . . Some Final Advice . . .

The most common cause of an infected machine is the Trojan Horse, or programs which appear to be legitimate but which contain malicious payloads, or which are simply malicious in and of themselves. No antivirus, firewall, host-based intrusion prevention system (HIPS), or other security software can fully protect you against this kind of attack. The best way to project yourself is not to run email attachments from untrusted sources, and avoid software downloaded from the internet wherever possible. Remember, when you run an application, you are giving that application permission to do to your machine anything you can do to the machine, including create, modify, or destroy files or other data. In the Windows (and most other systems' such as Unix) security model, applications don't have privileges, users do.

The second most common cause of infection is out of date software. Leaving your system unpatched leaves holes through which attackers can execute code on your behalf without your consent. This goes for far more than common targets such as Windows and Internet Explorer. Most recent threats target other third party software, such as Adobe's Adobe Reader, Shockwave Player, or Flash Player, or Oracle's Java browser plugins. You can check your system for out of date software manually, or by using automated software tools, such as Adlice Software UCheck. This goes doubly for security applications such as antivirus and other antimalware products based on definition lists, where out-of-date lists mean no detection of newer malware.

Finally, occasionally you will be forced to run some potentially infected binary, or attackers will use a hole which is unpatched by software vendors, so a last line of defense is needed. That means turning on a firewall (Windows Firewall included with Windows Vista or later is fine) and leaving it on, and using and keeping up-to-date an antivirus solution such as Bitdefender. Antiviral solutions don't even have to cost money; later versions of Windows Defender provide perfectly acceptable protection for free. If for some reason you don't like Windows Defender, there are other free products available as well:
  • Avira (shows nag screen to purchase full product when updating, home use only)
  • Bitdefender Free (home use only)
That should be fine for the majority of users. However, if you absolutely want additional protection, consider one or more of the following products:If you want more information about the methods that malware uses to infect your computer, please consider browsing our How did I get infected? topic.

.

It has been a pleasure assisting you and I hope that you will avoid any further infections in the future. Your most important protection step is to ALWAYS HAVE MORE THAN ONE RECENT BACKUP OF YOUR ENTIRE SYSTEM on an external drive that is only connected to your computer long enough to backup or restore. I do system images weekly. With the free backup software out there (Easeus ToDo Backup Home, Macrium Reflect, etc.), and the very reasonable prices for external USB hard drives, there is no reason to not have a backup.

Please copy and paste the contents of the Delfix log into your next reply. If that looks good, then we can conclude your topic.

On behalf of the Bleeping Computer (BC) community, thank you for choosing BC to assist you with your computer issues, stay safe out there in cyberspace, and have a great day.

Regards,
-Phil

Graduate of the Bleeping Computer Malware Removal Study Hall





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users