Jump to content


Photo

Wi-fi and Ethernet issues


  • Please log in to reply
38 replies to this topic

#1 agangelus

agangelus

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 25 June 2017 - 10:28 AM

Hi there 

 

Hopefully someone can help? I'm using another device just now as I cannot access the internet on the sick pc, so I can't post any logs from it. The issues appeared today after running a smart scan. I am using Avast antivirus and Comodo firewall. Everything was normal beforehand but once I'd run the smart scan Avast said there was conflicting antivirus software. I'd always ignored it before as I knew it was picking up the Comodo. But this time I thought I'd follow through with letting Avast remove it then download and reinstall it again. So I did this. Once I restarted the pc I couldn't get any connection via wi-fi or Ethernet so I ran the Windows Network Diagnostics which found two problems:

"There might be a problem with the driver for the Ethernet adapter"

"There might be a problem with the driver for the Wi-Fi adapter"

I selected try these repairs as an administrator (as I'd already tried to do it with "Continue with other remaining repairs and it didn't do anything) which made no difference. I also tried resetting the Network adapter with no joy and updating the drivers, also nothing. 

I really don't know what to do???

 

The pc is Windows 10 which was upgraded from 8.1 over a year ago.

 

Would really appreciate any help with this.

 

Many thanks 

Ali :-)

 

 



#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,530 posts

Posted 27 June 2017 - 11:45 PM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.


[this is an automated reply]
This is an automated message. It does not count as help.

#3 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,803 posts

Posted 01 July 2017 - 08:24 PM

Sorry for the delay. We are aware of this topic and someone will answer it as soon as possible.

 

If you have a backup or a Restore point that was set before the scan was run then reset the computer to this point.

 

Perhaps this might help:

https://forum.avast....p?topic=53323.0


a94.gif


 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

#4 agangelus

agangelus

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 02 July 2017 - 06:58 AM

Hi there,

Thanks for getting back to me. I had a look at the article through the link you gave, the problems are there are no restore points only a system reset which wipes everything and brings it back to the factory settings. The other problem is I can't access the internet to download anything as both the Wi-Fi and ethernet adapter's are affected which is preventing any access.
Sorry if there are any typos, I'm using g a mobile at the moment lol.

Regards
Ali :-)

Edited by agangelus, 02 July 2017 - 06:59 AM.


#5 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,803 posts

Posted 02 July 2017 - 07:38 PM

Please create a Restore Point

 

You need a second computer with access to the Internet to download tools.

 

You can try this:

 

Right click Start > select Command Prompt (Admin) then run the following commands in the listed order.

Type netsh winsock reset and press Enter.
Type netsh int ip reset and press Enter.
Type ipconfig /release and press Enter.
Type ipconfig /renew and press Enter.
Type Exit and press Enter.

Restart the computer.

If it still won't run then ---

 

How to Reset a Router Back to the Factory Default Settings, go here

Then, please reconfigure it back to your preferred setting.. Below is the list of default usernames and passwords.
here

How to Secure Your Wireless Router.
here
 

 

Rocket Grannie


a94.gif


 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

#6 agangelus

agangelus

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 04 July 2017 - 07:17 PM

Hi there,

Earlier today I tried to do a system restore but it didn't work. I then tried your suggestion which hasn't changed anything. I took a photo of the result but it's too big to attach. When I entered the ipconfig commands, it said the operation failed as no adapter is in the state permissible for this operation.

Ali :-)

Edited by agangelus, 04 July 2017 - 07:18 PM.


#7 agangelus

agangelus

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 06 July 2017 - 02:00 PM

Hi again

 

Ok, strangest thing, I've just booted up the sick pc (on which I am posting this), I was seriously considering resetting it back to the factory settings. I was checking through my file explorer to see if there was anything I'd have difficulty living without. I noticed the Comodo installer was still there, so I clicked on it to install it again and maybe with some magic computer fairy dust it would work, and low and behold it didn't. I then thought I'd run Malwarebytes to see if it might find something but it started updating the virus database. I then noticed that the Wi-Fi icon in the notification area had come back to life. I checked the ethernet cable and then it began working. Now (possibly stating the obvious) I am accessing the internet. I am not quite comfortable that everything is sorted though, because I know as weird and wonderful as technology is, there is always more going on than meets the eye. 

What should I do?

 

I just had a pop up from what I thought was Comodo (i'd been getting these for a little while) they'd said "Warning! a potential security breach has been detected". What would I like to do then gave me the options of "Protect me and block the website access" or "I choose to continue (website will be opened in current browser)". It also had chrome.exe with a shield and arrow pointing to o.aolcdn.com.

I thought this was strange as I'd let Avast remove the Cromodo firewall, so I wouldn't expect to get any pop ups. So, I googled it and most of the search results say this is a rogue anti virus. When using Google Chrome, every now and again I'd try and visit a site and I'd get a blocked message. 

 

I've run Malwarebytes and it found nothing, but I'm really concerned now as it now all seems too odd to be coincidental. 

 

Ali  :think:


Edited by agangelus, 06 July 2017 - 03:56 PM.


#8 agangelus

agangelus

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 09 July 2017 - 06:07 PM

Hi there,

 

Just wondering if someone could help me out? I'm really concerned that something else may be going on with the PC. I just don't understand how it can rectify itself after almost two weeks of no access to the internet and saying there were problems with both the Wi-Fi and Ethernet adapters simply by me clicking the update button for Malwarebytes.

 

Would really appreciate any direction on this.

 

Many thanks

Ali  :unknw:



#9 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,803 posts

Posted 09 July 2017 - 08:31 PM

Please read the Instructions and post the requested logs (MBAM, FRST, Security Analysis). We need the information in order to help you.


a94.gif


 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

#10 agangelus

agangelus

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 14 July 2017 - 04:46 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 14/07/2017
Scan Time: 21:52
Logfile: mbam.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2017.07.14.09
Rootkit Database: v2017.05.27.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: User
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 306916
Time Elapsed: 36 min, 11 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#11 agangelus

agangelus

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 14 July 2017 - 04:57 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-07-2017
Ran by User (administrator) on LENOVO-PC (14-07-2017 22:49:48)
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
() C:\Windows\jmesoft\Service.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Maxthon) C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(COMODO) C:\Program Files (x86)\Comodo\Internet Security Essentials\isesrv.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
() C:\Windows\jmesoft\JME_LOAD.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1473627642\ee\aolsoftware.exe
(COMODO) C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2013-11-13] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213832 2017-07-06] (AVAST Software)
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1489088 2017-07-11] (COMODO)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2013-07-24] (Lenovo)
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-08-17] ()
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-05] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)
HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1473627642\ee\AOLSoftware.exe [41800 2016-09-11] (AOL Inc.)
HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [3632848 2017-07-05] (COMODO)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-27] (Google)
HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9818328 2017-06-30] (Piriform Ltd)
HKU\S-1-5-21-16860551-3646413191-704074031-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Ribbons.scr [148992 2017-03-18] (Microsoft Corporation)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-10-24]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{a6681157-53ba-49bb-b856-e16e38b0f888}: [NameServer] 156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{a6681157-53ba-49bb-b856-e16e38b0f888}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{ae5e03d9-a132-4dc4-ac2c-06f3741a3be9}: [NameServer] 156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{ae5e03d9-a132-4dc4-ac2c-06f3741a3be9}: [DhcpNameServer] 192.168.1.1 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-16860551-3646413191-704074031-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aol.co.uk/?ncid=hyplogukaolp00000008
HKU\S-1-5-21-16860551-3646413191-704074031-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-16860551-3646413191-704074031-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKU\S-1-5-21-16860551-3646413191-704074031-1001 -> DefaultScope {0AA24E16-07B3-4694-8357-3C21ACC5F516} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=comodo&hsimp=yhs-com_chrome&type=33050001005_ds_sp&p={searchTerms}
SearchScopes: HKU\S-1-5-21-16860551-3646413191-704074031-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-16860551-3646413191-704074031-1001 -> {0AA24E16-07B3-4694-8357-3C21ACC5F516} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=comodo&hsimp=yhs-com_chrome&type=33050001005_ds_sp&p={searchTerms}
SearchScopes: HKU\S-1-5-21-16860551-3646413191-704074031-1001 -> {450F9D5F-843D-41BF-90DD-02EEA0B3DA39} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-07-06] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-06] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)
 
Edge: 
======
Edge HomeButtonPage: HKU\S-1-5-21-16860551-3646413191-704074031-1001 -> hxxp://www.aol.co.uk/
Edge Extension: (No Name) -> xxx_AmazoncomAmazonAssistant_343d40qqvtj1t => C:\Program Files\WindowsApps\Amazon.com.AmazonAssistant_10.1706.14.0_neutral__343d40qqvtj1t [not found]
 
FireFox:
========
FF DefaultProfile: g7f3olor.default
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\g7f3olor.default [2017-07-14]
FF Homepage: Mozilla\Firefox\Profiles\g7f3olor.default -> hxxp://www.aol.co.uk/?ncid=hyplogukaolp00000009
FF Extension: (AdBlocker Lite) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\g7f3olor.default\Extensions\jid1-dwtFBkQjb3SIQp@jetpack.xpi [2017-06-25]
FF Extension: (Avast SafePrice) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\g7f3olor.default\Extensions\sp@avast.com.xpi [2017-07-06]
FF Extension: (Avast Online Security) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\g7f3olor.default\Extensions\wrc@avast.com.xpi [2017-07-06]
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\g7f3olor.default\searchplugins\AdTrustMediacsgSafeSearch.xml [2016-03-24]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-07-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-13] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-27] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2014-02-14] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [2004-02-20] ()
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.aol.co.uk/
CHR StartupUrls: Default -> "hxxp://www.aol.co.uk/"
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2017-07-14]
CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-23]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-23]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Avast SafePrice) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-05-31]
CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-23]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (AdBlock) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-07-06]
CHR Extension: (Avast Online Security) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-06-11]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-09-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-23]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-13]
CHR HKU\S-1-5-21-16860551-3646413191-704074031-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7430992 2017-07-06] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263312 2017-07-06] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4411592 2017-06-23] (Microsoft Corporation)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [10501104 2017-07-11] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2876096 2017-07-11] (COMODO)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2273432 2017-04-28] (Comodo)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-09-17] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel® Corporation)
R2 isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [133840 2017-07-05] (COMODO)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-17] () [File not signed]
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [559872 2014-08-07] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584664 2016-02-13] (LENOVO INCORPORATED.)
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-05-01] (Lenovo)
R2 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [1872808 2015-11-27] (Maxthon)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-26] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-26] (Malwarebytes)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2014-02-14] (Nitro PDF Software)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-15] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [319984 2017-07-06] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [198944 2017-07-06] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [343264 2017-07-06] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [57704 2017-07-06] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [46984 2017-07-06] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [41800 2017-07-06] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [146664 2017-07-06] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [110352 2017-07-06] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [84392 2017-07-06] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1015848 2017-07-06] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [585608 2017-07-06] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [198768 2017-07-06] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [361336 2017-07-06] (AVAST Software)
R1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [40936 2017-06-02] (COMODO)
R1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [831992 2017-06-02] (COMODO)
R1 cmdhlp; C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [50776 2017-06-02] (COMODO)
R1 inspect; C:\WINDOWS\system32\DRIVERS\inspect.sys [132880 2017-06-07] (COMODO)
R1 isedrv; C:\WINDOWS\system32\drivers\isedrv.sys [62208 2017-03-29] (COMODO)
S3 ldiagio_uefi; C:\Program Files\Lenovo\Lenovo Solution Center\App\ldiag\x64\ldiagio_uefi.sys [25248 2015-12-22] (Lenovo Group Limited ®)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-26] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2017-07-14] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-26] (Malwarebytes Corporation)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek                                            )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6320640 2017-03-18] (Realtek Semiconductor Corporation                           )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [87568 2013-07-02] (Intel Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-15 02:57 - 2017-07-15 02:57 - 00000000 ____D C:\Windows.old
2017-07-15 02:54 - 2017-07-15 02:54 - 02165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-07-15 02:54 - 2017-07-15 02:54 - 02021680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2017-07-15 02:54 - 2017-07-15 02:54 - 01492480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2017-07-15 02:54 - 2017-07-15 02:54 - 01339352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpmde.dll
2017-07-15 02:54 - 2017-07-15 02:54 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-07-15 02:54 - 2017-07-15 02:54 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2017-07-15 02:54 - 2017-07-15 02:54 - 00406032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-07-15 02:54 - 2017-07-15 02:54 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2017-07-15 02:54 - 2017-07-15 02:54 - 00346016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-07-15 02:54 - 2017-07-15 02:54 - 00336320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-07-15 02:54 - 2017-07-15 02:54 - 00278944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2017-07-15 02:54 - 2017-07-15 02:54 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsExt.dll
2017-07-15 02:54 - 2017-07-15 02:54 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2017-07-15 02:54 - 2017-07-15 02:54 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Profile.RetailInfo.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 32688336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsRaw.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 31652264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsRaw.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 23681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 21353208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 20504576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 20373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 19335168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 17364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 13839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 12786176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 11870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 08331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 08318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 08238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 08211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 07596544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 07336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 07325584 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 07149056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 06759512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 06554928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 06287360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 06123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 05961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 05892096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 05820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 05806048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 05719040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 05477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 04847424 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 04730880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 04707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 04536320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 04469840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 04447744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 04417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 04056576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 03803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 03784704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 03670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-07-15 02:53 - 2017-07-15 02:53 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 03656704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 03377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 03332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 03204096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 03139584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 03057664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02956800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-07-15 02:53 - 2017-07-15 02:53 - 02938880 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02814464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02782720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02750464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-07-15 02:53 - 2017-07-15 02:53 - 02679296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02649600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02645688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02588160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02475136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02444696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-07-15 02:53 - 2017-07-15 02:53 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-07-15 02:53 - 2017-07-15 02:53 - 02298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02211328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02171392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-07-15 02:53 - 2017-07-15 02:53 - 02055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-07-15 02:53 - 2017-07-15 02:53 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-07-15 02:53 - 2017-07-15 02:53 - 01930320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01703424 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01640448 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01620368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01565184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01564576 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01529384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01494016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01451008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01425920 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 01420800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdc.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01396224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01395152 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-07-15 02:53 - 2017-07-15 02:53 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01337848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01325968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01301504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdc.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-07-15 02:53 - 2017-07-15 02:53 - 01237504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01220072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01214880 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01195240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01186464 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 01178528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01177600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01171968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 01171032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01147288 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 01142272 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01121928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01106848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-07-15 02:53 - 2017-07-15 02:53 - 01077496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01076736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01065104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-07-15 02:53 - 2017-07-15 02:53 - 01057832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01050624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-07-15 02:53 - 2017-07-15 02:53 - 00988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00969728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00965024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-07-15 02:53 - 2017-07-15 02:53 - 00952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00949920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00899824 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00899072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfuimanager.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00873472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00864240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00847872 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00833160 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00823296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\system32\certca.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00790016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00787712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-07-15 02:53 - 2017-07-15 02:53 - 00754592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00734208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00722432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00696320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2017-07-15 02:53 - 2017-07-15 02:53 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2017-07-15 02:53 - 2017-07-15 02:53 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certca.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00629152 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00626176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00601088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00600064 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00583304 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2017-07-15 02:53 - 2017-07-15 02:53 - 00563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00558920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgrSvc.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00554392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-07-15 02:53 - 2017-07-15 02:53 - 00551424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-07-15 02:53 - 2017-07-15 02:53 - 00544160 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00520704 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-07-15 02:53 - 2017-07-15 02:53 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00508416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2017-07-15 02:53 - 2017-07-15 02:53 - 00506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00502784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00472728 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00467504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00455680 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00443728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00438096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00433152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00426912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00411992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00406072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-07-15 02:53 - 2017-07-15 02:53 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00372128 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00360960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Narrator.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00354400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00335776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00334240 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00329216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-07-15 02:53 - 2017-07-15 02:53 - 00279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-07-15 02:53 - 2017-07-15 02:53 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsExt.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domg

#12 agangelus

agangelus

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 14 July 2017 - 05:01 PM

Result of Security Analysis by Rocket Grannie (x86) Updated: 13th July, 2017
Running from:C:\Users\User\Desktop (22:59:39 - 07/14/2017)
***---------------------------------------------------------***
Microsoft Windows 10 Home X64
UAC is Enabled
Internet Explorer 11
Default Browser: Google Chrome
***------------Antivirus - Antispyware - Firewall-----------***
Avast Antivirus (Disabled - up to Date)
Windows Defender (Disabled - up to Date)
Windows Defender (Disabled - up to Date)
Avast Antivirus (Disabled - up to Date)
COMODO Firewall (Enabled)
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player 26 NPAPI (26.0.0.137)
CCleaner (5.32)
Google Chrome (59.0.3071.115)
Malwarebytes (2.2.1.1043) ==> is out of Date
Microsoft Silverlight (5.1.50907.0)
Mozilla Firefox (54.0) ==> is out of Date
SpywareBlaster (5.5.0)
 
***----------------Analysis Complete-------------------------***


#13 Android 8888

Android 8888

    SWI Malware Tracker

  • Helper
  • PipPipPipPipPip
  • 976 posts

Posted 16 July 2017 - 09:59 AM

Hello agangelus.

We apologize for the delay in responding.

Rocket Grannie is having some problems accessing the forum so I will be helping you.

I will be out for now and will be back in a couple of hours.

Thank you for your understanding.

Android 8888

 

p.s. NOTE: The FRST.txt log is not complete. Meanwhile post the entire contents of FRST.txt and also the Addition.txt log.


Edited by Android 8888, 16 July 2017 - 10:09 AM.

Android 8888
 

Website: http://android8888.comlu.com

 

Tavira - Here's where I live!

 

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.


#14 agangelus

agangelus

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 16 July 2017 - 02:28 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-07-2017
Ran by User (administrator) on LENOVO-PC (14-07-2017 22:49:48)
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
() C:\Windows\jmesoft\Service.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Maxthon) C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(COMODO) C:\Program Files (x86)\Comodo\Internet Security Essentials\isesrv.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
() C:\Windows\jmesoft\JME_LOAD.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1473627642\ee\aolsoftware.exe
(COMODO) C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2013-11-13] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213832 2017-07-06] (AVAST Software)
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1489088 2017-07-11] (COMODO)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2013-07-24] (Lenovo)
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-08-17] ()
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-05] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)
HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1473627642\ee\AOLSoftware.exe [41800 2016-09-11] (AOL Inc.)
HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [3632848 2017-07-05] (COMODO)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-27] (Google)
HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9818328 2017-06-30] (Piriform Ltd)
HKU\S-1-5-21-16860551-3646413191-704074031-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Ribbons.scr [148992 2017-03-18] (Microsoft Corporation)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-10-24]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{a6681157-53ba-49bb-b856-e16e38b0f888}: [NameServer] 156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{a6681157-53ba-49bb-b856-e16e38b0f888}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{ae5e03d9-a132-4dc4-ac2c-06f3741a3be9}: [NameServer] 156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{ae5e03d9-a132-4dc4-ac2c-06f3741a3be9}: [DhcpNameServer] 192.168.1.1 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-16860551-3646413191-704074031-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aol.co.uk/?ncid=hyplogukaolp00000008
HKU\S-1-5-21-16860551-3646413191-704074031-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-16860551-3646413191-704074031-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKU\S-1-5-21-16860551-3646413191-704074031-1001 -> DefaultScope {0AA24E16-07B3-4694-8357-3C21ACC5F516} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=comodo&hsimp=yhs-com_chrome&type=33050001005_ds_sp&p={searchTerms}
SearchScopes: HKU\S-1-5-21-16860551-3646413191-704074031-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-16860551-3646413191-704074031-1001 -> {0AA24E16-07B3-4694-8357-3C21ACC5F516} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=comodo&hsimp=yhs-com_chrome&type=33050001005_ds_sp&p={searchTerms}
SearchScopes: HKU\S-1-5-21-16860551-3646413191-704074031-1001 -> {450F9D5F-843D-41BF-90DD-02EEA0B3DA39} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-07-06] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-06] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)
 
Edge: 
======
Edge HomeButtonPage: HKU\S-1-5-21-16860551-3646413191-704074031-1001 -> hxxp://www.aol.co.uk/
Edge Extension: (No Name) -> xxx_AmazoncomAmazonAssistant_343d40qqvtj1t => C:\Program Files\WindowsApps\Amazon.com.AmazonAssistant_10.1706.14.0_neutral__343d40qqvtj1t [not found]
 
FireFox:
========
FF DefaultProfile: g7f3olor.default
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\g7f3olor.default [2017-07-14]
FF Homepage: Mozilla\Firefox\Profiles\g7f3olor.default -> hxxp://www.aol.co.uk/?ncid=hyplogukaolp00000009
FF Extension: (AdBlocker Lite) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\g7f3olor.default\Extensions\jid1-dwtFBkQjb3SIQp@jetpack.xpi [2017-06-25]
FF Extension: (Avast SafePrice) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\g7f3olor.default\Extensions\sp@avast.com.xpi [2017-07-06]
FF Extension: (Avast Online Security) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\g7f3olor.default\Extensions\wrc@avast.com.xpi [2017-07-06]
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\g7f3olor.default\searchplugins\AdTrustMediacsgSafeSearch.xml [2016-03-24]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-07-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-13] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-27] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2014-02-14] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [2004-02-20] ()
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.aol.co.uk/
CHR StartupUrls: Default -> "hxxp://www.aol.co.uk/"
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2017-07-14]
CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-23]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-23]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Avast SafePrice) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-05-31]
CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-23]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (AdBlock) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-07-06]
CHR Extension: (Avast Online Security) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-06-11]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-09-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-23]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-13]
CHR HKU\S-1-5-21-16860551-3646413191-704074031-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7430992 2017-07-06] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263312 2017-07-06] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4411592 2017-06-23] (Microsoft Corporation)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [10501104 2017-07-11] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2876096 2017-07-11] (COMODO)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2273432 2017-04-28] (Comodo)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-09-17] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel® Corporation)
R2 isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [133840 2017-07-05] (COMODO)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-17] () [File not signed]
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [559872 2014-08-07] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584664 2016-02-13] (LENOVO INCORPORATED.)
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-05-01] (Lenovo)
R2 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [1872808 2015-11-27] (Maxthon)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-26] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-26] (Malwarebytes)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2014-02-14] (Nitro PDF Software)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-15] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [319984 2017-07-06] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [198944 2017-07-06] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [343264 2017-07-06] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [57704 2017-07-06] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [46984 2017-07-06] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [41800 2017-07-06] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [146664 2017-07-06] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [110352 2017-07-06] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [84392 2017-07-06] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1015848 2017-07-06] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [585608 2017-07-06] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [198768 2017-07-06] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [361336 2017-07-06] (AVAST Software)
R1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [40936 2017-06-02] (COMODO)
R1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [831992 2017-06-02] (COMODO)
R1 cmdhlp; C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [50776 2017-06-02] (COMODO)
R1 inspect; C:\WINDOWS\system32\DRIVERS\inspect.sys [132880 2017-06-07] (COMODO)
R1 isedrv; C:\WINDOWS\system32\drivers\isedrv.sys [62208 2017-03-29] (COMODO)
S3 ldiagio_uefi; C:\Program Files\Lenovo\Lenovo Solution Center\App\ldiag\x64\ldiagio_uefi.sys [25248 2015-12-22] (Lenovo Group Limited ®)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-26] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2017-07-14] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-26] (Malwarebytes Corporation)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek                                            )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6320640 2017-03-18] (Realtek Semiconductor Corporation                           )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [87568 2013-07-02] (Intel Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-15 02:57 - 2017-07-15 02:57 - 00000000 ____D C:\Windows.old
2017-07-15 02:54 - 2017-07-15 02:54 - 02165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-07-15 02:54 - 2017-07-15 02:54 - 02021680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2017-07-15 02:54 - 2017-07-15 02:54 - 01492480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2017-07-15 02:54 - 2017-07-15 02:54 - 01339352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpmde.dll
2017-07-15 02:54 - 2017-07-15 02:54 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-07-15 02:54 - 2017-07-15 02:54 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2017-07-15 02:54 - 2017-07-15 02:54 - 00406032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-07-15 02:54 - 2017-07-15 02:54 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2017-07-15 02:54 - 2017-07-15 02:54 - 00346016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-07-15 02:54 - 2017-07-15 02:54 - 00336320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-07-15 02:54 - 2017-07-15 02:54 - 00278944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2017-07-15 02:54 - 2017-07-15 02:54 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsExt.dll
2017-07-15 02:54 - 2017-07-15 02:54 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2017-07-15 02:54 - 2017-07-15 02:54 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Profile.RetailInfo.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 32688336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsRaw.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 31652264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsRaw.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 23681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 21353208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 20504576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 20373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 19335168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 17364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 13839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 12786176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 11870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 08331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 08318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 08238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 08211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 07596544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 07336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 07325584 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 07149056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 06759512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 06554928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 06287360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 06123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 05961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 05892096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 05820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 05806048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 05719040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 05477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 04847424 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 04730880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 04707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 04536320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 04469840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 04447744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 04417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 04056576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 03803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 03784704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 03670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-07-15 02:53 - 2017-07-15 02:53 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 03656704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 03377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 03332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 03204096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 03139584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 03057664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02956800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-07-15 02:53 - 2017-07-15 02:53 - 02938880 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02814464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02782720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02750464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-07-15 02:53 - 2017-07-15 02:53 - 02679296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02649600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02645688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02588160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02475136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02444696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-07-15 02:53 - 2017-07-15 02:53 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-07-15 02:53 - 2017-07-15 02:53 - 02298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02211328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02171392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-07-15 02:53 - 2017-07-15 02:53 - 02055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-07-15 02:53 - 2017-07-15 02:53 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-07-15 02:53 - 2017-07-15 02:53 - 01930320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01703424 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01640448 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01620368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01565184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01564576 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01529384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01494016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01451008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01425920 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 01420800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdc.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01396224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01395152 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-07-15 02:53 - 2017-07-15 02:53 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01337848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01325968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01301504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdc.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-07-15 02:53 - 2017-07-15 02:53 - 01237504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01220072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01214880 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01195240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01186464 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 01178528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01177600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01171968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 01171032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01147288 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 01142272 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01121928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01106848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-07-15 02:53 - 2017-07-15 02:53 - 01077496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01076736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01065104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-07-15 02:53 - 2017-07-15 02:53 - 01057832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01050624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 01017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-07-15 02:53 - 2017-07-15 02:53 - 00988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00969728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00965024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-07-15 02:53 - 2017-07-15 02:53 - 00952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00949920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00899824 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00899072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfuimanager.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00873472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00864240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00847872 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00833160 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00823296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\system32\certca.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00790016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00787712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-07-15 02:53 - 2017-07-15 02:53 - 00754592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00734208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00722432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00696320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2017-07-15 02:53 - 2017-07-15 02:53 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2017-07-15 02:53 - 2017-07-15 02:53 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certca.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00629152 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00626176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00601088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00600064 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00583304 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2017-07-15 02:53 - 2017-07-15 02:53 - 00563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00558920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgrSvc.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00554392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-07-15 02:53 - 2017-07-15 02:53 - 00551424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-07-15 02:53 - 2017-07-15 02:53 - 00544160 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00520704 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-07-15 02:53 - 2017-07-15 02:53 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00508416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2017-07-15 02:53 - 2017-07-15 02:53 - 00506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00502784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00472728 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00467504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00455680 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00443728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00438096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00433152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00426912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00411992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00406072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-07-15 02:53 - 2017-07-15 02:53 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00372128 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00360960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Narrator.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00354400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00335776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00334240 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00329216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2017-07-15 02:53 - 2017-07-15 02:53 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-07-15 02:53 - 2017-07-15 02:53 - 00279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-07-15 02:53 - 2017-07-15 02:53 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsExt.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-07-15 02:53 - 2017-07-15 02:53 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domg

Edited by agangelus, 16 July 2017 - 02:34 PM.


#15 agangelus

agangelus

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 16 July 2017 - 02:31 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-07-2017
Ran by User (14-07-2017 22:52:28)
Running from C:\Users\User\Desktop
Windows 10 Home Version 1703 (X64) (2017-07-14 17:51:00)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-16860551-3646413191-704074031-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-16860551-3646413191-704074031-503 - Limited - Disabled)
Guest (S-1-5-21-16860551-3646413191-704074031-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-16860551-3646413191-704074031-1003 - Limited - Enabled)
User (S-1-5-21-16860551-3646413191-704074031-1001 - Administrator - Enabled) => C:\Users\User
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: COMODO Firewall (Enabled) {346ADFA5-A93A-68E5-1F1A-0C241B12C186}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon) <==== ATTENTION
AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version:  - AOL Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.5.2302 - AVAST Software)
BBC (HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\Pokki_5110578d77115a3445841a4c038159b71769d31b) (Version: 1.0.0.46314 - SweetLabs)
BBC iPlayer Downloads (HKLM-x32\...\{148784F3-3B6E-4DFA-B7A1-3400B277DAF3}) (Version: 1.14.2 - BBC)
BEACON (HKLM-x32\...\{259BF8E7-28DB-461F-8D7F-7B6E267D2502}_is1) (Version: 1.7.1013.0 - Lenovo Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.32 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 57.0.2987.93 - Comodo)
COMODO Firewall (HKLM\...\{897FA7E3-17BF-405F-BC91-FB72A669DCD3}) (Version: 10.0.1.6258 - COMODO Security Solutions Inc.) Hidden
COMODO Firewall (HKLM\...\COMODO Internet Security) (Version: 10.0.1.6258 - COMODO Security Solutions Inc.)
CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1602 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.4002 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.4002 - CyberLink Corp.)
Dependency Package Update (HKLM\...\{0788641D-D31A-478D-BB34-C41564AE9F93}) (Version: 1.6.38.00 - Lenovo Inc.) Hidden
Dependency Package Update (HKLM\...\{5252431C-288E-409D-ADCF-24407E0E6F70}) (Version: 1.6.36.00 - Lenovo Inc.) Hidden
Dependency Package Update (HKLM\...\{FFED38DF-94DC-4FF9-96C1-A6990EDA6B03}) (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (HKLM-x32\...\{1D2682EA-75DD-44B6-BF2D-CD3C49EAD012}) (Version: 1.6.38.01 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{3117B53D-A409-4D99-A0DE-11A1A40696FA}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{4430150F-61B3-4142-BE04-EAC68C8DDA18}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{4AF6C9BC-D8DB-4286-94D9-474CE54ADAA2}) (Version: 1.6.38.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{503B47A9-E34A-4841-ADD7-417191D5DB5E}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{546FF45D-2467-4950-AAFB-0A06ACBB6B2C}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{5B2190E9-199D-450A-94B3-4D6826C770C2}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{5BEFE1E1-F597-4B79-913B-15FFDB25B744}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{63DE35C9-B080-4D03-B110-99E14FD35BCE}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{65316098-0220-4D5C-B37A-6136083A0897}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{E966DBE4-5075-465E-BA81-BC9A3A3204B3}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.13.0621 - Lenovo)
FamilySafetyGuide (HKLM-x32\...\{9A268503-5AB0-479E-9690-929BDEC55C00}) (Version: 1.00.0711 - lenovo)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Host App Service (HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\Pokki) (Version: 0.269.7.783 - Pokki)
IMDb (HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\Pokki_9d153b1b6b60a262593fab6bbf51fa799be45a00) (Version: 1.0.0.45285 - SweetLabs)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
Internet Security Essentials (HKLM-x32\...\ComodoIse) (Version: 1.2.422025.92 - Comodo)
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.29 - Lenovo)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 - Lenovo)
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.38.00 - Lenovo Group Limited)
Lenovo Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.) Hidden
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.7104.52 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.7104.52 - CyberLink Corp.)
Lenovo Rescue System (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1901 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1901 - CyberLink Corp.)
Lenovo Solution Center (HKLM\...\{AB46AC6D-3E9A-4484-8061-64FF10301B41}) (Version: 3.3.002.00 - Lenovo)
Lenovo Web Start (HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\Pokki_04bb6df446330549a2cb8d67fbd1a745025b7bd1) (Version: 1.0.2.53457 - SweetLabs)
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.4.2.2000 - Maxthon International Limited)
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8229.2073 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 54.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 54.0 (x86 en-GB)) (Version: 54.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.0.6368 - Mozilla)
Nitro Pro 9 (HKLM\...\{356896F4-F148-4BEB-8268-7D877F6C0DD0}) (Version: 9.0.6.20 - Nitro)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8229.2073 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2073 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2073 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8201.2075 - Microsoft Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7106 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.243 - REALTEK Semiconductor Corp.)
SafeZone Stable 3.55.2393.609 (HKLM-x32\...\SafeZone 3.55.2393.609) (Version: 3.55.2393.609 - Avast Software) Hidden
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.1.4.0 - Lenovo Group Limited)
Spotify (HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\Spotify) (Version: 1.0.58.573.g57c9cd87 - Spotify AB)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
Start Menu (HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\Pokki_Start_Menu) (Version: 0.269.7.783 - Pokki)
UESDK (HKLM-x32\...\{EB3F6640-58AE-4886-B8BA-466B6939A933}_is1) (Version: 1.0.0.3 - Lenovo)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Viewpoint Media Player (HKLM-x32\...\ViewpointMediaPlayer) (Version:  - )
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-06] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-06] (AVAST Software)
ContextMenuHandlers01: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-06] (AVAST Software)
ContextMenuHandlers01: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2017-07-11] (COMODO)
ContextMenuHandlers01: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
ContextMenuHandlers01: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:\Program Files\Common Files\Nitro\Pro\9.0\NPShellExtension64.dll [2014-02-14] (Nitro PDF)
ContextMenuHandlers01: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => C:\Program Files (x86)\Lenovo\SHAREit\ShellEx\ShellExt64.dll [2014-08-13] (Lenovo)
ContextMenuHandlers02: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2017-07-11] (COMODO)
ContextMenuHandlers03: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-06] (AVAST Software)
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-26] (Malwarebytes)
ContextMenuHandlers04: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
ContextMenuHandlers04: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => C:\Program Files (x86)\Lenovo\SHAREit\ShellEx\ShellExt64.dll [2014-08-13] (Lenovo)
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers05: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Intel Corporation)
ContextMenuHandlers05: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\WINDOWS\system32\igfxOSP.dll [2016-05-03] (Intel Corporation)
ContextMenuHandlers06: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-06] (AVAST Software)
ContextMenuHandlers06: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2017-07-11] (COMODO)
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-26] (Malwarebytes)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {01D95F8F-CFDE-4EE9-A495-1C84B3025231} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-05-01] (Lenovo)
Task: {0E21D7D7-BD65-4AFA-930A-9328E1FB39D9} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2016-02-13] ()
Task: {101270DB-27CA-481C-B82F-349FEA4A3101} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-05-01] (Lenovo)
Task: {13896A33-99F4-4CC6-8503-07B246BCAFA8} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2017-07-11] (COMODO)
Task: {1635345B-0C29-448F-B418-525207A2DDA4} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-07-11] (COMODO)
Task: {175631CE-589B-4F65-93E0-F21300019740} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {295BFDE5-4012-466D-9EA1-289EB131C461} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-23] (Microsoft Corporation)
Task: {341AAA4E-7681-4210-B7BA-D0291FD96E6E} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {36539AFE-0902-46E4-9B78-B16676A91AEE} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_137_pepper.exe [2017-07-14] (Adobe Systems Incorporated)
Task: {3E73B560-1EE9-4389-B112-4AA1F0F729CD} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-07-11] (COMODO)
Task: {454AA751-9584-442C-993A-66AF6B89F91C} - System32\Tasks\SafeZone scheduled Autoupdate 1463045099 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-06-13] (Avast Software)
Task: {5628072E-A606-4339-9E92-5E8FF45A54F2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-30] (Piriform Ltd)
Task: {56BA98BB-6E4D-4D28-A797-3AB3E8E12176} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-07-11] (COMODO)
Task: {57DFF957-C097-4F17-8203-CB1FB1EF8759} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-23] (Google Inc.)
Task: {66C3084C-C536-456A-AAB2-5EBCE0945289} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe [2014-09-11] (Maxthon International ltd.)
Task: {67FC5BCA-7BF9-44B9-9C82-76221BC8A180} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-06] ()
Task: {6B55362E-498B-42AC-A126-756E57507239} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-23] (Microsoft Corporation)
Task: {6C669420-CA95-4FC9-80D8-8BE16C9A4D9D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-23] (Google Inc.)
Task: {6EF91A0C-5162-4C0D-81BB-0052A5E69382} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {769FD28E-FE31-4BA6-8B0D-BAD423942723} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-06] ()
Task: {806F0094-5767-422C-9C99-8ABDF816BFF3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {80DC3A2E-A246-4A45-AD5B-8DD83B0B5C26} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {840841EE-B16A-4AC8-AC9D-BA852F7AFC14} - System32\Tasks\COMODO\COMODO Maintenance {947247B5-026A-4437-9371-770782BE839D} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-07-11] (COMODO)
Task: {8881EFD9-4E06-4A11-B7D9-4A4180B8AF9F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-07-06] (Microsoft Corporation)
Task: {8A21EC51-D256-488A-A8DD-824AA6F2D7E8} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {9719BD28-8F15-4FEB-A036-24C3C446C3DE} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-05-01] (Lenovo)
Task: {9C23DA1B-8077-41C4-96E0-8E34A96C22E2} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {A3DB76D2-90E9-43CF-9BD9-453475150B62} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {AFE6CEB1-1A6E-49FD-AC1A-E3758644C684} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {B03B5D76-24A4-41E1-86E6-DF06DCAD7731} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-07-11] (Microsoft Corporation)
Task: {B7AE9942-0693-426B-AAF9-EA245E538D5D} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-14] (Adobe Systems Incorporated)
Task: {C4F6D8AF-2738-4202-8FD2-838798D42997} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {CA6D97C5-5913-4D91-A015-1E119F8A0805} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-08-17] (Lenovo)
Task: {CAFF736A-52EB-4689-ABF2-C970F81612E3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {D4554F07-AE0F-4633-B476-27A247AAAA24} - \WPD\SqmUpload_S-1-5-21-16860551-3646413191-704074031-1001 -> No File <==== ATTENTION
Task: {D4CA6C07-7F6C-4DA4-ADFC-6D8D6373614E} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-07-06] (AVAST Software)
Task: {D7C65FA9-E198-4080-8820-A5624C1702FF} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSC.Services.UpdateStatusService.exe [2016-05-01] ()
Task: {E3B47BE2-12EF-48C1-8D75-3482423274C8} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2017-07-11] (COMODO)
Task: {E3D58173-2D9D-4B1C-8D01-330385ABF474} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-07-13] (AVAST Software)
Task: {E4242FAC-220A-4C15-A2D5-E7C19E5187B8} - System32\Tasks\Pokki => C:\Users\User\AppData\Local\Pokki\Engine\ServiceHostAppUpdater.exe
Task: {E43F6B7A-1EDA-49F6-9D39-F00EF48A069A} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-09] (CyberLink Corp.)
Task: {F10EB4CF-042D-4805-9822-B9929F8F0214} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {FC256A57-6C22-40F0-8316-AAFE7B0586D8} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-07-06 05:26 - 2017-07-11 12:42 - 00156352 _____ () C:\Program Files\COMODO\COMODO Internet Security\cmdwrhlp.dll
2017-07-06 05:25 - 2017-07-11 12:40 - 00107200 _____ () C:\Program Files\COMODO\COMODO Internet Security\cavwpps.dll
2017-07-06 05:25 - 2017-07-11 12:41 - 00244928 _____ () C:\Program Files\COMODO\COMODO Internet Security\cmdcomps.dll
2015-01-14 23:55 - 2011-08-17 05:46 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
2015-01-15 00:10 - 2012-04-24 11:43 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2017-03-18 21:58 - 2017-03-18 21:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2015-01-14 23:55 - 2011-08-17 05:46 - 00024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe
2017-06-21 23:01 - 2017-06-21 23:02 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-06-21 23:01 - 2017-06-21 23:02 - 00203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-06-21 23:01 - 2017-06-21 23:02 - 43454464 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-06-21 23:01 - 2017-06-21 23:02 - 02437120 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\skypert.dll
2016-03-17 01:15 - 2017-07-06 20:29 - 08932040 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-03-18 21:59 - 2017-03-19 03:31 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-07-06 21:10 - 2017-06-23 04:21 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-07-06 21:10 - 2017-06-23 04:21 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
2017-07-06 19:43 - 2017-07-06 19:43 - 00170224 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-07-13 16:12 - 2017-07-13 16:12 - 01038952 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-07-06 19:43 - 2017-07-06 19:43 - 67109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-07-06 19:43 - 2017-07-06 19:43 - 00192664 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-07-06 19:43 - 2017-07-06 19:43 - 00224256 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-07-06 19:42 - 2017-07-06 19:42 - 00292920 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-07-06 19:42 - 2017-07-06 19:45 - 02962096 _____ () C:\Program Files\AVAST Software\Avast\aswDataScan.dll
2017-07-06 19:43 - 2017-07-06 19:43 - 00689272 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2015-01-14 23:55 - 2011-05-17 22:27 - 00028672 _____ () C:\Windows\jmesoft\hidhook.dll
2009-12-05 01:59 - 2009-12-05 01:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2009-12-05 02:04 - 2009-12-05 02:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\WINDOWS\avastSS.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdpreference.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CustomModeApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CustomModeAppv2_0.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\difx64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DPTopologyApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DPTopologyAppv2_0.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GfxUIEx.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Gfxv2_0.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Gfxv4_0.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxEM.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxext.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxHK.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxTray.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiUMS64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiVAD64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MpSigStub.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AOLParconLink.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\indexeddbserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WISPTIS.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbam.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbamchameleon.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mwac.sys:$CmdTcID [64]
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [252]
AlternateDataStreams: C:\Users\User\Downloads\12238337_10154758691232588_8208899163589540216_o.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\14706839_10155900496677588_6623436239633311474_o.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\Ali English Oct Monthly Report no. 1 (1).pptx:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\Ali English Oct Monthly Report no. 1.pptx:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\Ali English Presentation MPR MAY 2015.pptx:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\Ali English Quarterly Report (1) (2).pptx:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\FB_IMG_1486241176672.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\FB_IMG_1486241216863.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\FB_IMG_1486241324928.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\FB_IMG_1486241372797.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\SpotifySetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\User\Downloads\SpotifySetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\Talkin bout ma presentation (1).ppt:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\Talkin bout ma presentation June.ppt:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\Talkin bout ma presentation.ppt:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\WP_20151109_009 (1).jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\WP_20151109_009.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\WP_20151109_011.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\WP_20151109_014.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\WP_20170328_001.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\WP_20170328_004.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\WP_20170328_006.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\WP_20170328_007.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Documents\123.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Documents\booking.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Documents\car tax £130.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Documents\fooddiaryextraeasy.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Documents\Graham English - Curriculum Vitae.docx:$CmdZnID [26]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\1001movie.com -> 1001movie.com
 
There are 6091 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-16860551-3646413191-704074031-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\lenovowallpaper.jpg
DNS Servers: 156.154.70.22 - 156.154.71.22
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\StartupApproved\Run: => "Spotify"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{9B69D0CB-C99A-477D-9B30-5831EB49051F}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609\SZBrowser.exe
FirewallRules: [{26FA87E7-ACDE-4C8D-9024-F97D2F7F0DC9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{6DC8C4E2-1BDC-4227-8CC9-47DF10CCF2C8}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.607\SZBrowser.exe
FirewallRules: [{9974286C-CF91-4B5A-8B2B-9C616C5C1143}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{306A4EB6-BB45-4B48-A13F-FD7FC9FD3476}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1CE490E1-F5F9-4F10-834A-4F9C265B8737}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{6982C10D-FFB8-4102-8D96-2D52282AC506}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{85C227E4-A221-4F2B-B45C-0F8348C59D9C}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [{9A7B0B22-6211-49E5-B5DB-E605D5A5E0E0}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{8395029A-0012-4B56-AA18-CA10C2A92E91}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{1350BD3C-F2EF-44EB-AF22-DA41F563E7F3}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{4966769A-ACCF-4744-99A2-6FD7FA210DFE}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{1CA9DF85-BC3A-4DF0-A2B8-F99F82C9E758}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{45F3A533-6279-46F4-8944-CB04C48B07FB}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{BB7C4367-3888-4133-85F0-7A6E742F0D81}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{08810743-4022-4AA1-A400-0DDF31801FAA}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{904359D7-476C-46B2-BEEF-F565573EF2DD}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{3A22E91A-F228-468B-B0EB-1E0EC4B3CA12}] => (Allow) C:\Users\User\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{C397CCBB-C3ED-40BE-A2E2-D84BCD7F1A48}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe
FirewallRules: [{09D4BB2B-685A-4DA5-8AFF-1ED33C4C693D}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe
FirewallRules: [{543675CD-B873-4756-9F62-5B0019AF299E}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
FirewallRules: [{026D2367-6D12-4CE2-95FD-93CE70E237B4}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
FirewallRules: [{DB07E1DB-5E3A-4E76-B9BC-046BEB763BEB}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1473627642\ee\aolsoftware.exe
FirewallRules: [{012E5F55-FE8B-4AED-8F83-96714A072186}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1473627642\ee\aolsoftware.exe
FirewallRules: [{8766A8B3-5A43-41B1-A703-4893D13C7C85}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.2\waol.exe
FirewallRules: [{71D7E7C8-E622-4609-8409-C07247A7158C}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.2\waol.exe
FirewallRules: [{59DF7A4E-FFE8-4DBD-9695-A5E37EC880BD}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{C7616BFA-3826-4AD8-AFD9-1CF743D91B83}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{4BA5D1AA-3414-48D8-B357-743CE8BE87B5}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{C19343E6-EEA4-49F5-8217-4FE7F8C06F4A}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{E2802D31-37B2-4FEA-B206-41C78FFA9086}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe
FirewallRules: [{9786A611-76BF-4F25-A1C6-4C6A8A5551B3}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe
 
==================== Restore Points =========================
 
14-07-2017 21:07:24 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/14/2017 10:52:55 PM) (Source: Windows Search Service) (EventID: 3083) (User: )
Description: The protocol handler OneIndex16 cannot be loaded. Error description: (HRESULT : 0x800700c1).
 
Error: (07/14/2017 09:56:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVO-PC)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (07/14/2017 08:52:44 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVO-PC)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (07/14/2017 07:51:42 PM) (Source: Windows Search Service) (EventID: 3083) (User: )
Description: The protocol handler OneIndex16 cannot be loaded. Error description: (HRESULT : 0x800700c1).
 
Error: (07/14/2017 07:51:03 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVO-PC)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (07/14/2017 07:30:20 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostw (5224) An attempt to open the file "C:\Users\User\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (07/14/2017 07:09:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVO-PC)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (07/14/2017 07:09:42 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVO-PC)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (07/14/2017 07:08:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVO-PC)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (07/14/2017 06:55:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVO-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (07/14/2017 09:56:45 PM) (Source: DCOM) (EventID: 10001) (User: LENOVO-PC)
Description: Unable to start a DCOM Server: Microsoft.WindowsStore_11609.1001.28.0_x64__8wekyb3d8bbwe!App.AppX8h0bdkbb5frkt9s09fvshhbvqnntmvm1.mca as Unavailable/Unavailable. The error:
"2"
Happened while starting this command:
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:App.AppXe9cvj1thv1hmcw0cs98xm3r97tyzy2xs.mca
 
Error: (07/14/2017 08:52:44 PM) (Source: DCOM) (EventID: 10001) (User: LENOVO-PC)
Description: Unable to start a DCOM Server: Microsoft.WindowsStore_11609.1001.28.0_x64__8wekyb3d8bbwe!App.AppX8h0bdkbb5frkt9s09fvshhbvqnntmvm1.mca as Unavailable/Unavailable. The error:
"2"
Happened while starting this command:
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:App.AppXe9cvj1thv1hmcw0cs98xm3r97tyzy2xs.mca
 
Error: (07/14/2017 07:51:03 PM) (Source: DCOM) (EventID: 10001) (User: LENOVO-PC)
Description: Unable to start a DCOM Server: Microsoft.WindowsStore_11609.1001.28.0_x64__8wekyb3d8bbwe!App.AppX8h0bdkbb5frkt9s09fvshhbvqnntmvm1.mca as Unavailable/Unavailable. The error:
"2"
Happened while starting this command:
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:App.AppXe9cvj1thv1hmcw0cs98xm3r97tyzy2xs.mca
 
Error: (07/14/2017 07:11:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/14/2017 07:11:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/14/2017 07:11:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/14/2017 07:11:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/14/2017 07:09:43 PM) (Source: DCOM) (EventID: 10001) (User: LENOVO-PC)
Description: Unable to start a DCOM Server: Microsoft.WindowsStore_11609.1001.28.0_x64__8wekyb3d8bbwe!App as Unavailable/Unavailable. The error:
"2"
Happened while starting this command:
"C:\Program Files\WindowsApps\Microsoft.WindowsStore_11609.1001.28.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe" -ServerName:App.AppXqagq4n4gvy0tjw576pgh6xr601s1h1mv.mca
 
Error: (07/14/2017 07:09:42 PM) (Source: DCOM) (EventID: 10001) (User: LENOVO-PC)
Description: Unable to start a DCOM Server: Microsoft.WindowsStore_11609.1001.28.0_x64__8wekyb3d8bbwe!App as Unavailable/Unavailable. The error:
"2"
Happened while starting this command:
"C:\Program Files\WindowsApps\Microsoft.WindowsStore_11609.1001.28.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe" -ServerName:App.AppXqagq4n4gvy0tjw576pgh6xr601s1h1mv.mca
 
Error: (07/14/2017 07:08:05 PM) (Source: DCOM) (EventID: 10001) (User: LENOVO-PC)
Description: Unable to start a DCOM Server: Microsoft.WindowsStore_11609.1001.28.0_x64__8wekyb3d8bbwe!App as Unavailable/Unavailable. The error:
"2"
Happened while starting this command:
"C:\Program Files\WindowsApps\Microsoft.WindowsStore_11609.1001.28.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe" -ServerName:App.AppXqagq4n4gvy0tjw576pgh6xr601s1h1mv.mca
 
 
CodeIntegrity:
===================================
  Date: 2017-07-14 22:26:56.549
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-07-14 21:59:25.224
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-07-14 21:46:47.624
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-07-14 21:32:00.891
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-07-14 21:17:01.123
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-07-14 21:02:01.151
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-07-14 20:45:58.885
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-07-14 20:28:06.120
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-07-14 20:19:56.278
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-07-14 20:11:22.644
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU J1800 @ 2.41GHz
Percentage of memory in use: 62%
Total physical RAM: 3988.71 MB
Available physical RAM: 1480.21 MB
Total Virtual: 6562.63 MB
Available Virtual: 2480.62 MB
 
==================== Drives ================================
 
Drive c: (Windows8_OS) (Fixed) (Total:905.25 GB) (Free:814.75 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: A058282D)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#16 Android 8888

Android 8888

    SWI Malware Tracker

  • Helper
  • PipPipPipPipPip
  • 976 posts

Posted 16 July 2017 - 07:17 PM

Hello agangelus.

Okay, please proceed as follow:


I noticed that you have malicious programs installed on your system. I'll ask you to uninstall them since uninstalling such programs before running malware removal tools will ensure a better clean-up.

  • Amazon Browser App
  • Host App Service
  • Start Menu

If you have an issue when uninstalling a program, please let me know.
 
 
Next,

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and click the OK button.
Please copy the entire contents of the code box below. To do this highlight the contents of the box and right click on it and select Copy.
Paste this into the open Notepad.
 

Start
CreateRestorePoint:
CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
GroupPolicy: Restriction - Chrome <==== ATTENTION
HKU\S-1-5-21-16860551-3646413191-704074031-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aol.co.uk/?ncid=hyplogukaolp00000008
HKU\S-1-5-21-16860551-3646413191-704074031-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-16860551-3646413191-704074031-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKU\S-1-5-21-16860551-3646413191-704074031-1001 -> DefaultScope {0AA24E16-07B3-4694-8357-3C21ACC5F516} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=comodo&hsimp=yhs-com_chrome&type=33050001005_ds_sp&p={searchTerms}
SearchScopes: HKU\S-1-5-21-16860551-3646413191-704074031-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-16860551-3646413191-704074031-1001 -> {0AA24E16-07B3-4694-8357-3C21ACC5F516} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=comodo&hsimp=yhs-com_chrome&type=33050001005_ds_sp&p={searchTerms}
SearchScopes: HKU\S-1-5-21-16860551-3646413191-704074031-1001 -> {450F9D5F-843D-41BF-90DD-02EEA0B3DA39} URL =
Edge Extension: (No Name) -> xxx_AmazoncomAmazonAssistant_343d40qqvtj1t => C:\Program Files\WindowsApps\Amazon.com.AmazonAssistant_10.1706.14.0_neutral__343d40qqvtj1t [not found]
FF Homepage: Mozilla\Firefox\Profiles\g7f3olor.default -> hxxp://www.aol.co.uk/?ncid=hyplogukaolp00000009
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [2004-02-20] ()
CHR Extension: (Avast SafePrice) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-05-31]
CHR Extension: (Avast Online Security) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-06-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-13]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {175631CE-589B-4F65-93E0-F21300019740} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {6EF91A0C-5162-4C0D-81BB-0052A5E69382} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {806F0094-5767-422C-9C99-8ABDF816BFF3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {80DC3A2E-A246-4A45-AD5B-8DD83B0B5C26} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {8A21EC51-D256-488A-A8DD-824AA6F2D7E8} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {9C23DA1B-8077-41C4-96E0-8E34A96C22E2} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {A3DB76D2-90E9-43CF-9BD9-453475150B62} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {AFE6CEB1-1A6E-49FD-AC1A-E3758644C684} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {CAFF736A-52EB-4689-ABF2-C970F81612E3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {D4554F07-AE0F-4633-B476-27A247AAAA24} - \WPD\SqmUpload_S-1-5-21-16860551-3646413191-704074031-1001 -> No File <==== ATTENTION
Task: {E4242FAC-220A-4C15-A2D5-E7C19E5187B8} - System32\Tasks\Pokki => C:\Users\User\AppData\Local\Pokki\Engine\ServiceHostAppUpdater.exe
Task: {F10EB4CF-042D-4805-9822-B9929F8F0214} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {FC256A57-6C22-40F0-8316-AAFE7B0586D8} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
AlternateDataStreams: C:\WINDOWS\avastSS.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdpreference.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CustomModeApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CustomModeAppv2_0.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\difx64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DPTopologyApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DPTopologyAppv2_0.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GfxUIEx.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Gfxv2_0.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Gfxv4_0.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxEM.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxext.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxHK.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxTray.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiUMS64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiVAD64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MpSigStub.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AOLParconLink.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\indexeddbserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WISPTIS.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbam.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbamchameleon.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mwac.sys:$CmdTcID [64]
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [252]
AlternateDataStreams: C:\Users\User\Downloads\12238337_10154758691232588_8208899163589540216_o.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\14706839_10155900496677588_6623436239633311474_o.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\Ali English Oct Monthly Report no. 1 (1).pptx:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\Ali English Oct Monthly Report no. 1.pptx:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\Ali English Presentation MPR MAY 2015.pptx:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\Ali English Quarterly Report (1) (2).pptx:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\FB_IMG_1486241176672.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\FB_IMG_1486241216863.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\FB_IMG_1486241324928.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\FB_IMG_1486241372797.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\SpotifySetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\User\Downloads\SpotifySetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\Talkin bout ma presentation (1).ppt:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\Talkin bout ma presentation June.ppt:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\Talkin bout ma presentation.ppt:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\WP_20151109_009 (1).jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\WP_20151109_009.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\WP_20151109_011.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\WP_20151109_014.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\WP_20170328_001.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\WP_20170328_004.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\WP_20170328_006.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\WP_20170328_007.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Documents\123.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Documents\booking.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Documents\car tax £130.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Documents\fooddiaryextraeasy.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Documents\Graham English - Curriculum Vitae.docx:$CmdZnID [26]
CMD: ipconfig /flushdns
EmptyTemp:
End

Save the file as fixlist.txt in to the same folder as FRST64.
Right-click the FRST64 icon and select Run as administrator to run the tool.
Click the Fix button only once and wait.
When finished FRST will generate a log on the Desktop (fixlog.txt). Please post its entire contents in to your reply.

NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.


Next,
 
Please download Junkware Removal Tool and save it to your Desktop.

  • Please close your security software to avoid potential conflicts.
  • Right-click on the icon and select Run as administrator.
  • The tool will open and check for updates. You will see the Disclaimer.
  • Press any key to continue and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.

Please post the contents of JRT.txt into your next reply.


Next,

Please download AdwCleaner and save it to your computer's Desktop.

  • Close all open programs and internet browsers.
  • Right-click on the icon and select Run as administrator to start the tool.
  • Click Yes to accept the User Account Control security warning that may appear.
  • Click I Agree on the disclaimer to accept the Terms of Use.
  • Click the Scan button to start the scan and wait for the process to complete.
  • Click the Logfile button and the report will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button and follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file in your next reply.
  • You can find the log file at C:\AdwCleaner[Cn].txt (n is a number, the highest number is the most recent).

 

Next,
 
You are running an old version (2.2.1.1043) of Malwarebytes. The latest version is 3.1.2.1733.
Please read the instructions below and make a clean install of Malwarebytes from version 2 to version 3.

Download mb-clean and save it to your computer Desktop.
 
Right-click on mb-clean.exe icon and select Run as administrator to start the tool.
It will ask you to reboot the machine - please do so.
Run the mb-clean tool again and reboot when complete. IMPORTANT : DO NOT miss this step.

If you have lost the activation license key information it can be located here

Download Malwarebytes version 3 from here and save it to your computer Desktop or anywhere else on your system since you know where is located.

Double click on the installer and follow the prompts to install the program. If necessary select the Blue Help tab for video instructions.

When the install completes and is updated do the following:

  • Open Malwarebytes;
  • On the left pane select Settings;
  • Select the Protection tab;
  • Scroll down to Scan Options and ensure Scan for Rootkits and Scan within Archives are both on and leave all other settings to default.
  • Go back to DashBoard and select the blue Scan Now tab; Note: The scan may take some time to finish, so please be patient.
  • When the scan completes if potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selectedbutton.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), give it a name and save it to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
  • Please post the entire contents of the log in your next reply.

 

In your next reply please post the entire contents of the following logs:
fixlog.txt
JRT.txt
AdwCleaner clean log
MBAM log.

Let me know how is the computer running at this point. What issues are you still having on this computer?

 

Android 8888


Android 8888
 

Website: http://android8888.comlu.com

 

Tavira - Here's where I live!

 

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.


#17 agangelus

agangelus

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 17 July 2017 - 05:22 PM

Hi there,

 

I've managed to remove the Amazon Browser App. When I tried to uninstall the Host App Service and the Start Menu through the Apps & Features it gave a message saying it couldn't find them. So I tried going through the control panel and again it said it couldn't find them and asked if I wanted to remove them from the list. I did remove them from the list and now they don't show in the Apps & Features.

 

I have not gone any further with your instructions until you let me know this is ok?

 

Ali 


Edited by agangelus, 17 July 2017 - 05:27 PM.


#18 Android 8888

Android 8888

    SWI Malware Tracker

  • Helper
  • PipPipPipPipPip
  • 976 posts

Posted 17 July 2017 - 06:43 PM

Hello agangelus.

Yes you did well. Please proceed with the rest of the instructions in my previous post and post the entire contents of the requested logs.

Thank you.

Android 8888


Android 8888
 

Website: http://android8888.comlu.com

 

Tavira - Here's where I live!

 

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.


#19 agangelus

agangelus

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 21 July 2017 - 02:40 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 18-07-2017
Ran by User (21-07-2017 20:17:52) Run:1
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
GroupPolicy: Restriction - Chrome <==== ATTENTION
HKU\S-1-5-21-16860551-3646413191-704074031-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aol.co.uk/?ncid=hyplogukaolp00000008
HKU\S-1-5-21-16860551-3646413191-704074031-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-16860551-3646413191-704074031-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKU\S-1-5-21-16860551-3646413191-704074031-1001 -> DefaultScope {0AA24E16-07B3-4694-8357-3C21ACC5F516} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=comodo&hsimp=yhs-com_chrome&type=33050001005_ds_sp&p={searchTerms}
SearchScopes: HKU\S-1-5-21-16860551-3646413191-704074031-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-16860551-3646413191-704074031-1001 -> {0AA24E16-07B3-4694-8357-3C21ACC5F516} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=comodo&hsimp=yhs-com_chrome&type=33050001005_ds_sp&p={searchTerms}
SearchScopes: HKU\S-1-5-21-16860551-3646413191-704074031-1001 -> {450F9D5F-843D-41BF-90DD-02EEA0B3DA39} URL =
Edge Extension: (No Name) -> xxx_AmazoncomAmazonAssistant_343d40qqvtj1t => C:\Program Files\WindowsApps\Amazon.com.AmazonAssistant_10.1706.14.0_neutral__343d40qqvtj1t [not found]
FF Homepage: Mozilla\Firefox\Profiles\g7f3olor.default -> hxxp://www.aol.co.uk/?ncid=hyplogukaolp00000009
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [2004-02-20] ()
CHR Extension: (Avast SafePrice) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-05-31]
CHR Extension: (Avast Online Security) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-06-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-13]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {175631CE-589B-4F65-93E0-F21300019740} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {6EF91A0C-5162-4C0D-81BB-0052A5E69382} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {806F0094-5767-422C-9C99-8ABDF816BFF3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {80DC3A2E-A246-4A45-AD5B-8DD83B0B5C26} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {8A21EC51-D256-488A-A8DD-824AA6F2D7E8} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {9C23DA1B-8077-41C4-96E0-8E34A96C22E2} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {A3DB76D2-90E9-43CF-9BD9-453475150B62} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {AFE6CEB1-1A6E-49FD-AC1A-E3758644C684} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {CAFF736A-52EB-4689-ABF2-C970F81612E3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {D4554F07-AE0F-4633-B476-27A247AAAA24} - \WPD\SqmUpload_S-1-5-21-16860551-3646413191-704074031-1001 -> No File <==== ATTENTION
Task: {E4242FAC-220A-4C15-A2D5-E7C19E5187B8} - System32\Tasks\Pokki => C:\Users\User\AppData\Local\Pokki\Engine\ServiceHostAppUpdater.exe
Task: {F10EB4CF-042D-4805-9822-B9929F8F0214} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {FC256A57-6C22-40F0-8316-AAFE7B0586D8} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
AlternateDataStreams: C:\WINDOWS\avastSS.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdpreference.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CustomModeApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CustomModeAppv2_0.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\difx64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DPTopologyApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DPTopologyAppv2_0.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GfxUIEx.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Gfxv2_0.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Gfxv4_0.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxEM.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxext.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxHK.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxTray.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiUMS64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiVAD64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MpSigStub.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AOLParconLink.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\indexeddbserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WISPTIS.EXE:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbam.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbamchameleon.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mwac.sys:$CmdTcID [64]
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [252]
AlternateDataStreams: C:\Users\User\Downloads\12238337_10154758691232588_8208899163589540216_o.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\14706839_10155900496677588_6623436239633311474_o.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\Ali English Oct Monthly Report no. 1 (1).pptx:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\Ali English Oct Monthly Report no. 1.pptx:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\Ali English Presentation MPR MAY 2015.pptx:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\Ali English Quarterly Report (1) (2).pptx:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\FB_IMG_1486241176672.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\FB_IMG_1486241216863.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\FB_IMG_1486241324928.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\FB_IMG_1486241372797.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\SpotifySetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\User\Downloads\SpotifySetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\Talkin bout ma presentation (1).ppt:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\Talkin bout ma presentation June.ppt:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\Talkin bout ma presentation.ppt:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\WP_20151109_009 (1).jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\WP_20151109_009.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\WP_20151109_011.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\WP_20151109_014.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\WP_20170328_001.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\WP_20170328_004.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\WP_20170328_006.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Downloads\WP_20170328_007.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Documents\123.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Documents\booking.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Documents\car tax �130.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Documents\fooddiaryextraeasy.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\User\Documents\Graham English - Curriculum Vitae.docx:$CmdZnID [26]
CMD: ipconfig /flushdns
EmptyTemp:
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKU\S-1-5-21-16860551-3646413191-704074031-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => Error setting value.
HKU\S-1-5-21-16860551-3646413191-704074031-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKU\S-1-5-21-16860551-3646413191-704074031-1001\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages => value removed successfully
HKU\S-1-5-21-16860551-3646413191-704074031-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-16860551-3646413191-704074031-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKU\S-1-5-21-16860551-3646413191-704074031-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0AA24E16-07B3-4694-8357-3C21ACC5F516} => key removed successfully
HKLM\Software\Classes\CLSID\{0AA24E16-07B3-4694-8357-3C21ACC5F516} => key not found. 
HKU\S-1-5-21-16860551-3646413191-704074031-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{450F9D5F-843D-41BF-90DD-02EEA0B3DA39} => key removed successfully
HKLM\Software\Classes\CLSID\{450F9D5F-843D-41BF-90DD-02EEA0B3DA39} => key not found. 
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\xxx_AmazoncomAmazonAssistant_343d40qqvtj1t => key removed successfully
Firefox "homepage" removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@viewpoint.com/VMP => key removed successfully
C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll => moved successfully
CHR Extension: (Avast SafePrice) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-05-31] => Error: No automatic fix found for this entry.
CHR Extension: (Avast Online Security) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-06-11] => Error: No automatic fix found for this entry.
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09] => Error: No automatic fix found for this entry.
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-13] => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => key removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => key removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{175631CE-589B-4F65-93E0-F21300019740} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{175631CE-589B-4F65-93E0-F21300019740} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6EF91A0C-5162-4C0D-81BB-0052A5E69382} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6EF91A0C-5162-4C0D-81BB-0052A5E69382} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{806F0094-5767-422C-9C99-8ABDF816BFF3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{806F0094-5767-422C-9C99-8ABDF816BFF3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{80DC3A2E-A246-4A45-AD5B-8DD83B0B5C26} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80DC3A2E-A246-4A45-AD5B-8DD83B0B5C26} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8A21EC51-D256-488A-A8DD-824AA6F2D7E8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A21EC51-D256-488A-A8DD-824AA6F2D7E8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9C23DA1B-8077-41C4-96E0-8E34A96C22E2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C23DA1B-8077-41C4-96E0-8E34A96C22E2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A3DB76D2-90E9-43CF-9BD9-453475150B62} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3DB76D2-90E9-43CF-9BD9-453475150B62} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AFE6CEB1-1A6E-49FD-AC1A-E3758644C684} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AFE6CEB1-1A6E-49FD-AC1A-E3758644C684} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CAFF736A-52EB-4689-ABF2-C970F81612E3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CAFF736A-52EB-4689-ABF2-C970F81612E3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D4554F07-AE0F-4633-B476-27A247AAAA24} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4554F07-AE0F-4633-B476-27A247AAAA24} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-16860551-3646413191-704074031-1001 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E4242FAC-220A-4C15-A2D5-E7C19E5187B8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E4242FAC-220A-4C15-A2D5-E7C19E5187B8} => key removed successfully
C:\WINDOWS\System32\Tasks\Pokki => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Pokki => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F10EB4CF-042D-4805-9822-B9929F8F0214} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F10EB4CF-042D-4805-9822-B9929F8F0214} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FC256A57-6C22-40F0-8316-AAFE7B0586D8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC256A57-6C22-40F0-8316-AAFE7B0586D8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key removed successfully
C:\WINDOWS\avastSS.scr => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\cdpreference.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\CustomModeApp.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\CustomModeAppv2_0.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\difx64.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\DPTopologyApp.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\DPTopologyAppv2_0.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\GfxUIEx.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Gfxv2_0.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Gfxv4_0.exe => ":$CmdTcID" ADS could not remove.
"C:\WINDOWS\system32\igfxEM.exe" => ":$CmdTcID" ADS not found.
C:\WINDOWS\system32\igfxext.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\igfxHK.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\igfxTray.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\IntelWiDiUMS64.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\IntelWiDiVAD64.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\MpSigStub.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\AOLParconLink.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\indexeddbserver.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\WISPTIS.EXE => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\mbam.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\mbamchameleon.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\mwac.sys => ":$CmdTcID" ADS could not remove.
C:\ProgramData\Temp => ":5C321E34" ADS removed successfully.
C:\Users\User\Downloads\12238337_10154758691232588_8208899163589540216_o.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\User\Downloads\14706839_10155900496677588_6623436239633311474_o.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\User\Downloads\Ali English Oct Monthly Report no. 1 (1).pptx => ":$CmdZnID" ADS removed successfully.
C:\Users\User\Downloads\Ali English Oct Monthly Report no. 1.pptx => ":$CmdZnID" ADS removed successfully.
C:\Users\User\Downloads\Ali English Presentation MPR MAY 2015.pptx => ":$CmdZnID" ADS removed successfully.
C:\Users\User\Downloads\Ali English Quarterly Report (1) (2).pptx => ":$CmdZnID" ADS removed successfully.
C:\Users\User\Downloads\FB_IMG_1486241176672.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\User\Downloads\FB_IMG_1486241216863.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\User\Downloads\FB_IMG_1486241324928.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\User\Downloads\FB_IMG_1486241372797.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\User\Downloads\SpotifySetup.exe => ":$CmdTcID" ADS could not remove.
C:\Users\User\Downloads\SpotifySetup.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\User\Downloads\Talkin bout ma presentation (1).ppt => ":$CmdZnID" ADS removed successfully.
C:\Users\User\Downloads\Talkin bout ma presentation June.ppt => ":$CmdZnID" ADS removed successfully.
C:\Users\User\Downloads\Talkin bout ma presentation.ppt => ":$CmdZnID" ADS removed successfully.
C:\Users\User\Downloads\WP_20151109_009 (1).jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\User\Downloads\WP_20151109_009.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\User\Downloads\WP_20151109_011.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\User\Downloads\WP_20151109_014.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\User\Downloads\WP_20170328_001.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\User\Downloads\WP_20170328_004.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\User\Downloads\WP_20170328_006.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\User\Downloads\WP_20170328_007.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\User\Documents\123.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\User\Documents\booking.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\User\Documents\car tax £130.docx => ":$CmdZnID" ADS removed successfully.
C:\Users\User\Documents\fooddiaryextraeasy.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\User\Documents\Graham English - Curriculum Vitae.docx => ":$CmdZnID" ADS removed successfully.
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 6053888 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 16822887 B
Java, Flash, Steam htmlcache => 804 B
Windows/system/drivers => 10521574 B
Edge => 21231546 B
Chrome => 493802486 B
Firefox => 8239233 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 3392 B
NetworkService => 1612 B
User => 13857102 B
 
RecycleBin => 0 B
EmptyTemp: => 544.1 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 20:22:17 ====


#20 agangelus

agangelus

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 21 July 2017 - 03:00 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Home x64 
Ran by User (Administrator) on 21/07/2017 at 20:43:27.38
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 7 
 
Successfully deleted: C:\ProgramData\pokki (Folder) 
Successfully deleted: C:\ProgramData\viewpoint (Folder) 
Successfully deleted: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\g7f3olor.default\extensions\jid1-dwtFBkQjb3SIQp@jetpack.xpi (File) 
Successfully deleted: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\g7f3olor.default\searchplugins\AdTrustMediacsgSafeSearch.xml (File) 
Successfully deleted: C:\Users\User\Start Menu\Programs\pc app store.lnk (Shortcut) 
Successfully deleted: C:\WINDOWS\wininit.ini (File) 
Successfully deleted: C:\Program Files (x86)\viewpoint (Folder) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21/07/2017 at 20:54:20.40
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#21 agangelus

agangelus

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 21 July 2017 - 03:52 PM

 # AdwCleaner 7.0.0.0 - Logfile created on Fri Jul 21 20:47:40 2017

# Updated on 2017/17/07 by Malwarebytes 
# Running on Windows 10 Home (X64)
# Mode: clean
 
***** [ Services ] *****
 
No malicious services deleted.
 
***** [ Folders ] *****
 
Deleted: C:\Program Files (x86)\Amazon\ABB
Deleted: C:\Users\User\AppData\Local\SweetLabs App Platform
Deleted: C:\Users\Default\AppData\Local\Pokki
Deleted: C:\Users\Default User\AppData\Local\Pokki
Deleted: C:\Users\Public\Pokki
 
 
***** [ Files ] *****
 
No malicious files deleted.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks deleted.
 
***** [ Registry ] *****
 
Deleted: [Key] - HKLM\SOFTWARE\MetaStream
Deleted: [Key] - HKLM\SOFTWARE\Viewpoint
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_04bb6df446330549a2cb8d67fbd1a745025b7bd1
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_5110578d77115a3445841a4c038159b71769d31b
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_9d153b1b6b60a262593fab6bbf51fa799be45a00
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries deleted.
 
***** [ Chromium (and derivatives) ] *****
 
SearchProvider deleted: Ask Jeeves - uk.ask.com
 
 
*************************
 
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
 
 
 
*************************
 
C:/AdwCleaner/AdwCleaner[S0].txt - [2148 B] - [2017/7/21 20:42:44]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########


#22 agangelus

agangelus

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 21 July 2017 - 05:13 PM

 Hi 

 

I've just tried putting in my licence key and id for malwarebytes and it's now telling me that "the usage level has exceeded the max volume allowed. there is a problem with your license key and we are unable to activate you license. please check your license details and try entering your key again.

 

if you continue to have trouble, please contact Malwarebytes Support for assistance. 

 

I took a screen dump of my license details before carrying out the removal and install of the newer version, so I know the details are correct.

 

Anyway, below is the mbam results

 

2017-07-21 22:05:03.394   mb-clean:3.1.0.1014  @ Malwarebytes. All rights reserved.
2017-07-21 22:05:10.252   Find MBAM2x's installation location from C:\Program Files (x86)\Malwarebytes Anti-Malware\.
2017-07-21 22:05:14.539   Trying to disable self-protection.
2017-07-21 22:05:14.580   Launching process:"C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe" /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /log="C:\Users\User\AppData\Local\Temp\Mbam3x.log"
2017-07-21 22:05:28.607   >>>>>> Starting 2nd phase cleanup for Malwarebytes version 3.1.2.1733 <<<<<<
2017-07-21 22:05:28.607   HKLM\SYSTEM\CurrentControlSet\Services\ESProtectionDriver does not exist.
2017-07-21 22:05:28.607   HKLM\SYSTEM\CurrentControlSet\Services\MBAMChameleon does not exist.
2017-07-21 22:05:28.607   HKLM\SYSTEM\CurrentControlSet\Services\MBAMFarflt does not exist.
2017-07-21 22:05:28.607   HKLM\SYSTEM\CurrentControlSet\Services\MBAMProtection does not exist.
2017-07-21 22:05:28.607   HKLM\SYSTEM\CurrentControlSet\Services\MBAMService does not exist.
2017-07-21 22:05:28.607   HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy does not exist.
2017-07-21 22:05:28.622   HKLM\SYSTEM\CurrentControlSet\Services\MBAMWebProtection does not exist.
2017-07-21 22:05:35.677   Trying to delete path C:\ProgramData\Malwarebytes\
2017-07-21 22:05:35.677   Cannot delete path C:\ProgramData\Malwarebytes\, reason:(The system cannot find the path specified.(error=3))
2017-07-21 22:05:35.693   Trying to delete path C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\
2017-07-21 22:05:35.693   Cannot delete path C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\, reason:(The system cannot find the path specified.(error=3))
2017-07-21 22:05:35.693   Trying to delete path C:\Program Files\Malwarebytes\Anti-Malware\
2017-07-21 22:05:35.693   Trying to delete file or folder: C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll
2017-07-21 22:05:35.693   Failed to delete C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll, reason:(Access is denied.(error=5))
2017-07-21 22:05:35.708   Trying to delete file or folder C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll on reboot
2017-07-21 22:05:35.708   Trying to delete file or folder: C:\Program Files\Malwarebytes\Anti-Malware\
2017-07-21 22:05:35.708   Failed to delete C:\Program Files\Malwarebytes\Anti-Malware\, reason:(The directory is not empty.(error=145))
2017-07-21 22:05:35.708   Trying to delete file or folder C:\Program Files\Malwarebytes\Anti-Malware\ on reboot
2017-07-21 22:05:35.724   Trying to delete REG key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1
2017-07-21 22:05:35.724   Trying to delete REG key: HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService
2017-07-21 22:05:35.724   Trying to delete REG key: HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService
2017-07-21 22:05:35.724   --------BEGINNING OF THE UNINSTALLER LOG FILE ----------
2017-07-21 22:05:15.938   Log opened. (Time zone: UTC+01:00)
2017-07-21 22:05:15.938   Setup version: Inno Setup version 5.5.8 (u)
2017-07-21 22:05:15.938   Original Uninstall EXE: C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe
2017-07-21 22:05:15.938   Uninstall DAT: C:\Program Files\Malwarebytes\Anti-Malware\unins000.dat
2017-07-21 22:05:15.938   Uninstall command line: /SECONDPHASE="C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe" /FIRSTPHASEWND=$40438 /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /log="C:\Users\User\AppData\Local\Temp\Mbam3x.log"
2017-07-21 22:05:15.938   Windows version: 10.0.15063  (NT platform: Yes)
2017-07-21 22:05:15.938   64-bit Windows: Yes
2017-07-21 22:05:15.938   Processor architecture: x64
2017-07-21 22:05:15.938   User privileges: Administrative
2017-07-21 22:05:15.938   64-bit install mode: Yes
2017-07-21 22:05:15.969   Created temporary directory: C:\Users\User\AppData\Local\Temp\is-QL9KT.tmp
2017-07-21 22:05:16.063   Uninstalling service
2017-07-21 22:05:25.741   Installed service, result 0
2017-07-21 22:05:25.741   Uninstall service complete
2017-07-21 22:05:25.975   Uninstall from Security Center , result 0
2017-07-21 22:05:25.975   Starting the uninstallation process.
2017-07-21 22:05:25.975   Unregistering 64-bit DLL/OCX: C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll
2017-07-21 22:05:25.975   Spawning 64-bit RegSvr32: "C:\WINDOWS\system32\regsvr32.exe" /u /s "C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll"
2017-07-21 22:05:26.509   Unregistration successful.
2017-07-21 22:05:26.732   Deleting file: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Uninstall Malwarebytes.lnk
2017-07-21 22:05:26.732   Deleting directory: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-07-21 22:05:26.748   Failed to delete directory (145). Will retry later.
2017-07-21 22:05:28.247   Deleting file: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Malwarebytes.lnk
2017-07-21 22:05:28.247   Deleting directory: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-07-21 22:05:28.247   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\zlib.dll
2017-07-21 22:05:28.247   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\ssleay32.dll
2017-07-21 22:05:28.247   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\libeay32.dll
2017-07-21 22:05:28.247   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\7z.dll
2017-07-21 22:05:28.247   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\mbdigsig.dat
2017-07-21 22:05:28.247   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\dbmanifest.dat
2017-07-21 22:05:28.247   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\dynconfig.dat
2017-07-21 22:05:28.263   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\exclusions.txt
2017-07-21 22:05:28.263   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\wprot.mbdb
2017-07-21 22:05:28.263   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\tids.mbdb
2017-07-21 22:05:28.263   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\scan.mbdb
2017-07-21 22:05:28.263   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\rules.mbdb
2017-07-21 22:05:28.263   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\rdefs.mbdb
2017-07-21 22:05:28.263   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\prot.mbdb
2017-07-21 22:05:28.263   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\clean.mbdb
2017-07-21 22:05:28.263   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\mbae.dll
2017-07-21 22:05:28.263   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\MbamPt.exe
2017-07-21 22:05:28.263   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\SelfProtectionSdk.dll
2017-07-21 22:05:28.263   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\SelfProtectionShim.dll
2017-07-21 22:05:28.278   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\rtp.dll
2017-07-21 22:05:28.278   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\RtpShim.dll
2017-07-21 22:05:28.278   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Swissarmy.dll
2017-07-21 22:05:28.278   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\SwissarmyShim.dll
2017-07-21 22:05:28.278   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\MwacLib.dll
2017-07-21 22:05:28.278   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\MwacSdkShim.dll
2017-07-21 22:05:28.278   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\MBAMCore.dll
2017-07-21 22:05:28.278   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\MBAMShim.dll
2017-07-21 22:05:28.278   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\arwlib.dll
2017-07-21 22:05:28.294   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\ArwSdkShim.dll
2017-07-21 22:05:28.294   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\mbae-api-na.dll
2017-07-21 22:05:28.294   Deleting file: C:\WINDOWS\system32\drivers\mbae64.sys
2017-07-21 22:05:28.294   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\mbae64.dll
2017-07-21 22:05:28.294   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\AeShim.dll
2017-07-21 22:05:28.294   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\ActionsShim.dll
2017-07-21 22:05:28.294   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Actions.dll
2017-07-21 22:05:28.294   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\SPControllerImpl.dll
2017-07-21 22:05:28.294   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\UpdateControllerImpl.dll
2017-07-21 22:05:28.310   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\AEControllerImpl.dll
2017-07-21 22:05:28.310   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\TelemetryControllerImpl.dll
2017-07-21 22:05:28.310   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\ScanControllerImpl.dll
2017-07-21 22:05:28.310   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\RTPControllerImpl.dll
2017-07-21 22:05:28.310   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\PoliciesControllerImpl.dll
2017-07-21 22:05:28.310   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\MWACControllerImpl.dll
2017-07-21 22:05:28.310   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\LicenseControllerImpl.dll
2017-07-21 22:05:28.310   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\CloudControllerImpl.dll
2017-07-21 22:05:28.325   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\CleanControllerImpl.dll
2017-07-21 22:05:28.325   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\ArwControllerImpl.dll
2017-07-21 22:05:28.325   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
2017-07-21 22:05:28.325   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe
2017-07-21 22:05:28.325   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_bg.qm
2017-07-21 22:05:28.325   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_sk.qm
2017-07-21 22:05:28.325   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_sl.qm
2017-07-21 22:05:28.325   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_hr.qm
2017-07-21 22:05:28.325   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_ro.qm
2017-07-21 22:05:28.325   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_ko.qm
2017-07-21 22:05:28.341   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_zh_TW.qm
2017-07-21 22:05:28.341   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_cs.qm
2017-07-21 22:05:28.341   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_hu.qm
2017-07-21 22:05:28.341   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_ja.qm
2017-07-21 22:05:28.341   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_fi.qm
2017-07-21 22:05:28.341   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_no.qm
2017-07-21 22:05:28.341   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_da.qm
2017-07-21 22:05:28.341   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_sv.qm
2017-07-21 22:05:28.341   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_es.qm
2017-07-21 22:05:28.341   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_ru.qm
2017-07-21 22:05:28.341   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_pt_PT.qm
2017-07-21 22:05:28.356   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_pt_BR.qm
2017-07-21 22:05:28.356   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_pl.qm
2017-07-21 22:05:28.356   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_nl.qm
2017-07-21 22:05:28.356   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_it.qm
2017-07-21 22:05:28.356   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_fr.qm
2017-07-21 22:05:28.356   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_de.qm
2017-07-21 22:05:28.356   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_en_US.qm
2017-07-21 22:05:28.356   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_en_GB.qm
2017-07-21 22:05:28.356   Deleting directory: C:\Program Files\Malwarebytes\Anti-Malware\Languages
2017-07-21 22:05:28.356   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
2017-07-21 22:05:28.356   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qmldir
2017-07-21 22:05:28.372   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\plugins.qmltypes
2017-07-21 22:05:28.372   Deleting directory: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2
2017-07-21 22:05:28.372   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
2017-07-21 22:05:28.372   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\qmldir
2017-07-21 22:05:28.372   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\plugins.qmltypes
2017-07-21 22:05:28.372   Deleting directory: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2
2017-07-21 22:05:28.372   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll
2017-07-21 22:05:28.372   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\qmldir
2017-07-21 22:05:28.372   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\plugins.qmltypes
2017-07-21 22:05:28.372   Deleting directory: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets
2017-07-21 22:05:28.372   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
2017-07-21 22:05:28.372   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qmldir
2017-07-21 22:05:28.388   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\plugins.qmltypes
2017-07-21 22:05:28.388   Deleting directory: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts
2017-07-21 22:05:28.388   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Extras\qtquickextrasplugin.dll
2017-07-21 22:05:28.388   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Extras\qmldir
2017-07-21 22:05:28.388   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Extras\plugins.qmltypes
2017-07-21 22:05:28.388   Deleting directory: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Extras
2017-07-21 22:05:28.388   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\Private\qmldir
2017-07-21 22:05:28.388   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\Private\plugins.qmltypes
2017-07-21 22:05:28.388   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\Private\dialogsprivateplugin.dll
2017-07-21 22:05:28.388   Deleting directory: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\Private
2017-07-21 22:05:28.388   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\qmldir
2017-07-21 22:05:28.388   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\plugins.qmltypes
2017-07-21 22:05:28.403   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
2017-07-21 22:05:28.403   Deleting directory: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs
2017-07-21 22:05:28.403   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Flat\qtquickextrasflatplugin.dll
2017-07-21 22:05:28.403   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Flat\qmldir
2017-07-21 22:05:28.403   Deleting directory: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Flat
2017-07-21 22:05:28.403   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\qmldir
2017-07-21 22:05:28.403   Deleting directory: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles
2017-07-21 22:05:28.403   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2017-07-21 22:05:28.403   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qmldir
2017-07-21 22:05:28.403   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\plugins.qmltypes
2017-07-21 22:05:28.403   Deleting directory: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls
2017-07-21 22:05:28.419   Deleting directory: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick
2017-07-21 22:05:28.419   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\qmldir
2017-07-21 22:05:28.419   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\plugins.qmltypes
2017-07-21 22:05:28.419   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
2017-07-21 22:05:28.419   Deleting directory: C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2
2017-07-21 22:05:28.419   Deleting directory: C:\Program Files\Malwarebytes\Anti-Malware\QtQml
2017-07-21 22:05:28.419   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Qt\labs\settings\qmlsettingsplugin.dll
2017-07-21 22:05:28.419   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Qt\labs\settings\qmldir
2017-07-21 22:05:28.419   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Qt\labs\settings\plugins.qmltypes
2017-07-21 22:05:28.419   Deleting directory: C:\Program Files\Malwarebytes\Anti-Malware\Qt\labs\settings
2017-07-21 22:05:28.419   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Qt\labs\folderlistmodel\qmlfolderlistmodelplugin.dll
2017-07-21 22:05:28.435   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Qt\labs\folderlistmodel\qmldir
2017-07-21 22:05:28.435   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Qt\labs\folderlistmodel\plugins.qmltypes
2017-07-21 22:05:28.435   Deleting directory: C:\Program Files\Malwarebytes\Anti-Malware\Qt\labs\folderlistmodel
2017-07-21 22:05:28.435   Deleting directory: C:\Program Files\Malwarebytes\Anti-Malware\Qt\labs
2017-07-21 22:05:28.435   Deleting directory: C:\Program Files\Malwarebytes\Anti-Malware\Qt
2017-07-21 22:05:28.435   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\scenegraph\softwarecontext.dll
2017-07-21 22:05:28.435   Deleting directory: C:\Program Files\Malwarebytes\Anti-Malware\scenegraph
2017-07-21 22:05:28.435   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
2017-07-21 22:05:28.435   Deleting directory: C:\Program Files\Malwarebytes\Anti-Malware\platforms
2017-07-21 22:05:28.435   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qwebp.dll
2017-07-21 22:05:28.435   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qwbmp.dll
2017-07-21 22:05:28.450   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qtiff.dll
2017-07-21 22:05:28.450   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qtga.dll
2017-07-21 22:05:28.450   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
2017-07-21 22:05:28.450   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qjpeg.dll
2017-07-21 22:05:28.450   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
2017-07-21 22:05:28.450   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qicns.dll
2017-07-21 22:05:28.450   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qgif.dll
2017-07-21 22:05:28.450   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qdds.dll
2017-07-21 22:05:28.450   Deleting directory: C:\Program Files\Malwarebytes\Anti-Malware\imageformats
2017-07-21 22:05:28.450   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\iconengines\qsvgicon.dll
2017-07-21 22:05:28.466   Deleting directory: C:\Program Files\Malwarebytes\Anti-Malware\iconengines
2017-07-21 22:05:28.466   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\msvcr120.dll
2017-07-21 22:05:28.466   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\msvcp120.dll
2017-07-21 22:05:28.466   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtWinExtras\qml_winextras.dll
2017-07-21 22:05:28.466   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtWinExtras\qmldir
2017-07-21 22:05:28.466   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtWinExtras\plugins.qmltypes
2017-07-21 22:05:28.466   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtWinExtras\JumpListSeparator.qml
2017-07-21 22:05:28.466   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtWinExtras\JumpListLink.qml
2017-07-21 22:05:28.466   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtWinExtras\JumpListDestination.qml
2017-07-21 22:05:28.466   Deleting directory: C:\Program Files\Malwarebytes\Anti-Malware\QtWinExtras
2017-07-21 22:05:28.482   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
2017-07-21 22:05:28.482   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
2017-07-21 22:05:28.482   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
2017-07-21 22:05:28.482   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
2017-07-21 22:05:28.482   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
2017-07-21 22:05:28.482   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
2017-07-21 22:05:28.482   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
2017-07-21 22:05:28.482   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
2017-07-21 22:05:28.497   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll
2017-07-21 22:05:28.497   The file appears to be in use (5). Will delete on restart.
2017-07-21 22:05:28.497   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\malwarebytes_assistant.exe
2017-07-21 22:05:28.497   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\assistant.exe
2017-07-21 22:05:28.497   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
2017-07-21 22:05:28.497   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
2017-07-21 22:05:28.497   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\changes.txt
2017-07-21 22:05:28.513   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\suhlpr.dll
2017-07-21 22:05:28.513   Deleting directory: C:\ProgramData\Malwarebytes\MBAMService\config
2017-07-21 22:05:28.513   Failed to delete directory (145). Will retry later.
2017-07-21 22:05:28.513   Deleting directory: C:\ProgramData\Malwarebytes\MBAMService\logs
2017-07-21 22:05:28.513   Failed to delete directory (145). Will retry later.
2017-07-21 22:05:28.513   Deleting directory: C:\ProgramData\Malwarebytes\MBAMService
2017-07-21 22:05:28.513   Failed to delete directory (145). Will retry later.
2017-07-21 22:05:28.513   Deleting directory: C:\ProgramData\Malwarebytes
2017-07-21 22:05:28.513   Failed to delete directory (145). Will retry later.
2017-07-21 22:05:28.513   Deleting directory: C:\Program Files\Malwarebytes\Anti-Malware
2017-07-21 22:05:28.513   Failed to delete directory (145). Will retry later.
2017-07-21 22:05:28.513   Deleting directory: C:\Program Files\Malwarebytes
2017-07-21 22:05:28.513   Failed to delete directory (145). Will retry later.
2017-07-21 22:05:28.513   Deleting directory: C:\ProgramData\Malwarebytes\MBAMService\AeDetections
2017-07-21 22:05:28.513   Deleting directory: C:\ProgramData\Malwarebytes\MBAMService\ARW
2017-07-21 22:05:28.513   Deleting directory: C:\ProgramData\Malwarebytes\MBAMService\ArwDetections
2017-07-21 22:05:28.513   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
2017-07-21 22:05:28.513   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json
2017-07-21 22:05:28.513   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json
2017-07-21 22:05:28.528   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
2017-07-21 22:05:28.528   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
2017-07-21 22:05:28.528   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json
2017-07-21 22:05:28.528   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json
2017-07-21 22:05:28.528   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json
2017-07-21 22:05:28.528   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
2017-07-21 22:05:28.528   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json
2017-07-21 22:05:28.528   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
2017-07-21 22:05:28.528   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\config\telemetry.json
2017-07-21 22:05:28.528   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
2017-07-21 22:05:28.528   Deleting directory: C:\ProgramData\Malwarebytes\MBAMService\config
2017-07-21 22:05:28.528   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Actions.dll
2017-07-21 22:05:28.528   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\clean.mbdb
2017-07-21 22:05:28.544   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dbmanifest.dat
2017-07-21 22:05:28.544   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dynconfig.dat
2017-07-21 22:05:28.544   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\exclusions.txt
2017-07-21 22:05:28.544   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\MBAMCore.dll
2017-07-21 22:05:28.544   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\mbdigsig.dat
2017-07-21 22:05:28.544   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\prot.mbdb
2017-07-21 22:05:28.544   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rdefs.mbdb
2017-07-21 22:05:28.544   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rules.mbdb
2017-07-21 22:05:28.544   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\scan.mbdb
2017-07-21 22:05:28.544   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\tids.mbdb
2017-07-21 22:05:28.544   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\lkg_db\wprot.mbdb
2017-07-21 22:05:28.544   Deleting directory: C:\ProgramData\Malwarebytes\MBAMService\lkg_db
2017-07-21 22:05:28.544   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\logs\mbae-default.log
2017-07-21 22:05:28.560   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\logs\mbae-protector.xpe
2017-07-21 22:05:28.560   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\logs\MBAMSERVICE.LOG
2017-07-21 22:05:28.560   Deleting directory: C:\ProgramData\Malwarebytes\MBAMService\logs
2017-07-21 22:05:28.560   Deleting directory: C:\ProgramData\Malwarebytes\MBAMService\MwacDetections
2017-07-21 22:05:28.560   Deleting directory: C:\ProgramData\Malwarebytes\MBAMService\RtpDetections
2017-07-21 22:05:28.560   Deleting directory: C:\ProgramData\Malwarebytes\MBAMService\ScanResults
2017-07-21 22:05:28.560   Deleting directory: C:\ProgramData\Malwarebytes\MBAMService
2017-07-21 22:05:28.560   Deleting file: C:\WINDOWS\system32\drivers\farflt.sys
2017-07-21 22:05:28.560   Deleting file: C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
2017-07-21 22:05:28.560   Deleting file: C:\WINDOWS\system32\drivers\mwac.sys
2017-07-21 22:05:28.575   Deleting file: C:\WINDOWS\system32\drivers\mbam.sys
2017-07-21 22:05:28.575   Deleting file: C:\WINDOWS\system32\drivers\MBAMChameleon.sys
2017-07-21 22:05:28.575   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json
2017-07-21 22:05:28.575   Deleting directory: C:\Program Files\Malwarebytes\Anti-Malware
2017-07-21 22:05:28.575   Failed to delete directory (145). Will retry later.
2017-07-21 22:05:28.575   Deleting Uninstall data files.
2017-07-21 22:05:29.115   Deleting directory: C:\ProgramData\Malwarebytes
2017-07-21 22:05:29.115   Deleting directory: C:\Program Files\Malwarebytes\Anti-Malware
2017-07-21 22:05:29.115   Failed to delete directory (145). Will delete on restart (if empty).
2017-07-21 22:05:29.131   Deleting directory: C:\Program Files\Malwarebytes
2017-07-21 22:05:29.131   Failed to delete directory (145). Will delete on restart (if empty).
2017-07-21 22:05:29.146   Uninstallation process succeeded.
2017-07-21 22:05:29.146   Removed all? Yes
2017-07-21 22:05:29.146   Need to restart Windows? Yes
2017-07-21 22:05:29.146   Will not restart Windows automatically.
2017-07-21 22:05:29.146   Log closed.
2017-07-21 22:05:35.755   Malwarebytes self-protection module is not installed.
2017-07-21 22:05:35.771   Launching process:C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /log="C:\Users\User\AppData\Local\Temp\Mbam2x.log"
2017-07-21 22:05:35.771   Failed to launch C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /log="C:\Users\User\AppData\Local\Temp\Mbam2x.log", reason:(The system cannot find the file specified.(error=2))
2017-07-21 22:05:35.771   >>>>>> Starting 2nd phase cleanup for Malwarebytes Anti-Malware version 2.2.1.1043 <<<<<<
2017-07-21 22:05:35.771   HKLM\SYSTEM\CurrentControlSet\Services\MBAMChameleon does not exist.
2017-07-21 22:05:35.771   HKLM\SYSTEM\CurrentControlSet\Services\MBAMProtector does not exist.
2017-07-21 22:05:35.771   HKLM\SYSTEM\CurrentControlSet\Services\MBAMScheduler does not exist.
2017-07-21 22:05:35.771   HKLM\SYSTEM\CurrentControlSet\Services\MBAMService does not exist.
2017-07-21 22:05:35.771   HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy does not exist.
2017-07-21 22:05:35.786   HKLM\SYSTEM\CurrentControlSet\Services\MBAMWebAccessControl does not exist.
2017-07-21 22:05:42.547   Trying to delete path C:\ProgramData\Malwarebytes\
2017-07-21 22:05:42.547   Cannot delete path C:\ProgramData\Malwarebytes\, reason:(The system cannot find the path specified.(error=3))
2017-07-21 22:05:42.547   Trying to delete path C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\
2017-07-21 22:05:42.563   Cannot delete path C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\, reason:(The system cannot find the path specified.(error=3))
2017-07-21 22:05:42.563   Trying to delete path C:\Program Files (x86)\Malwarebytes Anti-Malware\
2017-07-21 22:05:42.563   Trying to delete path C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\
2017-07-21 22:05:42.563   Trying to delete path C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\
2017-07-21 22:05:42.563   Trying to delete file or folder: C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\
2017-07-21 22:05:42.578   Failed to delete C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\, reason:(The directory is not empty.(error=145))
2017-07-21 22:05:42.578   Trying to delete file or folder C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\ on reboot
2017-07-21 22:05:42.578   Trying to delete file or folder: C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\
2017-07-21 22:05:42.578   Failed to delete C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\, reason:(The directory is not empty.(error=145))
2017-07-21 22:05:42.578   Trying to delete file or folder C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\ on reboot
2017-07-21 22:05:42.578   Trying to delete file or folder: C:\Program Files (x86)\Malwarebytes Anti-Malware\
2017-07-21 22:05:42.594   Failed to delete C:\Program Files (x86)\Malwarebytes Anti-Malware\, reason:(The directory is not empty.(error=145))
2017-07-21 22:05:42.594   Trying to delete file or folder C:\Program Files (x86)\Malwarebytes Anti-Malware\ on reboot
2017-07-21 22:05:49.502   --------END OF LOG FILE ----------
2017-07-21 22:07:23.938   >>>>>Starting post reboot phase cleanup for Malwarebytes version 3.1.2.1733 <<<<<<<<.
2017-07-21 22:07:27.376   HKLM\SYSTEM\CurrentControlSet\Services\ESProtectionDriver does not exist.
2017-07-21 22:07:32.001   HKLM\SYSTEM\CurrentControlSet\Services\MBAMChameleon does not exist.
2017-07-21 22:07:36.267   HKLM\SYSTEM\CurrentControlSet\Services\MBAMFarflt does not exist.
2017-07-21 22:07:37.173   HKLM\SYSTEM\CurrentControlSet\Services\MBAMProtection does not exist.
2017-07-21 22:07:47.236   HKLM\SYSTEM\CurrentControlSet\Services\MBAMService does not exist.
2017-07-21 22:07:49.705   HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy does not exist.
2017-07-21 22:07:51.518   HKLM\SYSTEM\CurrentControlSet\Services\MBAMWebProtection does not exist.
2017-07-21 22:08:07.503   Trying to delete path C:\ProgramData\Malwarebytes\
2017-07-21 22:08:08.269   Cannot delete path C:\ProgramData\Malwarebytes\, reason:(The system cannot find the path specified.(error=3))
2017-07-21 22:08:08.503   Trying to delete path C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\
2017-07-21 22:08:08.565   Cannot delete path C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\, reason:(The system cannot find the path specified.(error=3))
2017-07-21 22:08:08.628   Trying to delete path C:\Program Files\Malwarebytes\Anti-Malware\
2017-07-21 22:08:08.675   Cannot delete path C:\Program Files\Malwarebytes\Anti-Malware\, reason:(The system cannot find the path specified.(error=3))
2017-07-21 22:08:08.784   >>>>>Starting post reboot phase cleanup for Malwarebytes Anti-Malware version 2.2.1.1043 <<<<<<<<.
2017-07-21 22:08:08.862   HKLM\SYSTEM\CurrentControlSet\Services\MBAMChameleon does not exist.
2017-07-21 22:08:08.894   HKLM\SYSTEM\CurrentControlSet\Services\MBAMProtector does not exist.
2017-07-21 22:08:08.972   HKLM\SYSTEM\CurrentControlSet\Services\MBAMScheduler does not exist.
2017-07-21 22:08:09.050   HKLM\SYSTEM\CurrentControlSet\Services\MBAMService does not exist.
2017-07-21 22:08:09.175   HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy does not exist.
2017-07-21 22:08:09.253   HKLM\SYSTEM\CurrentControlSet\Services\MBAMWebAccessControl does not exist.
2017-07-21 22:08:19.050   Trying to delete path C:\ProgramData\Malwarebytes\
2017-07-21 22:08:19.066   Cannot delete path C:\ProgramData\Malwarebytes\, reason:(The system cannot find the path specified.(error=3))
2017-07-21 22:08:19.066   Trying to delete path C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\
2017-07-21 22:08:19.066   Cannot delete path C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\, reason:(The system cannot find the path specified.(error=3))
2017-07-21 22:08:19.066   Trying to delete path C:\Program Files (x86)\Malwarebytes Anti-Malware\
2017-07-21 22:08:19.066   Trying to delete path C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\
2017-07-21 22:08:19.066   Trying to delete path C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\
2017-07-21 22:08:19.676   Trying to delete file or folder: C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\
2017-07-21 22:08:19.691   Failed to delete C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\, reason:(The directory is not empty.(error=145))
2017-07-21 22:08:19.691   Trying to delete file or folder C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\ on reboot
2017-07-21 22:08:19.691   Trying to delete file or folder: C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\
2017-07-21 22:08:19.691   Failed to delete C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\, reason:(The directory is not empty.(error=145))
2017-07-21 22:08:19.691   Trying to delete file or folder C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\ on reboot
2017-07-21 22:08:19.707   Trying to delete file or folder: C:\Program Files (x86)\Malwarebytes Anti-Malware\
2017-07-21 22:08:19.722   Failed to delete C:\Program Files (x86)\Malwarebytes Anti-Malware\, reason:(The directory is not empty.(error=145))
2017-07-21 22:08:19.722   Trying to delete file or folder C:\Program Files (x86)\Malwarebytes Anti-Malware\ on reboot
2017-07-21 22:10:06.714   Malwarebytes v3.x was installed successfully.
2017-07-21 22:10:06.714   Launching process:"C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe"
2017-07-21 22:10:25.214   --------END OF LOG FILE ----------


#23 agangelus

agangelus

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 21 July 2017 - 09:04 PM

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 7/21/17
Scan Time: 11:23 PM
Log File: mbamreport.txt
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.160
Update Package Version: 1.0.2412
License: Trial

-System Information-
OS: Windows 10 (Build 15063.483)
CPU: x64
File System: NTFS
User: LENOVO-PC\User

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 397029
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 10 min, 6 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)



#24 agangelus

agangelus

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 21 July 2017 - 09:25 PM

Hi,

 

The PC appears to be fine. There hadn't really been any noticeable issue except when for almost two weeks I had no internet access due to the ethernet adapter and the wi-fi adapter problems which just seemed to rectify itself for no reason. I felt that was very strange as you don't lose connection for two weeks then all of a sudden without any reason it comes back.

Anyway, all seems fine apart from my Malwarebytes license key. Also, sometimes when I use Google Chrome it says there was a network change, I then have to restart the PC and it works again. Also I have CCleaner running on my PC and Comodo keeps bringing up a message saying CCleaner needs to change something with the options being "keep browsers settings" or "change browser settings".

 

Ali :think:  



#25 Android 8888

Android 8888

    SWI Malware Tracker

  • Helper
  • PipPipPipPipPip
  • 976 posts

Posted 24 July 2017 - 04:38 PM

Hello agangelus.

Thank you for the logs and sorry for the late reply.

The logs indicate that the tools I asked you to run removed some threats.


Regarding the Malwarebytes issue, did you try to deactivate your license key before you uninstall Malwarebytes and reinstall it again?

If not, that could be the reason of getting that message.

Please download and install the free version of Revo Uninstaller
Right-click on the icon of Revo Uninstaller and select Run as administrator to run the tool.
Click Yes to accept any security warnings that may appear.
Select Malwarebytes and click Uninstall. Follow the instructions to complete the removal process.
In 'Search Mode' set it to 'Advanced' and click on the Scan button. The tool will search for leftovers.
Click on Delete and then click Next. You may have to repeat this to delete all the leftovers (Registry items, files and folders).
Click on the Finish button.
Restart the computer.

Now please download Malwarebytes version 3 from here and save it to your computer Desktop or anywhere else on your system since you know where is located.

Double click on the installer and follow the prompts to install the program. If necessary select the Blue Help tab for video instructions.

Insert your license key and credentials when asked to activate your Premium version.

Restart the computer when the installation is complete and check if that fixed the issue.

If that does not solved the issue, then I suggest you sign up on Malwarebytes Forums and create a support ticket by using the following link: https://support.malw...s/new?b_id=6400

Please note that the support is overloaded at this time and will take more than the usual 2-3 days to respond.


Next, let's check your system for leftovers of infection with ESET Online Scanner.

  • Click on this link to open ESET Online Scanner in a new window.
    • Click on the Scan Now button to download the esetonlinescanner_enu.exe file. Save it to your Desktop.
    • Close all your programs and browsers and disconnect any USB flash drives from the computer.
    • Please disable your antivirus program to avoid potential conflicts, improve the performance and speed up the scan.
    • Double click on esetonlinescanner_enu.exe to start ESET Online Scanner. It will open a window with the Terms of Use.
  • Check mark Download latest version of ESET Online Scanner and click the Accept button.
  • Click Yes to accept any security warnings that may appear.
  • Under Computer scan settings, check mark Enable detection of potentially unwanted applications.
  • Then click Advanced settings and check mark the following options:
    • Enable detection of potentially unsafe applications
    • Clean threats automatically
  • Click the Scan button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats.
  • Click Export, and save the file to your Desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Note: If nothing is found, it will not produce a log.

Please re-enable your antivirus program.


Please post the entire contents of the ESET log (if it produced one) and let me know if the Malwarebytes issue still persists.


Android 8888
 

Website: http://android8888.comlu.com

 

Tavira - Here's where I live!

 

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.


#26 agangelus

agangelus

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 26 July 2017 - 04:46 PM

Hi again

 

I've followed everything you've advised but Malwarebytes is still a problem. I raised a ticket for assistance so, hopefully they will be able to help me. I have a free trial at the moment so all is ok for now. 

I ran the eset scan like you advised and thankfully nothing was found. 

What do you think the issue is with Chrome, CCleaner and Comodo?

 

Regards

Ali :-)



#27 Android 8888

Android 8888

    SWI Malware Tracker

  • Helper
  • PipPipPipPipPip
  • 976 posts

Posted 28 July 2017 - 07:52 AM

Hello agangelus.
 

 

I ran the eset scan like you advised and thankfully nothing was found.

That is a good sign. It means that your computer appears to be clean and free of malware.

 

What do you think the issue is with Chrome, CCleaner and Comodo?

I can not tell you for sure. Comodo is detecting that CCleaner is trying to change something in your browser settings. As a precaution measure I suggest that you select 'keep browser settings' and restart the computer to see what happens. Are you still getting the message from Comodo?


Please delete your old version of RGSA.exe and download a new version from here and save it to your computer Desktop.

  • Close your security software to avoid potential conflicts.
  • Right-click on RGSA.exe and select Run as administrator to run the tool.
  • Accept the User Account Control security warning that may appear.
  • Click OK on the copyright-disclaimer
  • When finished, a Notepad window will open with the results of the scan.
  • The log named SALog.txt can also be found on the Desktop or in the same folder from where the tool is run if installed elsewhere.
  • Please copy and paste the contents of the new log in your next reply.
  • Note: If you get a warning from Windows about running the program, click on 'More info' and then click 'Run Anyway' to run it even though Windows says it might put your PC at risk.

 

 

Android 8888


Android 8888
 

Website: http://android8888.comlu.com

 

Tavira - Here's where I live!

 

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.


#28 agangelus

agangelus

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 30 July 2017 - 05:10 PM

Hi again
 
I've done as you said with CCleaner, when I restart Comodo still pops up with the same options. Chrome is still behaving the same way. I sometimes use Avast SafeZone Browser which does exactly the same thing. 
Anyway, here is the log:
 
 
Result of Security Analysis by Rocket Grannie (x86) Updated: 25th July, 2017
Running from:C:\Users\User\Desktop (23:06:05 - 07/30/2017)
***---------------------------------------------------------***
Microsoft Windows 10 Home X64
UAC is Enabled
Internet Explorer 11
Default Browser: Google Chrome
***------------Antivirus - Antispyware - Firewall-----------***
Avast Antivirus (Disabled - up to Date)
Malwarebytes (Enabled - up to Date)
Windows Defender (Disabled - up to Date)
Malwarebytes (Enabled - up to Date)
Malwarebytes (Enabled - up to Date)
Windows Defender (Disabled - up to Date)
Avast Antivirus (Disabled - up to Date)
Malwarebytes (Enabled - up to Date)
COMODO Firewall (Enabled)
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player 26 NPAPI (26.0.0.137)
CCleaner (5.32)
Google Chrome (59.0.3071.115)
Malwarebytes (3.1.2.1733)
Microsoft Silverlight (5.1.50907.0)
Mozilla Firefox (54.0.1)
SpywareBlaster (5.5.0)
 
***----------------Analysis Complete-------------------------***
 
 
Not sure if it means anything, but there are two instances of Adobe Flash Player 26 NPAPI (26.00.137)
 
Regards
Ali :-)

Edited by agangelus, 30 July 2017 - 05:14 PM.


#29 Android 8888

Android 8888

    SWI Malware Tracker

  • Helper
  • PipPipPipPipPip
  • 976 posts

Posted 31 July 2017 - 06:34 PM

Hello agangelus.
 

Not sure if it means anything, but there are two instances of Adobe Flash Player 26 NPAPI (26.00.137)

Where are you seeing this? I only see one in the log.


Next,

Clear the cache, cookies and history of Google Chrome:

Google Chrome
https://support.goog...wer/32050?hl=en


Reset Google Chrome settings to default:

Google Chrome
https://support.goog...r/3296214?hl=en


Now restart the computer and see if the message from Comodo still appears. If it appears, select the option 'Change browser settings'.


Next, you can now delete the tools that were used in the malware removal process.

Follow the instructions below to download and execute DelFix.

  • Download DelFix and move the executable to your Desktop;
  • Right-click on DelFix.exe and select Run as Administrator;
  • Check the following options :
    • Remove disinfection tools (this option will remove the tools used in the cleaning process).
    • Create registry backup (this option will create a backup from the Windows Registry).
    • Purge system restore (this option will remove all previous and possibly infected restore points, and will create a new and clean restore point of your system).
    • Reset system settings (this option will reset any system settings back to default that were changed either by us during cleansing or by malware infection).
  • Once the options mentioned above are checked, click on Run;
  • After DelFix is done running, a log will open. Please copy and paste the entire content of the output log in your next reply;

 

 

Are there any issues or concerns with your computer?


Android 8888
 

Website: http://android8888.comlu.com

 

Tavira - Here's where I live!

 

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.


#30 agangelus

agangelus

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 01 August 2017 - 06:48 PM

Hi again

 

The two instances of Adobe are in the control panel under programs and features. The only slight difference is one is 5.55MB and the other is 4.29MB.

 

I followed all your instructions for Chrome, but as soon as I restarted it popped up again, so I selected to change the browser settings.

 

# DelFix v1.013 - Logfile created 02/08/2017 at 00:40:03

# Updated 17/04/2016 by Xplode

# Username : User - LENOVO-PC

# Operating System : Windows 10 Home  (64 bits)

 

~ Removing disinfection tools ...

 

Deleted : C:\FRST

Deleted : C:\AdwCleaner

Deleted : C:\Users\User\Desktop\FRST-OlderVersion

Deleted : C:\Users\User\Desktop\Addition.txt

Deleted : C:\Users\User\Desktop\Fixlog.txt

Deleted : C:\Users\User\Desktop\FRST.txt

Deleted : C:\Users\User\Desktop\FRST64.exe

Deleted : C:\Users\User\Desktop\JRT.exe

Deleted : C:\Users\User\Desktop\JRT.txt

Deleted : C:\Users\User\Desktop\RGSA.exe

Deleted : C:\Users\User\Desktop\SALog.txt

Deleted : C:\Users\User\Downloads\adwcleaner_7.0.0.0 (1).exe

Deleted : C:\Users\User\Downloads\adwcleaner_7.0.0.0 (2).exe

Deleted : C:\Users\User\Downloads\adwcleaner_7.0.0.0.exe

 

~ Creating registry backup ... OK

 

~ Cleaning system restore ...

 

Deleted : RP #10 [Scheduled Checkpoint | 07/29/2017 12:18:17]

Deleted : RP #11 [Removed Google Earth Pro | 07/30/2017 19:03:44]

Deleted : RP #12 [Removed Google Earth Plug-in | 07/30/2017 19:05:17]

Deleted : RP #13 [Removed Google Earth Plug-in | 07/30/2017 19:10:29]

 

New restore point created !

 

~ Resetting system settings ... OK

 

########## - EOF - ##########

 

They are both in the control panel "programs and features". The only difference between them is one is 5.55MB and the other is 4.29MB



#31 Android 8888

Android 8888

    SWI Malware Tracker

  • Helper
  • PipPipPipPipPip
  • 976 posts

Posted 03 August 2017 - 07:25 AM

Hello agangelus.
 

The two instances of Adobe are in the control panel under programs and features. The only slight difference is one is 5.55MB and the other is 4.29MB.

They are different. Adobe Flash Player 26 NPAPI is designed for Firefox and Netscape Plug-In compatible applications and Adobe Flash Player 26 PPAPI is designed for Opera and Chromium based applications. So you can keep both.
 

 

I followed all your instructions for Chrome, but as soon as I restarted it popped up again, so I selected to change the browser settings.

Okay, did that solved the message issue when restarting the computer?

 

How is the computer running? Are there any issues or concerns with this computer?


Android 8888
 

Website: http://android8888.comlu.com

 

Tavira - Here's where I live!

 

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.


#32 agangelus

agangelus

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 14 August 2017 - 07:21 PM

Hi there,

 

I've been away for a while, sorry I've only replied now. I did actually write up a reply before I left, however, I forgot to post it.

Anyway, as for how the pc is running, the issue with the message from Comodo has now stopped. However, I am not convinced that everything is fine, as Chrome it very temperamental. For instance today and yesterday when I was using it, it would frequently freeze for around 15 seconds when I would click on something then carry on normally for a few seconds. This also affected other things I would use on the computer like the start menu or trying to launch other applications and I would have to hold in the power button to restart it. Tonight I've had to use MS edge as Chrome just won't behave. It freezes, it either won't load pages or takes a long time to load them. I tried using Malwarebytes (it's only the free version as I haven't managed to get my license sorted out) but it wouldn't give me the options for the scan, so it only took around 5 minutes. I had a look again just now and it now gives me the options, so it's running just now.

I really don't think all is as it should be.

 

Ali :think:  

 

Please be patient. Your topic will be answered as soon as possible.


Edited by Rocket Grannie, 23 August 2017 - 12:43 AM.


#33 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,159 posts

Posted 23 August 2017 - 12:55 PM

Hi,

I will take over this topic in the Absence of Android 8888

---

Since you have already resetted Chrome and the problem persists lets try this.

step1.gif Will remove Chrome from your Computer and reinstall a fresh copy later.

step2.gif Before you remove Chrome Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

How To: http://ccm.net/faq/3...hrome-bookmarks

step3.gifIf you sync you account you must remove it before you save your bookmarks etc...
Delete Your Google Chrome Browser Sync Data
https://www.howtogee...wser-sync-data/


step4.gif Clear your Chrome cache and cookies
https://support.goog...er/183083?hl=en


step5.gif Remove Chrome using the the instructions on this page.
https://support.goog...wer/95319?hl=en

step6.gif Re-install Chrome and the Bookmarks.
====

I would appreciate if you would run the Farbar Program and post Fresh FRST.txt and Addition.txt logs for my review.

To create a new Addition.txt log you must make sure that the box to create one is checked.

Let me know what problem persists.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#34 agangelus

agangelus

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 23 August 2017 - 05:14 PM

Hi there,

 

Many thanks for this.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by User (administrator) on LENOVO-PC (23-08-2017 23:07:36)
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(COMODO) C:\Program Files (x86)\Comodo\Internet Security Essentials\isesrv.exe
() C:\Windows\jmesoft\Service.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Maxthon) C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
() C:\Windows\jmesoft\JME_LOAD.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1473627642\ee\aolsoftware.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(COMODO) C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2013-11-13] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213832 2017-07-19] (AVAST Software)
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1489088 2017-07-11] (COMODO)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2013-07-24] (Lenovo)
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-08-17] ()
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-05] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)
HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1473627642\ee\AOLSoftware.exe [41800 2016-09-11] (AOL Inc.)
HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [3632848 2017-07-05] (COMODO)
HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-27] (Google)
HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9832152 2017-08-03] (Piriform Ltd)
HKU\S-1-5-21-16860551-3646413191-704074031-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Ribbons.scr [148992 2017-03-18] (Microsoft Corporation)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-10-24]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{a6681157-53ba-49bb-b856-e16e38b0f888}: [NameServer] 156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{a6681157-53ba-49bb-b856-e16e38b0f888}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{ae5e03d9-a132-4dc4-ac2c-06f3741a3be9}: [NameServer] 156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{ae5e03d9-a132-4dc4-ac2c-06f3741a3be9}: [DhcpNameServer] 192.168.1.1 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-16860551-3646413191-704074031-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aol.co.uk/?ncid=hyplogukaolp00000008
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-08-23] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-08-23] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-08-23] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-08-23] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-08-23] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-08-23] (Microsoft Corporation)
 
Edge: 
======
Edge HomeButtonPage: HKU\S-1-5-21-16860551-3646413191-704074031-1001 -> hxxp://www.aol.co.uk/
Edge Extension: (Amazon Assistant) -> xxx_AmazoncomAmazonAssistant_343d40qqvtj1t => C:\Program Files\WindowsApps\Amazon.com.AmazonAssistant_10.1706.29.0_neutral__343d40qqvtj1t [2017-07-07]
 
FireFox:
========
FF DefaultProfile: xkz8mqjq.default-1501714328924
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\xkz8mqjq.default-1501714328924 [2017-08-23]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-08] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-08] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-08-23] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2014-02-14] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2017-08-23]
CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-08-23]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-08-23]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-23]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-23]
CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-08-23]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-23]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-08-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-23]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-23]
CHR HKU\S-1-5-21-16860551-3646413191-704074031-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7430992 2017-07-19] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263312 2017-07-19] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4424392 2017-08-12] (Microsoft Corporation)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [10501104 2017-07-11] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2876096 2017-07-11] (COMODO)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-09-17] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel® Corporation)
R2 isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [133840 2017-07-05] (COMODO)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-17] () [File not signed]
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [559872 2014-08-07] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584664 2016-02-13] (LENOVO INCORPORATED.)
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-05-01] (Lenovo)
R2 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [1872808 2015-11-27] (Maxthon)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2014-02-14] (Nitro PDF Software)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-15] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [320008 2017-07-19] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [198976 2017-07-19] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [343288 2017-07-19] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [57728 2017-07-19] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [46984 2017-07-06] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [41800 2017-07-06] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [146704 2017-08-11] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [110352 2017-07-06] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [84392 2017-07-06] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1015880 2017-08-11] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [585608 2017-07-06] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [198768 2017-07-06] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [361336 2017-07-06] (AVAST Software)
R1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [40936 2017-06-02] (COMODO)
R1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [831992 2017-06-02] (COMODO)
R1 cmdhlp; C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [50776 2017-06-02] (COMODO)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77376 2017-08-13] ()
R1 inspect; C:\WINDOWS\system32\DRIVERS\inspect.sys [132880 2017-06-07] (COMODO)
R1 isedrv; C:\WINDOWS\system32\drivers\isedrv.sys [62208 2017-03-29] (COMODO)
S3 ldiagio_uefi; C:\Program Files\Lenovo\Lenovo Solution Center\App\ldiag\x64\ldiagio_uefi.sys [25248 2015-12-22] (Lenovo Group Limited ®)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [188352 2017-08-16] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [101784 2017-08-23] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [45472 2017-08-23] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253856 2017-08-23] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93600 2017-08-23] (Malwarebytes)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6320640 2017-03-18] (Realtek Semiconductor Corporation )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [87568 2013-07-02] (Intel Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-23 23:07 - 2017-08-23 23:08 - 000018442 _____ C:\Users\User\Desktop\FRST.txt
2017-08-23 23:03 - 2017-08-23 23:07 - 000000000 ____D C:\FRST
2017-08-23 23:02 - 2017-08-23 23:02 - 002395648 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2017-08-23 22:53 - 2017-08-23 22:53 - 000002351 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-23 22:53 - 2017-08-23 22:53 - 000002339 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-08-23 22:51 - 2017-08-23 22:51 - 001130328 _____ (Google Inc.) C:\Users\User\Downloads\ChromeSetup.exe
2017-08-23 22:51 - 2017-08-23 22:51 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-08-23 22:21 - 2017-08-23 22:33 - 000088113 _____ C:\Users\User\Documents\bookmarks_23_08_2017.html
2017-08-23 00:21 - 2017-08-23 00:22 - 009791816 _____ (Piriform Ltd) C:\Users\User\Downloads\ccsetup533.exe
2017-08-16 21:03 - 2017-08-16 21:03 - 000188352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-08-16 21:02 - 2017-08-23 22:40 - 000101784 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-08-16 21:02 - 2017-08-23 22:40 - 000093600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-08-16 21:02 - 2017-08-23 22:40 - 000045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-08-13 19:07 - 2017-08-23 22:40 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-08-13 19:07 - 2017-08-13 19:10 - 000077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-08-13 19:07 - 2017-08-13 19:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-08-13 19:07 - 2017-08-13 19:07 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-08-13 19:07 - 2017-08-13 19:07 - 000000000 ____D C:\Program Files\Malwarebytes
2017-08-13 19:05 - 2017-08-13 19:05 - 064025992 _____ (Malwarebytes ) C:\Users\User\Downloads\mb3-setup-SEMFD.100SEM-3.1.2.1733-1.0.139-1.0.2060.exe
2017-08-13 16:51 - 2017-08-13 16:51 - 001060864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc71.dll
2017-08-10 23:55 - 2017-07-28 05:20 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IpNatHlpClient.dll
2017-08-10 23:55 - 2017-07-28 05:18 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2017-08-10 23:55 - 2017-07-28 05:14 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-08-10 23:54 - 2017-08-01 03:38 - 000406544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-08-10 23:54 - 2017-08-01 03:36 - 002165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-08-10 23:54 - 2017-08-01 03:36 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-08-10 23:54 - 2017-08-01 03:36 - 000119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-08-10 23:54 - 2017-08-01 03:35 - 000280472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-08-10 23:54 - 2017-08-01 03:35 - 000133904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-08-10 23:54 - 2017-08-01 03:34 - 000610584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-08-10 23:54 - 2017-08-01 03:34 - 000359552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-08-10 23:54 - 2017-08-01 03:34 - 000349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-08-10 23:54 - 2017-08-01 03:34 - 000168864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-08-10 23:54 - 2017-08-01 03:32 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-08-10 23:54 - 2017-08-01 03:31 - 000176024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-08-10 23:54 - 2017-08-01 03:20 - 002956288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-08-10 23:54 - 2017-08-01 03:20 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-08-10 23:54 - 2017-08-01 03:20 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-08-10 23:54 - 2017-08-01 03:18 - 013841408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-08-10 23:54 - 2017-08-01 03:18 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-08-10 23:54 - 2017-08-01 03:17 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll
2017-08-10 23:54 - 2017-08-01 03:14 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sscore.dll
2017-08-10 23:54 - 2017-08-01 03:13 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-08-10 23:54 - 2017-08-01 03:13 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll
2017-08-10 23:54 - 2017-08-01 03:12 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-08-10 23:54 - 2017-08-01 03:10 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-08-10 23:54 - 2017-08-01 03:09 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-08-10 23:54 - 2017-08-01 03:08 - 000267264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2017-08-10 23:54 - 2017-08-01 03:07 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-08-10 23:54 - 2017-08-01 03:07 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-08-10 23:54 - 2017-08-01 03:06 - 000798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-08-10 23:54 - 2017-08-01 03:03 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-08-10 23:54 - 2017-08-01 02:34 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-08-10 23:54 - 2017-08-01 02:30 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-08-10 23:54 - 2017-08-01 02:28 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-08-10 23:54 - 2017-07-31 23:45 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2017-08-10 23:54 - 2017-07-31 23:45 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswdat10.dll
2017-08-10 23:54 - 2017-07-31 23:45 - 000641536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-08-10 23:54 - 2017-07-31 23:45 - 000616448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrepl40.dll
2017-08-10 23:54 - 2017-07-31 23:45 - 000518144 _____ C:\WINDOWS\SysWOW64\msjetoledb40.dll
2017-08-10 23:54 - 2017-07-31 23:45 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2017-08-10 23:54 - 2017-07-31 23:45 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2017-08-10 23:54 - 2017-07-31 23:45 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2017-08-10 23:54 - 2017-07-31 23:45 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-08-10 23:54 - 2017-07-31 23:45 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2017-08-10 23:54 - 2017-07-31 23:45 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjtes40.dll
2017-08-10 23:54 - 2017-07-31 23:45 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstext40.dll
2017-08-10 23:54 - 2017-07-31 23:45 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2017-08-10 23:54 - 2017-07-31 23:45 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-08-10 23:54 - 2017-07-31 23:45 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjter40.dll
2017-08-10 23:54 - 2017-07-28 06:23 - 000723360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2017-08-10 23:54 - 2017-07-28 06:20 - 000279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-08-10 23:54 - 2017-07-28 06:15 - 000554400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-08-10 23:54 - 2017-07-28 06:10 - 002679200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-08-10 23:54 - 2017-07-28 06:07 - 000805816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-08-10 23:54 - 2017-07-28 05:48 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-08-10 23:54 - 2017-07-28 05:48 - 000096648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-08-10 23:54 - 2017-07-28 05:47 - 002259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-08-10 23:54 - 2017-07-28 05:40 - 005820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-08-10 23:54 - 2017-07-28 05:40 - 000551200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2017-08-10 23:54 - 2017-07-28 05:38 - 004213656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2017-08-10 23:54 - 2017-07-28 05:37 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-08-10 23:54 - 2017-07-28 05:36 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-08-10 23:54 - 2017-07-28 05:36 - 006761568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-08-10 23:54 - 2017-07-28 05:36 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-08-10 23:54 - 2017-07-28 05:36 - 002424024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-08-10 23:54 - 2017-07-28 05:36 - 001195760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-08-10 23:54 - 2017-07-28 05:36 - 000866808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2017-08-10 23:54 - 2017-07-28 05:36 - 000864248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-08-10 23:54 - 2017-07-28 05:36 - 000173104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2017-08-10 23:54 - 2017-07-28 05:36 - 000090464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.dll
2017-08-10 23:54 - 2017-07-28 05:35 - 000988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-08-10 23:54 - 2017-07-28 05:35 - 000277432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shlwapi.dll
2017-08-10 23:54 - 2017-07-28 05:33 - 000967584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2017-08-10 23:54 - 2017-07-28 05:33 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-08-10 23:54 - 2017-07-28 05:33 - 000414296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2017-08-10 23:54 - 2017-07-28 05:27 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2017-08-10 23:54 - 2017-07-28 05:26 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
2017-08-10 23:54 - 2017-07-28 05:24 - 000184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2017-08-10 23:54 - 2017-07-28 05:21 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-08-10 23:54 - 2017-07-28 05:21 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll
2017-08-10 23:54 - 2017-07-28 05:20 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-08-10 23:54 - 2017-07-28 05:19 - 000942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-08-10 23:54 - 2017-07-28 05:19 - 000417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-08-10 23:54 - 2017-07-28 05:19 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2017-08-10 23:54 - 2017-07-28 05:19 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2017-08-10 23:54 - 2017-07-28 05:17 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-08-10 23:54 - 2017-07-28 05:16 - 001291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-08-10 23:54 - 2017-07-28 05:16 - 000470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-08-10 23:54 - 2017-07-28 05:16 - 000383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-08-10 23:54 - 2017-07-28 05:16 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qasf.dll
2017-08-10 23:54 - 2017-07-28 05:15 - 005721600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-08-10 23:54 - 2017-07-28 05:15 - 000586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2017-08-10 23:54 - 2017-07-28 05:14 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-08-10 23:54 - 2017-07-28 05:14 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2017-08-10 23:54 - 2017-07-28 05:13 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2017-08-10 23:54 - 2017-07-28 05:13 - 000665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-08-10 23:54 - 2017-07-28 05:13 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-08-10 23:54 - 2017-07-28 05:12 - 000952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-08-10 23:54 - 2017-07-28 05:12 - 000587776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-08-10 23:54 - 2017-07-28 05:12 - 000446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-08-10 23:54 - 2017-07-28 05:12 - 000337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-08-10 23:54 - 2017-07-28 05:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-08-10 23:54 - 2017-07-28 05:11 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-08-10 23:54 - 2017-07-28 05:10 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-08-10 23:54 - 2017-07-28 05:10 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-08-10 23:54 - 2017-07-28 05:10 - 000564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shsvcs.dll
2017-08-10 23:54 - 2017-07-28 05:09 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-08-10 23:54 - 2017-07-28 05:08 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-08-10 23:54 - 2017-07-28 05:08 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-08-10 23:54 - 2017-07-28 05:08 - 004056064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-08-10 23:54 - 2017-07-28 05:08 - 000760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-08-10 23:54 - 2017-07-28 05:08 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2017-08-10 23:54 - 2017-07-28 05:07 - 002211840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-08-10 23:54 - 2017-07-28 05:05 - 001536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-08-10 23:54 - 2017-07-28 05:05 - 000892928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-08-10 23:54 - 2017-07-28 05:05 - 000538112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2017-08-10 23:54 - 2017-07-28 05:02 - 000877056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
2017-08-10 23:54 - 2017-07-28 05:02 - 000853504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe
2017-08-10 23:54 - 2017-07-28 05:02 - 000077312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spbcd.dll
2017-08-10 23:53 - 2017-08-01 03:39 - 008319392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-08-10 23:53 - 2017-08-01 03:38 - 000382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-08-10 23:53 - 2017-08-01 03:33 - 000473240 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-08-10 23:53 - 2017-08-01 03:32 - 002444704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-08-10 23:53 - 2017-08-01 03:32 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-08-10 23:53 - 2017-08-01 03:31 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-08-10 23:53 - 2017-08-01 03:31 - 002645680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-08-10 23:53 - 2017-08-01 03:31 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-08-10 23:53 - 2017-08-01 03:30 - 000723680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-08-10 23:53 - 2017-08-01 03:30 - 000411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-08-10 23:53 - 2017-08-01 03:30 - 000410160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-08-10 23:53 - 2017-08-01 03:30 - 000315288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-08-10 23:53 - 2017-08-01 03:30 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-08-10 23:53 - 2017-08-01 03:30 - 000143736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-08-10 23:53 - 2017-08-01 03:16 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-08-10 23:53 - 2017-08-01 03:13 - 020504064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-08-10 23:53 - 2017-08-01 03:12 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-08-10 23:53 - 2017-08-01 03:07 - 011870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-08-10 23:53 - 2017-08-01 03:04 - 006269440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-08-10 23:53 - 2017-08-01 03:04 - 003656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-08-10 23:53 - 2017-08-01 02:57 - 023677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-08-10 23:53 - 2017-08-01 02:45 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-08-10 23:53 - 2017-08-01 02:42 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-08-10 23:53 - 2017-08-01 02:41 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-08-10 23:53 - 2017-08-01 02:40 - 017366528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-08-10 23:53 - 2017-08-01 02:37 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-08-10 23:53 - 2017-08-01 02:36 - 023681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-08-10 23:53 - 2017-08-01 02:35 - 000692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-08-10 23:53 - 2017-08-01 02:33 - 001269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-08-10 23:53 - 2017-08-01 02:32 - 007336960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-08-10 23:53 - 2017-08-01 02:32 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-08-10 23:53 - 2017-08-01 02:31 - 012786176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-08-10 23:53 - 2017-08-01 02:31 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-08-10 23:53 - 2017-08-01 02:31 - 001396736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-08-10 23:53 - 2017-08-01 02:30 - 008209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-08-10 23:53 - 2017-08-01 02:30 - 002055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-08-10 23:53 - 2017-08-01 02:30 - 001052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-08-10 23:53 - 2017-08-01 02:28 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-08-10 23:53 - 2017-08-01 02:27 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-08-10 23:53 - 2017-07-28 06:30 - 001068720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-08-10 23:53 - 2017-07-28 06:25 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-08-10 23:53 - 2017-07-28 06:24 - 002327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-08-10 23:53 - 2017-07-28 06:24 - 000455584 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2017-08-10 23:53 - 2017-07-28 06:24 - 000119904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-08-10 23:53 - 2017-07-28 06:24 - 000116280 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll
2017-08-10 23:53 - 2017-07-28 06:23 - 002969888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-08-10 23:53 - 2017-07-28 06:22 - 000923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-08-10 23:53 - 2017-07-28 06:17 - 000660680 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2017-08-10 23:53 - 2017-07-28 06:16 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-08-10 23:53 - 2017-07-28 06:16 - 000961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-08-10 23:53 - 2017-07-28 06:15 - 005302968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2017-08-10 23:53 - 2017-07-28 06:15 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-08-10 23:53 - 2017-07-28 06:14 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-08-10 23:53 - 2017-07-28 06:13 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-08-10 23:53 - 2017-07-28 06:13 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-08-10 23:53 - 2017-07-28 06:13 - 002604248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-08-10 23:53 - 2017-07-28 06:13 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-08-10 23:53 - 2017-07-28 06:13 - 001033544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2017-08-10 23:53 - 2017-07-28 06:12 - 021353208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-08-10 23:53 - 2017-07-28 06:12 - 001337856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-08-10 23:53 - 2017-07-28 06:12 - 001325968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-08-10 23:53 - 2017-07-28 06:09 - 000529992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2017-08-10 23:53 - 2017-07-28 06:09 - 000527976 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2017-08-10 23:53 - 2017-07-28 06:09 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-08-10 23:53 - 2017-07-28 05:48 - 000100232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcd.dll
2017-08-10 23:53 - 2017-07-28 05:29 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-08-10 23:53 - 2017-07-28 05:26 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2017-08-10 23:53 - 2017-07-28 05:26 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-08-10 23:53 - 2017-07-28 05:25 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2017-08-10 23:53 - 2017-07-28 05:25 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-08-10 23:53 - 2017-07-28 05:25 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-08-10 23:53 - 2017-07-28 05:24 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2017-08-10 23:53 - 2017-07-28 05:24 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-08-10 23:53 - 2017-07-28 05:23 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-08-10 23:53 - 2017-07-28 05:23 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2017-08-10 23:53 - 2017-07-28 05:23 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-08-10 23:53 - 2017-07-28 05:22 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2017-08-10 23:53 - 2017-07-28 05:22 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
2017-08-10 23:53 - 2017-07-28 05:22 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-08-10 23:53 - 2017-07-28 05:22 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-08-10 23:53 - 2017-07-28 05:22 - 000197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-08-10 23:53 - 2017-07-28 05:21 - 008333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-08-10 23:53 - 2017-07-28 05:21 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-08-10 23:53 - 2017-07-28 05:21 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-08-10 23:53 - 2017-07-28 05:20 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-08-10 23:53 - 2017-07-28 05:19 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-08-10 23:53 - 2017-07-28 05:19 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-08-10 23:53 - 2017-07-28 05:19 - 000687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-08-10 23:53 - 2017-07-28 05:19 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-08-10 23:53 - 2017-07-28 05:19 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2017-08-10 23:53 - 2017-07-28 05:19 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-08-10 23:53 - 2017-07-28 05:18 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-08-10 23:53 - 2017-07-28 05:18 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-08-10 23:53 - 2017-07-28 05:18 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-08-10 23:53 - 2017-07-28 05:18 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-08-10 23:53 - 2017-07-28 05:17 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-08-10 23:53 - 2017-07-28 05:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-08-10 23:53 - 2017-07-28 05:17 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-08-10 23:53 - 2017-07-28 05:16 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-08-10 23:53 - 2017-07-28 05:15 - 003204608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-08-10 23:53 - 2017-07-28 05:15 - 000986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-08-10 23:53 - 2017-07-28 05:14 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-08-10 23:53 - 2017-07-28 05:14 - 001305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-08-10 23:53 - 2017-07-28 05:13 - 004535296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-08-10 23:53 - 2017-07-28 05:13 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-08-10 23:53 - 2017-07-28 05:13 - 000809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-08-10 23:53 - 2017-07-28 05:12 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-08-10 23:53 - 2017-07-28 05:12 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-08-10 23:53 - 2017-07-28 05:12 - 002939392 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-08-10 23:53 - 2017-07-28 05:12 - 002444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-08-10 23:53 - 2017-07-28 05:12 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-08-10 23:53 - 2017-07-28 05:11 - 001357312 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-08-10 23:53 - 2017-07-28 05:10 - 001706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-08-10 23:53 - 2017-07-28 05:10 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-08-10 23:53 - 2017-07-28 05:08 - 000600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-08-10 23:53 - 2017-07-28 05:07 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2017-08-10 23:53 - 2017-07-28 05:07 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2017-08-10 23:53 - 2017-07-28 05:07 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2017-08-10 23:53 - 2017-07-28 05:07 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
2017-08-10 23:53 - 2017-07-28 05:06 - 001833984 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2017-08-10 23:52 - 2017-08-01 03:30 - 000082336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2017-08-10 23:52 - 2017-08-01 03:26 - 000204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-08-10 23:52 - 2017-08-01 02:45 - 001275392 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-08-10 23:52 - 2017-08-01 02:45 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-08-10 23:52 - 2017-08-01 02:45 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-08-10 23:52 - 2017-08-01 02:44 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-08-10 23:52 - 2017-08-01 02:44 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2017-08-10 23:52 - 2017-08-01 02:44 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-08-10 23:52 - 2017-08-01 02:41 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2017-08-10 23:52 - 2017-08-01 02:41 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
2017-08-10 23:52 - 2017-08-01 02:40 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2017-08-10 23:52 - 2017-08-01 02:39 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
2017-08-10 23:52 - 2017-08-01 02:38 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll
2017-08-10 23:52 - 2017-08-01 02:38 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvcext.dll
2017-08-10 23:52 - 2017-08-01 02:37 - 000582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2017-08-10 23:52 - 2017-08-01 02:37 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-08-10 23:52 - 2017-08-01 02:33 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2017-08-10 23:52 - 2017-08-01 02:30 - 000303104 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2017-08-10 23:52 - 2017-08-01 02:27 - 000574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2017-08-10 23:52 - 2017-08-01 02:27 - 000482816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2017-08-10 23:52 - 2017-08-01 02:26 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2017-08-10 23:52 - 2017-08-01 02:25 - 000249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
2017-08-10 23:52 - 2017-08-01 02:25 - 000194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2017-08-10 23:52 - 2017-08-01 02:25 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2017-08-10 23:52 - 2017-07-28 06:15 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-08-10 23:52 - 2017-07-28 06:14 - 000318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-08-10 23:52 - 2017-07-28 06:13 - 000192264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2017-08-10 23:52 - 2017-07-28 06:13 - 000104432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.dll
2017-08-10 23:52 - 2017-07-28 06:12 - 000323936 _____ (Microsoft Corporation) C:\WINDOWS\system32\shlwapi.dll
2017-08-10 23:52 - 2017-07-28 06:10 - 001114528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2017-08-10 23:52 - 2017-07-28 05:31 - 003995136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2017-08-10 23:52 - 2017-07-28 05:30 - 001722880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll
2017-08-10 23:52 - 2017-07-28 05:29 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-08-10 23:52 - 2017-07-28 05:26 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ofdeploy.exe
2017-08-10 23:52 - 2017-07-28 05:26 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\IpNatHlpClient.dll
2017-08-10 23:52 - 2017-07-28 05:25 - 003464704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2017-08-10 23:52 - 2017-07-28 05:24 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-08-10 23:52 - 2017-07-28 05:24 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-08-10 23:52 - 2017-07-28 05:22 - 000778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-08-10 23:52 - 2017-07-28 05:22 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-08-10 23:52 - 2017-07-28 05:22 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2017-08-10 23:52 - 2017-07-28 05:21 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2017-08-10 23:52 - 2017-07-28 05:21 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\qasf.dll
2017-08-10 23:52 - 2017-07-28 05:20 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2017-08-10 23:52 - 2017-07-28 05:19 - 000817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2017-08-10 23:52 - 2017-07-28 05:19 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2017-08-10 23:52 - 2017-07-28 05:18 - 001298432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2017-08-10 23:52 - 2017-07-28 05:18 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-08-10 23:52 - 2017-07-28 05:18 - 000777216 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-08-10 23:52 - 2017-07-28 05:17 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-08-10 23:52 - 2017-07-28 05:17 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2017-08-10 23:52 - 2017-07-28 05:15 - 000612864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsvcs.dll
2017-08-10 23:52 - 2017-07-28 05:13 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-08-10 23:52 - 2017-07-28 05:09 - 000971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-08-10 23:52 - 2017-07-28 05:09 - 000579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2017-08-10 23:52 - 2017-07-28 05:06 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2017-08-10 23:52 - 2017-07-28 05:06 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\spbcd.dll
2017-08-10 23:52 - 2017-07-28 05:05 - 001525760 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-08-10 23:52 - 2017-07-28 05:05 - 001087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-08-10 23:52 - 2017-07-28 05:05 - 000954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2017-08-10 23:52 - 2017-07-28 05:05 - 000926208 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
2017-08-10 23:52 - 2017-07-28 05:05 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll
2017-08-02 22:26 - 2017-08-02 22:26 - 009747512 _____ (Piriform Ltd) C:\Users\User\Downloads\ccsetup532.exe
2017-08-02 00:45 - 2017-08-02 00:45 - 000003642 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2017-08-02 00:44 - 2017-08-02 00:44 - 000000000 ____D C:\WINDOWS\ERUNT
2017-08-02 00:40 - 2017-08-02 00:45 - 000001275 _____ C:\DelFix.txt
2017-07-30 19:49 - 2017-07-30 19:49 - 000000000 ____D C:\Users\User\AppData\Local\TempOfficeC2R797834C9-B694-44AE-8E4C-51CD850D7072
2017-07-29 13:47 - 2017-07-29 13:47 - 000003358 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-16860551-3646413191-704074031-1001
2017-07-27 00:29 - 2017-07-27 00:29 - 000313366 _____ C:\Users\User\Downloads\WindowsUpdate.diagcab
2017-07-25 22:44 - 2017-07-25 22:44 - 006754944 _____ (ESET spol. s r.o.) C:\Users\User\Downloads\esetonlinescanner_enu (2).exe
2017-07-25 22:31 - 2017-07-25 22:32 - 065033984 _____ (Malwarebytes ) C:\Users\User\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251 (1).exe
2017-07-25 22:14 - 2017-07-25 22:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2017-07-25 22:14 - 2017-07-25 22:14 - 000000000 ____D C:\Program Files\VS Revo Group
2017-07-25 22:12 - 2017-07-25 22:12 - 007178424 _____ (VS Revo Group ) C:\Users\User\Downloads\revosetup.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-23 23:02 - 2015-01-15 00:02 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-08-23 22:53 - 2015-09-23 21:57 - 000000000 ____D C:\Users\User\AppData\Local\Google
2017-08-23 22:48 - 2017-06-25 03:25 - 000000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
2017-08-23 22:47 - 2017-03-18 22:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-08-23 22:47 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-08-23 22:46 - 2017-07-14 18:34 - 001068138 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-08-23 22:41 - 2015-09-01 02:24 - 000000000 __SHD C:\Users\User\IntelGraphicsProfiles
2017-08-23 22:40 - 2017-07-14 18:37 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-08-23 22:39 - 2017-03-18 12:40 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2017-08-23 22:37 - 2017-03-18 22:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-08-23 02:04 - 2017-07-14 18:02 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-08-21 22:47 - 2017-07-14 18:37 - 000004268 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-08-13 16:52 - 2017-07-07 01:00 - 000000000 ____D C:\Program Files (x86)\Comodo
2017-08-13 16:51 - 2015-09-27 13:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2017-08-13 13:10 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\rescache
2017-08-11 23:46 - 2017-07-14 18:37 - 000004010 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1463045099
2017-08-11 23:46 - 2016-05-12 10:25 - 000001099 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-08-11 03:46 - 2015-09-10 06:42 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-08-11 01:15 - 2015-09-27 13:48 - 001015880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2017-08-11 01:15 - 2015-09-27 13:48 - 000146704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2017-08-11 01:08 - 2017-03-18 22:01 - 000000000 ____D C:\WINDOWS\INF
2017-08-11 01:07 - 2017-07-14 18:02 - 000402776 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-08-11 01:04 - 2017-03-18 22:03 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-08-11 01:04 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2017-08-11 01:04 - 2017-03-18 22:03 - 000000000 ____D C

#35 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,159 posts

Posted 24 August 2017 - 07:08 AM



Hi,

Did you remove and reinstall Chrome as I have suggested?
I still see a restriction one Chrome that has to be deleted.

===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-23]


End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

If you pasted the Addition.txt log it's not listed. The lenght of the FRST log was too long and was truncated.
So the Addition.txt contents may not have been listed.

Please post the Addition.txt log in you next reply.



Please let me know what problem persists with this computer. <- I need this to suggest our next step.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#36 agangelus

agangelus

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 27 August 2017 - 05:40 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by User (27-08-2017 23:28:18) Run:1
Running from C:\Users\User\Desktop
Loaded Profiles: User &  (Available Profiles: User)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-23]
 
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23] => Error: No automatic fix found for this entry.
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-23] => Error: No automatic fix found for this entry.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 45977132 B
Java, Flash, Steam htmlcache => 818 B
Windows/system/drivers => 28770121 B
Edge => 132604316 B
Chrome => 474047025 B
Firefox => 57386147 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 4102 B
NetworkService => 0 B
User => 109718779 B
 
RecycleBin => 0 B
EmptyTemp: => 816.7 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 23:31:10 ====
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by User (23-08-2017 23:09:54)
Running from C:\Users\User\Desktop
Windows 10 Home Version 1703 (X64) (2017-07-14 17:51:00)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-16860551-3646413191-704074031-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-16860551-3646413191-704074031-503 - Limited - Disabled)
Guest (S-1-5-21-16860551-3646413191-704074031-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-16860551-3646413191-704074031-1003 - Limited - Enabled)
User (S-1-5-21-16860551-3646413191-704074031-1001 - Administrator - Enabled) => C:\Users\User
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: COMODO Firewall (Enabled) {346ADFA5-A93A-68E5-1F1A-0C241B12C186}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version:  - AOL Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.5.2303 - AVAST Software)
BBC iPlayer Downloads (HKLM-x32\...\{148784F3-3B6E-4DFA-B7A1-3400B277DAF3}) (Version: 1.14.2 - BBC)
BEACON (HKLM-x32\...\{259BF8E7-28DB-461F-8D7F-7B6E267D2502}_is1) (Version: 1.7.1013.0 - Lenovo Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.33 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
COMODO Firewall (HKLM\...\{897FA7E3-17BF-405F-BC91-FB72A669DCD3}) (Version: 10.0.1.6258 - COMODO Security Solutions Inc.) Hidden
COMODO Firewall (HKLM\...\COMODO Internet Security) (Version: 10.0.1.6258 - COMODO Security Solutions Inc.)
CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1602 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.4002 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.4002 - CyberLink Corp.)
Dependency Package Update (HKLM\...\{0788641D-D31A-478D-BB34-C41564AE9F93}) (Version: 1.6.38.00 - Lenovo Inc.) Hidden
Dependency Package Update (HKLM\...\{5252431C-288E-409D-ADCF-24407E0E6F70}) (Version: 1.6.36.00 - Lenovo Inc.) Hidden
Dependency Package Update (HKLM\...\{FFED38DF-94DC-4FF9-96C1-A6990EDA6B03}) (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (HKLM-x32\...\{1D2682EA-75DD-44B6-BF2D-CD3C49EAD012}) (Version: 1.6.38.01 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{3117B53D-A409-4D99-A0DE-11A1A40696FA}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{4430150F-61B3-4142-BE04-EAC68C8DDA18}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{4AF6C9BC-D8DB-4286-94D9-474CE54ADAA2}) (Version: 1.6.38.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{503B47A9-E34A-4841-ADD7-417191D5DB5E}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{546FF45D-2467-4950-AAFB-0A06ACBB6B2C}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{5B2190E9-199D-450A-94B3-4D6826C770C2}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{5BEFE1E1-F597-4B79-913B-15FFDB25B744}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{63DE35C9-B080-4D03-B110-99E14FD35BCE}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{65316098-0220-4D5C-B37A-6136083A0897}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{E966DBE4-5075-465E-BA81-BC9A3A3204B3}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.13.0621 - Lenovo)
FamilySafetyGuide (HKLM-x32\...\{9A268503-5AB0-479E-9690-929BDEC55C00}) (Version: 1.00.0711 - lenovo)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.101 - Google Inc.)
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
Internet Security Essentials (HKLM-x32\...\ComodoIse) (Version: 1.2.422025.92 - Comodo)
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.29 - Lenovo)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 - Lenovo)
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.38.00 - Lenovo Group Limited)
Lenovo Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.) Hidden
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.7104.52 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.7104.52 - CyberLink Corp.)
Lenovo Rescue System (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1901 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1901 - CyberLink Corp.)
Lenovo Solution Center (HKLM\...\{AB46AC6D-3E9A-4484-8061-64FF10301B41}) (Version: 3.3.002.00 - Lenovo)
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.4.2.2000 - Maxthon International Limited)
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8326.2076 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 54.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-GB)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
Nitro Pro 9 (HKLM\...\{356896F4-F148-4BEB-8268-7D877F6C0DD0}) (Version: 9.0.6.20 - Nitro)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8326.2076 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8326.2076 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8326.2076 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2076 - Microsoft Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7106 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.243 - REALTEK Semiconductor Corp.)
Revo Uninstaller 2.0.3 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.3 - VS Revo Group, Ltd.)
SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.1.4.0 - Lenovo Group Limited)
Spotify (HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\Spotify) (Version: 1.0.59.395.ge6ca9946 - Spotify AB)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
UESDK (HKLM-x32\...\{EB3F6640-58AE-4886-B8BA-466B6939A933}_is1) (Version: 1.0.0.3 - Lenovo)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-16860551-3646413191-704074031-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-19] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-19] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-19] (AVAST Software)
ContextMenuHandlers1: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2017-07-11] (COMODO)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
ContextMenuHandlers1: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:\Program Files\Common Files\Nitro\Pro\9.0\NPShellExtension64.dll [2014-02-14] (Nitro PDF)
ContextMenuHandlers1: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => C:\Program Files (x86)\Lenovo\SHAREit\ShellEx\ShellExt64.dll [2014-08-13] (Lenovo)
ContextMenuHandlers2: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2017-07-11] (COMODO)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-19] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
ContextMenuHandlers4: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => C:\Program Files (x86)\Lenovo\SHAREit\ShellEx\ShellExt64.dll [2014-08-13] (Lenovo)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Intel Corporation)
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\WINDOWS\system32\igfxOSP.dll [2016-05-03] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-19] (AVAST Software)
ContextMenuHandlers6: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2017-07-11] (COMODO)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {01D95F8F-CFDE-4EE9-A495-1C84B3025231} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-05-01] (Lenovo)
Task: {05BFEB79-BF74-449E-9D77-38BA13021322} - System32\Tasks\SafeZone scheduled Autoupdate 1463045099 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
Task: {0E21D7D7-BD65-4AFA-930A-9328E1FB39D9} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2016-02-13] ()
Task: {101270DB-27CA-481C-B82F-349FEA4A3101} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-05-01] (Lenovo)
Task: {13896A33-99F4-4CC6-8503-07B246BCAFA8} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2017-07-11] (COMODO)
Task: {1635345B-0C29-448F-B418-525207A2DDA4} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-07-11] (COMODO)
Task: {341AAA4E-7681-4210-B7BA-D0291FD96E6E} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {36539AFE-0902-46E4-9B78-B16676A91AEE} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_151_pepper.exe [2017-08-08] (Adobe Systems Incorporated)
Task: {3E73B560-1EE9-4389-B112-4AA1F0F729CD} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-07-11] (COMODO)
Task: {5628072E-A606-4339-9E92-5E8FF45A54F2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-08-03] (Piriform Ltd)
Task: {56BA98BB-6E4D-4D28-A797-3AB3E8E12176} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-07-11] (COMODO)
Task: {57DFF957-C097-4F17-8203-CB1FB1EF8759} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-23] (Google Inc.)
Task: {66C3084C-C536-456A-AAB2-5EBCE0945289} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe [2014-09-11] (Maxthon International ltd.)
Task: {6C669420-CA95-4FC9-80D8-8BE16C9A4D9D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-23] (Google Inc.)
Task: {840841EE-B16A-4AC8-AC9D-BA852F7AFC14} - System32\Tasks\COMODO\COMODO Maintenance {947247B5-026A-4437-9371-770782BE839D} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-07-11] (COMODO)
Task: {85FDD934-1C76-465D-A3CF-3ED46531AD21} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-08-12] (Microsoft Corporation)
Task: {86D8E56F-5669-4064-8601-8E2C1250BEF9} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {8881EFD9-4E06-4A11-B7D9-4A4180B8AF9F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-08-23] (Microsoft Corporation)
Task: {917C9556-1427-4603-B97C-890616E6CBBE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-08-12] (Microsoft Corporation)
Task: {9719BD28-8F15-4FEB-A036-24C3C446C3DE} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-05-01] (Lenovo)
Task: {993B55FA-442C-42CD-8CF4-10C1DE19C307} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-08-23] ()
Task: {B03B5D76-24A4-41E1-86E6-DF06DCAD7731} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-08-08] (Microsoft Corporation)
Task: {B345B510-1D7D-41AF-9502-A069DF6BB3A3} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-07-19] (AVAST Software)
Task: {B7AE9942-0693-426B-AAF9-EA245E538D5D} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-08] (Adobe Systems Incorporated)
Task: {C4F6D8AF-2738-4202-8FD2-838798D42997} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\windows\system32\rundll32.exe C:\windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {CA6D97C5-5913-4D91-A015-1E119F8A0805} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-08-17] (Lenovo)
Task: {D7C65FA9-E198-4080-8820-A5624C1702FF} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSC.Services.UpdateStatusService.exe [2016-05-01] ()
Task: {E2ABE142-878F-40FE-B182-F502FC60438A} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-08-23] ()
Task: {E3B47BE2-12EF-48C1-8D75-3482423274C8} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2017-07-11] (COMODO)
Task: {E3D58173-2D9D-4B1C-8D01-330385ABF474} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-07-13] (AVAST Software)
Task: {E43F6B7A-1EDA-49F6-9D39-F00EF48A069A} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-09] (CyberLink Corp.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-07-06 05:26 - 2017-07-11 12:42 - 000156352 _____ () C:\Program Files\COMODO\COMODO Internet Security\cmdwrhlp.dll
2017-07-06 05:25 - 2017-07-11 12:40 - 000107200 _____ () C:\Program Files\COMODO\COMODO Internet Security\cavwpps.dll
2017-07-06 05:25 - 2017-07-11 12:41 - 000244928 _____ () C:\Program Files\COMODO\COMODO Internet Security\cmdcomps.dll
2015-01-14 23:55 - 2011-08-17 05:46 - 000032768 _____ () C:\Windows\jmesoft\Service.exe
2015-01-15 00:10 - 2012-04-24 11:43 - 000390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2017-08-13 19:07 - 2017-08-13 19:10 - 002260432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-03-18 21:58 - 2017-03-18 21:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 21:59 - 2017-03-19 03:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-08-23 00:11 - 2017-08-23 00:12 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-08-23 00:11 - 2017-08-23 00:12 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-08-23 00:11 - 2017-08-23 00:12 - 036162048 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-08-23 00:11 - 2017-08-23 00:12 - 002237952 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\skypert.dll
2015-01-14 23:55 - 2011-08-17 05:46 - 000024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe
2017-08-23 22:26 - 2017-08-23 22:26 - 008929480 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-08-23 22:53 - 2017-08-11 08:40 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.101\libglesv2.dll
2017-08-23 22:53 - 2017-08-11 08:40 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.101\libegl.dll
2017-07-19 23:44 - 2017-07-19 23:44 - 000170224 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-07-19 23:44 - 2017-07-19 23:44 - 001065936 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-07-06 19:43 - 2017-07-06 19:43 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-07-19 23:44 - 2017-07-19 23:44 - 000192664 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-07-19 23:44 - 2017-07-19 23:44 - 000224256 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-07-19 23:43 - 2017-07-19 23:43 - 000292920 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-07-19 23:44 - 2017-07-19 23:44 - 000689272 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2015-01-14 23:55 - 2011-05-17 22:27 - 000028672 _____ () C:\Windows\jmesoft\hidhook.dll
2009-12-05 01:59 - 2009-12-05 01:59 - 000619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2009-12-05 02:04 - 2009-12-05 02:04 - 000013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\WINDOWS\avastSS.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdpreference.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CustomModeApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CustomModeAppv2_0.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\difx64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DPTopologyApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DPTopologyAppv2_0.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GfxUIEx.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Gfxv2_0.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Gfxv4_0.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxext.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxHK.exe:$CMDTCID [0]
AlternateDataStreams: C:\WINDOWS\system32\igfxTray.exe:$CMDTCID [0]
AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiUMS64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiVAD64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MpSigStub.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AOLParconLink.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\indexeddbserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WISPTIS.EXE:$CmdTcID [64]
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [252]
AlternateDataStreams: C:\Users\User\Downloads\SpotifySetup.exe:$CmdTcID [64]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\1001movie.com -> 1001movie.com
 
There are 6091 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 14:25 - 2013-08-22 14:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-16860551-3646413191-704074031-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\lenovowallpaper.jpg
DNS Servers: 156.154.70.22 - 156.154.71.22
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-16860551-3646413191-704074031-1001\...\StartupApproved\Run: => "Spotify"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{306A4EB6-BB45-4B48-A13F-FD7FC9FD3476}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1CE490E1-F5F9-4F10-834A-4F9C265B8737}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{6982C10D-FFB8-4102-8D96-2D52282AC506}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{85C227E4-A221-4F2B-B45C-0F8348C59D9C}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [{9A7B0B22-6211-49E5-B5DB-E605D5A5E0E0}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{8395029A-0012-4B56-AA18-CA10C2A92E91}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{1350BD3C-F2EF-44EB-AF22-DA41F563E7F3}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{4966769A-ACCF-4744-99A2-6FD7FA210DFE}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{1CA9DF85-BC3A-4DF0-A2B8-F99F82C9E758}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{45F3A533-6279-46F4-8944-CB04C48B07FB}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{BB7C4367-3888-4133-85F0-7A6E742F0D81}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{08810743-4022-4AA1-A400-0DDF31801FAA}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{904359D7-476C-46B2-BEEF-F565573EF2DD}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{3A22E91A-F228-468B-B0EB-1E0EC4B3CA12}] => (Allow) C:\Users\User\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{C397CCBB-C3ED-40BE-A2E2-D84BCD7F1A48}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe
FirewallRules: [{09D4BB2B-685A-4DA5-8AFF-1ED33C4C693D}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe
FirewallRules: [{543675CD-B873-4756-9F62-5B0019AF299E}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
FirewallRules: [{026D2367-6D12-4CE2-95FD-93CE70E237B4}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
FirewallRules: [{DB07E1DB-5E3A-4E76-B9BC-046BEB763BEB}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1473627642\ee\aolsoftware.exe
FirewallRules: [{012E5F55-FE8B-4AED-8F83-96714A072186}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1473627642\ee\aolsoftware.exe
FirewallRules: [{8766A8B3-5A43-41B1-A703-4893D13C7C85}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.2\waol.exe
FirewallRules: [{71D7E7C8-E622-4609-8409-C07247A7158C}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.2\waol.exe
FirewallRules: [{59DF7A4E-FFE8-4DBD-9695-A5E37EC880BD}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{C7616BFA-3826-4AD8-AFD9-1CF743D91B83}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{4BA5D1AA-3414-48D8-B357-743CE8BE87B5}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{C19343E6-EEA4-49F5-8217-4FE7F8C06F4A}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{E2802D31-37B2-4FEA-B206-41C78FFA9086}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe
FirewallRules: [{9786A611-76BF-4F25-A1C6-4C6A8A5551B3}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe
FirewallRules: [{F57A5CF0-CA96-41CB-BFE6-280313B1AA64}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609_0\SZBrowser.exe
FirewallRules: [{BAEACE8F-EE1E-4128-A33C-6A3848D76421}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
FirewallRules: [{0CCACD4F-0A95-48C1-8C54-480E50948EE1}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{A846F0DD-33BD-4ED8-840C-BD4A0948F551}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
04-08-2017 21:06:19 Scheduled Checkpoint
08-08-2017 23:30:09 Windows Update
17-08-2017 21:50:35 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/23/2017 11:06:35 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Plus 2007 - Update 'Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127
 
Error: (08/23/2017 11:06:35 PM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Plus 2007 -- Error 2902.An internal error has occurred.  (ixfAssemblyCopy                  ) Contact Microsoft Product Support Services (PSS) for assistance.  For information about how to contact PSS, seePSS10R.CHM.
 
Error: (08/23/2017 10:47:37 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe".
Dependent Assembly 60.0.3112.101,language="&#x2a;",type="win32",version="60.0.3112.101" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (08/23/2017 10:47:23 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe".
Dependent Assembly 60.0.3112.101,language="&#x2a;",type="win32",version="60.0.3112.101" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (08/23/2017 10:37:32 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Plus 2007 - Update 'Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127
 
Error: (08/23/2017 10:37:31 PM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Plus 2007 -- Error 2902.An internal error has occurred.  (ixfAssemblyCopy                  ) Contact Microsoft Product Support Services (PSS) for assistance.  For information about how to contact PSS, seePSS10R.CHM.
 
Error: (08/23/2017 10:07:13 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (08/23/2017 12:12:50 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVO-PC)
Description: Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009280 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/23/2017 12:05:54 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (08/22/2017 01:14:19 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVO-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (08/23/2017 10:44:09 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
 
Error: (08/23/2017 10:40:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error: 
The request is not supported.
 
Error: (08/23/2017 10:07:16 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
 
Error: (08/23/2017 02:04:07 AM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: The server {D63B10C5-BB46-4990-A94F-E40B9D520160} did not register with DCOM within the required timeout.
 
Error: (08/23/2017 12:14:03 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: Mail and Calendar.
 
Error: (08/23/2017 12:12:50 AM) (Source: DCOM) (EventID: 10001) (User: LENOVO-PC)
Description: Unable to start a DCOM Server: Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c!App.AppX85gcbw533amccd2rr8qswxymhfj649t2.mca as Unavailable/Unavailable. The error:
"15616"
Happened while starting this command:
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeHost.exe" -ServerName:SkypeHost.ServerServer
 
Error: (08/23/2017 12:06:25 AM) (Source: Schannel) (EventID: 4114) (User: NT AUTHORITY)
Description: The certificate received from the remote server was issued by an untrusted certificate authority. Because of this, none of the data contained in the certificate can be validated. The TLS connection request has failed. The attached data contains the server certificate.
 
Error: (08/23/2017 12:06:17 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
 
Error: (08/23/2017 12:06:05 AM) (Source: Schannel) (EventID: 4114) (User: NT AUTHORITY)
Description: The certificate received from the remote server was issued by an untrusted certificate authority. Because of this, none of the data contained in the certificate can be validated. The TLS connection request has failed. The attached data contains the server certificate.
 
Error: (08/23/2017 12:05:56 AM) (Source: Schannel) (EventID: 4114) (User: NT AUTHORITY)
Description: The certificate received from the remote server was issued by an untrusted certificate authority. Because of this, none of the data contained in the certificate can be validated. The TLS connection request has failed. The attached data contains the server certificate.
 
 
CodeIntegrity:
===================================
  Date: 2017-08-23 22:55:08.390
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-08-23 22:41:40.833
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-08-23 22:40:45.932
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-08-23 22:40:32.196
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-08-23 22:38:06.746
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-08-23 22:38:06.713
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-08-23 22:37:28.941
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-08-23 22:37:28.907
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-08-23 22:37:27.889
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-08-23 22:37:27.770
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU J1800 @ 2.41GHz
Percentage of memory in use: 68%
Total physical RAM: 3988.71 MB
Available physical RAM: 1270.18 MB
Total Virtual: 5332.71 MB
Available Virtual: 2194.02 MB
 
==================== Drives ================================
 
Drive c: (Windows8_OS) (Fixed) (Total:905.25 GB) (Free:827.05 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: A058282D)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#37 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,159 posts

Posted 28 August 2017 - 07:17 AM



Hi,

Your last log is clean.

Please pay attention to my messages. Previously posted.

Please let me know what problem persists with this computer. <- I need this to suggest our next step.


nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#38 agangelus

agangelus

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 28 August 2017 - 07:13 PM

Hi there,

 

Chrome seems a bit better...I think. it's still very sticky but isn't freezing like before. Sometimes when I scroll it takes a second or two to react. I notice also that when I leave Spywareinfoforum to go to another site, the green background remains until the other site has loaded (only the green background, nothing else). Also when I return to Spywareinfoforum from another site, the user drop-down menu is open as if I've clicked on it (it closes once the site has loaded). None of the above happens when I use Firefox or Edge. 

 

Ali  :think:



#39 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,159 posts

Posted 29 August 2017 - 07:26 AM



Hi,

Clear the Chrome Cookies associated with the SpywareInfo Forum.

Navigate to this page.
https://support.goog...m=Desktop&hl=en

Under tis section:

Delete specific cookies

Select Delete Cookies from a site.

Remove all the Cookies associated with this site.

You will have to Login to your account. (Make sure you have your password andy.)

Bookmark this topic for your easy return.

===

Let me know what problem persists.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Member of

Support SpywareInfo Forum - click the button
PayPal - The safer, easier way to pay online!