Jump to content


Photo

Wi-fi and Ethernet issues


  • Please log in to reply
17 replies to this topic

#1 agangelus

agangelus

    Advanced Member

  • Full Member
  • PipPipPip
  • 184 posts

Posted 25 June 2017 - 10:28 AM

Hi there 

 

Hopefully someone can help? I'm using another device just now as I cannot access the internet on the sick pc, so I can't post any logs from it. The issues appeared today after running a smart scan. I am using Avast antivirus and Comodo firewall. Everything was normal beforehand but once I'd run the smart scan Avast said there was conflicting antivirus software. I'd always ignored it before as I knew it was picking up the Comodo. But this time I thought I'd follow through with letting Avast remove it then download and reinstall it again. So I did this. Once I restarted the pc I couldn't get any connection via wi-fi or Ethernet so I ran the Windows Network Diagnostics which found two problems:

"There might be a problem with the driver for the Ethernet adapter"

"There might be a problem with the driver for the Wi-Fi adapter"

I selected try these repairs as an administrator (as I'd already tried to do it with "Continue with other remaining repairs and it didn't do anything) which made no difference. I also tried resetting the Network adapter with no joy and updating the drivers, also nothing. 

I really don't know what to do???

 

The pc is Windows 10 which was upgraded from 8.1 over a year ago.

 

Would really appreciate any help with this.

 

Many thanks 

Ali :-)

 

 



#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,529 posts

Posted 27 June 2017 - 11:45 PM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.


[this is an automated reply]
This is an automated message. It does not count as help.

#3 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,801 posts

Posted 01 July 2017 - 08:24 PM

Sorry for the delay. We are aware of this topic and someone will answer it as soon as possible.

 

If you have a backup or a Restore point that was set before the scan was run then reset the computer to this point.

 

Perhaps this might help:

https://forum.avast....p?topic=53323.0


a92.gif


 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

#4 agangelus

agangelus

    Advanced Member

  • Full Member
  • PipPipPip
  • 184 posts

Posted 02 July 2017 - 06:58 AM

Hi there,

Thanks for getting back to me. I had a look at the article through the link you gave, the problems are there are no restore points only a system reset which wipes everything and brings it back to the factory settings. The other problem is I can't access the internet to download anything as both the Wi-Fi and ethernet adapter's are affected which is preventing any access.
Sorry if there are any typos, I'm using g a mobile at the moment lol.

Regards
Ali :-)

Edited by agangelus, 02 July 2017 - 06:59 AM.


#5 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,801 posts

Posted 02 July 2017 - 07:38 PM

Please create a Restore Point

 

You need a second computer with access to the Internet to download tools.

 

You can try this:

 

Right click Start > select Command Prompt (Admin) then run the following commands in the listed order.

Type netsh winsock reset and press Enter.
Type netsh int ip reset and press Enter.
Type ipconfig /release and press Enter.
Type ipconfig /renew and press Enter.
Type Exit and press Enter.

Restart the computer.

If it still won't run then ---

 

How to Reset a Router Back to the Factory Default Settings, go here

Then, please reconfigure it back to your preferred setting.. Below is the list of default usernames and passwords.
here

How to Secure Your Wireless Router.
here
 

 

Rocket Grannie


a92.gif


 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

#6 agangelus

agangelus

    Advanced Member

  • Full Member
  • PipPipPip
  • 184 posts

Posted 04 July 2017 - 07:17 PM

Hi there,

Earlier today I tried to do a system restore but it didn't work. I then tried your suggestion which hasn't changed anything. I took a photo of the result but it's too big to attach. When I entered the ipconfig commands, it said the operation failed as no adapter is in the state permissible for this operation.

Ali :-)

Edited by agangelus, 04 July 2017 - 07:18 PM.


#7 agangelus

agangelus

    Advanced Member

  • Full Member
  • PipPipPip
  • 184 posts

Posted 06 July 2017 - 02:00 PM

Hi again

 

Ok, strangest thing, I've just booted up the sick pc (on which I am posting this), I was seriously considering resetting it back to the factory settings. I was checking through my file explorer to see if there was anything I'd have difficulty living without. I noticed the Comodo installer was still there, so I clicked on it to install it again and maybe with some magic computer fairy dust it would work, and low and behold it didn't. I then thought I'd run Malwarebytes to see if it might find something but it started updating the virus database. I then noticed that the Wi-Fi icon in the notification area had come back to life. I checked the ethernet cable and then it began working. Now (possibly stating the obvious) I am accessing the internet. I am not quite comfortable that everything is sorted though, because I know as weird and wonderful as technology is, there is always more going on than meets the eye. 

What should I do?

 

I just had a pop up from what I thought was Comodo (i'd been getting these for a little while) they'd said "Warning! a potential security breach has been detected". What would I like to do then gave me the options of "Protect me and block the website access" or "I choose to continue (website will be opened in current browser)". It also had chrome.exe with a shield and arrow pointing to o.aolcdn.com.

I thought this was strange as I'd let Avast remove the Cromodo firewall, so I wouldn't expect to get any pop ups. So, I googled it and most of the search results say this is a rogue anti virus. When using Google Chrome, every now and again I'd try and visit a site and I'd get a blocked message. 

 

I've run Malwarebytes and it found nothing, but I'm really concerned now as it now all seems too odd to be coincidental. 

 

Ali  :think:


Edited by agangelus, 06 July 2017 - 03:56 PM.


#8 agangelus

agangelus

    Advanced Member

  • Full Member
  • PipPipPip
  • 184 posts

Posted 09 July 2017 - 06:07 PM

Hi there,

 

Just wondering if someone could help me out? I'm really concerned that something else may be going on with the PC. I just don't understand how it can rectify itself after almost two weeks of no access to the internet and saying there were problems with both the Wi-Fi and Ethernet adapters simply by me clicking the update button for Malwarebytes.

 

Would really appreciate any direction on this.

 

Many thanks

Ali  :unknw:



#9 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,801 posts

Posted 09 July 2017 - 08:31 PM

Please read the Instructions and post the requested logs (MBAM, FRST, Security Analysis). We need the information in order to help you.


a92.gif


 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

#10 agangelus

agangelus

    Advanced Member

  • Full Member
  • PipPipPip
  • 184 posts

Posted 14 July 2017 - 04:46 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 14/07/2017
Scan Time: 21:52
Logfile: mbam.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2017.07.14.09
Rootkit Database: v2017.05.27.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: User
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 306916
Time Elapsed: 36 min, 11 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#11 agangelus

agangelus

    Advanced Member

  • Full Member
  • PipPipPip
  • 184 posts

Posted 14 July 2017 - 04:57 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-07-2017
Ran by User (administrator) on LENOVO-PC (14-07-2017 22:49:48)
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
() C:\Windows\jmesoft\Service.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Maxthon) C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(COMODO) C:\Program Files (x86)\Comodo\Internet Security Essentials\isesrv.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
() C:\Windows\jmesoft\JME_LOAD.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1473627642\ee\aolsoftware.exe
(COMODO) C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2013-11-13] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213832 2017-07-06] (AVAST Software)
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1489088 2017-07-11] (COMODO)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2013-07-24] (Lenovo)
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-08-17] ()
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-05] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)
HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1473627642\ee\AOLSoftware.exe [41800 2016-09-11] (AOL Inc.)
HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [3632848 2017-07-05] (COMODO)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-27] (Google)
HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9818328 2017-06-30] (Piriform Ltd)
HKU\S-1-5-21-16860551-3646413191-704074031-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Ribbons.scr [148992 2017-03-18] (Microsoft Corporation)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-10-24]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{a6681157-53ba-49bb-b856-e16e38b0f888}: [NameServer] 156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{a6681157-53ba-49bb-b856-e16e38b0f888}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{ae5e03d9-a132-4dc4-ac2c-06f3741a3be9}: [NameServer] 156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{ae5e03d9-a132-4dc4-ac2c-06f3741a3be9}: [DhcpNameServer] 192.168.1.1 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-16860551-3646413191-704074031-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aol.co.uk/?ncid=hyplogukaolp00000008
HKU\S-1-5-21-16860551-3646413191-704074031-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-16860551-3646413191-704074031-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKU\S-1-5-21-16860551-3646413191-704074031-1001 -> DefaultScope {0AA24E16-07B3-4694-8357-3C21ACC5F516} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=comodo&hsimp=yhs-com_chrome&type=33050001005_ds_sp&p={searchTerms}
SearchScopes: HKU\S-1-5-21-16860551-3646413191-704074031-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-16860551-3646413191-704074031-1001 -> {0AA24E16-07B3-4694-8357-3C21ACC5F516} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=comodo&hsimp=yhs-com_chrome&type=33050001005_ds_sp&p={searchTerms}
SearchScopes: HKU\S-1-5-21-16860551-3646413191-704074031-1001 -> {450F9D5F-843D-41BF-90DD-02EEA0B3DA39} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-07-06] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-06] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)
 
Edge: 
======
Edge HomeButtonPage: HKU\S-1-5-21-16860551-3646413191-704074031-1001 -> hxxp://www.aol.co.uk/
Edge Extension: (No Name) -> xxx_AmazoncomAmazonAssistant_343d40qqvtj1t => C:\Program Files\WindowsApps\Amazon.com.AmazonAssistant_10.1706.14.0_neutral__343d40qqvtj1t [not found]
 
FireFox:
========
FF DefaultProfile: g7f3olor.default
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\g7f3olor.default [2017-07-14]
FF Homepage: Mozilla\Firefox\Profiles\g7f3olor.default -> hxxp://www.aol.co.uk/?ncid=hyplogukaolp00000009
FF Extension: (AdBlocker Lite) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\g7f3olor.default\Extensions\jid1-dwtFBkQjb3SIQp@jetpack.xpi [2017-06-25]
FF Extension: (Avast SafePrice) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\g7f3olor.default\Extensions\sp@avast.com.xpi [2017-07-06]
FF Extension: (Avast Online Security) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\g7f3olor.default\Extensions\wrc@avast.com.xpi [2017-07-06]
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\g7f3olor.default\searchplugins\AdTrustMediacsgSafeSearch.xml [2016-03-24]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-07-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-13] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-27] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2014-02-14] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [2004-02-20] ()
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.aol.co.uk/
CHR StartupUrls: Default -> "hxxp://www.aol.co.uk/"
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2017-07-14]
CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-23]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-23]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Avast SafePrice) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-05-31]
CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-23]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (AdBlock) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-07-06]
CHR Extension: (Avast Online Security) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-06-11]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-09-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-23]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-13]
CHR HKU\S-1-5-21-16860551-3646413191-704074031-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7430992 2017-07-06] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263312 2017-07-06] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4411592 2017-06-23] (Microsoft Corporation)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [10501104 2017-07-11] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2876096 2017-07-11] (COMODO)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2273432 2017-04-28] (Comodo)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-09-17] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel® Corporation)
R2 isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [133840 2017-07-05] (COMODO)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-17] () [File not signed]
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [559872 2014-08-07] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584664 2016-02-13] (LENOVO INCORPORATED.)
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-05-01] (Lenovo)
R2 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [1872808 2015-11-27] (Maxthon)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-26] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-26] (Malwarebytes)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2014-02-14] (Nitro PDF Software)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-15] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [319984 2017-07-06] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [198944 2017-07-06] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [343264 2017-07-06] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [57704 2017-07-06] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [46984 2017-07-06] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [41800 2017-07-06] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [146664 2017-07-06] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [110352 2017-07-06] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [84392 2017-07-06] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1015848 2017-07-06] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [585608 2017-07-06] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [198768 2017-07-06] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [361336 2017-07-06] (AVAST Software)
R1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [40936 2017-06-02] (COMODO)
R1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [831992 2017-06-02] (COMODO)
R1 cmdhlp; C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [50776 2017-06-02] (COMODO)
R1 inspect; C:\WINDOWS\system32\DRIVERS\inspect.sys [132880 2017-06-07] (COMODO)
R1 isedrv; C:\WINDOWS\system32\drivers\isedrv.sys [62208 2017-03-29] (COMODO)
S3 ldiagio_uefi; C:\Program Files\Lenovo\Lenovo Solution Center\App\ldiag\x64\ldiagio_uefi.sys [25248 2015-12-22] (Lenovo Group Limited ®)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-26] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2017-07-14] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-26] (Malwarebytes Corporation)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek                                            )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6320640 2017-03-18] (Realtek Semiconductor Corporation                           )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [87568 2013-07-02] (Intel Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-15 02:57 - 2017-07-15 02:57 - 00000000 ____D C:\Windows.old
2017-07-15 02:54 - 2017-07-15 02:54 - 02165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-07-15 02:54 - 2017-07-15 02:54 - 02021680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2017-07-15 02:54 - 2017-07-15 02:54 - 01492480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2017-07-15 02:54 - 2017-07-15 02:54 - 01339352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpmde.dll
2017-07-15 02:54 - 2017-07-15 02:54 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-07-15 02:54 - 2017-07-15 02:54 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2017-07-15 02:54 - 2017-07-15 02:54 - 00406032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-07-15 02:54 - 2017-07-15 02:54 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2017-07-15 02:54 - 2017-07-15 02:54 - 00346016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-07-15 02:54 - 2017-07-15 02:54 - 00336320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-07-15 02:54 - 2017-07-15 02:54 - 00278944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2017-07-15 02:54 - 2017-07-15 02:54 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsExt.dll
2017-07-15 02:54 - 2017-07-15 02:54 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2017-07-15 02:54 - 2017-07-15 02:54 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Profile.RetailInfo.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 32688336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsRaw.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 31652264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsRaw.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 23681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 21353208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 20504576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 20373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 19335168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 17364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 13839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 12786176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 11870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 08331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 08318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 08238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 08211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 07596544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 07336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 07325584 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 07149056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 06759512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 06554928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 06287360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 06123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 05961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 05892096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 05820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 05806048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 05719040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 05477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 04847424 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 04730880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 04707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 04536320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 04469840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 04447744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 04417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 04056576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 03803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 03784704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 03670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-07-15 02:53 - 2017-07-15 02:53 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 03656704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 03377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 03332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 03204096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 03139584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 03057664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02956800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-07-15 02:53 - 2017-07-15 02:53 - 02938880 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02814464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02782720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02750464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-07-15 02:53 - 2017-07-15 02:53 - 02679296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02649600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02645688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02588160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02475136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02444696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-07-15 02:53 - 2017-07-15 02:53 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-07-15 02:53 - 2017-07-15 02:53 - 02298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02211328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02171392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-07-15 02:53 - 2017-07-15 02:53 - 02055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-07-15 02:53 - 2017-07-15 02:53 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-07-15 02:53 - 2017-07-15 02:53 - 01930320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01703424 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01640448 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01620368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01565184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01564576 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01529384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01494016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01451008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01425920 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 01420800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdc.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01396224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01395152 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-07-15 02:53 - 2017-07-15 02:53 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01337848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01325968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01301504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdc.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-07-15 02:53 - 2017-07-15 02:53 - 01237504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01220072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01214880 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01195240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01186464 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 01178528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01177600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01171968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 01171032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01147288 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 01142272 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01121928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01106848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-07-15 02:53 - 2017-07-15 02:53 - 01077496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01076736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01065104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-07-15 02:53 - 2017-07-15 02:53 - 01057832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01050624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-07-15 02:53 - 2017-07-15 02:53 - 00988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00969728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00965024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-07-15 02:53 - 2017-07-15 02:53 - 00952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00949920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00899824 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00899072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfuimanager.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00873472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00864240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00847872 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00833160 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00823296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\system32\certca.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00790016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00787712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-07-15 02:53 - 2017-07-15 02:53 - 00754592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00734208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00722432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00696320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2017-07-15 02:53 - 2017-07-15 02:53 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2017-07-15 02:53 - 2017-07-15 02:53 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certca.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00629152 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00626176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00601088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00600064 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00583304 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2017-07-15 02:53 - 2017-07-15 02:53 - 00563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00558920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgrSvc.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00554392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-07-15 02:53 - 2017-07-15 02:53 - 00551424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-07-15 02:53 - 2017-07-15 02:53 - 00544160 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00520704 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-07-15 02:53 - 2017-07-15 02:53 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00508416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2017-07-15 02:53 - 2017-07-15 02:53 - 00506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00502784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00472728 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00467504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00455680 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00443728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00438096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00433152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00426912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00411992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00406072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-07-15 02:53 - 2017-07-15 02:53 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00372128 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00360960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Narrator.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00354400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00335776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00334240 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00329216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-07-15 02:53 - 2017-07-15 02:53 - 00279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-07-15 02:53 - 2017-07-15 02:53 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsExt.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domg

#12 agangelus

agangelus

    Advanced Member

  • Full Member
  • PipPipPip
  • 184 posts

Posted 14 July 2017 - 05:01 PM

Result of Security Analysis by Rocket Grannie (x86) Updated: 13th July, 2017
Running from:C:\Users\User\Desktop (22:59:39 - 07/14/2017)
***---------------------------------------------------------***
Microsoft Windows 10 Home X64
UAC is Enabled
Internet Explorer 11
Default Browser: Google Chrome
***------------Antivirus - Antispyware - Firewall-----------***
Avast Antivirus (Disabled - up to Date)
Windows Defender (Disabled - up to Date)
Windows Defender (Disabled - up to Date)
Avast Antivirus (Disabled - up to Date)
COMODO Firewall (Enabled)
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player 26 NPAPI (26.0.0.137)
CCleaner (5.32)
Google Chrome (59.0.3071.115)
Malwarebytes (2.2.1.1043) ==> is out of Date
Microsoft Silverlight (5.1.50907.0)
Mozilla Firefox (54.0) ==> is out of Date
SpywareBlaster (5.5.0)
 
***----------------Analysis Complete-------------------------***


#13 Android 8888

Android 8888

    SWI Malware Tracker

  • Helper
  • PipPipPipPipPip
  • 960 posts

Posted 16 July 2017 - 09:59 AM

Hello agangelus.

We apologize for the delay in responding.

Rocket Grannie is having some problems accessing the forum so I will be helping you.

I will be out for now and will be back in a couple of hours.

Thank you for your understanding.

Android 8888

 

p.s. NOTE: The FRST.txt log is not complete. Meanwhile post the entire contents of FRST.txt and also the Addition.txt log.


Edited by Android 8888, 16 July 2017 - 10:09 AM.

Android 8888
 

Website: http://android8888.comlu.com

 

Tavira - Here's where I live!

 

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.


#14 agangelus

agangelus

    Advanced Member

  • Full Member
  • PipPipPip
  • 184 posts

Posted 16 July 2017 - 02:28 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-07-2017
Ran by User (administrator) on LENOVO-PC (14-07-2017 22:49:48)
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
() C:\Windows\jmesoft\Service.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Maxthon) C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(COMODO) C:\Program Files (x86)\Comodo\Internet Security Essentials\isesrv.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
() C:\Windows\jmesoft\JME_LOAD.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1473627642\ee\aolsoftware.exe
(COMODO) C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2013-11-13] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213832 2017-07-06] (AVAST Software)
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1489088 2017-07-11] (COMODO)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2013-07-24] (Lenovo)
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-08-17] ()
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-05] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)
HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1473627642\ee\AOLSoftware.exe [41800 2016-09-11] (AOL Inc.)
HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [3632848 2017-07-05] (COMODO)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-27] (Google)
HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9818328 2017-06-30] (Piriform Ltd)
HKU\S-1-5-21-16860551-3646413191-704074031-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Ribbons.scr [148992 2017-03-18] (Microsoft Corporation)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-10-24]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{a6681157-53ba-49bb-b856-e16e38b0f888}: [NameServer] 156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{a6681157-53ba-49bb-b856-e16e38b0f888}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{ae5e03d9-a132-4dc4-ac2c-06f3741a3be9}: [NameServer] 156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{ae5e03d9-a132-4dc4-ac2c-06f3741a3be9}: [DhcpNameServer] 192.168.1.1 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-16860551-3646413191-704074031-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aol.co.uk/?ncid=hyplogukaolp00000008
HKU\S-1-5-21-16860551-3646413191-704074031-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-16860551-3646413191-704074031-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKU\S-1-5-21-16860551-3646413191-704074031-1001 -> DefaultScope {0AA24E16-07B3-4694-8357-3C21ACC5F516} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=comodo&hsimp=yhs-com_chrome&type=33050001005_ds_sp&p={searchTerms}
SearchScopes: HKU\S-1-5-21-16860551-3646413191-704074031-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-16860551-3646413191-704074031-1001 -> {0AA24E16-07B3-4694-8357-3C21ACC5F516} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=comodo&hsimp=yhs-com_chrome&type=33050001005_ds_sp&p={searchTerms}
SearchScopes: HKU\S-1-5-21-16860551-3646413191-704074031-1001 -> {450F9D5F-843D-41BF-90DD-02EEA0B3DA39} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-07-06] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-06] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)
 
Edge: 
======
Edge HomeButtonPage: HKU\S-1-5-21-16860551-3646413191-704074031-1001 -> hxxp://www.aol.co.uk/
Edge Extension: (No Name) -> xxx_AmazoncomAmazonAssistant_343d40qqvtj1t => C:\Program Files\WindowsApps\Amazon.com.AmazonAssistant_10.1706.14.0_neutral__343d40qqvtj1t [not found]
 
FireFox:
========
FF DefaultProfile: g7f3olor.default
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\g7f3olor.default [2017-07-14]
FF Homepage: Mozilla\Firefox\Profiles\g7f3olor.default -> hxxp://www.aol.co.uk/?ncid=hyplogukaolp00000009
FF Extension: (AdBlocker Lite) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\g7f3olor.default\Extensions\jid1-dwtFBkQjb3SIQp@jetpack.xpi [2017-06-25]
FF Extension: (Avast SafePrice) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\g7f3olor.default\Extensions\sp@avast.com.xpi [2017-07-06]
FF Extension: (Avast Online Security) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\g7f3olor.default\Extensions\wrc@avast.com.xpi [2017-07-06]
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\g7f3olor.default\searchplugins\AdTrustMediacsgSafeSearch.xml [2016-03-24]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-07-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-13] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-27] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2014-02-14] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [2004-02-20] ()
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.aol.co.uk/
CHR StartupUrls: Default -> "hxxp://www.aol.co.uk/"
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2017-07-14]
CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-23]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-23]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Avast SafePrice) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-05-31]
CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-23]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (AdBlock) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-07-06]
CHR Extension: (Avast Online Security) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-06-11]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-09-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-23]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-13]
CHR HKU\S-1-5-21-16860551-3646413191-704074031-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7430992 2017-07-06] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263312 2017-07-06] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4411592 2017-06-23] (Microsoft Corporation)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [10501104 2017-07-11] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2876096 2017-07-11] (COMODO)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2273432 2017-04-28] (Comodo)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-09-17] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel® Corporation)
R2 isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [133840 2017-07-05] (COMODO)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-17] () [File not signed]
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [559872 2014-08-07] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584664 2016-02-13] (LENOVO INCORPORATED.)
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-05-01] (Lenovo)
R2 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [1872808 2015-11-27] (Maxthon)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-26] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-26] (Malwarebytes)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2014-02-14] (Nitro PDF Software)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-15] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [319984 2017-07-06] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [198944 2017-07-06] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [343264 2017-07-06] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [57704 2017-07-06] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [46984 2017-07-06] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [41800 2017-07-06] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [146664 2017-07-06] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [110352 2017-07-06] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [84392 2017-07-06] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1015848 2017-07-06] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [585608 2017-07-06] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [198768 2017-07-06] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [361336 2017-07-06] (AVAST Software)
R1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [40936 2017-06-02] (COMODO)
R1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [831992 2017-06-02] (COMODO)
R1 cmdhlp; C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [50776 2017-06-02] (COMODO)
R1 inspect; C:\WINDOWS\system32\DRIVERS\inspect.sys [132880 2017-06-07] (COMODO)
R1 isedrv; C:\WINDOWS\system32\drivers\isedrv.sys [62208 2017-03-29] (COMODO)
S3 ldiagio_uefi; C:\Program Files\Lenovo\Lenovo Solution Center\App\ldiag\x64\ldiagio_uefi.sys [25248 2015-12-22] (Lenovo Group Limited ®)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-26] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2017-07-14] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-26] (Malwarebytes Corporation)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek                                            )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6320640 2017-03-18] (Realtek Semiconductor Corporation                           )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [87568 2013-07-02] (Intel Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-15 02:57 - 2017-07-15 02:57 - 00000000 ____D C:\Windows.old
2017-07-15 02:54 - 2017-07-15 02:54 - 02165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-07-15 02:54 - 2017-07-15 02:54 - 02021680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2017-07-15 02:54 - 2017-07-15 02:54 - 01492480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2017-07-15 02:54 - 2017-07-15 02:54 - 01339352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpmde.dll
2017-07-15 02:54 - 2017-07-15 02:54 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-07-15 02:54 - 2017-07-15 02:54 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2017-07-15 02:54 - 2017-07-15 02:54 - 00406032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-07-15 02:54 - 2017-07-15 02:54 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2017-07-15 02:54 - 2017-07-15 02:54 - 00346016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-07-15 02:54 - 2017-07-15 02:54 - 00336320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-07-15 02:54 - 2017-07-15 02:54 - 00278944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2017-07-15 02:54 - 2017-07-15 02:54 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsExt.dll
2017-07-15 02:54 - 2017-07-15 02:54 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2017-07-15 02:54 - 2017-07-15 02:54 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Profile.RetailInfo.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 32688336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsRaw.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 31652264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsRaw.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 23681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 21353208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 20504576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 20373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 19335168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 17364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 13839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 12786176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 11870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 08331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 08318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 08238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 08211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 07596544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 07336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 07325584 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 07149056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 06759512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 06554928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 06287360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 06123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 05961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 05892096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 05820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 05806048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 05719040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 05477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 04847424 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 04730880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 04707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 04536320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 04469840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 04447744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 04417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 04056576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 03803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 03784704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 03670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-07-15 02:53 - 2017-07-15 02:53 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 03656704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 03377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 03332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 03204096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 03139584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 03057664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02956800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-07-15 02:53 - 2017-07-15 02:53 - 02938880 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02814464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02782720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02750464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-07-15 02:53 - 2017-07-15 02:53 - 02679296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02649600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02645688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02588160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02475136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02444696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-07-15 02:53 - 2017-07-15 02:53 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-07-15 02:53 - 2017-07-15 02:53 - 02298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02211328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02171392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-07-15 02:53 - 2017-07-15 02:53 - 02055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-07-15 02:53 - 2017-07-15 02:53 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-07-15 02:53 - 2017-07-15 02:53 - 01930320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01703424 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01640448 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01620368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01565184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01564576 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01529384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01494016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01451008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01425920 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 01420800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdc.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01396224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01395152 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-07-15 02:53 - 2017-07-15 02:53 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01337848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01325968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01301504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdc.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-07-15 02:53 - 2017-07-15 02:53 - 01237504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01220072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01214880 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01195240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01186464 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 01178528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01177600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01171968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 01171032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01147288 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 01142272 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01121928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01106848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-07-15 02:53 - 2017-07-15 02:53 - 01077496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01076736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01065104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-07-15 02:53 - 2017-07-15 02:53 - 01057832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01050624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-07-15 02:53 - 2017-07-15 02:53 - 00988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00969728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00965024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-07-15 02:53 - 2017-07-15 02:53 - 00952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00949920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00899824 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00899072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfuimanager.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00873472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00864240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00847872 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00833160 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00823296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\system32\certca.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00790016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00787712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-07-15 02:53 - 2017-07-15 02:53 - 00754592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00734208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00722432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00696320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2017-07-15 02:53 - 2017-07-15 02:53 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2017-07-15 02:53 - 2017-07-15 02:53 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certca.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00629152 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00626176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00601088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00600064 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00583304 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2017-07-15 02:53 - 2017-07-15 02:53 - 00563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00558920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgrSvc.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00554392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-07-15 02:53 - 2017-07-15 02:53 - 00551424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-07-15 02:53 - 2017-07-15 02:53 - 00544160 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00520704 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-07-15 02:53 - 2017-07-15 02:53 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00508416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2017-07-15 02:53 - 2017-07-15 02:53 - 00506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00502784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00472728 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00467504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00455680 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00443728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00438096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00433152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00426912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00411992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00406072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-07-15 02:53 - 2017-07-15 02:53 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00372128 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00360960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Narrator.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00354400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00335776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00334240 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00329216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-07-15 02:53 - 2017-07-15 02:53 - 00279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-07-15 02:53 - 2017-07-15 02:53 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsExt.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00255904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00254168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdmaud.drv
2017-07-15 02:53 - 2017-07-15 02:53 - 00233376 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-07-15 02:53 - 2017-07-15 02:53 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdmaud.drv
2017-07-15 02:53 - 2017-07-15 02:53 - 00208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sensrsvc.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipboardServer.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00203168 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00192416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00181656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00179608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00176032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\prntvpt.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00173568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ClipboardServer.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00147800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Clipc.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Profile.RetailInfo.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00142752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-07-15 02:53 - 2017-07-15 02:53 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMPushRouterCore.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00138656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\raschap.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00129184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00125344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Clipc.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00119384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00117664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2017-07-15 02:53 - 2017-07-15 02:53 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\raschap.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-07-15 02:53 - 2017-07-15 02:53 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00102312 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialUIBroker.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00096672 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00096128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2017-07-15 02:53 - 2017-07-15 02:53 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinAUG.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgr.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dataclen.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00058488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModelOOBE.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dataclen.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00049656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msasn1.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00041376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininitext.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00035232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininitext.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00034720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2017-07-15 02:53 - 2017-07-15 02:53 - 00031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-07-15 02:53 - 2017-07-15 02:53 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapprovp.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapprovp.dll
2017-07-15 02:41 - 2017-07-15 02:41 - 04709528 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-07-15 02:41 - 2017-07-15 02:41 - 04672848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-07-15 02:41 - 2017-07-15 02:41 - 02604256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-07-15 02:41 - 2017-07-15 02:41 - 02424016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-07-15 02:41 - 2017-07-15 02:41 - 02341376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-07-15 02:41 - 2017-07-15 02:41 - 02088960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2017-07-15 02:41 - 2017-07-15 02:41 - 01984000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2017-07-15 02:41 - 2017-07-15 02:41 - 01700408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2017-07-15 02:41 - 2017-07-15 02:41 - 01506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-07-15 02:41 - 2017-07-15 02:41 - 01474800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-07-15 02:41 - 2017-07-15 02:41 - 01455592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2017-07-15 02:41 - 2017-07-15 02:41 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-07-15 02:41 - 2017-07-15 02:41 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-07-15 02:41 - 2017-07-15 02:41 - 01266544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-07-15 02:41 - 2017-07-15 02:41 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-07-15 02:41 - 2017-07-15 02:41 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-07-15 02:41 - 2017-07-15 02:41 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-07-15 02:41 - 2017-07-15 02:41 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-07-15 02:41 - 2017-07-15 02:41 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-07-15 02:41 - 2017-07-15 02:41 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-07-15 02:41 - 2017-07-15 02:41 - 00797184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-07-15 02:41 - 2017-07-15 02:41 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2017-07-15 02:41 - 2017-07-15 02:41 - 00716440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2017-07-15 02:41 - 2017-07-15 02:41 - 00559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-07-15 02:41 - 2017-07-15 02:41 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-07-15 02:41 - 2017-07-15 02:41 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
2017-07-15 02:41 - 2017-07-15 02:41 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-07-15 02:41 - 2017-07-15 02:41 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-07-15 02:41 - 2017-07-15 02:41 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DictationManager.dll
2017-07-15 02:41 - 2017-07-15 02:41 - 00387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-07-15 02:41 - 2017-07-15 02:41 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-07-15 02:41 - 2017-07-15 02:41 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2017-07-15 02:41 - 2017-07-15 02:41 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll
2017-07-15 02:41 - 2017-07-15 02:41 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2017-07-15 02:41 - 2017-07-15 02:41 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-07-15 02:41 - 2017-07-15 02:41 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2017-07-15 02:41 - 2017-07-15 02:41 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2017-07-15 02:41 - 2017-07-15 02:41 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2017-07-15 02:41 - 2017-07-15 02:41 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-07-15 02:41 - 2017-07-15 02:41 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-07-15 02:41 - 2017-07-15 02:41 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-07-15 02:41 - 2017-07-15 02:41 - 00059904 _____ C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 06726656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-07-15 02:40 - 2017-07-15 02:40 - 06535168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-07-15 02:40 - 2017-07-15 02:40 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 03135488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 03116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 02730496 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-07-15 02:40 - 2017-07-15 02:40 - 02625024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 02516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 02438656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 02347520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 02085280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 01911752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 01852776 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 01657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 01628160 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 01611776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 01605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 01600512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 01596600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 01583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 01557288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 01536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 01506712 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 01463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 01459728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 01433600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 01409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 01333136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 01320352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 01275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 01269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 01257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 01242624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 01141760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 01102848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 01085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 01078272 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 01067008 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 01028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 01003624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00975360 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-07-15 02:40 - 2017-07-15 02:40 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe
2017-07-15 02:40 - 2017-07-15 02:40 - 00972800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-07-15 02:40 - 2017-07-15 02:40 - 00961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-07-15 02:40 - 2017-07-15 02:40 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00892416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-07-15 02:40 - 2017-07-15 02:40 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSMDesktopProvider.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00826368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSMDesktopProvider.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthSSO.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-07-15 02:40 - 2017-07-15 02:40 - 00777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00750080 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00741784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaserver.exe
2017-07-15 02:40 - 2017-07-15 02:40 - 00730016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-07-15 02:40 - 2017-07-15 02:40 - 00722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-07-15 02:40 - 2017-07-15 02:40 - 00712608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-07-15 02:40 - 2017-07-15 02:40 - 00708712 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00673112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00660384 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00651680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-07-15 02:40 - 2017-07-15 02:40 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00606960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00599576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00573856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-07-15 02:40 - 2017-07-15 02:40 - 00543648 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-07-15 02:40 - 2017-07-15 02:40 - 00524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00523296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-07-15 02:40 - 2017-07-15 02:40 - 00439808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00409504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-07-15 02:40 - 2017-07-15 02:40 - 00392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00388000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-07-15 02:40 - 2017-07-15 02:40 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00370928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-07-15 02:40 - 2017-07-15 02:40 - 00363424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2017-07-15 02:40 - 2017-07-15 02:40 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00321376 _____ (Microsoft Corporation) C:\WINDOWS\system32\capauthz.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00311200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-07-15 02:40 - 2017-07-15 02:40 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2017-07-15 02:40 - 2017-07-15 02:40 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00266640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\capauthz.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-07-15 02:40 - 2017-07-15 02:40 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Preview.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-07-15 02:40 - 2017-07-15 02:40 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\devicengccredprov.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00219040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2017-07-15 02:40 - 2017-07-15 02:40 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00211872 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-07-15 02:40 - 2017-07-15 02:40 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00188824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-07-15 02:40 - 2017-07-15 02:40 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devicengccredprov.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\embeddedmodesvc.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2017-07-15 02:40 - 2017-07-15 02:40 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSaveExt.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00130464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-07-15 02:40 - 2017-07-15 02:40 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-07-15 02:40 - 2017-07-15 02:40 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2017-07-15 02:40 - 2017-07-15 02:40 - 00112544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2017-07-15 02:40 - 2017-07-15 02:40 - 00105456 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-07-15 02:40 - 2017-07-15 02:40 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00095584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00086016 _____ C:\WINDOWS\system32\xboxgipsynthetic.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2017-07-15 02:40 - 2017-07-15 02:40 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCredentialDeployment.exe
2017-07-15 02:40 - 2017-07-15 02:40 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2017-07-15 02:40 - 2017-07-15 02:40 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\bfsvc.exe
2017-07-15 02:40 - 2017-07-15 02:40 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvps.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-07-15 02:40 - 2017-07-15 02:40 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksthunk.sys
2017-07-15 02:40 - 2017-07-15 02:40 - 00027040 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2017-07-15 02:40 - 2017-07-15 02:40 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmptrap.exe
2017-07-15 02:40 - 2017-07-15 02:40 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rootmdm.sys
2017-07-15 02:40 - 2017-07-15 02:40 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-07-15 02:40 - 2017-07-15 02:40 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-07-15 02:33 - 2017-07-14 18:02 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2017-07-15 02:32 - 2017-07-15 02:32 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2017-07-15 02:30 - 2017-07-15 02:30 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-07-15 02:30 - 2017-07-15 02:30 - 00000000 ____D C:\Program Files\MSBuild
2017-07-15 02:30 - 2017-07-15 02:30 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-07-15 02:30 - 2017-07-14 18:25 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-07-15 02:29 - 2017-07-15 02:29 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-07-15 02:29 - 2017-02-10 20:26 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-07-15 02:29 - 2017-02-10 20:26 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-07-15 02:29 - 2017-02-10 20:26 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-07-15 02:29 - 2017-02-10 20:21 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-07-15 02:29 - 2017-02-10 20:21 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-07-15 02:29 - 2017-02-10 20:21 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-07-14 22:49 - 2017-07-14 22:51 - 00021527 _____ C:\Users\User\Desktop\FRST.txt
2017-07-14 22:48 - 2017-07-14 22:49 - 00000000 ____D C:\FRST
2017-07-14 22:43 - 2017-07-14 22:43 - 00001037 _____ C:\Users\User\Desktop\mbam.txt
2017-07-14 22:01 - 2017-07-14 22:01 - 00899584 _____ C:\Users\User\Desktop\RGSA.exe
2017-07-14 21:51 - 2017-07-14 21:51 - 02435584 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2017-07-14 18:56 - 2017-07-14 18:56 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2017-07-14 18:52 - 2017-07-14 18:52 - 00000306 _____ C:\WINDOWS\system32\{86F549EB-A66B-4D6C-958D-CDDD66410751}.bat
2017-07-14 18:52 - 2017-07-14 18:52 - 00000020 ___SH C:\Users\User\ntuser.ini
2017-07-14 18:45 - 2017-07-14 18:48 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2017-07-14 18:45 - 2017-07-14 18:48 - 00007623 _____ C:\WINDOWS\diagerr.xml
2017-07-14 18:37 - 2017-07-14 22:23 - 00004148 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{CE3A98A0-CD60-440B-A7D2-FDC90EB6B0CB}
2017-07-14 18:37 - 2017-07-14 19:04 - 00003276 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-07-14 18:37 - 2017-07-14 18:53 - 00004268 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-07-14 18:37 - 2017-07-14 18:38 - 00003578 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-07-14 18:37 - 2017-07-14 18:38 - 00003344 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-07-14 18:37 - 2017-07-14 18:38 - 00003278 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-07-14 18:37 - 2017-07-14 18:38 - 00002934 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-16860551-3646413191-704074031-1001
2017-07-14 18:37 - 2017-07-14 18:38 - 00002562 _____ C:\WINDOWS\System32\Tasks\Maxthon Update
2017-07-14 18:37 - 2017-07-14 18:38 - 00002314 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-16860551-3646413191-704074031-500
2017-07-14 18:37 - 2017-07-14 18:38 - 00002230 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-07-14 18:37 - 2017-07-14 18:37 - 00003358 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1463045099
2017-07-14 18:37 - 2017-07-14 18:37 - 00003120 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-07-14 18:37 - 2017-07-14 18:37 - 00002534 _____ C:\WINDOWS\System32\Tasks\Pokki
2017-07-14 18:37 - 2017-07-14 18:37 - 00002352 _____ C:\WINDOWS\System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}
2017-07-14 18:37 - 2017-07-14 18:37 - 00002256 _____ C:\WINDOWS\System32\Tasks\PDVDServ Task
2017-07-14 18:37 - 2017-07-14 18:37 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-14 18:37 - 2017-07-14 18:37 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2017-07-14 18:37 - 2017-07-14 18:37 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2017-07-14 18:37 - 2017-07-14 18:37 - 00000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2017-07-14 18:37 - 2017-07-14 18:37 - 00000000 ____D C:\WINDOWS\System32\Tasks\COMODO
2017-07-14 18:37 - 2017-07-14 18:37 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2017-07-14 18:37 - 2015-01-14 23:45 - 00002324 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2557358678-4213663192-2481152351-500
2017-07-14 18:37 - 2014-04-02 18:00 - 00003590 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1131006564-119424937-13047761-500
2017-07-14 18:34 - 2017-07-14 18:34 - 00889694 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-07-14 18:23 - 2017-07-14 18:23 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-07-14 18:14 - 2017-07-14 18:14 - 00000000 ____D C:\ProgramData\USOShared
2017-07-14 18:12 - 2017-07-14 18:25 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-07-14 18:06 - 2017-07-14 18:06 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2017-07-14 18:06 - 2017-03-18 21:56 - 02233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-07-14 18:05 - 2017-07-14 18:12 - 00000000 ____D C:\Program Files\Intel
2017-07-14 18:05 - 2017-07-14 18:05 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2017-07-14 18:05 - 2017-07-14 18:05 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-07-14 18:05 - 2017-07-14 18:05 - 00000000 ____D C:\Program Files\Realtek
2017-07-14 18:05 - 2016-05-03 23:30 - 00081416 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2017-07-14 18:05 - 2016-05-03 23:30 - 00077832 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2017-07-14 18:02 - 2017-07-14 21:47 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-07-14 18:02 - 2017-07-14 18:26 - 00217000 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-07-13 18:16 - 2017-07-14 19:23 - 00000000 ___DC C:\WINDOWS\Panther
2017-07-08 03:46 - 2017-07-08 03:46 - 00000000 ___SD C:\WINDOWS\UpdateAssistantV2
2017-07-07 19:34 - 2017-07-14 19:23 - 00000000 ____D C:\Users\User\AppData\Local\CrashDumps
2017-07-07 02:11 - 2017-07-05 08:30 - 00256040 _____ (COMODO) C:\WINDOWS\system32\iseguard64.dll
2017-07-07 02:11 - 2017-07-05 08:29 - 00205536 _____ (COMODO) C:\WINDOWS\SysWOW64\iseguard32.dll
2017-07-07 02:11 - 2017-03-29 22:49 - 00062208 _____ (COMODO) C:\WINDOWS\system32\Drivers\isedrv.sys
2017-07-07 01:02 - 2017-07-07 01:02 - 00000000 ____D C:\Program Files\COMODO
2017-07-07 01:00 - 2017-07-07 02:11 - 00000000 ____D C:\Program Files (x86)\Comodo
2017-07-07 00:56 - 2017-07-07 00:57 - 00000000 ____D C:\ProgramData\Comodo Downloader
2017-07-07 00:56 - 2017-07-07 00:56 - 05365800 _____ (COMODO) C:\Users\User\Downloads\cfw_installer_6106_53.exe
2017-07-06 22:06 - 2017-07-06 22:06 - 00000000 ____D C:\Users\User\AppData\Local\ESET
2017-07-06 19:44 - 2017-07-06 19:43 - 00400464 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-07-06 05:29 - 2017-07-11 12:44 - 00051808 _____ (COMODO) C:\WINDOWS\system32\cmdcsr.dll
2017-07-06 05:28 - 2017-07-11 12:44 - 00942280 _____ (COMODO) C:\WINDOWS\system32\guard64.dll
2017-07-06 05:28 - 2017-07-11 12:44 - 00732944 _____ (COMODO) C:\WINDOWS\SysWOW64\guard32.dll
2017-07-06 05:26 - 2017-07-11 12:41 - 00457408 _____ (COMODO) C:\WINDOWS\system32\cmdvrt64.dll
2017-07-06 05:24 - 2017-07-11 12:40 - 00363712 _____ (COMODO) C:\WINDOWS\SysWOW64\cmdvrt32.dll
2017-06-25 03:25 - 2017-07-06 21:13 - 00000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-15 03:01 - 2017-03-18 22:03 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-07-15 02:57 - 2017-03-18 22:06 - 00000000 ____D C:\WINDOWS\Setup
2017-07-15 02:56 - 2017-03-18 22:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-07-15 02:56 - 2017-03-18 22:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-07-15 02:56 - 2017-03-18 22:03 - 00000000 ___RD C:\Program Files\Windows Defender
2017-07-15 02:56 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\migwiz
2017-07-15 02:56 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-07-15 02:56 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-07-15 02:56 - 2017-03-18 22:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-07-15 02:56 - 2017-03-18 22:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-07-15 02:56 - 2017-03-18 22:03 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-07-15 02:43 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-07-15 02:43 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-07-15 02:43 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\Provisioning
2017-07-15 02:43 - 2017-03-18 12:40 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-07-14 21:52 - 2015-09-27 14:01 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-07-14 21:09 - 2017-03-18 21:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-07-14 21:08 - 2017-03-18 22:01 - 00000000 ____D C:\WINDOWS\INF
2017-07-14 19:26 - 2015-09-24 00:33 - 00000000 __RDO C:\Users\User\OneDrive
2017-07-14 19:12 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-07-14 19:12 - 2015-09-01 02:24 - 00000000 ____D C:\Users\User\AppData\Local\Packages
2017-07-14 19:11 - 2017-03-18 22:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-14 19:04 - 2015-10-02 21:26 - 00002407 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-07-14 18:53 - 2017-03-18 22:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-07-14 18:53 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\rescache
2017-07-14 18:53 - 2015-09-10 06:42 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-07-14 18:52 - 2015-10-02 20:56 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2017-07-14 18:51 - 2015-10-02 21:47 - 00000258 __RSH C:\ProgramData\ntuser.pol
2017-07-14 18:48 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-07-14 18:44 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-07-14 18:38 - 2017-03-19 03:31 - 00000000 ____D C:\WINDOWS\HoloShell
2017-07-14 18:38 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\Registration
2017-07-14 18:38 - 2015-10-02 20:48 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-07-14 18:35 - 2017-03-18 22:03 - 00000000 __RHD C:\Users\Public\Libraries
2017-07-14 18:30 - 2015-09-23 21:58 - 00002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-07-14 18:25 - 2017-05-31 18:22 - 00000000 ____D C:\WINDOWS\system32\UNP
2017-07-14 18:25 - 2017-04-02 14:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-07-14 18:25 - 2017-03-18 22:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-07-14 18:25 - 2017-03-18 12:40 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-07-14 18:25 - 2017-02-25 16:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2017-07-14 18:25 - 2016-09-11 22:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOL
2017-07-14 18:25 - 2016-07-21 22:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-07-14 18:25 - 2016-04-22 00:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2017-07-14 18:25 - 2015-10-30 10:07 - 00000000 ____D C:\WINDOWS\ShellNew
2017-07-14 18:25 - 2015-10-13 22:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-07-14 18:25 - 2015-09-27 13:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2017-07-14 18:25 - 2015-09-27 13:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2017-07-14 18:25 - 2015-09-27 01:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2017-07-14 18:25 - 2015-09-25 22:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2017-07-14 18:25 - 2015-09-24 00:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2017-07-14 18:25 - 2015-01-15 00:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxthon Cloud Browser
2017-07-14 18:25 - 2015-01-15 00:10 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector 10
2017-07-14 18:25 - 2015-01-15 00:08 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink MediaStory
2017-07-14 18:25 - 2015-01-15 00:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2017-07-14 18:15 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-07-14 18:15 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2017-07-14 18:15 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2017-07-14 18:15 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-07-14 18:15 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\SysWOW64\et-EE
2017-07-14 18:15 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2017-07-14 18:15 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\spool
2017-07-14 18:15 - 2016-08-28 13:55 - 00000000 ____D C:\WINDOWS\SysWOW64\Packages
2017-07-14 18:15 - 2014-03-18 11:06 - 00000000 ____D C:\WINDOWS\SysWOW64\gl-es
2017-07-14 18:15 - 2014-03-18 11:06 - 00000000 ____D C:\WINDOWS\SysWOW64\eu-es
2017-07-14 18:15 - 2014-03-18 11:06 - 00000000 ____D C:\WINDOWS\SysWOW64\ca-es-valencia
2017-07-14 18:15 - 2014-03-18 11:06 - 00000000 ____D C:\WINDOWS\SysWOW64\ca-es
2017-07-14 18:15 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2017-07-14 18:15 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2017-07-14 18:14 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-07-14 18:14 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-07-14 18:14 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-07-14 18:14 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2017-07-14 18:14 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2017-07-14 18:14 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2017-07-14 18:14 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\et-EE
2017-07-14 18:14 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\en-GB
2017-07-14 18:14 - 2017-03-18 22:03 - 00000000 ____D C:\ProgramData\USOPrivate
2017-07-14 18:14 - 2014-03-18 11:06 - 00000000 ____D C:\WINDOWS\system32\gl-es
2017-07-14 18:14 - 2014-03-18 11:06 - 00000000 ____D C:\WINDOWS\system32\eu-es
2017-07-14 18:13 - 2017-03-19 03:30 - 00000000 ____D C:\WINDOWS\OCR
2017-07-14 18:13 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-07-14 18:13 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\InputMethod
2017-07-14 18:13 - 2014-03-18 11:06 - 00000000 ____D C:\WINDOWS\system32\ca-es-valencia
2017-07-14 18:13 - 2014-03-18 11:06 - 00000000 ____D C:\WINDOWS\system32\ca-es
2017-07-14 18:12 - 2017-03-18 22:03 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-07-14 18:12 - 2013-08-22 16:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-07-14 18:06 - 2017-03-18 12:40 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-07-14 02:24 - 2017-03-19 04:20 - 00000000 ___HD C:\$WINDOWS.~BT
2017-07-13 18:01 - 2015-09-01 02:24 - 00000000 __SHD C:\Users\User\IntelGraphicsProfiles
2017-07-13 17:59 - 2016-03-24 03:29 - 00029336 _____ C:\WINDOWS\system32\Drivers\fvstore.dat
2017-07-13 16:19 - 2016-01-03 17:33 - 00000000 ____D C:\Users\User\AppData\Local\Spotify
2017-07-13 16:19 - 2016-01-03 17:32 - 00000000 ____D C:\Users\User\AppData\Roaming\Spotify
2017-07-11 23:22 - 2015-09-24 22:15 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-07-11 23:18 - 2015-09-24 22:15 - 135225752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-07-08 12:26 - 2015-09-24 00:19 - 00000000 ___RD C:\Users\User\Google Drive
2017-07-08 12:24 - 2015-09-01 02:25 - 00000000 ____D C:\Users\User\AppData\Local\Lenovo
2017-07-07 19:22 - 2017-05-31 18:22 - 00000000 ____D C:\Program Files\UNP
2017-07-07 02:11 - 2015-09-27 13:50 - 00000000 ____D C:\ProgramData\Comodo
2017-07-07 01:36 - 2015-09-27 01:38 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2017-07-07 01:36 - 2015-01-15 00:04 - 00000000 ____D C:\ProgramData\Temp
2017-07-07 01:26 - 2015-01-15 00:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-07-07 01:06 - 2016-05-12 10:25 - 00001099 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-07-07 01:05 - 2016-05-13 13:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-07-07 01:05 - 2016-02-03 00:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-07-07 01:00 - 2015-09-27 13:53 - 00000000 ____D C:\Users\User\AppData\Local\Comodo
2017-07-06 21:19 - 2015-09-01 04:06 - 00000000 ____D C:\Users\User\AppData\Roaming\Nitro PDF
2017-07-06 19:45 - 2017-06-08 23:32 - 00061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2017-07-06 19:45 - 2015-09-27 13:48 - 00361336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys
2017-07-06 19:43 - 2016-05-09 21:07 - 00041800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-07-06 19:43 - 2015-09-27 13:48 - 01015848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-07-06 19:43 - 2015-09-27 13:48 - 00585608 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-07-06 19:43 - 2015-09-27 13:48 - 00360792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys.149936674687506
2017-07-06 19:43 - 2015-09-27 13:48 - 00198768 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-07-06 19:43 - 2015-09-27 13:48 - 00146664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-07-06 19:43 - 2015-09-27 13:48 - 00110352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-07-06 19:43 - 2015-09-27 13:48 - 00084392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-07-06 19:43 - 2015-09-27 13:48 - 00046984 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-07-06 19:43 - 2015-09-27 13:43 - 00000000 ____D C:\ProgramData\AVAST Software
2017-07-06 19:42 - 2017-03-12 17:51 - 00343264 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-07-06 19:42 - 2017-03-12 17:51 - 00319984 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-07-06 19:42 - 2017-03-12 17:51 - 00198944 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-07-06 19:42 - 2017-03-12 17:51 - 00057704 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-07-02 19:07 - 2015-11-06 01:46 - 00000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
2017-06-30 15:47 - 2017-03-18 22:06 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-06-30 15:47 - 2017-03-18 22:06 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-25 00:28 - 2017-04-02 14:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-06-25 00:28 - 2017-04-02 14:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-06-17 23:05 - 2015-09-01 02:34 - 00000000 ____D C:\Users\User\AppData\Local\Adobe
 
==================== Files in the root of some directories =======
 
2015-09-25 00:02 - 2015-09-25 00:02 - 0000011 _____ () C:\ProgramData\.tv7
2017-07-14 18:06 - 2017-07-14 18:06 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-07-14 18:51
 
==================== End of FRST.txt ============================

Edited by agangelus, 16 July 2017 - 02:34 PM.


#15 agangelus

agangelus

    Advanced Member

  • Full Member
  • PipPipPip
  • 184 posts

Posted 16 July 2017 - 02:31 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-07-2017
Ran by User (14-07-2017 22:52:28)
Running from C:\Users\User\Desktop
Windows 10 Home Version 1703 (X64) (2017-07-14 17:51:00)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-16860551-3646413191-704074031-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-16860551-3646413191-704074031-503 - Limited - Disabled)
Guest (S-1-5-21-16860551-3646413191-704074031-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-16860551-3646413191-704074031-1003 - Limited - Enabled)
User (S-1-5-21-16860551-3646413191-704074031-1001 - Administrator - Enabled) => C:\Users\User
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: COMODO Firewall (Enabled) {346ADFA5-A93A-68E5-1F1A-0C241B12C186}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon) <==== ATTENTION
AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version:  - AOL Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.5.2302 - AVAST Software)
BBC (HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\Pokki_5110578d77115a3445841a4c038159b71769d31b) (Version: 1.0.0.46314 - SweetLabs)
BBC iPlayer Downloads (HKLM-x32\...\{148784F3-3B6E-4DFA-B7A1-3400B277DAF3}) (Version: 1.14.2 - BBC)
BEACON (HKLM-x32\...\{259BF8E7-28DB-461F-8D7F-7B6E267D2502}_is1) (Version: 1.7.1013.0 - Lenovo Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.32 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 57.0.2987.93 - Comodo)
COMODO Firewall (HKLM\...\{897FA7E3-17BF-405F-BC91-FB72A669DCD3}) (Version: 10.0.1.6258 - COMODO Security Solutions Inc.) Hidden
COMODO Firewall (HKLM\...\COMODO Internet Security) (Version: 10.0.1.6258 - COMODO Security Solutions Inc.)
CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1602 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.4002 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.4002 - CyberLink Corp.)
Dependency Package Update (HKLM\...\{0788641D-D31A-478D-BB34-C41564AE9F93}) (Version: 1.6.38.00 - Lenovo Inc.) Hidden
Dependency Package Update (HKLM\...\{5252431C-288E-409D-ADCF-24407E0E6F70}) (Version: 1.6.36.00 - Lenovo Inc.) Hidden
Dependency Package Update (HKLM\...\{FFED38DF-94DC-4FF9-96C1-A6990EDA6B03}) (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (HKLM-x32\...\{1D2682EA-75DD-44B6-BF2D-CD3C49EAD012}) (Version: 1.6.38.01 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{3117B53D-A409-4D99-A0DE-11A1A40696FA}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{4430150F-61B3-4142-BE04-EAC68C8DDA18}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{4AF6C9BC-D8DB-4286-94D9-474CE54ADAA2}) (Version: 1.6.38.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{503B47A9-E34A-4841-ADD7-417191D5DB5E}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{546FF45D-2467-4950-AAFB-0A06ACBB6B2C}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{5B2190E9-199D-450A-94B3-4D6826C770C2}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{5BEFE1E1-F597-4B79-913B-15FFDB25B744}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{63DE35C9-B080-4D03-B110-99E14FD35BCE}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{65316098-0220-4D5C-B37A-6136083A0897}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{E966DBE4-5075-465E-BA81-BC9A3A3204B3}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.13.0621 - Lenovo)
FamilySafetyGuide (HKLM-x32\...\{9A268503-5AB0-479E-9690-929BDEC55C00}) (Version: 1.00.0711 - lenovo)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Host App Service (HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\Pokki) (Version: 0.269.7.783 - Pokki)
IMDb (HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\Pokki_9d153b1b6b60a262593fab6bbf51fa799be45a00) (Version: 1.0.0.45285 - SweetLabs)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
Internet Security Essentials (HKLM-x32\...\ComodoIse) (Version: 1.2.422025.92 - Comodo)
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.29 - Lenovo)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 - Lenovo)
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.38.00 - Lenovo Group Limited)
Lenovo Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.) Hidden
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.7104.52 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.7104.52 - CyberLink Corp.)
Lenovo Rescue System (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1901 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1901 - CyberLink Corp.)
Lenovo Solution Center (HKLM\...\{AB46AC6D-3E9A-4484-8061-64FF10301B41}) (Version: 3.3.002.00 - Lenovo)
Lenovo Web Start (HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\Pokki_04bb6df446330549a2cb8d67fbd1a745025b7bd1) (Version: 1.0.2.53457 - SweetLabs)
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.4.2.2000 - Maxthon International Limited)
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8229.2073 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 54.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 54.0 (x86 en-GB)) (Version: 54.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.0.6368 - Mozilla)
Nitro Pro 9 (HKLM\...\{356896F4-F148-4BEB-8268-7D877F6C0DD0}) (Version: 9.0.6.20 - Nitro)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8229.2073 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2073 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2073 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8201.2075 - Microsoft Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7106 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.243 - REALTEK Semiconductor Corp.)
SafeZone Stable 3.55.2393.609 (HKLM-x32\...\SafeZone 3.55.2393.609) (Version: 3.55.2393.609 - Avast Software) Hidden
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.1.4.0 - Lenovo Group Limited)
Spotify (HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\Spotify) (Version: 1.0.58.573.g57c9cd87 - Spotify AB)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
Start Menu (HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\Pokki_Start_Menu) (Version: 0.269.7.783 - Pokki)
UESDK (HKLM-x32\...\{EB3F6640-58AE-4886-B8BA-466B6939A933}_is1) (Version: 1.0.0.3 - Lenovo)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Viewpoint Media Player (HKLM-x32\...\ViewpointMediaPlayer) (Version:  - )
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-06] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-06] (AVAST Software)
ContextMenuHandlers01: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-06] (AVAST Software)
ContextMenuHandlers01: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2017-07-11] (COMODO)
ContextMenuHandlers01: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
ContextMenuHandlers01: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:\Program Files\Common Files\Nitro\Pro\9.0\NPShellExtension64.dll [2014-02-14] (Nitro PDF)
ContextMenuHandlers01: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => C:\Program Files (x86)\Lenovo\SHAREit\ShellEx\ShellExt64.dll [2014-08-13] (Lenovo)
ContextMenuHandlers02: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2017-07-11] (COMODO)
ContextMenuHandlers03: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-06] (AVAST Software)
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-26] (Malwarebytes)
ContextMenuHandlers04: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
ContextMenuHandlers04: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => C:\Program Files (x86)\Lenovo\SHAREit\ShellEx\ShellExt64.dll [2014-08-13] (Lenovo)
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers05: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Intel Corporation)
ContextMenuHandlers05: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\WINDOWS\system32\igfxOSP.dll [2016-05-03] (Intel Corporation)
ContextMenuHandlers06: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-06] (AVAST Software)
ContextMenuHandlers06: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2017-07-11] (COMODO)
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-26] (Malwarebytes)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {01D95F8F-CFDE-4EE9-A495-1C84B3025231} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-05-01] (Lenovo)
Task: {0E21D7D7-BD65-4AFA-930A-9328E1FB39D9} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2016-02-13] ()
Task: {101270DB-27CA-481C-B82F-349FEA4A3101} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-05-01] (Lenovo)
Task: {13896A33-99F4-4CC6-8503-07B246BCAFA8} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2017-07-11] (COMODO)
Task: {1635345B-0C29-448F-B418-525207A2DDA4} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-07-11] (COMODO)
Task: {175631CE-589B-4F65-93E0-F21300019740} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {295BFDE5-4012-466D-9EA1-289EB131C461} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-23] (Microsoft Corporation)
Task: {341AAA4E-7681-4210-B7BA-D0291FD96E6E} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {36539AFE-0902-46E4-9B78-B16676A91AEE} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_137_pepper.exe [2017-07-14] (Adobe Systems Incorporated)
Task: {3E73B560-1EE9-4389-B112-4AA1F0F729CD} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-07-11] (COMODO)
Task: {454AA751-9584-442C-993A-66AF6B89F91C} - System32\Tasks\SafeZone scheduled Autoupdate 1463045099 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-06-13] (Avast Software)
Task: {5628072E-A606-4339-9E92-5E8FF45A54F2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-30] (Piriform Ltd)
Task: {56BA98BB-6E4D-4D28-A797-3AB3E8E12176} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-07-11] (COMODO)
Task: {57DFF957-C097-4F17-8203-CB1FB1EF8759} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-23] (Google Inc.)
Task: {66C3084C-C536-456A-AAB2-5EBCE0945289} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe [2014-09-11] (Maxthon International ltd.)
Task: {67FC5BCA-7BF9-44B9-9C82-76221BC8A180} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-06] ()
Task: {6B55362E-498B-42AC-A126-756E57507239} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-23] (Microsoft Corporation)
Task: {6C669420-CA95-4FC9-80D8-8BE16C9A4D9D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-23] (Google Inc.)
Task: {6EF91A0C-5162-4C0D-81BB-0052A5E69382} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {769FD28E-FE31-4BA6-8B0D-BAD423942723} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-06] ()
Task: {806F0094-5767-422C-9C99-8ABDF816BFF3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {80DC3A2E-A246-4A45-AD5B-8DD83B0B5C26} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {840841EE-B16A-4AC8-AC9D-BA852F7AFC14} - System32\Tasks\COMODO\COMODO Maintenance {947247B5-026A-4437-9371-770782BE839D} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-07-11] (COMODO)
Task: {8881EFD9-4E06-4A11-B7D9-4A4180B8AF9F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-07-06] (Microsoft Corporation)
Task: {8A21EC51-D256-488A-A8DD-824AA6F2D7E8} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {9719BD28-8F15-4FEB-A036-24C3C446C3DE} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-05-01] (Lenovo)
Task: {9C23DA1B-8077-41C4-96E0-8E34A96C22E2} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {A3DB76D2-90E9-43CF-9BD9-453475150B62} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {AFE6CEB1-1A6E-49FD-AC1A-E3758644C684} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {B03B5D76-24A4-41E1-86E6-DF06DCAD7731} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-07-11] (Microsoft Corporation)
Task: {B7AE9942-0693-426B-AAF9-EA245E538D5D} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-14] (Adobe Systems Incorporated)
Task: {C4F6D8AF-2738-4202-8FD2-838798D42997} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {CA6D97C5-5913-4D91-A015-1E119F8A0805} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-08-17] (Lenovo)
Task: {CAFF736A-52EB-4689-ABF2-C970F81612E3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {D4554F07-AE0F-4633-B476-27A247AAAA24} - \WPD\SqmUpload_S-1-5-21-16860551-3646413191-704074031-1001 -> No File <==== ATTENTION
Task: {D4CA6C07-7F6C-4DA4-ADFC-6D8D6373614E} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-07-06] (AVAST Software)
Task: {D7C65FA9-E198-4080-8820-A5624C1702FF} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSC.Services.UpdateStatusService.exe [2016-05-01] ()
Task: {E3B47BE2-12EF-48C1-8D75-3482423274C8} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2017-07-11] (COMODO)
Task: {E3D58173-2D9D-4B1C-8D01-330385ABF474} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-07-13] (AVAST Software)
Task: {E4242FAC-220A-4C15-A2D5-E7C19E5187B8} - System32\Tasks\Pokki => C:\Users\User\AppData\Local\Pokki\Engine\ServiceHostAppUpdater.exe
Task: {E43F6B7A-1EDA-49F6-9D39-F00EF48A069A} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-09] (CyberLink Corp.)
Task: {F10EB4CF-042D-4805-9822-B9929F8F0214} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {FC256A57-6C22-40F0-8316-AAFE7B0586D8} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-07-06 05:26 - 2017-07-11 12:42 - 00156352 _____ () C:\Program Files\COMODO\COMODO Internet Security\cmdwrhlp.dll
2017-07-06 05:25 - 2017-07-11 12:40 - 00107200 _____ () C:\Program Files\COMODO\COMODO Internet Security\cavwpps.dll
2017-07-06 05:25 - 2017-07-11 12:41 - 00244928 _____ () C:\Program Files\COMODO\COMODO Internet Security\cmdcomps.dll
2015-01-14 23:55 - 2011-08-17 05:46 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
2015-01-15 00:10 - 2012-04-24 11:43 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2017-03-18 21:58 - 2017-03-18 21:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2015-01-14 23:55 - 2011-08-17 05:46 - 00024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe
2017-06-21 23:01 - 2017-06-21 23:02 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-06-21 23:01 - 2017-06-21 23:02 - 00203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-06-21 23:01 - 2017-06-21 23:02 - 43454464 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-06-21 23:01 - 2017-06-21 23:02 - 02437120 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\skypert.dll
2016-03-17 01:15 - 2017-07-06 20:29 - 08932040 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-03-18 21:59 - 2017-03-19 03:31 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-07-06 21:10 - 2017-06-23 04:21 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-07-06 21:10 - 2017-06-23 04:21 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
2017-07-06 19:43 - 2017-07-06 19:43 - 00170224 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-07-13 16:12 - 2017-07-13 16:12 - 01038952 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-07-06 19:43 - 2017-07-06 19:43 - 67109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-07-06 19:43 - 2017-07-06 19:43 - 00192664 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-07-06 19:43 - 2017-07-06 19:43 - 00224256 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-07-06 19:42 - 2017-07-06 19:42 - 00292920 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-07-06 19:42 - 2017-07-06 19:45 - 02962096 _____ () C:\Program Files\AVAST Software\Avast\aswDataScan.dll
2017-07-06 19:43 - 2017-07-06 19:43 - 00689272 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2015-01-14 23:55 - 2011-05-17 22:27 - 00028672 _____ () C:\Windows\jmesoft\hidhook.dll
2009-12-05 01:59 - 2009-12-05 01:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2009-12-05 02:04 - 2009-12-05 02:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\WINDOWS\avastSS.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdpreference.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CustomModeApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CustomModeAppv2_0.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\difx64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DPTopologyApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DPTopologyAppv2_0.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GfxUIEx.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Gfxv2_0.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Gfxv4_0.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxEM.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxext.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxHK.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxTray.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiUMS64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiVAD64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MpSigStub.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AOLParconLink.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\indexeddbserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WISPTIS.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbam.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbamchameleon.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mwac.sys:$CmdTcID [64]
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [252]
AlternateDataStreams: C:\Users\User\Downloads\12238337_10154758691232588_8208899163589540216_o.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\14706839_10155900496677588_6623436239633311474_o.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\Ali English Oct Monthly Report no. 1 (1).pptx:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\Ali English Oct Monthly Report no. 1.pptx:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\Ali English Presentation MPR MAY 2015.pptx:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\Ali English Quarterly Report (1) (2).pptx:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\FB_IMG_1486241176672.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\FB_IMG_1486241216863.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\FB_IMG_1486241324928.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\FB_IMG_1486241372797.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\SpotifySetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\User\Downloads\SpotifySetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\Talkin bout ma presentation (1).ppt:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\Talkin bout ma presentation June.ppt:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\Talkin bout ma presentation.ppt:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\WP_20151109_009 (1).jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\WP_20151109_009.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\WP_20151109_011.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\WP_20151109_014.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\WP_20170328_001.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\WP_20170328_004.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\WP_20170328_006.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\WP_20170328_007.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Documents\123.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Documents\booking.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Documents\car tax £130.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Documents\fooddiaryextraeasy.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Documents\Graham English - Curriculum Vitae.docx:$CmdZnID [26]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\1001movie.com -> 1001movie.com
 
There are 6091 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-16860551-3646413191-704074031-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\lenovowallpaper.jpg
DNS Servers: 156.154.70.22 - 156.154.71.22
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\StartupApproved\Run: => "Spotify"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{9B69D0CB-C99A-477D-9B30-5831EB49051F}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609\SZBrowser.exe
FirewallRules: [{26FA87E7-ACDE-4C8D-9024-F97D2F7F0DC9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{6DC8C4E2-1BDC-4227-8CC9-47DF10CCF2C8}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.607\SZBrowser.exe
FirewallRules: [{9974286C-CF91-4B5A-8B2B-9C616C5C1143}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{306A4EB6-BB45-4B48-A13F-FD7FC9FD3476}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1CE490E1-F5F9-4F10-834A-4F9C265B8737}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{6982C10D-FFB8-4102-8D96-2D52282AC506}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{85C227E4-A221-4F2B-B45C-0F8348C59D9C}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [{9A7B0B22-6211-49E5-B5DB-E605D5A5E0E0}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{8395029A-0012-4B56-AA18-CA10C2A92E91}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{1350BD3C-F2EF-44EB-AF22-DA41F563E7F3}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{4966769A-ACCF-4744-99A2-6FD7FA210DFE}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{1CA9DF85-BC3A-4DF0-A2B8-F99F82C9E758}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{45F3A533-6279-46F4-8944-CB04C48B07FB}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{BB7C4367-3888-4133-85F0-7A6E742F0D81}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{08810743-4022-4AA1-A400-0DDF31801FAA}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{904359D7-476C-46B2-BEEF-F565573EF2DD}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{3A22E91A-F228-468B-B0EB-1E0EC4B3CA12}] => (Allow) C:\Users\User\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{C397CCBB-C3ED-40BE-A2E2-D84BCD7F1A48}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe
FirewallRules: [{09D4BB2B-685A-4DA5-8AFF-1ED33C4C693D}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe
FirewallRules: [{543675CD-B873-4756-9F62-5B0019AF299E}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
FirewallRules: [{026D2367-6D12-4CE2-95FD-93CE70E237B4}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
FirewallRules: [{DB07E1DB-5E3A-4E76-B9BC-046BEB763BEB}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1473627642\ee\aolsoftware.exe
FirewallRules: [{012E5F55-FE8B-4AED-8F83-96714A072186}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1473627642\ee\aolsoftware.exe
FirewallRules: [{8766A8B3-5A43-41B1-A703-4893D13C7C85}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.2\waol.exe
FirewallRules: [{71D7E7C8-E622-4609-8409-C07247A7158C}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.2\waol.exe
FirewallRules: [{59DF7A4E-FFE8-4DBD-9695-A5E37EC880BD}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{C7616BFA-3826-4AD8-AFD9-1CF743D91B83}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{4BA5D1AA-3414-48D8-B357-743CE8BE87B5}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{C19343E6-EEA4-49F5-8217-4FE7F8C06F4A}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{E2802D31-37B2-4FEA-B206-41C78FFA9086}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe
FirewallRules: [{9786A611-76BF-4F25-A1C6-4C6A8A5551B3}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe
 
==================== Restore Points =========================
 
14-07-2017 21:07:24 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/14/2017 10:52:55 PM) (Source: Windows Search Service) (EventID: 3083) (User: )
Description: The protocol handler OneIndex16 cannot be loaded. Error description: (HRESULT : 0x800700c1).
 
Error: (07/14/2017 09:56:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVO-PC)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (07/14/2017 08:52:44 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVO-PC)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (07/14/2017 07:51:42 PM) (Source: Windows Search Service) (EventID: 3083) (User: )
Description: The protocol handler OneIndex16 cannot be loaded. Error description: (HRESULT : 0x800700c1).
 
Error: (07/14/2017 07:51:03 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVO-PC)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (07/14/2017 07:30:20 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostw (5224) An attempt to open the file "C:\Users\User\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (07/14/2017 07:09:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVO-PC)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (07/14/2017 07:09:42 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVO-PC)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (07/14/2017 07:08:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVO-PC)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (07/14/2017 06:55:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVO-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (07/14/2017 09:56:45 PM) (Source: DCOM) (EventID: 10001) (User: LENOVO-PC)
Description: Unable to start a DCOM Server: Microsoft.WindowsStore_11609.1001.28.0_x64__8wekyb3d8bbwe!App.AppX8h0bdkbb5frkt9s09fvshhbvqnntmvm1.mca as Unavailable/Unavailable. The error:
"2"
Happened while starting this command:
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:App.AppXe9cvj1thv1hmcw0cs98xm3r97tyzy2xs.mca
 
Error: (07/14/2017 08:52:44 PM) (Source: DCOM) (EventID: 10001) (User: LENOVO-PC)
Description: Unable to start a DCOM Server: Microsoft.WindowsStore_11609.1001.28.0_x64__8wekyb3d8bbwe!App.AppX8h0bdkbb5frkt9s09fvshhbvqnntmvm1.mca as Unavailable/Unavailable. The error:
"2"
Happened while starting this command:
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:App.AppXe9cvj1thv1hmcw0cs98xm3r97tyzy2xs.mca
 
Error: (07/14/2017 07:51:03 PM) (Source: DCOM) (EventID: 10001) (User: LENOVO-PC)
Description: Unable to start a DCOM Server: Microsoft.WindowsStore_11609.1001.28.0_x64__8wekyb3d8bbwe!App.AppX8h0bdkbb5frkt9s09fvshhbvqnntmvm1.mca as Unavailable/Unavailable. The error:
"2"
Happened while starting this command:
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:App.AppXe9cvj1thv1hmcw0cs98xm3r97tyzy2xs.mca
 
Error: (07/14/2017 07:11:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/14/2017 07:11:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/14/2017 07:11:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/14/2017 07:11:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/14/2017 07:09:43 PM) (Source: DCOM) (EventID: 10001) (User: LENOVO-PC)
Description: Unable to start a DCOM Server: Microsoft.WindowsStore_11609.1001.28.0_x64__8wekyb3d8bbwe!App as Unavailable/Unavailable. The error:
"2"
Happened while starting this command:
"C:\Program Files\WindowsApps\Microsoft.WindowsStore_11609.1001.28.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe" -ServerName:App.AppXqagq4n4gvy0tjw576pgh6xr601s1h1mv.mca
 
Error: (07/14/2017 07:09:42 PM) (Source: DCOM) (EventID: 10001) (User: LENOVO-PC)
Description: Unable to start a DCOM Server: Microsoft.WindowsStore_11609.1001.28.0_x64__8wekyb3d8bbwe!App as Unavailable/Unavailable. The error:
"2"
Happened while starting this command:
"C:\Program Files\WindowsApps\Microsoft.WindowsStore_11609.1001.28.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe" -ServerName:App.AppXqagq4n4gvy0tjw576pgh6xr601s1h1mv.mca
 
Error: (07/14/2017 07:08:05 PM) (Source: DCOM) (EventID: 10001) (User: LENOVO-PC)
Description: Unable to start a DCOM Server: Microsoft.WindowsStore_11609.1001.28.0_x64__8wekyb3d8bbwe!App as Unavailable/Unavailable. The error:
"2"
Happened while starting this command:
"C:\Program Files\WindowsApps\Microsoft.WindowsStore_11609.1001.28.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe" -ServerName:App.AppXqagq4n4gvy0tjw576pgh6xr601s1h1mv.mca
 
 
CodeIntegrity:
===================================
  Date: 2017-07-14 22:26:56.549
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-07-14 21:59:25.224
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-07-14 21:46:47.624
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-07-14 21:32:00.891
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-07-14 21:17:01.123
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-07-14 21:02:01.151
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-07-14 20:45:58.885
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-07-14 20:28:06.120
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-07-14 20:19:56.278
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-07-14 20:11:22.644
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU J1800 @ 2.41GHz
Percentage of memory in use: 62%
Total physical RAM: 3988.71 MB
Available physical RAM: 1480.21 MB
Total Virtual: 6562.63 MB
Available Virtual: 2480.62 MB
 
==================== Drives ================================
 
Drive c: (Windows8_OS) (Fixed) (Total:905.25 GB) (Free:814.75 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: A058282D)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#16 Android 8888

Android 8888

    SWI Malware Tracker

  • Helper
  • PipPipPipPipPip
  • 960 posts

Posted 16 July 2017 - 07:17 PM

Hello agangelus.

Okay, please proceed as follow:


I noticed that you have malicious programs installed on your system. I'll ask you to uninstall them since uninstalling such programs before running malware removal tools will ensure a better clean-up.

  • Amazon Browser App
  • Host App Service
  • Start Menu

If you have an issue when uninstalling a program, please let me know.
 
 
Next,

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and click the OK button.
Please copy the entire contents of the code box below. To do this highlight the contents of the box and right click on it and select Copy.
Paste this into the open Notepad.
 

Start
CreateRestorePoint:
CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
GroupPolicy: Restriction - Chrome <==== ATTENTION
HKU\S-1-5-21-16860551-3646413191-704074031-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aol.co.uk/?ncid=hyplogukaolp00000008
HKU\S-1-5-21-16860551-3646413191-704074031-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-16860551-3646413191-704074031-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKU\S-1-5-21-16860551-3646413191-704074031-1001 -> DefaultScope {0AA24E16-07B3-4694-8357-3C21ACC5F516} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=comodo&hsimp=yhs-com_chrome&type=33050001005_ds_sp&p={searchTerms}
SearchScopes: HKU\S-1-5-21-16860551-3646413191-704074031-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-16860551-3646413191-704074031-1001 -> {0AA24E16-07B3-4694-8357-3C21ACC5F516} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=comodo&hsimp=yhs-com_chrome&type=33050001005_ds_sp&p={searchTerms}
SearchScopes: HKU\S-1-5-21-16860551-3646413191-704074031-1001 -> {450F9D5F-843D-41BF-90DD-02EEA0B3DA39} URL =
Edge Extension: (No Name) -> xxx_AmazoncomAmazonAssistant_343d40qqvtj1t => C:\Program Files\WindowsApps\Amazon.com.AmazonAssistant_10.1706.14.0_neutral__343d40qqvtj1t [not found]
FF Homepage: Mozilla\Firefox\Profiles\g7f3olor.default -> hxxp://www.aol.co.uk/?ncid=hyplogukaolp00000009
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [2004-02-20] ()
CHR Extension: (Avast SafePrice) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-05-31]
CHR Extension: (Avast Online Security) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-06-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-13]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {175631CE-589B-4F65-93E0-F21300019740} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {6EF91A0C-5162-4C0D-81BB-0052A5E69382} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {806F0094-5767-422C-9C99-8ABDF816BFF3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {80DC3A2E-A246-4A45-AD5B-8DD83B0B5C26} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {8A21EC51-D256-488A-A8DD-824AA6F2D7E8} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {9C23DA1B-8077-41C4-96E0-8E34A96C22E2} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {A3DB76D2-90E9-43CF-9BD9-453475150B62} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {AFE6CEB1-1A6E-49FD-AC1A-E3758644C684} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {CAFF736A-52EB-4689-ABF2-C970F81612E3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {D4554F07-AE0F-4633-B476-27A247AAAA24} - \WPD\SqmUpload_S-1-5-21-16860551-3646413191-704074031-1001 -> No File <==== ATTENTION
Task: {E4242FAC-220A-4C15-A2D5-E7C19E5187B8} - System32\Tasks\Pokki => C:\Users\User\AppData\Local\Pokki\Engine\ServiceHostAppUpdater.exe
Task: {F10EB4CF-042D-4805-9822-B9929F8F0214} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {FC256A57-6C22-40F0-8316-AAFE7B0586D8} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
AlternateDataStreams: C:\WINDOWS\avastSS.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdpreference.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CustomModeApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CustomModeAppv2_0.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\difx64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DPTopologyApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DPTopologyAppv2_0.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GfxUIEx.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Gfxv2_0.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Gfxv4_0.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxEM.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxext.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxHK.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxTray.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiUMS64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiVAD64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MpSigStub.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AOLParconLink.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\indexeddbserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WISPTIS.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbam.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbamchameleon.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mwac.sys:$CmdTcID [64]
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [252]
AlternateDataStreams: C:\Users\User\Downloads\12238337_10154758691232588_8208899163589540216_o.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\14706839_10155900496677588_6623436239633311474_o.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\Ali English Oct Monthly Report no. 1 (1).pptx:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\Ali English Oct Monthly Report no. 1.pptx:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\Ali English Presentation MPR MAY 2015.pptx:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\Ali English Quarterly Report (1) (2).pptx:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\FB_IMG_1486241176672.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\FB_IMG_1486241216863.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\FB_IMG_1486241324928.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\FB_IMG_1486241372797.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\SpotifySetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\User\Downloads\SpotifySetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\Talkin bout ma presentation (1).ppt:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\Talkin bout ma presentation June.ppt:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\Talkin bout ma presentation.ppt:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\WP_20151109_009 (1).jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\WP_20151109_009.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\WP_20151109_011.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\WP_20151109_014.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\WP_20170328_001.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\WP_20170328_004.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\WP_20170328_006.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\WP_20170328_007.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Documents\123.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Documents\booking.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Documents\car tax £130.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Documents\fooddiaryextraeasy.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Documents\Graham English - Curriculum Vitae.docx:$CmdZnID [26]
CMD: ipconfig /flushdns
EmptyTemp:
End

Save the file as fixlist.txt in to the same folder as FRST64.
Right-click the FRST64 icon and select Run as administrator to run the tool.
Click the Fix button only once and wait.
When finished FRST will generate a log on the Desktop (fixlog.txt). Please post its entire contents in to your reply.

NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.


Next,
 
Please download Junkware Removal Tool and save it to your Desktop.

  • Please close your security software to avoid potential conflicts.
  • Right-click on the icon and select Run as administrator.
  • The tool will open and check for updates. You will see the Disclaimer.
  • Press any key to continue and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.

Please post the contents of JRT.txt into your next reply.


Next,

Please download AdwCleaner and save it to your computer's Desktop.

  • Close all open programs and internet browsers.
  • Right-click on the icon and select Run as administrator to start the tool.
  • Click Yes to accept the User Account Control security warning that may appear.
  • Click I Agree on the disclaimer to accept the Terms of Use.
  • Click the Scan button to start the scan and wait for the process to complete.
  • Click the Logfile button and the report will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button and follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file in your next reply.
  • You can find the log file at C:\AdwCleaner[Cn].txt (n is a number, the highest number is the most recent).

 

Next,
 
You are running an old version (2.2.1.1043) of Malwarebytes. The latest version is 3.1.2.1733.
Please read the instructions below and make a clean install of Malwarebytes from version 2 to version 3.

Download mb-clean and save it to your computer Desktop.
 
Right-click on mb-clean.exe icon and select Run as administrator to start the tool.
It will ask you to reboot the machine - please do so.
Run the mb-clean tool again and reboot when complete. IMPORTANT : DO NOT miss this step.

If you have lost the activation license key information it can be located here

Download Malwarebytes version 3 from here and save it to your computer Desktop or anywhere else on your system since you know where is located.

Double click on the installer and follow the prompts to install the program. If necessary select the Blue Help tab for video instructions.

When the install completes and is updated do the following:

  • Open Malwarebytes;
  • On the left pane select Settings;
  • Select the Protection tab;
  • Scroll down to Scan Options and ensure Scan for Rootkits and Scan within Archives are both on and leave all other settings to default.
  • Go back to DashBoard and select the blue Scan Now tab; Note: The scan may take some time to finish, so please be patient.
  • When the scan completes if potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selectedbutton.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), give it a name and save it to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
  • Please post the entire contents of the log in your next reply.

 

In your next reply please post the entire contents of the following logs:
fixlog.txt
JRT.txt
AdwCleaner clean log
MBAM log.

Let me know how is the computer running at this point. What issues are you still having on this computer?

 

Android 8888


Android 8888
 

Website: http://android8888.comlu.com

 

Tavira - Here's where I live!

 

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.


#17 agangelus

agangelus

    Advanced Member

  • Full Member
  • PipPipPip
  • 184 posts

Posted 17 July 2017 - 05:22 PM

Hi there,

 

I've managed to remove the Amazon Browser App. When I tried to uninstall the Host App Service and the Start Menu through the Apps & Features it gave a message saying it couldn't find them. So I tried going through the control panel and again it said it couldn't find them and asked if I wanted to remove them from the list. I did remove them from the list and now they don't show in the Apps & Features.

 

I have not gone any further with your instructions until you let me know this is ok?

 

Ali 


Edited by agangelus, 17 July 2017 - 05:27 PM.


#18 Android 8888

Android 8888

    SWI Malware Tracker

  • Helper
  • PipPipPipPipPip
  • 960 posts

Posted 17 July 2017 - 06:43 PM

Hello agangelus.

Yes you did well. Please proceed with the rest of the instructions in my previous post and post the entire contents of the requested logs.

Thank you.

Android 8888


Android 8888
 

Website: http://android8888.comlu.com

 

Tavira - Here's where I live!

 

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of

Support SpywareInfo Forum - click the button
PayPal - The safer, easier way to pay online!