Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google detecting malicious requests from my IP


  • This topic is locked This topic is locked
11 replies to this topic

#1 rakou

rakou

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 07 May 2018 - 04:18 PM

Hello!

Recently, I'll occasionally get a notification from Google that they're detecting malicious requests from my IP.

I made a thread about this here:

https://www.bleepingcomputer.com/forums/t/676997/google-detecting-malicious-requests/

 

The BC advisor helping me told me to make a topic here to make sure it's not a malware related problem

So far I've run Trend Micro, and Malware Bytes, but neither have detected any issues

I also ran ADWcleaner and it deleted a few items.

Logs for these are available in the previous thread if you need them.

 

I'm also having an issue where MalwareBytes and ADWcleaner will run, but I can't actually open the program window unless I'm in safe mode. Not sure if that's related to the other problem or not. 

Here are my FRST logs, please let me know if you see any issues, or if you have any ideas what could be causing these problems, thanks!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.05.2018 01
Ran by yuki (administrator) on YUKI-PC (07-05-2018 16:50:56)
Running from D:\yuki\Downloads
Loaded Profiles: yuki (Available Profiles: yuki & DefaultAppPool)
Platform: Windows 10 Home Version 1709 16299.371 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe
(Razer Inc.) C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtWatchDog.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe
() C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
() C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
() C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Inc.) D:\Programs\Acrobat DC\Acrobat\acrotray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
() C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [245872 2017-07-23] (Trend Micro Inc.)
HKLM\...\Run: [Platinum] => C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe [1242568 2017-07-23] (Trend Micro Inc.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409936 2018-02-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => D:\Programs\Acrobat DC\Acrobat\Acrotray.exe [1871344 2018-02-22] (Adobe Systems Inc.)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [529480 2016-02-24] (Autodesk Inc.)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3425793527-2729637829-3367599468-1000\...\Run: [Steam] => D:\Programs\Steam\steam.exe [3199776 2018-04-02] (Valve Corporation)
HKU\S-1-5-21-3425793527-2729637829-3367599468-1000\...\Run: [Adobe Acrobat Synchronizer] => D:\Programs\Acrobat DC\Acrobat\AdobeCollabSync.exe [886768 2018-02-22] (Adobe Systems Incorporated)
HKU\S-1-5-21-3425793527-2729637829-3367599468-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\yuki\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-3425793527-2729637829-3367599468-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3425793527-2729637829-3367599468-1000\...\RunOnce: [Application Restart #4] => C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe [934912 2017-04-10] ()
HKU\S-1-5-21-3425793527-2729637829-3367599468-1000\...\RunOnce: [Application Restart #1] => C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe [934912 2017-04-10] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.86.1
Tcpip\..\Interfaces\{4129173c-d8c8-4668-967f-27cf88f5d153}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{9f577b88-88ff-4af5-a29b-ff55b4227d7c}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{cb504f13-13f8-43de-9e44-67f77c727587}: [DhcpNameServer] 192.168.86.1
Tcpip\..\Interfaces\{e5768918-7d40-4e0b-8a5f-7a3962e35f7a}: [DhcpNameServer] 192.168.86.1

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-12-12] (Microsoft Corporation)
BHO: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2017-07-23] (Trend Micro Inc.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2017-12-12] (Microsoft Corporation)
BHO: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-12-12] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2017-08-15] (Microsoft Corporation)
BHO-x32: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2017-07-23] (Trend Micro Inc.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
BHO-x32: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> No File
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-12-12] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
Toolbar: HKLM - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2017-07-23] (Trend Micro Inc.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2017-07-23] (Trend Micro Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe32.dll No File
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2017-07-23] (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2017-07-23] (Trend Micro Inc.)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ProToolbarIMRatingActiveX.dll [2017-07-23] (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll [2017-07-23] (Trend Micro Inc.)

FireFox:
========
FF DefaultProfile: m3etxh7w.default
FF ProfilePath: C:\Users\yuki\AppData\Roaming\Mozilla\Firefox\Profiles\m3etxh7w.default [2018-05-07]
FF NetworkProxy: Mozilla\Firefox\Profiles\m3etxh7w.default -> no_proxies_on", "hxxps://localhost, localhost, 127.0.0.1"
FF Extension: (NoScript) - C:\Users\yuki\AppData\Roaming\Mozilla\Firefox\Profiles\m3etxh7w.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2018-04-28]
FF Extension: (Adblock Plus) - C:\Users\yuki\AppData\Roaming\Mozilla\Firefox\Profiles\m3etxh7w.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-04-21]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - D:\Programs\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - D:\Programs\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2018-02-02]
FF HKLM\...\Firefox\Extensions: [fftmtoolbar@trendmicro.com] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: (Trend Micro Toolbar) - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2017-12-04]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - D:\Programs\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF HKLM-x32\...\Firefox\Extensions: [fftmtoolbar@trendmicro.com] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-02-14] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2016-04-10] (Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> D:\Programs\Acrobat DC\Acrobat\Air\nppdf32.dll [2018-02-22] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-02-14] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [No File]

Chrome:
=======
CHR Profile: C:\Users\yuki\AppData\Local\Google\Chrome\User Data\Default [2018-05-06]
CHR Extension: (Google Slides) - C:\Users\yuki\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-05-19]
CHR Extension: (Google Docs) - C:\Users\yuki\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-05-19]
CHR Extension: (Google Drive) - C:\Users\yuki\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-19]
CHR Extension: (YouTube) - C:\Users\yuki\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-19]
CHR Extension: (Adobe Acrobat) - C:\Users\yuki\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-05-19]
CHR Extension: (Google Sheets) - C:\Users\yuki\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-05-19]
CHR Extension: (Google Docs Offline) - C:\Users\yuki\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\yuki\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-19]
CHR Extension: (Gmail) - C:\Users\yuki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-19]
CHR Extension: (Chrome Media Router) - C:\Users\yuki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-19]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [1145928 2016-02-24] (Autodesk Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2018-02-14] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
S2 Amsp; C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [374968 2017-07-19] (Trend Micro Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] ()
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058392 2017-12-12] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-06-14] (NVIDIA Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
S3 mi-raysat_3dsmax2016_64; D:\Programs\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64server.exe [86016 2011-09-15] () [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-14] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-14] (NVIDIA Corporation)
R2 Platinum Host Service; C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe [1129928 2017-07-23] (Trend Micro Inc.)
R2 PwmSvc; C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe [2683336 2018-01-03] (Trend Micro Inc.)
R2 RzWizardService; C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe [376272 2016-03-22] (Razer Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [1816520 2018-04-03] (Wacom Technology, Corp.)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] ()
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [76192 2018-03-19] ()
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193768 2018-05-06] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [112864 2018-05-07] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [44768 2018-05-07] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-05-07] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [102112 2018-05-07] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R1 tmactmon; C:\WINDOWS\system32\DRIVERS\tmactmon.sys [145048 2017-10-04] (Trend Micro Inc.)
R0 tmcomm; C:\WINDOWS\System32\DRIVERS\tmcomm.sys [449688 2017-10-04] (Trend Micro Inc.)
R0 TMEBC; C:\WINDOWS\System32\DRIVERS\TMEBC64.sys [72504 2016-01-04] (Trend Micro Inc.)
R3 tmeevw; C:\WINDOWS\system32\DRIVERS\tmeevw.sys [147672 2017-05-10] (Trend Micro Inc.)
S0 tmel; C:\WINDOWS\System32\DRIVERS\tmel.sys [39056 2015-06-22] (Trend Micro Inc.)
R1 tmevtmgr; C:\WINDOWS\system32\DRIVERS\tmevtmgr.sys [140952 2017-10-04] (Trend Micro Inc.)
R3 tmnciesc; C:\WINDOWS\system32\DRIVERS\tmnciesc.sys [562296 2018-01-16] (Trend Micro Inc.)
R1 tmumh; C:\WINDOWS\system32\DRIVERS\TMUMH.sys [132512 2018-01-30] (Trend Micro Inc.)
R2 tmusa; C:\WINDOWS\system32\DRIVERS\tmusa.sys [134264 2018-01-22] (Trend Micro Inc.)
R3 WacHidRouterPro; C:\WINDOWS\System32\drivers\wachidrouter.sys [115680 2018-01-12] (Wacom Technology, Corp.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-07 16:50 - 2018-05-07 16:50 - 000000000 ____D C:\FRST
2018-05-07 01:35 - 2018-05-07 01:35 - 000000000 ___HD C:\$SysReset
2018-05-06 21:50 - 2018-05-06 21:50 - 000000000 ____D C:\SecurityCheck
2018-05-06 21:42 - 2018-05-06 21:42 - 000001261 _____ C:\Users\yuki\Desktop\MalScan.txt
2018-05-06 21:35 - 2018-05-06 21:36 - 000141862 _____ C:\WINDOWS\ntbtlog.txt
2018-05-06 21:35 - 2018-05-06 21:35 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2018-05-06 20:26 - 2018-05-07 16:38 - 000102112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-05-06 20:26 - 2018-05-07 16:37 - 000112864 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-05-06 20:26 - 2018-05-07 16:37 - 000044768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-05-06 20:26 - 2018-05-06 21:36 - 000193768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-05-06 19:56 - 2018-05-07 16:37 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-05-06 19:56 - 2018-05-06 19:56 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-05-06 19:56 - 2018-05-06 19:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-05-06 19:56 - 2018-05-06 19:56 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-05-06 19:56 - 2018-05-06 19:56 - 000000000 ____D C:\Program Files\Malwarebytes
2018-05-06 19:56 - 2018-03-19 12:57 - 000076192 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-05-06 19:49 - 2018-05-06 21:44 - 000000000 ____D C:\AdwCleaner
2018-04-26 19:00 - 2018-04-26 19:00 - 000000211 _____ C:\Users\yuki\Desktop\Warframe.url
2018-04-13 11:14 - 2018-04-13 11:14 - 000000779 _____ C:\Users\Public\Desktop\CLIP STUDIO.lnk
2018-04-13 11:14 - 2018-04-13 11:14 - 000000000 ____D C:\ProgramData\CELSYS
2018-04-13 11:14 - 2018-04-13 11:14 - 000000000 ____D C:\Program Files\CELSYS
2018-04-12 20:15 - 2018-04-12 20:15 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablet
2018-04-10 17:25 - 2018-03-30 08:34 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-04-10 17:25 - 2018-03-30 01:18 - 001092008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-04-10 17:25 - 2018-03-30 01:14 - 000423320 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-04-10 17:25 - 2018-03-30 01:12 - 000599448 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-04-10 17:25 - 2018-03-30 01:12 - 000270208 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2018-04-10 17:25 - 2018-03-30 01:12 - 000075168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpci.sys
2018-04-10 17:25 - 2018-03-30 01:10 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-04-10 17:25 - 2018-03-30 01:08 - 002513920 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-04-10 17:25 - 2018-03-30 01:08 - 001568160 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-04-10 17:25 - 2018-03-30 01:08 - 001415296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-04-10 17:25 - 2018-03-30 01:08 - 000137112 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-04-10 17:25 - 2018-03-30 01:07 - 000300448 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-04-10 17:25 - 2018-03-30 01:07 - 000069528 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-04-10 17:25 - 2018-03-30 01:06 - 000166304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2018-04-10 17:25 - 2018-03-30 01:06 - 000053152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pcw.sys
2018-04-10 17:25 - 2018-03-30 01:05 - 001206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-04-10 17:25 - 2018-03-30 01:05 - 001056152 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-04-10 17:25 - 2018-03-30 01:05 - 000748448 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-04-10 17:25 - 2018-03-30 01:05 - 000191824 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2018-04-10 17:25 - 2018-03-30 01:05 - 000073120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-04-10 17:25 - 2018-03-30 01:05 - 000066720 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll
2018-04-10 17:25 - 2018-03-30 01:05 - 000059808 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvhostsvc.dll
2018-04-10 17:25 - 2018-03-30 01:05 - 000035744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SDFHost.dll
2018-04-10 17:25 - 2018-03-30 01:05 - 000022800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumbase.dll
2018-04-10 17:25 - 2018-03-30 01:05 - 000022208 _____ (Microsoft Corporation) C:\WINDOWS\system32\IumSdk.dll
2018-04-10 17:25 - 2018-03-30 01:05 - 000020888 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2018-04-10 17:25 - 2018-03-30 01:05 - 000015632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumdll.dll
2018-04-10 17:25 - 2018-03-30 01:04 - 002002336 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-04-10 17:25 - 2018-03-30 01:04 - 000608160 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-04-10 17:25 - 2018-03-30 01:04 - 000035224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-04-10 17:25 - 2018-03-30 01:03 - 001277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-04-10 17:25 - 2018-03-30 01:03 - 000664992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-04-10 17:25 - 2018-03-30 01:03 - 000508272 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2018-04-10 17:25 - 2018-03-30 01:03 - 000479920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-04-10 17:25 - 2018-03-30 01:03 - 000460704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-04-10 17:25 - 2018-03-30 01:03 - 000319864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-04-10 17:25 - 2018-03-30 01:03 - 000292384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2018-04-10 17:25 - 2018-03-30 01:03 - 000272288 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-04-10 17:25 - 2018-03-30 01:03 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
2018-04-10 17:25 - 2018-03-30 01:03 - 000139680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2018-04-10 17:25 - 2018-03-30 01:03 - 000077216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-04-10 17:25 - 2018-03-30 01:03 - 000059808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bam.sys
2018-04-10 17:25 - 2018-03-30 01:03 - 000022400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2018-04-10 17:25 - 2018-03-30 01:02 - 000128416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2018-04-10 17:25 - 2018-03-30 01:01 - 008600480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-04-10 17:25 - 2018-03-30 01:01 - 001209760 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-04-10 17:25 - 2018-03-30 01:01 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2018-04-10 17:25 - 2018-03-30 01:01 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-04-10 17:25 - 2018-03-30 01:01 - 000471968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-04-10 17:25 - 2018-03-30 01:01 - 000034208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fs_rec.sys
2018-04-10 17:25 - 2018-03-30 01:00 - 002395040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-04-10 17:25 - 2018-03-30 01:00 - 000103320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2018-04-10 17:25 - 2018-03-30 01:00 - 000094104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\disk.sys
2018-04-10 17:25 - 2018-03-30 00:59 - 000398744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2018-04-10 17:25 - 2018-03-30 00:59 - 000082840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-04-10 17:25 - 2018-03-30 00:58 - 000898216 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-04-10 17:25 - 2018-03-30 00:58 - 000129432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2018-04-10 17:25 - 2018-03-30 00:58 - 000039328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storvsc.sys
2018-04-10 17:25 - 2018-03-30 00:57 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-04-10 17:25 - 2018-03-30 00:57 - 000711944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-04-10 17:25 - 2018-03-30 00:57 - 000540064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-04-10 17:25 - 2018-03-30 00:57 - 000121248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2018-04-10 17:25 - 2018-03-30 00:57 - 000109976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-04-10 17:25 - 2018-03-30 00:57 - 000081304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2018-04-10 17:25 - 2018-03-30 00:57 - 000031640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhv.sys
2018-04-10 17:25 - 2018-03-30 00:56 - 000018680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshhyperv.dll
2018-04-10 17:25 - 2018-03-30 00:55 - 000367344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2018-04-10 17:25 - 2018-03-30 00:55 - 000062880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fsdepends.sys
2018-04-10 17:25 - 2018-03-30 00:54 - 002574240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-04-10 17:25 - 2018-03-30 00:54 - 000749984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-04-10 17:25 - 2018-03-30 00:54 - 000461728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2018-04-10 17:25 - 2018-03-30 00:54 - 000408992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-04-10 17:25 - 2018-03-30 00:53 - 007676304 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-04-10 17:25 - 2018-03-30 00:53 - 002710736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-04-10 17:25 - 2018-03-30 00:53 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-04-10 17:25 - 2018-03-30 00:53 - 000549552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2018-04-10 17:25 - 2018-03-30 00:53 - 000246176 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-04-10 17:25 - 2018-03-30 00:53 - 000163744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2018-04-10 17:25 - 2018-03-30 00:53 - 000094080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwapi.dll
2018-04-10 17:25 - 2018-03-30 00:52 - 021351632 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-04-10 17:25 - 2018-03-30 00:52 - 002457504 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2018-04-10 17:25 - 2018-03-30 00:52 - 000727456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-04-10 17:25 - 2018-03-30 00:52 - 000677280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-04-10 17:25 - 2018-03-30 00:52 - 000428960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-04-10 17:25 - 2018-03-30 00:52 - 000282528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdyboost.sys
2018-04-10 17:25 - 2018-03-30 00:52 - 000247480 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoncli.dll
2018-04-10 17:25 - 2018-03-30 00:52 - 000192416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2018-04-10 17:25 - 2018-03-30 00:52 - 000054688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vdrvroot.sys
2018-04-10 17:25 - 2018-03-30 00:52 - 000047512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmstorfl.sys
2018-04-10 17:25 - 2018-03-30 00:52 - 000028520 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmbuspipe.dll
2018-04-10 17:25 - 2018-03-30 00:51 - 000902928 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-04-10 17:25 - 2018-03-30 00:51 - 000147872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-04-10 17:25 - 2018-03-30 00:51 - 000125568 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2018-04-10 17:25 - 2018-03-30 00:51 - 000123800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mup.sys
2018-04-10 17:25 - 2018-03-30 00:51 - 000071208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WindowsTrustedRT.sys
2018-04-10 17:25 - 2018-03-30 00:50 - 001336344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-04-10 17:25 - 2018-03-30 00:50 - 000057760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbios.sys
2018-04-10 17:25 - 2018-03-30 00:49 - 000204184 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2018-04-10 17:25 - 2018-03-30 00:48 - 001101728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-04-10 17:25 - 2018-03-30 00:48 - 000614304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2018-04-10 17:25 - 2018-03-30 00:48 - 000586800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp110_win.dll
2018-04-10 17:25 - 2018-03-30 00:28 - 001929712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-04-10 17:25 - 2018-03-30 00:28 - 000777912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-04-10 17:25 - 2018-03-30 00:27 - 000481464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2018-04-10 17:25 - 2018-03-30 00:24 - 000212896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-04-10 17:25 - 2018-03-30 00:23 - 000566664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-04-10 17:25 - 2018-03-30 00:19 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-04-10 17:25 - 2018-03-30 00:18 - 000016600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshhyperv.dll
2018-04-10 17:25 - 2018-03-30 00:16 - 000289824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2018-04-10 17:25 - 2018-03-30 00:13 - 002193176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-04-10 17:25 - 2018-03-30 00:13 - 000450936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2018-04-10 17:25 - 2018-03-30 00:13 - 000073896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wwapi.dll
2018-04-10 17:25 - 2018-03-30 00:12 - 000186520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\logoncli.dll
2018-04-10 17:25 - 2018-03-30 00:10 - 000704080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-04-10 17:25 - 2018-03-30 00:10 - 000099240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2018-04-10 17:25 - 2018-03-30 00:09 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-04-10 17:25 - 2018-03-30 00:07 - 001003160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-04-10 17:25 - 2018-03-30 00:06 - 000180632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2018-04-10 17:25 - 2018-03-30 00:04 - 000417368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp110_win.dll
2018-04-10 17:25 - 2018-03-29 23:55 - 025253888 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-04-10 17:25 - 2018-03-29 23:46 - 018925056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-04-10 17:25 - 2018-03-29 23:46 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-04-10 17:25 - 2018-03-29 23:46 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2018-04-10 17:25 - 2018-03-29 23:46 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2018-04-10 17:25 - 2018-03-29 23:45 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-04-10 17:25 - 2018-03-29 23:45 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2018-04-10 17:25 - 2018-03-29 23:45 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2018-04-10 17:25 - 2018-03-29 23:44 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll
2018-04-10 17:25 - 2018-03-29 23:44 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2018-04-10 17:25 - 2018-03-29 23:44 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-04-10 17:25 - 2018-03-29 23:43 - 019355136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-04-10 17:25 - 2018-03-29 23:43 - 006576128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-04-10 17:25 - 2018-03-29 23:43 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\url.dll
2018-04-10 17:25 - 2018-03-29 23:43 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-04-10 17:25 - 2018-03-29 23:43 - 000152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iexpress.exe
2018-04-10 17:25 - 2018-03-29 23:43 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wextract.exe
2018-04-10 17:25 - 2018-03-29 23:43 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IEAdvpack.dll
2018-04-10 17:25 - 2018-03-29 23:43 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-04-10 17:25 - 2018-03-29 23:43 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2018-04-10 17:25 - 2018-03-29 23:43 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2018-04-10 17:25 - 2018-03-29 23:43 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2018-04-10 17:25 - 2018-03-29 23:43 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2018-04-10 17:25 - 2018-03-29 23:43 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2018-04-10 17:25 - 2018-03-29 23:43 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2018-04-10 17:25 - 2018-03-29 23:43 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pngfilt.dll
2018-04-10 17:25 - 2018-03-29 23:43 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsnmp32.dll
2018-04-10 17:25 - 2018-03-29 23:43 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\virtdisk.dll
2018-04-10 17:25 - 2018-03-29 23:43 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2018-04-10 17:25 - 2018-03-29 23:43 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2018-04-10 17:25 - 2018-03-29 23:43 - 000013824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedssync.exe
2018-04-10 17:25 - 2018-03-29 23:43 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshta.exe
2018-04-10 17:25 - 2018-03-29 23:43 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2018-04-10 17:25 - 2018-03-29 23:42 - 000397824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2018-04-10 17:25 - 2018-03-29 23:42 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2018-04-10 17:25 - 2018-03-29 23:42 - 000253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp
2018-04-10 17:25 - 2018-03-29 23:42 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2018-04-10 17:25 - 2018-03-29 23:42 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2018-04-10 17:25 - 2018-03-29 23:42 - 000099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2018-04-10 17:25 - 2018-03-29 23:42 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inseng.dll
2018-04-10 17:25 - 2018-03-29 23:42 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2018-04-10 17:25 - 2018-03-29 23:42 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imgutil.dll
2018-04-10 17:25 - 2018-03-29 23:42 - 000027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licmgr10.dll
2018-04-10 17:25 - 2018-03-29 23:41 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-04-10 17:25 - 2018-03-29 23:41 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2018-04-10 17:25 - 2018-03-29 23:41 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-04-10 17:25 - 2018-03-29 23:41 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-04-10 17:25 - 2018-03-29 23:41 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2018-04-10 17:25 - 2018-03-29 23:41 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2018-04-10 17:25 - 2018-03-29 23:41 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2018-04-10 17:25 - 2018-03-29 23:41 - 000126464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\occache.dll
2018-04-10 17:25 - 2018-03-29 23:40 - 011924992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-04-10 17:25 - 2018-03-29 23:40 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2018-04-10 17:25 - 2018-03-29 23:40 - 000344064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-04-10 17:25 - 2018-03-29 23:40 - 000314880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2018-04-10 17:25 - 2018-03-29 23:40 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2018-04-10 17:25 - 2018-03-29 23:40 - 000257536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2018-04-10 17:25 - 2018-03-29 23:40 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\keyiso.dll
2018-04-10 17:25 - 2018-03-29 23:40 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedsbs.dll
2018-04-10 17:25 - 2018-03-29 23:39 - 001485312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2018-04-10 17:25 - 2018-03-29 23:39 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2018-04-10 17:25 - 2018-03-29 23:39 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-04-10 17:25 - 2018-03-29 23:38 - 006032384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-04-10 17:25 - 2018-03-29 23:38 - 000966656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2018-04-10 17:25 - 2018-03-29 23:38 - 000956928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2018-04-10 17:25 - 2018-03-29 23:38 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-04-10 17:25 - 2018-03-29 23:38 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-04-10 17:25 - 2018-03-29 23:38 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-04-10 17:25 - 2018-03-29 23:38 - 000235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2018-04-10 17:25 - 2018-03-29 23:37 - 003677184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-04-10 17:25 - 2018-03-29 23:37 - 001298944 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-04-10 17:25 - 2018-03-29 23:36 - 003664384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-04-10 17:25 - 2018-03-29 23:36 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-04-10 17:25 - 2018-03-29 23:36 - 002014720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-04-10 17:25 - 2018-03-29 23:36 - 001560064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-04-10 17:25 - 2018-03-29 23:36 - 001474560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-04-10 17:25 - 2018-03-29 23:36 - 000897024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-04-10 17:25 - 2018-03-29 23:36 - 000825856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-04-10 17:25 - 2018-03-29 23:36 - 000276992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2018-04-10 17:25 - 2018-03-29 23:36 - 000098304 _____ C:\WINDOWS\system32\runexehelper.exe
2018-04-10 17:25 - 2018-03-29 23:35 - 000858112 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-04-10 17:25 - 2018-03-29 23:35 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2018-04-10 17:25 - 2018-03-29 23:35 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-04-10 17:25 - 2018-03-29 23:35 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-04-10 17:25 - 2018-03-29 23:35 - 000400384 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-04-10 17:25 - 2018-03-29 23:35 - 000371200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskcomp.dll
2018-04-10 17:25 - 2018-03-29 23:35 - 000249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-04-10 17:25 - 2018-03-29 23:35 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2018-04-10 17:25 - 2018-03-29 23:35 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\convertvhd.exe
2018-04-10 17:25 - 2018-03-29 23:35 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2018-04-10 17:25 - 2018-03-29 23:35 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2018-04-10 17:25 - 2018-03-29 23:35 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2018-04-10 17:25 - 2018-03-29 23:35 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2018-04-10 17:25 - 2018-03-29 23:35 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhvr.sys
2018-04-10 17:25 - 2018-03-29 23:34 - 000339456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SessEnv.dll
2018-04-10 17:25 - 2018-03-29 23:33 - 008031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-04-10 17:25 - 2018-03-29 23:33 - 000707584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2018-04-10 17:25 - 2018-03-29 23:33 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2018-04-10 17:25 - 2018-03-29 23:33 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2018-04-10 17:25 - 2018-03-29 23:33 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
2018-04-10 17:25 - 2018-03-29 23:33 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\irda.sys
2018-04-10 17:25 - 2018-03-29 23:33 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2018-04-10 17:25 - 2018-03-29 23:33 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2018-04-10 17:25 - 2018-03-29 23:33 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2018-04-10 17:25 - 2018-03-29 23:33 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2018-04-10 17:25 - 2018-03-29 23:33 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2018-04-10 17:25 - 2018-03-29 23:33 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storqosflt.sys
2018-04-10 17:25 - 2018-03-29 23:33 - 000072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\IcsEntitlementHost.exe
2018-04-10 17:25 - 2018-03-29 23:33 - 000065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2018-04-10 17:25 - 2018-03-29 23:33 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenanceClient.dll
2018-04-10 17:25 - 2018-03-29 23:33 - 000055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\virtdisk.dll
2018-04-10 17:25 - 2018-03-29 23:33 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2018-04-10 17:25 - 2018-03-29 23:33 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmictimeprovider.dll
2018-04-10 17:25 - 2018-03-29 23:33 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dmvsc.sys
2018-04-10 17:25 - 2018-03-29 23:33 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-04-10 17:25 - 2018-03-29 23:33 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnEapPeerProxy.dll
2018-04-10 17:25 - 2018-03-29 23:33 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnEapAuthProxy.dll
2018-04-10 17:25 - 2018-03-29 23:33 - 000028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\HyperVideo.sys
2018-04-10 17:25 - 2018-03-29 23:33 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\VMBusHID.sys
2018-04-10 17:25 - 2018-03-29 23:33 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysntfy.dll
2018-04-10 17:25 - 2018-03-29 23:33 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidtel.exe
2018-04-10 17:25 - 2018-03-29 23:33 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\nrpsrv.dll
2018-04-10 17:25 - 2018-03-29 23:33 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasacd.sys
2018-04-10 17:25 - 2018-03-29 23:33 - 000017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmApplicationHealthMonitorProxy.dll
2018-04-10 17:25 - 2018-03-29 23:33 - 000016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hyperkbd.sys
2018-04-10 17:25 - 2018-03-29 23:33 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmgencounter.sys
2018-04-10 17:25 - 2018-03-29 23:33 - 000012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2018-04-10 17:25 - 2018-03-29 23:33 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmgid.sys
2018-04-10 17:25 - 2018-03-29 23:33 - 000009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vms3cap.sys
2018-04-10 17:25 - 2018-03-29 23:33 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-04-10 17:25 - 2018-03-29 23:32 - 023674880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-04-10 17:25 - 2018-03-29 23:32 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-04-10 17:25 - 2018-03-29 23:32 - 000212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2018-04-10 17:25 - 2018-03-29 23:32 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-04-10 17:25 - 2018-03-29 23:32 - 000198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2018-04-10 17:25 - 2018-03-29 23:32 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-04-10 17:25 - 2018-03-29 23:32 - 000186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2018-04-10 17:25 - 2018-03-29 23:32 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iexpress.exe
2018-04-10 17:25 - 2018-03-29 23:32 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2018-04-10 17:25 - 2018-03-29 23:32 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wextract.exe
2018-04-10 17:25 - 2018-03-29 23:32 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-04-10 17:25 - 2018-03-29 23:32 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2018-04-10 17:25 - 2018-03-29 23:32 - 000125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2018-04-10 17:25 - 2018-03-29 23:32 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2018-04-10 17:25 - 2018-03-29 23:32 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\efslsaext.dll
2018-04-10 17:25 - 2018-03-29 23:32 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2018-04-10 17:25 - 2018-03-29 23:32 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2018-04-10 17:25 - 2018-03-29 23:32 - 000065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndisuio.sys
2018-04-10 17:25 - 2018-03-29 23:32 - 000065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\lltdio.sys
2018-04-10 17:25 - 2018-03-29 23:32 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Synth3dVsc.sys
2018-04-10 17:25 - 2018-03-29 23:32 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsnmp32.dll
2018-04-10 17:25 - 2018-03-29 23:32 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll
2018-04-10 17:25 - 2018-03-29 23:32 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\efssvc.dll
2018-04-10 17:25 - 2018-03-29 23:32 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerSvc.dll
2018-04-10 17:25 - 2018-03-29 23:32 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdPnp.dll
2018-04-10 17:25 - 2018-03-29 23:32 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2018-04-10 17:25 - 2018-03-29 23:32 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2018-04-10 17:25 - 2018-03-29 23:32 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-04-10 17:25 - 2018-03-29 23:32 - 000032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2018-04-10 17:25 - 2018-03-29 23:32 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmiprop.dll
2018-04-10 17:25 - 2018-03-29 23:32 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWNet.dll
2018-04-10 17:25 - 2018-03-29 23:32 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfhost.exe
2018-04-10 17:25 - 2018-03-29 23:32 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
2018-04-10 17:25 - 2018-03-29 23:32 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe
2018-04-10 17:25 - 2018-03-29 23:32 - 000008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\gpuenergydrv.sys
2018-04-10 17:25 - 2018-03-29 23:31 - 000795136 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalAuth.dll
2018-04-10 17:25 - 2018-03-29 23:31 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-04-10 17:25 - 2018-03-29 23:31 - 000416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2018-04-10 17:25 - 2018-03-29 23:31 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-04-10 17:25 - 2018-03-29 23:31 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2018-04-10 17:25 - 2018-03-29 23:31 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2018-04-10 17:25 - 2018-03-29 23:31 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp
2018-04-10 17:25 - 2018-03-29 23:31 - 000286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsvc.dll
2018-04-10 17:25 - 2018-03-29 23:31 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll
2018-04-10 17:25 - 2018-03-29 23:31 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WPTaskScheduler.dll
2018-04-10 17:25 - 2018-03-29 23:31 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2018-04-10 17:25 - 2018-03-29 23:31 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2018-04-10 17:25 - 2018-03-29 23:31 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2018-04-10 17:25 - 2018-03-29 23:31 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEAdvpack.dll
2018-04-10 17:25 - 2018-03-29 23:31 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2018-04-10 17:25 - 2018-03-29 23:31 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2018-04-10 17:25 - 2018-03-29 23:31 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2018-04-10 17:25 - 2018-03-29 23:31 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2018-04-10 17:25 - 2018-03-29 23:31 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\keyiso.dll
2018-04-10 17:25 - 2018-03-29 23:31 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2018-04-10 17:25 - 2018-03-29 23:31 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2018-04-10 17:25 - 2018-03-29 23:31 - 000055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll
2018-04-10 17:25 - 2018-03-29 23:31 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\nsisvc.dll
2018-04-10 17:25 - 2018-03-29 23:30 - 012833280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-04-10 17:25 - 2018-03-29 23:30 - 001498112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-04-10 17:25 - 2018-03-29 23:30 - 000748032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2018-04-10 17:25 - 2018-03-29 23:30 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2018-04-10 17:25 - 2018-03-29 23:30 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcncsvc.dll
2018-04-10 17:25 - 2018-03-29 23:30 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-04-10 17:25 - 2018-03-29 23:30 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmrdvcore.dll
2018-04-10 17:25 - 2018-03-29 23:30 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-04-10 17:25 - 2018-03-29 23:30 - 000369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\APHostService.dll
2018-04-10 17:25 - 2018-03-29 23:30 - 000309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsvcext.dll
2018-04-10 17:25 - 2018-03-29 23:30 - 000284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2018-04-10 17:25 - 2018-03-29 23:30 - 000276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2018-04-10 17:25 - 2018-03-29 23:30 - 000262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrokerLib.dll
2018-04-10 17:25 - 2018-03-29 23:30 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2018-04-10 17:25 - 2018-03-29 23:30 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2018-04-10 17:25 - 2018-03-29 23:30 - 000188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2018-04-10 17:25 - 2018-03-29 23:30 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2018-04-10 17:25 - 2018-03-29 23:29 - 001495552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-04-10 17:25 - 2018-03-29 23:29 - 000791552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-04-10 17:25 - 2018-03-29 23:29 - 000723968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
2018-04-10 17:25 - 2018-03-29 23:29 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-04-10 17:25 - 2018-03-29 23:29 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2018-04-10 17:25 - 2018-03-29 23:29 - 000555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2018-04-10 17:25 - 2018-03-29 23:29 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2018-04-10 17:25 - 2018-03-29 23:29 - 000436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-04-10 17:25 - 2018-03-29 23:29 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
2018-04-10 17:25 - 2018-03-29 23:29 - 000379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2018-04-10 17:25 - 2018-03-29 23:29 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2018-04-10 17:25 - 2018-03-29 23:29 - 000298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2018-04-10 17:25 - 2018-03-29 23:29 - 000253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3svc.dll
2018-04-10 17:25 - 2018-03-29 23:29 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-04-10 17:25 - 2018-03-29 23:28 - 003121664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2018-04-10 17:25 - 2018-03-29 23:28 - 001381888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
2018-04-10 17:25 - 2018-03-29 23:28 - 001245184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2018-04-10 17:25 - 2018-03-29 23:28 - 000984064 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2018-04-10 17:25 - 2018-03-29 23:28 - 000970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2018-04-10 17:25 - 2018-03-29 23:28 - 000951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2018-04-10 17:25 - 2018-03-29 23:28 - 000820224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2018-04-10 17:25 - 2018-03-29 23:28 - 000815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-04-10 17:25 - 2018-03-29 23:28 - 000757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-04-10 17:25 - 2018-03-29 23:28 - 000721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-04-10 17:25 - 2018-03-29 23:28 - 000624128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2018-04-10 17:25 - 2018-03-29 23:28 - 000595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-04-10 17:25 - 2018-03-29 23:28 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2018-04-10 17:25 - 2018-03-29 23:28 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2018-04-10 17:25 - 2018-03-29 23:28 - 000147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2018-04-10 17:25 - 2018-03-29 23:27 - 008104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-04-10 17:25 - 2018-03-29 23:27 - 003170816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-04-10 17:25 - 2018-03-29 23:27 - 001657856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2018-04-10 17:25 - 2018-03-29 23:27 - 001097728 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2018-04-10 17:25 - 2018-03-29 23:27 - 001002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-04-10 17:25 - 2018-03-29 23:27 - 000985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-04-10 17:25 - 2018-03-29 23:27 - 000947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2018-04-10 17:25 - 2018-03-29 23:27 - 000889856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2018-04-10 17:25 - 2018-03-29 23:27 - 000813568 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-04-10 17:25 - 2018-03-29 23:27 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2018-04-10 17:25 - 2018-03-29 23:27 - 000332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2018-04-10 17:25 - 2018-03-29 23:27 - 000258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2018-04-10 17:25 - 2018-03-29 23:27 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ssdpsrv.dll
2018-04-10 17:25 - 2018-03-29 23:26 - 004747776 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-04-10 17:25 - 2018-03-29 23:26 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-04-10 17:25 - 2018-03-29 23:26 - 002209280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-04-10 17:25 - 2018-03-29 23:26 - 002086400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-04-10 17:25 - 2018-03-29 23:26 - 001816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-04-10 17:25 - 2018-03-29 23:26 - 001573376 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2018-04-10 17:25 - 2018-03-29 23:26 - 001343488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2018-04-10 17:25 - 2018-03-29 23:26 - 000765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2018-04-10 17:25 - 2018-03-29 23:26 - 000716288 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-04-10 17:25 - 2018-03-29 23:25 - 002628608 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-04-10 17:25 - 2018-03-29 23:25 - 002528256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-04-10 17:25 - 2018-03-29 23:25 - 002083840 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-04-10 17:25 - 2018-03-29 23:25 - 001822720 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-04-10 17:25 - 2018-03-29 23:25 - 001597952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-04-10 17:25 - 2018-03-29 23:25 - 001548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-04-10 17:25 - 2018-03-29 23:25 - 001424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-04-10 17:25 - 2018-03-29 23:25 - 001055744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-04-10 17:25 - 2018-03-29 23:25 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-04-10 17:25 - 2018-03-29 23:25 - 000841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2018-04-10 17:25 - 2018-03-29 23:25 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-04-10 17:25 - 2018-03-29 23:25 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-04-10 17:25 - 2018-03-29 23:25 - 000374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2018-04-10 17:25 - 2018-03-29 23:25 - 000276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2018-04-10 17:25 - 2018-03-29 23:25 - 000270848 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2018-04-10 17:25 - 2018-03-29 23:24 - 000925184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-04-10 17:25 - 2018-03-29 23:24 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-04-10 17:25 - 2018-03-29 23:23 - 000963584 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-04-10 17:25 - 2018-03-29 23:23 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-04-10 17:25 - 2018-03-29 23:23 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll
2018-04-10 17:25 - 2018-03-29 23:23 - 000424448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2018-04-10 17:25 - 2018-03-29 23:23 - 000387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SessEnv.dll
2018-04-10 17:25 - 2018-03-29 23:23 - 000246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2018-04-10 17:25 - 2018-03-29 23:23 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys
2018-04-10 17:25 - 2018-03-29 23:22 - 000826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
2018-04-10 17:25 - 2018-03-29 23:22 - 000027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpbus.sys
2018-04-10 17:25 - 2018-03-29 23:22 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\beep.sys
2018-04-10 17:25 - 2018-03-29 23:21 - 002511360 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2018-04-10 17:25 - 2018-03-29 23:21 - 001160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2018-04-10 17:25 - 2018-03-29 23:20 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2018-04-10 17:25 - 2018-03-29 23:20 - 000199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys
2018-04-10 17:25 - 2018-03-29 23:20 - 000180736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk8.sys
2018-04-10 17:25 - 2018-03-29 23:20 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdppm.sys
2018-04-10 17:25 - 2018-03-29 23:20 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys
2018-04-10 17:25 - 2018-03-29 23:20 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2018-04-10 17:25 - 2018-03-29 23:20 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys
2018-04-10 17:25 - 2018-03-29 23:20 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdPnp.dll
2018-04-10 17:25 - 2018-03-29 23:20 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msfs.sys
2018-04-10 17:25 - 2018-03-29 23:20 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmiprop.dll
2018-04-10 17:25 - 2018-03-29 23:20 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWNet.dll
2018-04-10 17:25 - 2018-03-29 23:20 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\null.sys
2018-04-10 17:25 - 2018-03-28 15:54 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2018-04-10 17:25 - 2018-03-13 03:03 - 005907288 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-04-10 17:25 - 2018-03-13 03:03 - 000779960 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-04-10 17:25 - 2018-03-13 03:03 - 000739696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2018-04-10 17:25 - 2018-03-13 03:03 - 000382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-04-10 17:25 - 2018-03-13 03:03 - 000279960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-04-10 17:25 - 2018-03-13 03:02 - 001954048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-04-10 17:25 - 2018-03-13 02:59 - 000535968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2018-04-10 17:25 - 2018-03-13 02:58 - 000441248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2018-04-10 17:25 - 2018-03-13 02:58 - 000377760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-04-10 17:25 - 2018-03-13 02:58 - 000170904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-04-10 17:25 - 2018-03-13 02:55 - 001778360 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2018-04-10 17:25 - 2018-03-13 02:55 - 000979352 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2018-04-10 17:25 - 2018-03-13 02:55 - 000417440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2018-04-10 17:25 - 2018-03-13 02:55 - 000334240 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2018-04-10 17:25 - 2018-03-13 02:54 - 000555936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-04-10 17:25 - 2018-03-13 02:54 - 000128928 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2018-04-10 17:25 - 2018-03-13 02:53 - 001054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-04-10 17:25 - 2018-03-13 02:53 - 000774560 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2018-04-10 17:25 - 2018-03-13 02:53 - 000143264 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2018-04-10 17:25 - 2018-03-13 02:53 - 000113568 _____ (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll
2018-04-10 17:25 - 2018-03-13 02:53 - 000091152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
2018-04-10 17:25 - 2018-03-13 02:52 - 007384576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-04-10 17:25 - 2018-03-13 02:52 - 000172112 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2018-04-10 17:25 - 2018-03-13 02:52 - 000127136 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2018-04-10 17:25 - 2018-03-13 02:51 - 002773408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-04-10 17:25 - 2018-03-13 02:50 - 000617312 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-04-10 17:25 - 2018-03-13 01:41 - 003995136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2018-04-10 17:25 - 2018-03-13 01:40 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2018-04-10 17:25 - 2018-03-13 01:40 - 000121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-04-10 17:25 - 2018-03-13 01:38 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2018-04-10 17:25 - 2018-03-13 01:38 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2018-04-10 17:25 - 2018-03-13 01:38 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2018-04-10 17:25 - 2018-03-13 01:37 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetDriverInstall.dll
2018-04-10 17:25 - 2018-03-13 01:37 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2018-04-10 17:25 - 2018-03-13 01:37 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelineprxy.dll
2018-04-10 17:25 - 2018-03-13 01:36 - 000297984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfksproxy.dll
2018-04-10 17:25 - 2018-03-13 01:36 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2018-04-10 17:25 - 2018-03-13 01:35 - 000758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2018-04-10 17:25 - 2018-03-13 01:35 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2018-04-10 17:25 - 2018-03-13 01:35 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2018-04-10 17:25 - 2018-03-13 01:35 - 000245248 _____ (Microsoft Corporation) C:\WINDOWS\system32\icm32.dll
2018-04-10 17:25 - 2018-03-13 01:35 - 000240128 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsAuth.dll
2018-04-10 17:25 - 2018-03-13 01:35 - 000219648 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsCfg.dll
2018-04-10 17:25 - 2018-03-13 01:35 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlgpclnt.dll
2018-04-10 17:25 - 2018-03-13 01:34 - 008727552 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2018-04-10 17:25 - 2018-03-13 01:34 - 000309248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2018-04-10 17:25 - 2018-03-13 01:34 - 000222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsExt.dll
2018-04-10 17:25 - 2018-03-13 01:34 - 000153600 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2018-04-10 17:25 - 2018-03-13 01:34 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2018-04-10 17:25 - 2018-03-13 01:33 - 007544832 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-04-10 17:25 - 2018-03-13 01:33 - 001574912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2018-04-10 17:25 - 2018-03-13 01:33 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2018-04-10 17:25 - 2018-03-13 01:33 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2018-04-10 17:25 - 2018-03-13 01:33 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2018-04-10 17:25 - 2018-03-13 01:33 - 000278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2018-04-10 17:25 - 2018-03-13 01:33 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2018-04-10 17:25 - 2018-03-13 01:33 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpmon.dll
2018-04-10 17:25 - 2018-03-13 01:32 - 005195776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-04-10 17:25 - 2018-03-13 01:32 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2018-04-10 17:25 - 2018-03-13 01:32 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2018-04-10 17:25 - 2018-03-13 01:32 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2018-04-10 17:25 - 2018-03-13 01:32 - 000286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2018-04-10 17:25 - 2018-03-13 01:32 - 000200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2018-04-10 17:25 - 2018-03-13 01:31 - 002849792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2018-04-10 17:25 - 2018-03-13 01:31 - 001263104 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2018-04-10 17:25 - 2018-03-13 01:31 - 001173504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2018-04-10 17:25 - 2018-03-13 01:31 - 000596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mscms.dll
2018-04-10 17:25 - 2018-03-13 01:31 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2018-04-10 17:25 - 2018-03-13 01:30 - 007145472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2018-04-10 17:25 - 2018-03-13 01:30 - 003400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2018-04-10 17:25 - 2018-03-13 01:30 - 000893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2018-04-10 17:25 - 2018-03-13 01:30 - 000863744 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2018-04-10 17:25 - 2018-03-13 01:30 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2018-04-10 17:25 - 2018-03-13 01:30 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2018-04-10 17:25 - 2018-03-13 01:29 - 003211776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2018-04-10 17:25 - 2018-03-13 01:28 - 003160576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2018-04-10 17:25 - 2018-03-13 01:28 - 002857984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-04-10 17:25 - 2018-03-13 01:28 - 001967104 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2018-04-10 17:25 - 2018-03-13 01:28 - 001157632 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2018-04-10 17:25 - 2018-03-13 01:28 - 000939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2018-04-10 17:25 - 2018-03-13 01:28 - 000886272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2018-04-10 17:25 - 2018-03-13 01:28 - 000837120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2018-04-10 17:25 - 2018-03-13 01:28 - 000508928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2018-04-10 17:25 - 2018-03-13 01:27 - 003125760 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-04-10 17:25 - 2018-03-13 01:27 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2018-04-10 17:25 - 2018-03-13 01:27 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingMonitor.dll
2018-04-10 17:25 - 2018-03-13 01:26 - 001737728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-04-10 17:25 - 2018-03-13 01:26 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2018-04-10 17:25 - 2018-03-13 01:25 - 001346560 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2018-04-10 17:25 - 2018-03-13 01:25 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2018-04-10 17:25 - 2018-03-13 01:24 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2018-04-10 17:25 - 2018-03-13 01:24 - 000389120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll
2018-04-10 17:25 - 2018-03-13 01:24 - 000205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\sensrsvc.dll
2018-04-10 17:25 - 2018-03-13 01:23 - 001556992 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2018-04-10 17:25 - 2018-03-13 01:23 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2018-04-10 17:25 - 2018-03-13 01:23 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2018-04-10 17:25 - 2018-03-13 01:22 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2018-04-10 17:25 - 2018-03-13 01:22 - 000513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll
2018-04-10 17:25 - 2018-03-13 01:22 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\racpldlg.dll
2018-04-10 17:25 - 2018-03-13 01:22 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-04-10 17:25 - 2018-03-13 01:19 - 001615712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-04-10 17:25 - 2018-03-13 01:19 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-04-10 17:25 - 2018-03-13 01:19 - 000311200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2018-04-10 17:25 - 2018-03-13 01:15 - 000597160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2018-04-10 17:25 - 2018-03-13 01:08 - 001555784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2018-04-10 17:25 - 2018-03-13 01:08 - 000747416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2018-04-10 17:25 - 2018-03-13 01:07 - 000115104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2018-04-10 17:25 - 2018-03-13 01:06 - 000564640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2018-04-10 17:25 - 2018-03-13 01:04 - 006481096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-04-10 17:25 - 2018-03-13 01:04 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-04-10 17:25 - 2018-03-13 01:04 - 000140592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
2018-04-10 17:25 - 2018-03-13 00:44 - 003490816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2018-04-10 17:25 - 2018-03-13 00:44 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2018-04-10 17:25 - 2018-03-13 00:43 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-04-10 17:25 - 2018-03-13 00:40 - 006118400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2018-04-10 17:25 - 2018-03-13 00:40 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\compstui.dll
2018-04-10 17:25 - 2018-03-13 00:40 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfksproxy.dll
2018-04-10 17:25 - 2018-03-13 00:39 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\icm32.dll
2018-04-10 17:25 - 2018-03-13 00:39 - 000180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2018-04-10 17:25 - 2018-03-13 00:39 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2018-04-10 17:25 - 2018-03-13 00:39 - 000164352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TtlsCfg.dll
2018-04-10 17:25 - 2018-03-13 00:38 - 006466560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-04-10 17:25 - 2018-03-13 00:38 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlgpclnt.dll
2018-04-10 17:25 - 2018-03-13 00:37 - 003181568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-04-10 17:25 - 2018-03-13 00:37 - 000981504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2018-04-10 17:25 - 2018-03-13 00:37 - 000537088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscms.dll
2018-04-10 17:25 - 2018-03-13 00:37 - 000381440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2018-04-10 17:25 - 2018-03-13 00:37 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2018-04-10 17:25 - 2018-03-13 00:37 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2018-04-10 17:25 - 2018-03-13 00:37 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingMonitor.dll
2018-04-10 17:25 - 2018-03-13 00:37 - 000091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2018-04-10 17:25 - 2018-03-13 00:36 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2018-04-10 17:25 - 2018-03-13 00:36 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2018-04-10 17:25 - 2018-03-13 00:36 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2018-04-10 17:25 - 2018-03-13 00:35 - 006204416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2018-04-10 17:25 - 2018-03-13 00:34 - 002409984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2018-04-10 17:25 - 2018-03-13 00:34 - 000706048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2018-04-10 17:25 - 2018-03-13 00:33 - 002464768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-04-10 17:25 - 2018-03-13 00:33 - 000981504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2018-04-10 17:25 - 2018-03-13 00:32 - 002577408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2018-04-10 17:25 - 2018-03-13 00:32 - 001948672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2018-04-10 17:25 - 2018-03-13 00:31 - 001348608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-04-10 17:25 - 2018-03-13 00:31 - 000862208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2018-04-10 17:25 - 2018-03-13 00:31 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2018-04-10 17:25 - 2018-03-13 00:31 - 000402432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2018-04-10 17:25 - 2018-03-13 00:30 - 002349568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2018-04-10 17:25 - 2018-03-13 00:30 - 000464384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2018-04-10 17:25 - 2018-03-13 00:28 - 000328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll
2018-04-10 17:25 - 2018-03-13 00:27 - 000190464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2018-04-10 17:25 - 2018-03-13 00:27 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2018-04-10 17:25 - 2018-03-13 00:26 - 000483328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll
2018-04-10 17:25 - 2017-11-26 09:32 - 000184984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2018-04-10 17:25 - 2017-11-26 07:12 - 000123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-07 16:47 - 2016-07-25 16:00 - 000000000 ____D C:\Users\yuki\AppData\Local\DP_Tower_3.7
2018-05-07 16:46 - 2016-04-10 01:32 - 000000000 ____D C:\Users\yuki\AppData\Local\Adobe
2018-05-07 16:43 - 2017-12-11 11:02 - 003831706 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-05-07 16:39 - 2017-09-29 04:45 - 000008192 _____ C:\WINDOWS\system32\config\ELAM
2018-05-07 16:39 - 2016-11-18 15:57 - 000000000 ____D C:\Users\yuki\AppData\LocalLow\Mozilla
2018-05-07 16:37 - 2017-12-11 11:11 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-05-07 16:37 - 2017-12-11 11:07 - 000000000 ____D C:\Users\yuki
2018-05-07 16:37 - 2017-12-11 11:01 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-05-07 16:37 - 2016-08-08 19:52 - 000000000 ____D C:\ProgramData\NVIDIA
2018-05-07 16:37 - 2016-04-10 15:38 - 000000000 ____D C:\Users\yuki\AppData\Roaming\WTablet
2018-05-06 23:22 - 2018-04-02 21:06 - 000000000 ____D C:\Users\yuki\AppData\Local\Warframe
2018-05-06 21:45 - 2016-04-10 10:29 - 000000000 ___RD C:\Users\yuki\Creative Cloud Files
2018-05-06 21:44 - 2017-09-29 04:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-05-06 21:24 - 2017-09-29 09:44 - 000000000 ____D C:\WINDOWS\INF
2018-05-06 19:45 - 2016-08-03 14:27 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-05-06 19:45 - 2016-08-03 14:27 - 000000000 ____D C:\Program Files (x86)\ControlCenter4
2018-05-06 19:45 - 2016-08-03 14:27 - 000000000 ____D C:\Program Files (x86)\Brother
2018-05-06 16:33 - 2017-12-10 16:16 - 000000000 ___DC C:\WINDOWS\Panther
2018-05-06 16:33 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-05-06 16:33 - 2017-03-02 12:25 - 000000000 ____D C:\Users\yuki\AppData\Local\CrashDumps
2018-05-05 17:15 - 2017-09-29 09:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-05-05 17:15 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-05-02 22:14 - 2017-03-20 21:08 - 000000000 ____D C:\Users\yuki\AppData\Roaming\discord
2018-05-02 22:14 - 2017-03-20 21:08 - 000000000 ____D C:\Users\yuki\AppData\Local\Discord
2018-05-02 22:13 - 2016-08-08 20:54 - 000002232 _____ C:\Users\yuki\Desktop\Discord.lnk
2018-05-02 19:09 - 2017-12-11 11:11 - 000003360 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3425793527-2729637829-3367599468-1000
2018-05-02 19:09 - 2016-04-10 11:16 - 000002364 _____ C:\Users\yuki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-05-02 19:09 - 2016-04-10 11:16 - 000000000 ___RD C:\Users\yuki\OneDrive
2018-05-02 19:05 - 2016-11-18 01:27 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-05-02 19:05 - 2016-04-10 00:07 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-05-01 20:12 - 2016-04-10 10:27 - 000000000 ____D C:\Program Files (x86)\Adobe
2018-04-30 21:25 - 2016-04-10 00:07 - 000000936 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-04-30 21:03 - 2016-04-26 09:18 - 000000033 _____ C:\Users\yuki\AppData\Roaming\AdobeWLCMCache.dat
2018-04-23 20:25 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-04-23 20:20 - 2017-12-11 11:01 - 000448184 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-04-18 22:59 - 2017-01-17 02:31 - 000002291 _____ C:\Users\yuki\Desktop\Kindle.lnk
2018-04-13 11:18 - 2017-07-26 15:36 - 000000000 ____D C:\Users\yuki\AppData\Roaming\CELSYS
2018-04-13 11:15 - 2017-07-26 15:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CLIP STUDIO
2018-04-12 23:05 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\rescache
2018-04-12 21:14 - 2016-07-04 16:46 - 000001456 _____ C:\Users\yuki\AppData\Local\Adobe Save for Web 13.0 Prefs
2018-04-12 20:15 - 2016-04-10 15:38 - 000000000 ____D C:\Program Files\Tablet
2018-04-10 21:15 - 2017-12-11 11:13 - 000000000 ___RD C:\Users\yuki\3D Objects
2018-04-10 21:15 - 2016-02-13 09:20 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-04-10 18:36 - 2017-09-29 09:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-04-10 18:36 - 2017-09-29 09:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-04-10 18:36 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-04-10 18:36 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-04-10 17:30 - 2017-09-29 09:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-04-10 17:29 - 2016-04-10 13:33 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-04-10 17:28 - 2017-10-10 22:15 - 136971704 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-04-10 17:28 - 2016-04-10 13:33 - 136971704 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-04-10 17:26 - 2017-12-10 17:10 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2018-04-09 22:15 - 2018-01-17 10:34 - 000065536 _____ C:\cert8.db
2018-04-09 22:15 - 2018-01-17 10:34 - 000016384 _____ C:\key3.db
2018-04-09 20:41 - 2016-09-06 20:13 - 000000000 ____D C:\Users\yuki\AppData\Local\Akamai

==================== Files in the root of some directories =======

2016-04-26 09:18 - 2018-04-30 21:03 - 000000033 _____ () C:\Users\yuki\AppData\Roaming\AdobeWLCMCache.dat
2016-07-04 16:46 - 2018-04-12 21:14 - 000001456 _____ () C:\Users\yuki\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-04-10 01:22 - 2016-04-10 01:22 - 000000036 _____ () C:\Users\yuki\AppData\Local\housecall.guid.cache
2016-04-10 12:19 - 2017-10-18 22:46 - 000000010 _____ () C:\Users\yuki\AppData\Local\sponge.last.runtime.cache

Some files in TEMP:
====================
2018-05-06 19:45 - 2006-05-24 13:10 - 000455600 _____ (Macrovision Corporation) C:\Users\yuki\AppData\Local\Temp\_is483A.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-02 21:33

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.05.2018 01
Ran by yuki (07-05-2018 16:51:19)
Running from D:\yuki\Downloads
Windows 10 Home Version 1709 16299.371 (X64) (2017-12-11 15:12:10)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3425793527-2729637829-3367599468-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3425793527-2729637829-3367599468-503 - Limited - Disabled)
Guest (S-1-5-21-3425793527-2729637829-3367599468-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3425793527-2729637829-3367599468-504 - Limited - Disabled)
yuki (S-1-5-21-3425793527-2729637829-3367599468-1000 - Administrator - Enabled) => C:\Users\yuki

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Trend Micro Maximum Security (Disabled - Up to date) {1E5CB925-ABFC-68A9-91DC-4258BDE6C44A}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe After Effects CC 2018 (HKLM-x32\...\AEFT_15_0_1) (Version: 15.0.1 - Adobe Systems Incorporated)
Adobe Bridge CC 2018 (HKLM-x32\...\KBRG_8_0_1) (Version: 8.0.1 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.4.1.298 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2015 (HKLM-x32\...\{EE2A0AA8-0386-11E5-8603-BC82F5DB1A71}) (Version: 16.1.2 - Adobe Systems Incorporated)
Adobe Illustrator CC 2017 (HKLM-x32\...\ILST_21_1_0) (Version: 21.1.0 - Adobe Systems Incorporated)
Adobe InDesign CC 2018 (HKLM-x32\...\IDSN_13_0_1) (Version: 13.0.1 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2018 (HKLM-x32\...\AME_12_0_1) (Version: 12.0.1 - Adobe Systems Incorporated)
Adobe Photoshop CC 2018 (HKLM-x32\...\PHSP_19_0_1) (Version: 19.0.1 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-3425793527-2729637829-3367599468-1000\...\Amazon Kindle) (Version: 1.23.1.50133 - Amazon)
Autodesk 3ds Max 2016 (HKLM\...\{52B37EC7-D836-0410-0464-3C24BCED2010}) (Version: 18.0.873.0 - Autodesk) Hidden
Autodesk 3ds Max 2016 (HKLM\...\Autodesk 3ds Max 2016) (Version: 18.0.873.0 - Autodesk)
Autodesk 3ds Max 2016 Populate Data (HKLM\...\{57E92DED-DC7C-41E5-B9E1-76D83BD2EABE}) (Version: 18.0.0.0 - Autodesk)
Autodesk Advanced Material Library Image Library 2016 (HKLM-x32\...\{94AD53E7-493B-4291-8714-7A3B761D2783}) (Version: 6.3.0.19 - Autodesk)
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 5.0.142.14 - Autodesk)
Autodesk Backburner 2016 (HKLM-x32\...\{8C5F38D2-9EFE-49A4-B3F5-BF3210FED168}) (Version: 16.0.0.0 - Autodesk)
Autodesk Civil View for 3ds Max 2016 64-bit (HKLM\...\{1C4FFAF0-6DBB-4F7A-A386-46747D060826}) (Version: 18.0.0.0 - Autodesk)
Autodesk Inventor Server Engine for 3ds Max 2016 (HKLM\...\{9167CA34-4E58-49E3-8892-3C439739D2D3}) (Version: 18.0 - Autodesk)
Autodesk Material Library 2016 (HKLM-x32\...\{29A7D6EC-63C2-42FD-8143-5812ABD2923F}) (Version: 6.3.0.19 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2016 (HKLM-x32\...\{6B4CFC6E-ECB0-47FE-95D3-65C680ED0687}) (Version: 6.3.0.19 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2016 (HKLM-x32\...\{415A5A54-325E-4815-9940-62A889CA3877}) (Version: 6.3.0.19 - Autodesk)
Autodesk Revit Interoperability for 3ds Max  (HKLM\...\{0BB716E0-1600-0610-0000-097DC2F354DF}) (Version: 16.0.394.0 - Autodesk) Hidden
Autodesk Revit Interoperability for 3ds Max  (HKLM\...\Autodesk Revit Interoperability for 3ds Max ) (Version: 16.0.394.0 - Autodesk)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Blender (HKLM\...\{B1DF3793-1651-4AE5-9CA0-E845DD8B526B}) (Version: 2.79.0 - Blender Foundation)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.34.223.5 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.30 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Hidden
CLIP STUDIO 1.7.3 (HKLM-x32\...\{49274EB8-4598-47E6-8039-9BB7CE07627E}) (Version: 1.7.3 - CELSYS)
CLIP STUDIO PAINT 1.5.4 (HKLM-x32\...\{88B5A062-DDA1-4F62-A4DD-95D0C4F19979}) (Version: 1.5.4 - CELSYS)
CLIP STUDIO PAINT 1.7.3.1 (HKLM-x32\...\{1E4572D2-28BC-4BC9-B743-13DC6CFD71DB}) (Version: 1.7.3.1 - CELSYS)
Discord (HKU\S-1-5-21-3425793527-2729637829-3367599468-1000\...\Discord) (Version: 0.0.301 - Discord Inc.)
GameMaker: Player (HKLM-x32\...\GameMakerPlayer) (Version: 1.4.1416.41504 - YoYo Games Ltd.)
GameMaker-Studio 1.4 (HKU\S-1-5-21-3425793527-2729637829-3367599468-1000\...\GameMaker-Studio14) (Version:  - YoYo Games Ltd.)
GFExperience.Deployer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.Deployer) (Version: 3.10.0.95 - NVIDIA Corporation) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
Intel® Network Connections 19.1.51.0 (HKLM\...\PROSetDX) (Version: 19.1.51.0 - Intel)
Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.5007.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3425793527-2729637829-3367599468-1000\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 59.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.3 (x64 en-US)) (Version: 59.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 59.0.3.6691 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.2 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5007.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5007.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.5007.1000 - Microsoft Corporation) Hidden
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Overwatch Test (HKLM-x32\...\Overwatch Test) (Version:  - Blizzard Entertainment)
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Trend Micro Maximum Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 12.0 - Trend Micro Inc.)
Trend Micro Password Manager (HKLM\...\3A0FB4E3-2C0D-4572-A24D-67F1CAABDDP35_is1) (Version: 3.8.0.1026 - Trend Micro Inc.)
Trend Micro Troubleshooting Tool (HKLM\...\{4B83469E-CE4F-45D0-BC34-CCB7BF194477}) (Version: 6.0.1132 - Trend Micro Inc.)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.29-6 - Wacom Technology Corp.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3425793527-2729637829-3367599468-1000_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-A7A975C454C5}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-3425793527-2729637829-3367599468-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [  FSOverlayIcon] -> {C0829D19-E5A0-44F5-B56E-D15030C53BB9} => C:\Program Files\Trend Micro\Titanium\plugin\TmOverlayIcon.dll [2017-07-23] (Trend Micro Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-01-04] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-01-04] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-01-04] ()
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-01-04] ()
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => D:\Programs\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => D:\Programs\Notepad++\NppShell_06.dll [2016-05-17] ()
ContextMenuHandlers1: [{48F45200-91E6-11CE-8A4F-0080C81A28D4}] -> {48F45200-91E6-11CE-8A4F-0080C81A28D4} => C:\Program Files\Trend Micro\UniClient\UiFrmwrk\tmdshell.dll [2017-07-23] (Trend Micro Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-01-04] ()
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => D:\Programs\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers6: [{48F45200-91E6-11CE-8A4F-0080C81A28D4}] -> {48F45200-91E6-11CE-8A4F-0080C81A28D4} => C:\Program Files\Trend Micro\UniClient\UiFrmwrk\tmdshell.dll [2017-07-23] (Trend Micro Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {12AE840F-91FE-43E2-B923-4C14029AC41F} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {2985CA7C-5036-4A93-9783-BDF628EF45A0} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {3672A34F-441F-4681-BB5A-E87DC5EE5F49} - System32\Tasks\CCleanerSkipUAC => D:\Programs\CCleaner.exe [2017-05-05] (Piriform Ltd)
Task: {3F902350-8CCF-4FC9-8CD4-2ACDD00BA213} - System32\Tasks\AdobeAAMUpdater-1.0-yuki-PC-yuki => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {4B399162-FA1A-4A98-9EAE-45490301DABE} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {4C3004FB-C3FA-4CC7-94C9-429193038A5A} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {54525A17-B7F2-4D4E-94C1-836719680940} - System32\Tasks\NvNotifier_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\GFExperience.Deployer\NvNotifier.exe [2017-11-09] ()
Task: {5F9F6562-2374-4AFC-B6A2-EF5A4210BF73} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation)
Task: {6B95E9E5-A356-493E-90B1-42C232D4C86A} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2016-04-10] ()
Task: {71148312-88D7-43F9-9F19-6695804413A5} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {71B13F02-2318-44A2-B078-A4E1A91756AE} - System32\Tasks\AirSupport Update => C:\Program Files\Trend Micro\AirSupport\Update.exe [2017-07-23] (Trend Micro Inc.)
Task: {71D0EB9C-778B-4667-8BD4-AA0B31D7B4A0} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2017-12-12] (Microsoft Corporation)
Task: {739D1CBE-6572-4AA0-8F48-0594F4D8F9FA} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {7E7C2140-6585-4EBF-92EC-0D88F88EB512} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {82A655CB-C5DA-4640-93D1-5CA70BE24161} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-03-14] (Microsoft Corporation)
Task: {8BE58C17-F851-4DAE-9FD9-5B219D038009} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {9BB132D8-E626-49FE-AE28-93809BEEE63F} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {9D88CDE4-982C-4E2D-9B1C-6417A72F1F37} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {A4A33956-E0B3-4EFA-8869-D0EFDFF2369C} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {A649DA86-57B4-41F0-84E4-174A055219AC} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {A96994C5-957E-4497-96CE-1B3F9298E2AF} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AC5BABD0-0CC2-4FAD-A1D3-B87BA75F4399} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {B594515C-5267-4EF4-B6F3-C7C68B86F052} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BF7B6D01-1A99-4E3F-B53F-1F053E2C6102} - System32\Tasks\AdobeGCInvoker-1.0-yuki-PC-yuki => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-01-05] (Adobe Systems, Incorporated)
Task: {BFB555B2-0938-4A3C-9C8B-85717FEB78D3} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {C0452D50-6192-43B7-A7E1-DE552BF542E0} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C48DD22E-0B49-434A-AF21-68DC758A236D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-03-14] (Microsoft Corporation)
Task: {C7A0A40E-1E1C-4E19-9B72-2DF3468DDB67} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {CFF06C1A-8A9A-4533-8EAF-5D0CC7D0C48F} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D285A4E2-52F3-4328-A2DE-EF5B375F443B} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D379815E-AA15-42BA-AAFC-65B8B5BCDE89} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D6170453-5097-4BD9-B6F4-11AFDAEB1ECD} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {DCEDDFC7-DFDC-424F-BAEF-6EA5FFE1189A} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E3810881-1B0B-4F81-8B03-48FF5F42A46B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E6A03482-AFE1-43F0-8C19-5AA5FEA6C595} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F057643F-D96A-4B66-B8B8-B0C340E75EC3} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation)
Task: {F35722BA-B69D-44A7-9717-34C2402C338A} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-09-29 09:41 - 2017-09-29 09:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-05-28 20:47 - 2013-07-04 03:32 - 000936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2017-10-19 16:03 - 2017-07-23 15:24 - 000131072 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_thread-vc140-mt-1_62.dll
2017-10-19 16:03 - 2017-07-23 15:24 - 000039424 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_system-vc140-mt-1_62.dll
2017-10-19 16:03 - 2017-07-23 15:24 - 000076288 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_date_time-vc140-mt-1_62.dll
2017-10-19 16:03 - 2017-07-23 15:24 - 000048640 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_chrono-vc140-mt-1_62.dll
2017-10-19 16:03 - 2017-07-23 15:24 - 001016320 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_regex-vc140-mt-1_62.dll
2016-04-10 01:54 - 2017-01-17 04:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2017-07-24 10:10 - 2017-01-13 16:41 - 000039424 _____ () C:\Program Files\Trend Micro\TMIDS\boost_system-vc140-mt-1_62.dll
2017-07-24 10:10 - 2017-01-13 16:39 - 000076288 _____ () C:\Program Files\Trend Micro\TMIDS\boost_date_time-vc140-mt-1_62.dll
2018-05-06 19:56 - 2018-03-12 15:09 - 002300192 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-05-06 19:56 - 2018-03-27 13:47 - 002492704 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-12-25 07:27 - 2018-04-03 13:04 - 002288072 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2018-01-04 10:04 - 2018-01-04 10:04 - 000649672 _____ () C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
2016-05-17 18:42 - 2016-05-17 18:42 - 000230064 _____ () D:\Programs\Notepad++\NppShell_06.dll
2018-03-14 18:23 - 2018-02-21 20:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-03-14 18:23 - 2018-02-21 20:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-04-24 17:00 - 2018-04-24 17:00 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-04-24 17:00 - 2018-04-24 17:00 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-04-24 17:00 - 2018-04-24 17:00 - 022320128 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-04-24 17:00 - 2018-04-24 17:00 - 002603008 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\skypert.dll
2018-04-24 17:00 - 2018-04-24 17:00 - 000657408 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2016-04-10 15:38 - 2014-08-19 15:12 - 001356568 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2016-04-10 01:23 - 2017-04-10 23:58 - 000934912 _____ () C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
2018-01-04 10:04 - 2018-01-04 10:04 - 035292104 _____ () C:\Program Files (x86)\Adobe\Adobe Sync\Coresync\Coresync.exe
2017-09-29 09:41 - 2017-09-29 09:41 - 000047616 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUITelemetry.dll
2018-04-10 17:25 - 2018-03-13 01:32 - 004173824 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIDataModel.dll
2018-04-10 17:25 - 2018-03-13 01:31 - 003662336 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIViewModels.dll
2017-05-28 20:47 - 2018-05-07 16:37 - 000040592 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2017-05-28 20:47 - 2013-07-04 03:32 - 000104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2016-09-06 21:27 - 2016-02-24 00:48 - 000062024 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\QtSolutions_Service-head.dll
2016-09-06 21:27 - 2016-02-24 00:47 - 000110664 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\qjson0.dll
2016-04-10 01:20 - 2016-06-14 21:14 - 000020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-04-21 22:36 - 2017-01-26 13:35 - 001078272 _____ () C:\Program Files\Trend Micro\TMIDS\tower\ffmpeg.dll
2018-02-14 06:03 - 2018-02-14 06:03 - 067115984 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2017-04-21 22:36 - 2017-02-23 01:31 - 001922560 _____ () C:\Program Files\Trend Micro\TMIDS\tower\libglesv2.dll
2017-04-21 22:36 - 2017-02-23 01:31 - 000079872 _____ () C:\Program Files\Trend Micro\TMIDS\tower\libegl.dll
2017-04-21 22:36 - 2017-02-23 02:31 - 004834816 _____ () C:\Program Files\Trend Micro\TMIDS\tower\node.dll
2018-04-12 21:33 - 2018-04-12 21:33 - 000142376 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\js\node_modules\fs-ext\build\Release\fs-ext.node
2018-04-12 21:33 - 2018-04-12 21:33 - 000271400 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2018-04-12 21:33 - 2018-04-12 21:33 - 000141864 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\js\node_modules\ref\build\Release\binding.node
2018-04-12 21:33 - 2018-04-12 21:33 - 000150568 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\js\node_modules\ffi\build\Release\ffi_bindings.node
2018-04-12 21:33 - 2018-04-12 21:33 - 000097832 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2018-04-12 21:33 - 2018-04-12 21:33 - 000110120 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\js\node_modules\idle-gc\build\Release\idle-gc.node

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\trendmicro.com -> hxxps://pwm.trendmicro.com
IE trusted site: HKU\S-1-5-21-3425793527-2729637829-3367599468-1000\...\sharepoint.com -> hxxps://exchangelabsgmu-files.sharepoint.com
IE trusted site: HKU\S-1-5-21-3425793527-2729637829-3367599468-1000\...\trendmicro.com -> hxxps://pwm.trendmicro.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3425793527-2729637829-3367599468-1000\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Prompt)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{325D11B9-B991-4CA2-BFE5-B85C7C9370D5}] => (Allow) D:\Programs\Steam\steamapps\common\ArtRage\ArtRage Studio Pro.exe
FirewallRules: [{03BA03E0-D3FB-4272-9918-9D037F6E7D39}] => (Allow) D:\Programs\Steam\steamapps\common\ArtRage\ArtRage Studio Pro.exe
FirewallRules: [{8B13E243-408D-4318-AA9B-E6F3895F8C96}] => (Allow) D:\Programs\Steam\steamapps\common\Spriter\Spriter.exe
FirewallRules: [{5E3B057B-5EB7-49F2-909F-4E65B8956CC9}] => (Allow) D:\Programs\Steam\steamapps\common\Spriter\Spriter.exe
FirewallRules: [UDP Query User{C6F66CC9-BFFC-4828-A3EB-65F25259123E}C:\users\yuki\appdata\roaming\gamemaker-studio\runner.exe] => (Block) C:\users\yuki\appdata\roaming\gamemaker-studio\runner.exe
FirewallRules: [TCP Query User{6DCFEB24-FEFF-44E5-9C0E-58E878C603CB}C:\users\yuki\appdata\roaming\gamemaker-studio\runner.exe] => (Block) C:\users\yuki\appdata\roaming\gamemaker-studio\runner.exe
FirewallRules: [UDP Query User{BEFAF89D-140A-4461-9FEC-6CC1F342DCB2}D:\programs\steam\steamapps\common\divinity original sin 2\bin\eocapp.exe] => (Block) D:\programs\steam\steamapps\common\divinity original sin 2\bin\eocapp.exe
FirewallRules: [TCP Query User{DFF97970-F576-43D8-B4D7-4BDB2D3EA0F3}D:\programs\steam\steamapps\common\divinity original sin 2\bin\eocapp.exe] => (Block) D:\programs\steam\steamapps\common\divinity original sin 2\bin\eocapp.exe
FirewallRules: [{E76DE2D5-D35B-4060-9A73-F4F177A32FC3}] => (Allow) D:\Programs\Steam\steamapps\common\Divinity Original Sin 2\bin\SupportTool.exe
FirewallRules: [{ED6AAFDC-577B-4FE2-9E5F-AA5D1E4D7269}] => (Allow) D:\Programs\Steam\steamapps\common\Divinity Original Sin 2\bin\SupportTool.exe
FirewallRules: [{B4DC41F8-806A-4CBD-ABC7-8AE5E6B71331}] => (Allow) D:\Programs\Steam\steamapps\common\FINAL FANTASY XIV Online\boot\ffxivboot.exe
FirewallRules: [{CF276680-DDC0-46D3-B9B1-E0748481A108}] => (Allow) D:\Programs\Steam\steamapps\common\FINAL FANTASY XIV Online\boot\ffxivboot.exe
FirewallRules: [{A9928748-8B8E-43CB-8FC1-5BBDC7FB1903}] => (Allow) D:\Programs\Steam\steamapps\common\Broforce\Broforce_beta.exe
FirewallRules: [{18136B59-D28F-4A12-895B-476ECDA019D9}] => (Allow) D:\Programs\Steam\steamapps\common\Broforce\Broforce_beta.exe
FirewallRules: [{EDA461C6-6B3C-437B-AB31-3BCFC4F4F7AB}] => (Allow) D:\Programs\Steam\steamapps\common\Uncanny Valley\PPA2IP.exe
FirewallRules: [{F9E15FBF-DF33-44A8-87EA-68EF878E3B9C}] => (Allow) D:\Programs\Steam\steamapps\common\Uncanny Valley\PPA2IP.exe
FirewallRules: [{6F0BF685-9776-4CD6-AF5C-13296C79BD25}] => (Allow) D:\Programs\Steam\steamapps\common\Home\home-win-eng.exe
FirewallRules: [{3F98370F-DD8B-4163-AF9B-073086D9A640}] => (Allow) D:\Programs\Steam\steamapps\common\Home\home-win-eng.exe
FirewallRules: [{7083AF87-8BCE-4343-B988-B7E927D714A8}] => (Allow) D:\Programs\Steam\steamapps\common\The Void\bin\win32\Config.exe
FirewallRules: [{07AB974E-2466-4E77-BB7A-60DA839BF573}] => (Allow) D:\Programs\Steam\steamapps\common\The Void\bin\win32\Config.exe
FirewallRules: [{645989D3-EFE9-41C8-B10C-4CBEAA7AC873}] => (Allow) D:\Programs\Steam\steamapps\common\The Void\bin\win32\Game.exe
FirewallRules: [{9737818E-BD52-4BB8-A4B1-25994CD39232}] => (Allow) D:\Programs\Steam\steamapps\common\The Void\bin\win32\Game.exe
FirewallRules: [{99C196AF-A48A-4F50-803F-221BBDEDE802}] => (Allow) D:\Programs\Steam\steamapps\common\Meadow\Meadow.exe
FirewallRules: [{4D08D0A0-E03A-45C8-840C-019CD59E99EB}] => (Allow) D:\Programs\Steam\steamapps\common\Meadow\Meadow.exe
FirewallRules: [{FDAD85AC-7DC0-44AA-B9E4-68EB99F21CE1}] => (Allow) D:\Programs\Steam\steamapps\common\Shelter2\Shelter2.exe
FirewallRules: [{CF9245F2-8FBE-429D-A789-774D26DABE7F}] => (Allow) D:\Programs\Steam\steamapps\common\Shelter2\Shelter2.exe
FirewallRules: [UDP Query User{145870D8-0464-4A2F-ACDA-BA983CCDA846}D:\programs\steam\steamapps\common\abzu\abzugame\binaries\win64\abzugame-win64-shipping.exe] => (Block) D:\programs\steam\steamapps\common\abzu\abzugame\binaries\win64\abzugame-win64-shipping.exe
FirewallRules: [TCP Query User{A698B16C-32C3-4530-8C74-7378FE7D30AF}D:\programs\steam\steamapps\common\abzu\abzugame\binaries\win64\abzugame-win64-shipping.exe] => (Block) D:\programs\steam\steamapps\common\abzu\abzugame\binaries\win64\abzugame-win64-shipping.exe
FirewallRules: [{835A2B66-522F-459D-BBB5-2D33319EEA8C}] => (Allow) D:\Programs\Steam\steamapps\common\ABZU\AbzuGame.exe
FirewallRules: [{87BD75F0-5510-46FC-BA14-9403F3B3FBA2}] => (Allow) D:\Programs\Steam\steamapps\common\ABZU\AbzuGame.exe
FirewallRules: [UDP Query User{10185C05-8B89-49AE-991F-0240CD79FDFC}D:\programs\overwatch\overwatch.exe] => (Allow) D:\programs\overwatch\overwatch.exe
FirewallRules: [TCP Query User{C6D32C34-2FC0-47F4-A4E2-DEBBCAEAA08C}D:\programs\overwatch\overwatch.exe] => (Allow) D:\programs\overwatch\overwatch.exe
FirewallRules: [{7A4D3181-4CBD-41CF-A1CC-F5B9BF3EE909}] => (Allow) D:\Programs\Steam\steamapps\common\MGS_TPP\mgsvtpp.exe
FirewallRules: [{F9D7D22A-3035-4B9D-820A-58DD5798AA80}] => (Allow) D:\Programs\Steam\steamapps\common\MGS_TPP\mgsvtpp.exe
FirewallRules: [{B2833EFC-9C32-46E1-A976-1571844291C5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{ED581585-F218-48FE-874A-43892C30A7D8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{4FFC7522-A853-4398-83F7-D76D1D02030E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{36F4F5C4-F6B0-4181-9779-ED5556D6717B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{5D2B75A4-F200-4C56-84D4-89D4F3F1996E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{A201BB72-BED8-4A6F-938A-89436CDF26CC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{5E82C501-B77D-4DBC-A469-66FD9B05DD35}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{BD0CDF0A-092F-4EA6-BCA8-E322ACABEA36}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F2BAFC77-EE4F-4FBC-9C4B-4C8176F09594}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{DE89DDF8-B1AF-4476-96BF-D14C933DDFD8}] => (Allow) D:\Programs\Steam\Steam.exe
FirewallRules: [{3AF120E0-E880-41D9-85B1-6DCB817DF6A2}] => (Allow) D:\Programs\Steam\Steam.exe
FirewallRules: [{44E7E0E2-22F2-46F2-BACF-BB2509D5D683}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{74278D25-020C-474B-BE61-C45194155399}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{F3BC7991-7CC3-4417-AD55-65F226B6B558}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{62DBB476-634F-467F-853A-2497C69B1200}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{2571DC5A-490D-482B-B4D0-3EBEA07D673D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{1261D9E0-E35C-4AA2-8F7A-A55B197623F8}] => (Allow) D:\Programs\Steam\steamapps\common\VA-11 HALL-A\VA-11 Hall A.exe
FirewallRules: [{2FE96226-E4C0-487A-A48F-96E42F5C8523}] => (Allow) D:\Programs\Steam\steamapps\common\VA-11 HALL-A\VA-11 Hall A.exe
FirewallRules: [TCP Query User{6E5B1C8B-AA73-4966-A4DE-4E005DADE2DF}C:\users\yuki\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\yuki\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{943500F2-5A8C-4C90-AC3B-2581E224DB07}C:\users\yuki\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\yuki\appdata\local\akamai\netsession_win.exe
FirewallRules: [{2286FE77-93DC-483F-AD02-96ECB4D04A8E}] => (Allow) LPort=50655
FirewallRules: [{B931FB71-6A7D-4FAF-BAC0-122E6BA07EE9}] => (Allow) LPort=5000
FirewallRules: [{31476C8E-E9BE-475E-8394-C552FB2C9285}] => (Allow) D:\Programs\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64server.exe
FirewallRules: [{376A24C5-089A-4537-B4F4-694B134C12E5}] => (Allow) D:\Programs\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64server.exe
FirewallRules: [{AF326555-C69F-4D05-B476-07F37D9DEE2B}] => (Allow) D:\Programs\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64.exe
FirewallRules: [{7468FA3A-21F6-4E6D-B3B9-19EF6128A003}] => (Allow) D:\Programs\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64.exe
FirewallRules: [{816B0510-48F1-4CD5-BDDB-680DEC65C40D}] => (Allow) D:\Programs\Steam\steamapps\common\the witcher 2\Launcher.exe
FirewallRules: [{A1AECD4A-B4ED-462E-9603-AC5AEE5AF36B}] => (Allow) D:\Programs\Steam\steamapps\common\the witcher 2\Launcher.exe
FirewallRules: [TCP Query User{523BFE6E-6255-4803-B99E-021EA9C4B823}D:\programs\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Block) D:\programs\steam\steamapps\common\the witcher 2\bin\witcher2.exe
FirewallRules: [UDP Query User{DDFA02F8-20E9-4175-A42F-5D44EAF7DBF0}D:\programs\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Block) D:\programs\steam\steamapps\common\the witcher 2\bin\witcher2.exe
FirewallRules: [TCP Query User{8584E725-55B7-4632-9344-1C9962F3B616}D:\programs\overwatch test\overwatch.exe] => (Block) D:\programs\overwatch test\overwatch.exe
FirewallRules: [UDP Query User{4C526988-D492-476C-93B6-9FF75C57783A}D:\programs\overwatch test\overwatch.exe] => (Block) D:\programs\overwatch test\overwatch.exe
FirewallRules: [{8D7BB9B3-12D1-4F69-87B2-F2AC5A4B79BA}] => (Allow) D:\Programs\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{DF71B3EC-1A70-4989-B836-7D7D88B3951E}] => (Allow) D:\Programs\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{67B21CE8-B501-40A1-82B9-22A5106E54F2}] => (Allow) D:\Programs\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{6241E25D-B978-4DFE-AE05-3336A412A271}] => (Allow) D:\Programs\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{0E11725F-B419-481A-9132-DF1E242B0038}] => (Allow) D:\Programs\Steam\steamapps\common\DDDA\DDDA.exe
FirewallRules: [{FD919376-B3C3-4A0E-B85B-CF78F942BA35}] => (Allow) D:\Programs\Steam\steamapps\common\DDDA\DDDA.exe
FirewallRules: [TCP Query User{434CD74E-D97C-4907-BE28-F831DF957275}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{6F80DAE5-F2A7-416A-8121-5E69963D0419}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{84954939-5E28-43FA-89C4-A93A3AA4AC6F}] => (Allow) D:\Programs\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{028642BB-3995-4AEE-B944-3ED96AD04634}] => (Allow) D:\Programs\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{654F0A01-E77A-43DD-A420-FB4AA69E99F7}] => (Allow) D:\Programs\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{C95A1A61-DC0D-4085-ABA5-E5FAAC392D69}] => (Allow) D:\Programs\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{11AA2E23-D60C-480B-A37A-1B979981C8FA}] => (Allow) D:\Programs\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{E4D90279-5836-422E-A20F-BBADA372C10F}] => (Allow) D:\Programs\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{7FD0949E-3CEF-416D-B95B-85E307A87DA4}] => (Allow) D:\Programs\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{52E95C45-C278-4322-8346-DEC27DD1F5F8}] => (Allow) D:\Programs\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{7CA4C40B-73D0-4FE5-B8B2-E909E4328A8E}] => (Allow) D:\Programs\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{4813C5E6-1A3F-4BBF-8DC1-EF705B9E5261}] => (Allow) D:\Programs\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{A7922CD8-06A6-4761-AF2C-A32A8EF421E0}] => (Allow) D:\Programs\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{B176D747-0322-4A39-B22D-3D4E43CA847C}] => (Allow) D:\Programs\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/06/2018 08:09:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.16299.371, time stamp: 0x5abdadc7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x2950
Faulting application start time: 0x01d3e597961b200c
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: unknown
Report Id: ebb18c86-82c1-4236-9d63-f7228d99dc67
Faulting package full name: Microsoft.MicrosoftEdge_41.16299.371.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess

Error: (05/06/2018 08:08:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.16299.371, time stamp: 0x5abdadc7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x3ed4
Faulting application start time: 0x01d3e5979356f1bc
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: unknown
Report Id: b5724043-7c20-4d49-beb3-e79a0ec0f396
Faulting package full name: Microsoft.MicrosoftEdge_41.16299.371.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess

Error: (05/01/2018 08:13:58 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files\Microsoft Office 15\root\office15\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (04/29/2018 09:34:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Wacom_Tablet.exe, version: 6.3.29.6, time stamp: 0x5ac3b309
Faulting module name: Wacom_Tablet.exe, version: 6.3.29.6, time stamp: 0x5ac3b309
Exception code: 0xc0000409
Fault offset: 0x0000000000656f38
Faulting process id: 0x1ac0
Faulting application start time: 0x01d3df662e0d40b6
Faulting application path: C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
Faulting module path: C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
Report Id: e6b4be0c-db0b-4545-b923-cc524596eef5
Faulting package full name:
Faulting package-relative application ID:

Error: (04/26/2018 10:04:59 AM) (Source: ESENT) (EventID: 471) (User: )
Description: svchost (3352,D,0) SRUJet: Unable to rollback operation #-11949 on database C:\WINDOWS\system32\SRU\SRUDB.dat. Error: -510. All future database updates will be rejected.

Error: (04/26/2018 10:04:59 AM) (Source: ESENT) (EventID: 492) (User: )
Description: svchost (3352,D,0) SRUJet: The logfile sequence in "C:\WINDOWS\system32\SRU\" has been halted due to a fatal error.  No further updates are possible for the databases that use this logfile sequence.  Please correct the problem and restart or restore from backup.

Error: (04/26/2018 10:04:59 AM) (Source: ESENT) (EventID: 413) (User: )
Description: svchost (3352,D,0) SRUJet: Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1022.

Error: (04/26/2018 10:04:59 AM) (Source: ESENT) (EventID: 482) (User: )
Description: svchost (3352,D,0) SRUJet: An attempt to write to the file "C:\WINDOWS\system32\SRU\SRUtmp.log" at offset 0 (0x0000000000000000) for 0 (0x00000000) bytes failed after 26.500 seconds with system error 1224 (0x000004c8): "The requested operation cannot be performed on a file with a user-mapped section open. ".  The write operation will fail with error -1022 (0xfffffc02).  If this error persists then the file may be damaged and may need to be restored from a previous backup.


System errors:
=============
Error: (05/07/2018 04:37:08 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:04:52 PM on ‎5/‎6/‎2018 was unexpected.

Error: (05/07/2018 04:37:01 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
Description: 3221225684A fatal error occurred processing the restoration data.

Error: (05/06/2018 09:44:28 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service dps with arguments "Unavailable" in order to run the server:
{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}

Error: (05/06/2018 09:44:28 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service dps with arguments "Unavailable" in order to run the server:
{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}

Error: (05/06/2018 09:44:26 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service dps with arguments "Unavailable" in order to run the server:
{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}

Error: (05/06/2018 09:44:07 PM) (Source: DCOM) (EventID: 10005) (User: yuki-PC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (05/06/2018 09:43:42 PM) (Source: DCOM) (EventID: 10005) (User: yuki-PC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (05/06/2018 09:43:41 PM) (Source: DCOM) (EventID: 10005) (User: yuki-PC)
Description: DCOM got error "1084" attempting to start the service TokenBroker with arguments "Unavailable" in order to run the server:
Windows.Internal.Security.Authentication.Web.TokenBrokerInternal


CodeIntegrity:
===================================

Date: 2018-03-17 14:44:12.049
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-17 14:44:12.034
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-17 14:44:12.017
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-17 14:44:11.984
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-17 14:44:11.978
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-17 14:44:11.973
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-17 14:44:11.348
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-17 14:44:11.283
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Intel® Core™ i5-4690K CPU @ 3.50GHz
Percentage of memory in use: 31%
Total physical RAM: 8132.49 MB
Available physical RAM: 5583.57 MB
Total Virtual: 16324.49 MB
Available Virtual: 13666.37 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.25 GB) (Free:53.35 GB) NTFS
Drive d: () (Fixed) (Total:931.51 GB) (Free:705.6 GB) NTFS

\\?\Volume{21186c8f-fee9-11e5-8f93-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
\\?\Volume{65ccf9ae-0000-0000-0000-60d61b000000}\ () (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 65CCF9AE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 65CCF9BB)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:27 AM

Posted 08 May 2018 - 07:43 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

No malware was found in your logs.

Run this fix to clean enpty entries.

ATTENTION: System Restore is disabled
Turn System Restore On for Drives in Windows 10
http://www.tenforums.com/tutorials/4533-system-protection-turn-off-drives-windows-10-a.html
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3425793527-2729637829-3367599468-1000\...\Run: [AdobeBridge] => [X]
BHO: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> No File
BHO-x32: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> No File
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe32.dll No File
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [No File]

CustomCLSID: HKU\S-1-5-21-3425793527-2729637829-3367599468-1000_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-A7A975C454C5}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
Task: {2985CA7C-5036-4A93-9783-BDF628EF45A0} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {A4A33956-E0B3-4EFA-8869-D0EFDFF2369C} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
DNS Servers: Media is not connected to internet.
C:\Users\yuki\AppData\Local\Temp\_is483A.exe

cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Work with the computer a few days and let me know how things are.

#3 rakou

rakou
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 08 May 2018 - 07:05 PM

Thanks for your assistance, I'm glad to hear it's not a malware problem.

I turned on System Restore and I ran the FRST fix you recommended. here's that log:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 06.05.2018 01
Ran by yuki (08-05-2018 19:57:49) Run:1
Running from D:\yuki\Downloads
Loaded Profiles: yuki (Available Profiles: yuki & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3425793527-2729637829-3367599468-1000\...\Run: [AdobeBridge] => [X]
BHO: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> No File
BHO-x32: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> No File
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe32.dll No File
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [No File]

CustomCLSID: HKU\S-1-5-21-3425793527-2729637829-3367599468-1000_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-A7A975C454C5}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
Task: {2985CA7C-5036-4A93-9783-BDF628EF45A0} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {A4A33956-E0B3-4EFA-8869-D0EFDFF2369C} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
DNS Servers: Media is not connected to internet.
C:\Users\yuki\AppData\Local\Temp\_is483A.exe

cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew

End

*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKU\S-1-5-21-3425793527-2729637829-3367599468-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}" => removed successfully
"HKLM\Software\Classes\CLSID\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}" => removed successfully
"HKLM\Software\Classes\PROTOCOLS\Handler\tmbp" => removed successfully
"HKLM\Software\Classes\CLSID\{1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF}" => removed successfully
"HKLM\Software\MozillaPlugins\wacom.com/WacomTabletPlugin" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\wacom.com/WacomTabletPlugin" => removed successfully
"HKU\S-1-5-21-3425793527-2729637829-3367599468-1000_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-A7A975C454C5}" => removed successfully
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets" => removed successfully
HKLM\Software\Classes\CLSID\{6B9228DA-9C15-419e-856C-19E768A13BDC} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2985CA7C-5036-4A93-9783-BDF628EF45A0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2985CA7C-5036-4A93-9783-BDF628EF45A0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A4A33956-E0B3-4EFA-8869-D0EFDFF2369C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A4A33956-E0B3-4EFA-8869-D0EFDFF2369C}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.
DNS Servers: Media is not connected to internet. => Error: No automatic fix found for this entry.
C:\Users\yuki\AppData\Local\Temp\_is483A.exe => moved successfully

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= IPCONFIG /release =========


Windows IP Configuration

No operation can be performed on Ethernet 2 while it has its media disconnected.
No operation can be performed on Wi-Fi while it has its media disconnected.
No operation can be performed on Ethernet while it has its media disconnected.

========= End of CMD: =========


========= IPCONFIG /renew =========


Windows IP Configuration

No operation can be performed on Ethernet 2 while it has its media disconnected.
No operation can be performed on Wi-Fi while it has its media disconnected.
No operation can be performed on Ethernet while it has its media disconnected.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 7364608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 272214718 B
Java, Flash, Steam htmlcache => 713060674 B
Windows/system/drivers => 11204633 B
Edge => 0 B
Chrome => 114688 B
Firefox => 26585959 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 2560 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 76400194 B
systemprofile32 => 0 B
LocalService => 4922 B
NetworkService => 0 B
yuki => 272974400 B
DefaultAppPool => 0 B

RecycleBin => 13324 B
EmptyTemp: => 1.3 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 08-05-2018 19:59:06)


Result of scheduled keys to remove after reboot:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.

==== End of Fixlog 19:59:06 ====



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:27 AM

Posted 09 May 2018 - 06:48 AM

Hi,

Looking good.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

#5 rakou

rakou
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 09 May 2018 - 04:28 PM

Thank you for the tips!

My only other concern is Malwarebytes still won't open unless I'm in safe mode. Could my other antivirus (Trend Micro) be conflicting with it?

 

It's not a huge issue, since I still have half a year left with Trend Micro, and I wouldn't switch over until my subscription runs out regardless.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:27 AM

Posted 10 May 2018 - 07:33 AM

Hi,

Run this Cleaning tool.

Malwarebytes Cleanup Utility download and instructions
https://support.malwarebytes.com/docs/DOC-1112

When competed restart the computer normally.

Reinstall MBAM and Scan the Computer.

How is it now?

#7 rakou

rakou
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 10 May 2018 - 06:19 PM

Tried to do a clean re-install, but the window still won't open for me. The MB Cleaner gave me a results log, should I post that?



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:27 AM

Posted 11 May 2018 - 07:09 AM

Yes please do.

#9 rakou

rakou
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 11 May 2018 - 07:25 PM

Okay, here it is. Ive been trying to install the program to my D drive since my C drive is an SSD and I want to keep it as clean as possible. Should I try installing to the C drive next time?

 

2018-05-10 19:11:48.210   Warning!!! license key is empty.
2018-05-10 19:11:48.257   mb-clean:3.1.0.1035  @ Malwarebytes. All rights reserved.
2018-05-10 19:11:49.653   Trying to change the start type of MBAMChameleon.
2018-05-10 19:11:49.656   MBAMChameleon is disabled successfully.
2018-05-10 19:11:49.659   Trying to disable self-protection.
2018-05-10 19:11:49.674   Launching process:"D:\Programs\Anti-Malware\unins000.exe" /LOG /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /log="C:\Users\yuki\AppData\Local\Temp\Mbam3x.log"
2018-05-10 19:11:53.456   >>>>>> Starting 2nd phase cleanup for Malwarebytes version 3.5.1.2522 <<<<<<
2018-05-10 19:11:53.458   HKLM\SYSTEM\CurrentControlSet\Services\ESProtectionDriver does not exist.
2018-05-10 19:11:53.461   HKLM\SYSTEM\CurrentControlSet\Services\MBAMChameleon does not exist.
2018-05-10 19:11:53.463   HKLM\SYSTEM\CurrentControlSet\Services\MBAMFarflt does not exist.
2018-05-10 19:11:53.464   HKLM\SYSTEM\CurrentControlSet\Services\MBAMProtection does not exist.
2018-05-10 19:11:53.466   HKLM\SYSTEM\CurrentControlSet\Services\MBAMService does not exist.
2018-05-10 19:11:53.468   HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy does not exist.
2018-05-10 19:11:53.469   HKLM\SYSTEM\CurrentControlSet\Services\MBAMWebProtection does not exist.
2018-05-10 19:11:54.380   Trying to delete path C:\ProgramData\Malwarebytes\
2018-05-10 19:11:54.382   Cannot delete path C:\ProgramData\Malwarebytes\, reason:(The system cannot find the path specified.(error=3))
2018-05-10 19:11:54.384   Trying to delete path C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\
2018-05-10 19:11:54.385   Cannot delete path C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\, reason:(The system cannot find the path specified.(error=3))
2018-05-10 19:11:54.387   Trying to delete path D:\Programs\Anti-Malware\
2018-05-10 19:11:54.388   Trying to delete file or folder: D:\Programs\Anti-Malware\mbshlext.dll
2018-05-10 19:11:54.390   Failed to delete D:\Programs\Anti-Malware\mbshlext.dll, reason:(Access is denied.(error=5))
2018-05-10 19:11:54.391   Trying to delete file or folder D:\Programs\Anti-Malware\mbshlext.dll on reboot
2018-05-10 19:11:54.412   Trying to delete file or folder: D:\Programs\Anti-Malware\
2018-05-10 19:11:54.414   Failed to delete D:\Programs\Anti-Malware\, reason:(The directory is not empty.(error=145))
2018-05-10 19:11:54.415   Trying to delete file or folder D:\Programs\Anti-Malware\ on reboot
2018-05-10 19:11:54.418   Trying to delete REG key: HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService
2018-05-10 19:11:54.423   Trying to delete REG key: HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService
2018-05-10 19:11:54.427   --------BEGINNING OF THE UNINSTALLER LOG FILE ----------
2018-05-10 19:11:50.142   Log opened. (Time zone: UTC-04:00)
2018-05-10 19:11:50.142   Setup version: Inno Setup version 5.5.8 (u)
2018-05-10 19:11:50.142   Original Uninstall EXE: D:\Programs\Anti-Malware\unins000.exe
2018-05-10 19:11:50.142   Uninstall DAT: D:\Programs\Anti-Malware\unins000.dat
2018-05-10 19:11:50.142   Uninstall command line: /SECONDPHASE="D:\Programs\Anti-Malware\unins000.exe" /FIRSTPHASEWND=$220032 /LOG /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /log="C:\Users\yuki\AppData\Local\Temp\Mbam3x.log"
2018-05-10 19:11:50.142   Windows version: 10.0.16299  (NT platform: Yes)
2018-05-10 19:11:50.142   64-bit Windows: Yes
2018-05-10 19:11:50.142   Processor architecture: x64
2018-05-10 19:11:50.142   User privileges: Administrative
2018-05-10 19:11:50.144   64-bit install mode: Yes
2018-05-10 19:11:50.144   Created temporary directory: C:\Users\yuki\AppData\Local\Temp\is-0Q2HE.tmp
2018-05-10 19:11:50.407   Uninstalling service
2018-05-10 19:11:52.928   Installed service, result 0
2018-05-10 19:11:52.928   Uninstall service complete
2018-05-10 19:11:52.997   Uninstall from Security Center , result 0
2018-05-10 19:11:52.999   Removing mbshlext.dll
2018-05-10 19:11:53.001   Spawning 64-bit RegSvr32: "C:\WINDOWS\system32\regsvr32.exe" /u /s "D:\Programs\Anti-Malware\mbshlext.dll"
2018-05-10 19:11:53.097   Remove mbshlext.dll on reboot
2018-05-10 19:11:53.099   Remove D:\Programs\Anti-Malware\ on reboot
2018-05-10 19:11:53.101   Remove C:\Program Files\Malwarebytes\ on reboot
2018-05-10 19:11:53.102   Starting the uninstallation process.
2018-05-10 19:11:53.274   Deleting file: C:\Users\Public\Desktop\Malwarebytes.lnk
2018-05-10 19:11:53.288   Deleting file: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Uninstall Malwarebytes.lnk
2018-05-10 19:11:53.289   Deleting directory: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-05-10 19:11:53.290   Failed to delete directory (145). Will retry later.
2018-05-10 19:11:53.300   Deleting file: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Malwarebytes.lnk
2018-05-10 19:11:53.302   Deleting directory: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-05-10 19:11:53.303   Deleting file: D:\Programs\Anti-Malware\zlib.dll
2018-05-10 19:11:53.303   Deleting file: D:\Programs\Anti-Malware\ssleay32.dll
2018-05-10 19:11:53.304   Deleting file: D:\Programs\Anti-Malware\libeay32.dll
2018-05-10 19:11:53.304   Deleting file: D:\Programs\Anti-Malware\7z.dll
2018-05-10 19:11:53.305   Deleting file: D:\Programs\Anti-Malware\mbae.dll
2018-05-10 19:11:53.306   Deleting file: D:\Programs\Anti-Malware\MbamPt.exe
2018-05-10 19:11:53.307   Deleting file: D:\Programs\Anti-Malware\SelfProtectionSdk.dll
2018-05-10 19:11:53.307   Deleting file: D:\Programs\Anti-Malware\SelfProtectionShim.dll
2018-05-10 19:11:53.308   Deleting file: D:\Programs\Anti-Malware\rtp.dll
2018-05-10 19:11:53.309   Deleting file: D:\Programs\Anti-Malware\RtpShim.dll
2018-05-10 19:11:53.309   Deleting file: D:\Programs\Anti-Malware\Swissarmy.dll
2018-05-10 19:11:53.310   Deleting file: D:\Programs\Anti-Malware\SwissarmyShim.dll
2018-05-10 19:11:53.311   Deleting file: D:\Programs\Anti-Malware\MwacLib.dll
2018-05-10 19:11:53.312   Deleting file: D:\Programs\Anti-Malware\MwacSdkShim.dll
2018-05-10 19:11:53.312   Deleting file: D:\Programs\Anti-Malware\MBAMCore.dll
2018-05-10 19:11:53.314   Deleting file: D:\Programs\Anti-Malware\MBAMShim.dll
2018-05-10 19:11:53.314   Deleting file: D:\Programs\Anti-Malware\arwlib.dll
2018-05-10 19:11:53.315   Deleting file: D:\Programs\Anti-Malware\ArwSdkShim.dll
2018-05-10 19:11:53.316   Deleting file: D:\Programs\Anti-Malware\mbae-api-na.dll
2018-05-10 19:11:53.316   Deleting file: C:\WINDOWS\system32\drivers\mbae64.sys
2018-05-10 19:11:53.322   Deleting file: D:\Programs\Anti-Malware\mbae64.dll
2018-05-10 19:11:53.322   Deleting file: D:\Programs\Anti-Malware\AeShim.dll
2018-05-10 19:11:53.323   Deleting file: D:\Programs\Anti-Malware\BrowserSDKDLLShim.dll
2018-05-10 19:11:53.324   Deleting file: D:\Programs\Anti-Malware\BrowserSDKDLL.dll
2018-05-10 19:11:53.325   Deleting file: D:\Programs\Anti-Malware\ActionsShim.dll
2018-05-10 19:11:53.326   Deleting file: D:\Programs\Anti-Malware\Actions.dll
2018-05-10 19:11:53.327   Deleting file: D:\Programs\Anti-Malware\SPControllerImpl.dll
2018-05-10 19:11:53.327   Deleting file: D:\Programs\Anti-Malware\UpdateControllerImpl.dll
2018-05-10 19:11:53.328   Deleting file: D:\Programs\Anti-Malware\AEControllerImpl.dll
2018-05-10 19:11:53.329   Deleting file: D:\Programs\Anti-Malware\TelemetryControllerImpl.dll
2018-05-10 19:11:53.330   Deleting file: D:\Programs\Anti-Malware\ScanControllerImpl.dll
2018-05-10 19:11:53.331   Deleting file: D:\Programs\Anti-Malware\RTPControllerImpl.dll
2018-05-10 19:11:53.332   Deleting file: D:\Programs\Anti-Malware\PoliciesControllerImpl.dll
2018-05-10 19:11:53.333   Deleting file: D:\Programs\Anti-Malware\MWACControllerImpl.dll
2018-05-10 19:11:53.334   Deleting file: D:\Programs\Anti-Malware\LicenseControllerImpl.dll
2018-05-10 19:11:53.335   Deleting file: D:\Programs\Anti-Malware\CloudControllerImpl.dll
2018-05-10 19:11:53.336   Deleting file: D:\Programs\Anti-Malware\CleanControllerImpl.dll
2018-05-10 19:11:53.337   Deleting file: D:\Programs\Anti-Malware\ArwControllerImpl.dll
2018-05-10 19:11:53.338   Deleting file: D:\Programs\Anti-Malware\MBAMService.exe
2018-05-10 19:11:53.340   Deleting file: D:\Programs\Anti-Malware\MBAMWsc.exe
2018-05-10 19:11:53.340   Deleting file: D:\Programs\Anti-Malware\Languages\lang_bg.qm
2018-05-10 19:11:53.341   Deleting file: D:\Programs\Anti-Malware\Languages\lang_sk.qm
2018-05-10 19:11:53.341   Deleting file: D:\Programs\Anti-Malware\Languages\lang_sl.qm
2018-05-10 19:11:53.342   Deleting file: D:\Programs\Anti-Malware\Languages\lang_hr.qm
2018-05-10 19:11:53.343   Deleting file: D:\Programs\Anti-Malware\Languages\lang_ro.qm
2018-05-10 19:11:53.343   Deleting file: D:\Programs\Anti-Malware\Languages\lang_ko.qm
2018-05-10 19:11:53.344   Deleting file: D:\Programs\Anti-Malware\Languages\lang_zh_TW.qm
2018-05-10 19:11:53.344   Deleting file: D:\Programs\Anti-Malware\Languages\lang_cs.qm
2018-05-10 19:11:53.345   Deleting file: D:\Programs\Anti-Malware\Languages\lang_hu.qm
2018-05-10 19:11:53.345   Deleting file: D:\Programs\Anti-Malware\Languages\lang_ja.qm
2018-05-10 19:11:53.346   Deleting file: D:\Programs\Anti-Malware\Languages\lang_fi.qm
2018-05-10 19:11:53.346   Deleting file: D:\Programs\Anti-Malware\Languages\lang_no.qm
2018-05-10 19:11:53.347   Deleting file: D:\Programs\Anti-Malware\Languages\lang_da.qm
2018-05-10 19:11:53.347   Deleting file: D:\Programs\Anti-Malware\Languages\lang_sv.qm
2018-05-10 19:11:53.347   Deleting file: D:\Programs\Anti-Malware\Languages\lang_es.qm
2018-05-10 19:11:53.348   Deleting file: D:\Programs\Anti-Malware\Languages\lang_ru.qm
2018-05-10 19:11:53.348   Deleting file: D:\Programs\Anti-Malware\Languages\lang_pt_PT.qm
2018-05-10 19:11:53.349   Deleting file: D:\Programs\Anti-Malware\Languages\lang_pt_BR.qm
2018-05-10 19:11:53.349   Deleting file: D:\Programs\Anti-Malware\Languages\lang_pl.qm
2018-05-10 19:11:53.350   Deleting file: D:\Programs\Anti-Malware\Languages\lang_nl.qm
2018-05-10 19:11:53.350   Deleting file: D:\Programs\Anti-Malware\Languages\lang_it.qm
2018-05-10 19:11:53.351   Deleting file: D:\Programs\Anti-Malware\Languages\lang_fr.qm
2018-05-10 19:11:53.351   Deleting file: D:\Programs\Anti-Malware\Languages\lang_de.qm
2018-05-10 19:11:53.352   Deleting file: D:\Programs\Anti-Malware\Languages\lang_en_US.qm
2018-05-10 19:11:53.352   Deleting file: D:\Programs\Anti-Malware\Languages\lang_en_GB.qm
2018-05-10 19:11:53.352   Deleting directory: D:\Programs\Anti-Malware\Languages
2018-05-10 19:11:53.353   Deleting file: D:\Programs\Anti-Malware\QtQuick.2\qtquick2plugin.dll
2018-05-10 19:11:53.353   Deleting file: D:\Programs\Anti-Malware\QtQuick.2\qmldir
2018-05-10 19:11:53.354   Deleting file: D:\Programs\Anti-Malware\QtQuick.2\plugins.qmltypes
2018-05-10 19:11:53.354   Deleting directory: D:\Programs\Anti-Malware\QtQuick.2
2018-05-10 19:11:53.354   Deleting file: D:\Programs\Anti-Malware\QtQuick\Window.2\windowplugin.dll
2018-05-10 19:11:53.355   Deleting file: D:\Programs\Anti-Malware\QtQuick\Window.2\qmldir
2018-05-10 19:11:53.355   Deleting file: D:\Programs\Anti-Malware\QtQuick\Window.2\plugins.qmltypes
2018-05-10 19:11:53.356   Deleting directory: D:\Programs\Anti-Malware\QtQuick\Window.2
2018-05-10 19:11:53.356   Deleting file: D:\Programs\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll
2018-05-10 19:11:53.356   Deleting file: D:\Programs\Anti-Malware\QtQuick\PrivateWidgets\qmldir
2018-05-10 19:11:53.357   Deleting file: D:\Programs\Anti-Malware\QtQuick\PrivateWidgets\plugins.qmltypes
2018-05-10 19:11:53.357   Deleting directory: D:\Programs\Anti-Malware\QtQuick\PrivateWidgets
2018-05-10 19:11:53.358   Deleting file: D:\Programs\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
2018-05-10 19:11:53.358   Deleting file: D:\Programs\Anti-Malware\QtQuick\Layouts\qmldir
2018-05-10 19:11:53.359   Deleting file: D:\Programs\Anti-Malware\QtQuick\Layouts\plugins.qmltypes
2018-05-10 19:11:53.359   Deleting directory: D:\Programs\Anti-Malware\QtQuick\Layouts
2018-05-10 19:11:53.359   Deleting file: D:\Programs\Anti-Malware\QtQuick\Extras\qtquickextrasplugin.dll
2018-05-10 19:11:53.360   Deleting file: D:\Programs\Anti-Malware\QtQuick\Extras\qmldir
2018-05-10 19:11:53.360   Deleting file: D:\Programs\Anti-Malware\QtQuick\Extras\plugins.qmltypes
2018-05-10 19:11:53.361   Deleting directory: D:\Programs\Anti-Malware\QtQuick\Extras
2018-05-10 19:11:53.361   Deleting file: D:\Programs\Anti-Malware\QtQuick\Dialogs\Private\qmldir
2018-05-10 19:11:53.361   Deleting file: D:\Programs\Anti-Malware\QtQuick\Dialogs\Private\plugins.qmltypes
2018-05-10 19:11:53.362   Deleting file: D:\Programs\Anti-Malware\QtQuick\Dialogs\Private\dialogsprivateplugin.dll
2018-05-10 19:11:53.362   Deleting directory: D:\Programs\Anti-Malware\QtQuick\Dialogs\Private
2018-05-10 19:11:53.362   Deleting file: D:\Programs\Anti-Malware\QtQuick\Dialogs\qmldir
2018-05-10 19:11:53.363   Deleting file: D:\Programs\Anti-Malware\QtQuick\Dialogs\plugins.qmltypes
2018-05-10 19:11:53.363   Deleting file: D:\Programs\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
2018-05-10 19:11:53.364   Deleting directory: D:\Programs\Anti-Malware\QtQuick\Dialogs
2018-05-10 19:11:53.364   Deleting file: D:\Programs\Anti-Malware\QtQuick\Controls\Styles\Flat\qtquickextrasflatplugin.dll
2018-05-10 19:11:53.365   Deleting file: D:\Programs\Anti-Malware\QtQuick\Controls\Styles\Flat\qmldir
2018-05-10 19:11:53.365   Deleting directory: D:\Programs\Anti-Malware\QtQuick\Controls\Styles\Flat
2018-05-10 19:11:53.365   Deleting file: D:\Programs\Anti-Malware\QtQuick\Controls\Styles\qmldir
2018-05-10 19:11:53.366   Deleting directory: D:\Programs\Anti-Malware\QtQuick\Controls\Styles
2018-05-10 19:11:53.366   Deleting file: D:\Programs\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2018-05-10 19:11:53.367   Deleting file: D:\Programs\Anti-Malware\QtQuick\Controls\qmldir
2018-05-10 19:11:53.367   Deleting file: D:\Programs\Anti-Malware\QtQuick\Controls\plugins.qmltypes
2018-05-10 19:11:53.368   Deleting directory: D:\Programs\Anti-Malware\QtQuick\Controls
2018-05-10 19:11:53.368   Deleting directory: D:\Programs\Anti-Malware\QtQuick
2018-05-10 19:11:53.368   Deleting file: D:\Programs\Anti-Malware\QtQml\Models.2\qmldir
2018-05-10 19:11:53.369   Deleting file: D:\Programs\Anti-Malware\QtQml\Models.2\plugins.qmltypes
2018-05-10 19:11:53.369   Deleting file: D:\Programs\Anti-Malware\QtQml\Models.2\modelsplugin.dll
2018-05-10 19:11:53.369   Deleting directory: D:\Programs\Anti-Malware\QtQml\Models.2
2018-05-10 19:11:53.370   Deleting directory: D:\Programs\Anti-Malware\QtQml
2018-05-10 19:11:53.370   Deleting file: D:\Programs\Anti-Malware\Qt\labs\settings\qmlsettingsplugin.dll
2018-05-10 19:11:53.370   Deleting file: D:\Programs\Anti-Malware\Qt\labs\settings\qmldir
2018-05-10 19:11:53.371   Deleting file: D:\Programs\Anti-Malware\Qt\labs\settings\plugins.qmltypes
2018-05-10 19:11:53.371   Deleting directory: D:\Programs\Anti-Malware\Qt\labs\settings
2018-05-10 19:11:53.372   Deleting file: D:\Programs\Anti-Malware\Qt\labs\folderlistmodel\qmlfolderlistmodelplugin.dll
2018-05-10 19:11:53.372   Deleting file: D:\Programs\Anti-Malware\Qt\labs\folderlistmodel\qmldir
2018-05-10 19:11:53.373   Deleting file: D:\Programs\Anti-Malware\Qt\labs\folderlistmodel\plugins.qmltypes
2018-05-10 19:11:53.373   Deleting directory: D:\Programs\Anti-Malware\Qt\labs\folderlistmodel
2018-05-10 19:11:53.373   Deleting directory: D:\Programs\Anti-Malware\Qt\labs
2018-05-10 19:11:53.373   Deleting directory: D:\Programs\Anti-Malware\Qt
2018-05-10 19:11:53.374   Deleting file: D:\Programs\Anti-Malware\scenegraph\softwarecontext.dll
2018-05-10 19:11:53.374   Deleting directory: D:\Programs\Anti-Malware\scenegraph
2018-05-10 19:11:53.374   Deleting file: D:\Programs\Anti-Malware\platforms\qwindows.dll
2018-05-10 19:11:53.375   Deleting directory: D:\Programs\Anti-Malware\platforms
2018-05-10 19:11:53.375   Deleting file: D:\Programs\Anti-Malware\imageformats\qwebp.dll
2018-05-10 19:11:53.376   Deleting file: D:\Programs\Anti-Malware\imageformats\qwbmp.dll
2018-05-10 19:11:53.376   Deleting file: D:\Programs\Anti-Malware\imageformats\qtiff.dll
2018-05-10 19:11:53.377   Deleting file: D:\Programs\Anti-Malware\imageformats\qtga.dll
2018-05-10 19:11:53.377   Deleting file: D:\Programs\Anti-Malware\imageformats\qsvg.dll
2018-05-10 19:11:53.378   Deleting file: D:\Programs\Anti-Malware\imageformats\qjpeg.dll
2018-05-10 19:11:53.378   Deleting file: D:\Programs\Anti-Malware\imageformats\qico.dll
2018-05-10 19:11:53.379   Deleting file: D:\Programs\Anti-Malware\imageformats\qicns.dll
2018-05-10 19:11:53.379   Deleting file: D:\Programs\Anti-Malware\imageformats\qgif.dll
2018-05-10 19:11:53.379   Deleting directory: D:\Programs\Anti-Malware\imageformats
2018-05-10 19:11:53.380   Deleting file: D:\Programs\Anti-Malware\iconengines\qsvgicon.dll
2018-05-10 19:11:53.380   Deleting directory: D:\Programs\Anti-Malware\iconengines
2018-05-10 19:11:53.380   Deleting file: D:\Programs\Anti-Malware\msvcr120.dll
2018-05-10 19:11:53.381   Deleting file: D:\Programs\Anti-Malware\msvcp120.dll
2018-05-10 19:11:53.382   Deleting file: D:\Programs\Anti-Malware\QtWinExtras\qml_winextras.dll
2018-05-10 19:11:53.382   Deleting file: D:\Programs\Anti-Malware\QtWinExtras\qmldir
2018-05-10 19:11:53.382   Deleting file: D:\Programs\Anti-Malware\QtWinExtras\plugins.qmltypes
2018-05-10 19:11:53.383   Deleting file: D:\Programs\Anti-Malware\QtWinExtras\JumpListSeparator.qml
2018-05-10 19:11:53.383   Deleting file: D:\Programs\Anti-Malware\QtWinExtras\JumpListLink.qml
2018-05-10 19:11:53.384   Deleting file: D:\Programs\Anti-Malware\QtWinExtras\JumpListDestination.qml
2018-05-10 19:11:53.384   Deleting directory: D:\Programs\Anti-Malware\QtWinExtras
2018-05-10 19:11:53.385   Deleting file: D:\Programs\Anti-Malware\Qt5WinExtras.dll
2018-05-10 19:11:53.385   Deleting file: D:\Programs\Anti-Malware\Qt5Widgets.dll
2018-05-10 19:11:53.386   Deleting file: D:\Programs\Anti-Malware\Qt5Svg.dll
2018-05-10 19:11:53.386   Deleting file: D:\Programs\Anti-Malware\Qt5Quick.dll
2018-05-10 19:11:53.387   Deleting file: D:\Programs\Anti-Malware\Qt5Qml.dll
2018-05-10 19:11:53.388   Deleting file: D:\Programs\Anti-Malware\Qt5Network.dll
2018-05-10 19:11:53.389   Deleting file: D:\Programs\Anti-Malware\Qt5Gui.dll
2018-05-10 19:11:53.390   Deleting file: D:\Programs\Anti-Malware\Qt5Core.dll
2018-05-10 19:11:53.391   Deleting file: D:\Programs\Anti-Malware\mbshlext_proto
2018-05-10 19:11:53.392   Deleting file: D:\Programs\Anti-Malware\mbamwow.exe
2018-05-10 19:11:53.392   Deleting file: D:\Programs\Anti-Malware\malwarebytes_assistant.exe
2018-05-10 19:11:53.393   Deleting file: D:\Programs\Anti-Malware\assistant.exe
2018-05-10 19:11:53.394   Deleting file: D:\Programs\Anti-Malware\mbamtray.exe
2018-05-10 19:11:53.395   Deleting file: D:\Programs\Anti-Malware\mbam.exe
2018-05-10 19:11:53.396   Deleting file: D:\Programs\Anti-Malware\suhlpr.dll
2018-05-10 19:11:53.397   Deleting file: D:\Programs\Anti-Malware\changes.txt
2018-05-10 19:11:53.397   Deleting directory: C:\ProgramData\Malwarebytes\MBAMService\config
2018-05-10 19:11:53.398   Failed to delete directory (145). Will retry later.
2018-05-10 19:11:53.398   Deleting directory: C:\ProgramData\Malwarebytes\MBAMService\logs
2018-05-10 19:11:53.398   Failed to delete directory (145). Will retry later.
2018-05-10 19:11:53.398   Deleting directory: C:\ProgramData\Malwarebytes\MBAMService
2018-05-10 19:11:53.400   Failed to delete directory (145). Will retry later.
2018-05-10 19:11:53.400   Deleting directory: C:\ProgramData\Malwarebytes
2018-05-10 19:11:53.403   Failed to delete directory (145). Will retry later.
2018-05-10 19:11:53.403   Deleting directory: D:\Programs\Anti-Malware
2018-05-10 19:11:53.403   Failed to delete directory (145). Will retry later.
2018-05-10 19:11:53.404   Deleting directory: C:\ProgramData\Malwarebytes\MBAMService\AeDetections
2018-05-10 19:11:53.404   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\ARW\ARWFI.dat
2018-05-10 19:11:53.404   Deleting directory: C:\ProgramData\Malwarebytes\MBAMService\ARW
2018-05-10 19:11:53.405   Deleting directory: C:\ProgramData\Malwarebytes\MBAMService\ArwDetections
2018-05-10 19:11:53.405   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\clean.mbdb
2018-05-10 19:11:53.405   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
2018-05-10 19:11:53.406   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json
2018-05-10 19:11:53.406   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json
2018-05-10 19:11:53.407   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
2018-05-10 19:11:53.407   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
2018-05-10 19:11:53.408   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json
2018-05-10 19:11:53.408   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json
2018-05-10 19:11:53.408   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json
2018-05-10 19:11:53.409   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
2018-05-10 19:11:53.409   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json
2018-05-10 19:11:53.410   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
2018-05-10 19:11:53.410   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\config\telemetry.json
2018-05-10 19:11:53.411   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
2018-05-10 19:11:53.411   Deleting directory: C:\ProgramData\Malwarebytes\MBAMService\config
2018-05-10 19:11:53.411   Deleting directory: C:\ProgramData\Malwarebytes\MBAMService\ctlrpkg
2018-05-10 19:11:53.412   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\dbmanifest.dat
2018-05-10 19:11:53.412   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\dbmanifest2.dat
2018-05-10 19:11:53.413   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\dbupdate.log
2018-05-10 19:11:53.413   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\dynconfig.dat
2018-05-10 19:11:53.413   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\exclusions.txt
2018-05-10 19:11:53.414   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Actions.dll
2018-05-10 19:11:53.415   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\BrowserSDKDLL.dll
2018-05-10 19:11:53.416   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\clean.mbdb
2018-05-10 19:11:53.416   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dbmanifest.dat
2018-05-10 19:11:53.416   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dbmanifest2.dat
2018-05-10 19:11:53.417   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dynconfig.dat
2018-05-10 19:11:53.417   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\exclusions.txt
2018-05-10 19:11:53.418   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\MBAMCore.dll
2018-05-10 19:11:53.418   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\mbdigsig.dat
2018-05-10 19:11:53.419   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\mbdigsig2.dat
2018-05-10 19:11:53.419   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\prot.mbdb
2018-05-10 19:11:53.420   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rdefs.mbdb
2018-05-10 19:11:53.420   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rules.mbdb
2018-05-10 19:11:53.422   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\scan.mbdb
2018-05-10 19:11:53.423   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\tids.mbdb
2018-05-10 19:11:53.423   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\wprot.mbdb
2018-05-10 19:11:53.424   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\wprot2.mbdb
2018-05-10 19:11:53.425   Deleting directory: C:\ProgramData\Malwarebytes\MBAMService\lkg_db
2018-05-10 19:11:53.426   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\logs\mbae-default.log
2018-05-10 19:11:53.427   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\logs\MBAMSERVICE.LOG
2018-05-10 19:11:53.428   Deleting directory: C:\ProgramData\Malwarebytes\MBAMService\logs
2018-05-10 19:11:53.428   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\mbdigsig.dat
2018-05-10 19:11:53.428   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\mbdigsig2.dat
2018-05-10 19:11:53.429   Deleting directory: C:\ProgramData\Malwarebytes\MBAMService\MwacDetections
2018-05-10 19:11:53.429   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\prot.mbdb
2018-05-10 19:11:53.429   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\rdefs.mbdb
2018-05-10 19:11:53.430   Deleting directory: C:\ProgramData\Malwarebytes\MBAMService\RtpDetections
2018-05-10 19:11:53.430   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\rules.mbdb
2018-05-10 19:11:53.433   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\scan.mbdb
2018-05-10 19:11:53.433   Deleting directory: C:\ProgramData\Malwarebytes\MBAMService\ScanResults
2018-05-10 19:11:53.433   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\tids.mbdb
2018-05-10 19:11:53.434   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\wprot.mbdb
2018-05-10 19:11:53.435   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\wprot2.mbdb
2018-05-10 19:11:53.436   Deleting directory: C:\ProgramData\Malwarebytes\MBAMService
2018-05-10 19:11:53.439   Deleting file: D:\Programs\Anti-Malware\ServiceConfig.json
2018-05-10 19:11:53.440   Deleting directory: D:\Programs\Anti-Malware
2018-05-10 19:11:53.440   Failed to delete directory (145). Will retry later.
2018-05-10 19:11:53.440   Deleting Uninstall data files.
2018-05-10 19:11:53.958   Deleting directory: C:\ProgramData\Malwarebytes
2018-05-10 19:11:53.961   Deleting directory: D:\Programs\Anti-Malware
2018-05-10 19:11:53.961   Failed to delete directory (145).
2018-05-10 19:11:53.973   Uninstallation process succeeded.
2018-05-10 19:11:53.973   Removed all? Yes
2018-05-10 19:11:53.973   Need to restart Windows? No
2018-05-10 19:11:53.987   Log closed.
2018-05-10 19:12:00.983   --------END OF LOG FILE ----------
2018-05-10 19:12:34.419   >>>>>Starting post reboot phase cleanup for Malwarebytes version 3.5.1.2522 <<<<<<<<.
2018-05-10 19:12:34.451   Trying to delete REG key: HKCU\SOFTWARE\Malwarebytes
2018-05-10 19:12:34.466   HKLM\SYSTEM\CurrentControlSet\Services\ESProtectionDriver does not exist.
2018-05-10 19:12:34.482   HKLM\SYSTEM\CurrentControlSet\Services\MBAMChameleon does not exist.
2018-05-10 19:12:34.529   HKLM\SYSTEM\CurrentControlSet\Services\MBAMFarflt does not exist.
2018-05-10 19:12:34.529   HKLM\SYSTEM\CurrentControlSet\Services\MBAMProtection does not exist.
2018-05-10 19:12:34.560   HKLM\SYSTEM\CurrentControlSet\Services\MBAMService does not exist.
2018-05-10 19:12:34.576   HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy does not exist.
2018-05-10 19:12:34.576   HKLM\SYSTEM\CurrentControlSet\Services\MBAMWebProtection does not exist.
2018-05-10 19:12:35.482   Trying to delete path C:\ProgramData\Malwarebytes\
2018-05-10 19:12:35.560   Cannot delete path C:\ProgramData\Malwarebytes\, reason:(The system cannot find the path specified.(error=3))
2018-05-10 19:12:35.576   Trying to delete path C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\
2018-05-10 19:12:35.591   Cannot delete path C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\, reason:(The system cannot find the path specified.(error=3))
2018-05-10 19:12:35.591   Trying to delete path D:\Programs\Anti-Malware\
2018-05-10 19:12:35.623   Cannot delete path D:\Programs\Anti-Malware\, reason:(The system cannot find the path specified.(error=3))
2018-05-10 19:13:25.330   --------END OF LOG FILE ----------
 



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:27 AM

Posted 12 May 2018 - 07:07 AM

Yes, Malwarebytes is located in your C: drive.

The cleaning tool must also be run in that drive.

#11 rakou

rakou
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 13 May 2018 - 12:25 PM

Tried running the cleaner again from the C drive after installing to the C drive. Seems to be working now, thanks!



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:27 AM

Posted 13 May 2018 - 12:57 PM

Hi,

Glad we could help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users