Jump to content


Photo

internet explorer keeps opening after closing it

Started by psychicguy , Mar 04 2018 04:56 AM

  • Please log in to reply
4 replies to this topic

#1 psychicguy

psychicguy

    Advanced Member

  • Helper Trainee
  • PipPipPip
  • 126 posts

Posted 04 March 2018 - 04:56 AM

I opened a .avi file with VLC movie player.  Internet explorer is opening and i have to close it.  I've done a scan fully of malware bytes and it showed nothing.  Below are my logs:  

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04.03.2018
Ran by Marty (administrator) on MARTY-PC (04-03-2018 02:49:52)
Running from C:\Users\Marty\Desktop
Loaded Profiles: Marty (Available Profiles: Marty)
Platform: Windows 10 Pro Version 1709 16299.248 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Visicom Media Inc.) C:\ProgramData\ManyCam\Service\ManyCamService.exe
(Camshare Inc.) C:\Program Files (x86)\Camfrog\Camfrog Video Chat\update\cf_update_service.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\avp.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Foxit Software Inc.) D:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\avpui.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe
(Visicom Media Inc.) C:\Program Files (x86)\ManyCam\ManyCam.exe
(Samsung Electronics Co. Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Mindzoom) C:\Program Files (x86)\Mindzoom\mindzoom.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
() C:\Program Files (x86)\UtechSmart 16400DPI VENUS Gaming Mouse\OGMMon.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Discord Inc.) C:\Users\Marty\AppData\Local\Discord\app-0.0.300\Discord.exe
(Discord Inc.) C:\Users\Marty\AppData\Local\Discord\app-0.0.300\Discord.exe
(Discord Inc.) C:\Users\Marty\AppData\Local\Discord\app-0.0.300\Discord.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [123800 2016-11-18] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [OGMgmmouseRun] => C:\Program Files (x86)\UtechSmart 16400DPI VENUS Gaming Mouse\ogmmon.exe [3386880 2014-05-19] ()
HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE*
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKU\S-1-5-21-521291403-2743771419-2724471075-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)
HKU\S-1-5-21-521291403-2743771419-2724471075-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10290608 2018-02-07] (Piriform Ltd)
HKU\S-1-5-21-521291403-2743771419-2724471075-1000\...\Run: [ManyCam] => C:\Program Files (x86)\ManyCam\ManyCam.exe [12864528 2017-10-30] (Visicom Media Inc.)
HKU\S-1-5-21-521291403-2743771419-2724471075-1000\...\Run: [Xvid] => powershell.exe -nologo -WindowStyle hidden -Noninteractive -NoProfile -ExecutionPolicy Bypass -File "C:\Program Files (x86)\Xvid\CheckUpdate.ps1"
HKU\S-1-5-21-521291403-2743771419-2724471075-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [799880 2017-10-30] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-521291403-2743771419-2724471075-1000\...\MountPoints2: {d0b2002c-0182-11e7-8190-806e6f6e6963} - "E:\.\Bin\ASSETUP.exe" 
Startup: C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mindzoom.lnk [2018-03-02]
ShortcutTarget: mindzoom.lnk -> C:\Program Files (x86)\Mindzoom\mindzoom.exe (Mindzoom)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{3c8d3c5a-83fb-4e10-8c88-c84e98eff84f}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{f43d52eb-a3e2-4d76-a7e9-98e4728cc5fd}: [NameServer] 8.8.8.8,8.8.4.4
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
BHO: Kaspersky Protection -> {0E2877D3-2641-4970-B794-A553E295428D} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\IEExt\ie_plugin.dll [2017-08-03] (AO Kaspersky Lab)
BHO-x32: Kaspersky Protection -> {0E2877D3-2641-4970-B794-A553E295428D} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\IEExt\ie_plugin.dll [2017-08-03] (AO Kaspersky Lab)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-01-19] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-19] (Oracle Corporation)
Toolbar: HKLM - Kaspersky Protection Toolbar - {4853DF44-7D6B-48E9-9258-D800EEE54AF6} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\IEExt\ie_plugin.dll [2017-08-03] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {4853DF44-7D6B-48E9-9258-D800EEE54AF6} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\IEExt\ie_plugin.dll [2017-08-03] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-521291403-2743771419-2724471075-1000 -> Kaspersky Protection Toolbar - {4853DF44-7D6B-48E9-9258-D800EEE54AF6} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\IEExt\ie_plugin.dll [2017-08-03] (AO Kaspersky Lab)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab
 
FireFox:
========
FF ProfilePath: C:\Users\Marty\AppData\Roaming\Mozilla\Firefox\Profiles\xc5qs7du.default [2018-03-04]
FF HKLM\...\Firefox\Extensions: [light_plugin_448EC0843447455C9DA355B3C2811D6A@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi [2017-12-12]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_448EC0843447455C9DA355B3C2811D6A@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> D:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> D:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> D:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> D:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-19] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default [2018-03-04]
CHR Extension: (Slides) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Docs) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-03]
CHR Extension: (YouTube) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-03]
CHR Extension: (Adblock Plus) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-01-26]
CHR Extension: (Sheets) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2017-11-02]
CHR Extension: (Google Docs Offline) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-03]
CHR Extension: (GAuth Authenticator) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilgcnhelpchnceeipipijaljkblbcobl [2017-08-03]
CHR Extension: (Grammarly for Chrome) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2018-03-02]
CHR Extension: (Kaspersky Protection) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\mchjnmdbdlkdbfliogedbnpnanfjnolk [2017-08-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-03]
CHR Extension: (Chrome Media Router) - C:\Users\Marty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-26]
CHR HKLM\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk
CHR HKLM-x32\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVP18.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\avp.exe [354672 2017-01-24] (AO Kaspersky Lab)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6971400 2018-01-23] ()
R2 camfrog_update_service; C:\Program Files (x86)\Camfrog\Camfrog Video Chat\update\cf_update_service.exe [1063968 2016-12-18] (Camshare Inc.)
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2017-08-03] (Creative Labs) [File not signed]
S3 Creative Media Toolbox 6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [79360 2017-08-03] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [382504 2017-12-02] (EasyAntiCheat Ltd)
R2 FoxitReaderService; D:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659456 2017-12-11] (Foxit Software Inc.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135488 2017-08-30] (SurfRight B.V.)
S3 klvssbridge64_18.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\vssbridge64.exe [426416 2017-08-03] (AO Kaspersky Lab)
R2 ManyCam Service; C:\ProgramData\ManyCam\Service\ManyCamService.exe [544984 2016-03-31] (Visicom Media Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [7288592 2017-06-28] (INCA Internet Co., Ltd.)
R2 SamsungRapidSvc; C:\WINDOWS\System32\RAPID\SamsungRapidSvc.exe [29080 2016-11-18] (Samsung Electronics Co., Ltd.)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [198792 2017-10-30] (Sandboxie Holdings, LLC)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-11-26] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [247008 2016-12-26] (AO Kaspersky Lab)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2017-11-29] ()
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [554408 2016-10-01] (AO Kaspersky Lab)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [70880 2017-12-12] (AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [120008 2018-02-19] (AO Kaspersky Lab)
R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [29816 2016-10-14] (AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [207576 2017-10-13] (AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [594144 2017-10-13] (AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP18.0.0\Bases\klids.sys [190832 2018-02-20] (AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1055944 2018-02-19] (AO Kaspersky Lab)
R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [57032 2018-02-19] (AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [57056 2016-12-23] (AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [58592 2016-12-07] (AO Kaspersky Lab)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [50672 2017-06-22] (AO Kaspersky Lab)
S3 klpnpflt; C:\WINDOWS\system32\DRIVERS\klpnpflt.sys [44768 2017-01-20] (AO Kaspersky Lab)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [231312 2018-03-01] (AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [87584 2017-08-03] (AO Kaspersky Lab)
R3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [252600 2018-03-01] (AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [107656 2018-03-01] (AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [174664 2018-03-04] (AO Kaspersky Lab)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [93888 2018-02-19] (AO Kaspersky Lab)
R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [135904 2017-12-12] (AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [199392 2017-12-12] (AO Kaspersky Lab)
R3 ManyCam; C:\WINDOWS\system32\DRIVERS\mcvidrv.sys [58792 2017-03-05] (Visicom Media Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193968 2018-03-04] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2018-03-04] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2018-03-04] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2018-03-04] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2018-03-04] (Malwarebytes)
R3 mcaudrv_simple; C:\WINDOWS\system32\drivers\mcaudrv_x64.sys [35960 2014-12-28] (Visicom Media Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d37ca5c2cde53609\nvlddmkm.sys [17028552 2017-12-18] (NVIDIA Corporation)
U5 rzudd; C:\Windows\System32\Drivers\rzudd.sys [202952 2015-08-13] (Razer Inc)
R0 SamsungRapidDiskFltr; C:\WINDOWS\System32\DRIVERS\SamsungRapidDiskFltr.sys [272792 2016-11-18] (Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\WINDOWS\System32\DRIVERS\SamsungRapidFSFltr.sys [111512 2016-11-18] (Samsung Electronics Co., Ltd.)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [209544 2017-10-30] (Sandboxie Holdings, LLC)
S3 smbdirect; C:\WINDOWS\System32\DRIVERS\smbdirect.sys [151552 2017-11-25] (Microsoft Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [38368 2017-08-19] (Wellbia.com Co., Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-04 02:50 - 2018-03-04 02:50 - 000899584 _____ C:\Users\Marty\Desktop\RGSA (1).exe
2018-03-04 02:48 - 2018-03-04 02:48 - 002403328 _____ (Farbar) C:\Users\Marty\Desktop\FRST64.exe
2018-03-04 01:37 - 2018-03-04 02:35 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-03-04 01:37 - 2018-03-04 02:35 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-03-04 01:37 - 2018-03-04 02:35 - 000046008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-03-04 01:37 - 2018-03-04 01:37 - 000193968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-03-04 01:34 - 2018-03-04 02:35 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-03-03 02:05 - 2018-03-04 02:34 - 000000000 ____D C:\Users\Marty\AppData\Local\D2C064.tmpd
2018-03-03 02:05 - 2018-03-04 02:34 - 000000000 ____D C:\Users\Marty\AppData\Local\D21684.tmpd
2018-03-03 02:05 - 2018-03-03 02:05 - 000000000 _____ C:\Users\Marty\AppData\Local\D2C064.tmp
2018-03-03 02:05 - 2018-03-03 02:05 - 000000000 _____ C:\Users\Marty\AppData\Local\D21684.tmp
2018-03-02 23:44 - 2018-03-04 02:34 - 000000000 ____D C:\Users\Marty\AppData\Local\D25A76.tmpd
2018-03-02 23:44 - 2018-03-04 02:34 - 000000000 ____D C:\Users\Marty\AppData\Local\D22982.tmpd
2018-03-02 23:44 - 2018-03-02 23:44 - 000000000 _____ C:\Users\Marty\AppData\Local\D25A76.tmp
2018-03-02 23:44 - 2018-03-02 23:44 - 000000000 _____ C:\Users\Marty\AppData\Local\D22982.tmp
2018-03-01 00:31 - 2018-03-01 00:31 - 000252600 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys
2018-03-01 00:30 - 2018-03-04 01:10 - 000174664 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys
2018-03-01 00:30 - 2018-03-01 00:30 - 000231312 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys
2018-03-01 00:30 - 2018-03-01 00:30 - 000107656 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys
2018-02-27 22:21 - 2018-02-27 22:21 - 000001058 _____ C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Uninstall Private Internet Access.lnk
2018-02-27 22:21 - 2018-02-27 22:21 - 000000951 _____ C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Reinstall TAP Driver.lnk
2018-02-27 22:21 - 2018-02-27 22:21 - 000000919 _____ C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Private Internet Access.lnk
2018-02-27 22:21 - 2018-02-27 22:21 - 000000889 _____ C:\Users\Marty\Desktop\Private Internet Access.lnk
2018-02-27 22:21 - 2018-02-27 22:21 - 000000000 ____D C:\Users\Marty\AppData\Local\PrivateInternetAccess
2018-02-24 21:39 - 2018-02-24 21:39 - 000001063 _____ C:\Users\Public\Desktop\Foxit Reader.lnk
2018-02-24 21:39 - 2018-02-24 21:39 - 000000000 ____D C:\Users\Public\Foxit Software
2018-02-24 21:39 - 2018-02-24 21:39 - 000000000 ____D C:\Users\Marty\AppData\Roaming\Foxit Software
2018-02-24 21:39 - 2018-02-24 21:39 - 000000000 ____D C:\Users\Marty\AppData\Roaming\Foxit AgentInformation
2018-02-24 21:39 - 2018-02-24 21:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2018-02-24 21:39 - 2018-02-24 21:39 - 000000000 ____D C:\ProgramData\Foxit Software
2018-02-24 21:39 - 2018-02-24 21:39 - 000000000 ____D C:\ProgramData\Foxit ContentPlatform
2018-02-22 15:57 - 2018-02-22 15:57 - 000000000 ____D C:\Program Files\Common Files\INCA Shared
2018-02-22 15:57 - 2017-06-28 23:52 - 007288592 _____ (INCA Internet Co., Ltd.) C:\WINDOWS\SysWOW64\GameMon.des
2018-02-22 15:57 - 2004-12-29 10:43 - 000004682 _____ (INCA Internet Co., Ltd.) C:\WINDOWS\SysWOW64\npptNT2.sys
2018-02-22 15:57 - 2003-07-14 19:17 - 000005174 _____ C:\WINDOWS\SysWOW64\nppt9x.vxd
2018-02-22 15:17 - 2018-02-22 15:20 - 000000766 _____ C:\Users\Marty\Desktop\La Tale.lnk
2018-02-22 15:17 - 2018-02-22 15:17 - 000000000 ____D C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\La Tale
2018-02-22 07:58 - 2018-02-23 03:56 - 000000000 ____D C:\Users\Marty\AppData\Local\D22163.tmpd
2018-02-22 07:58 - 2018-02-22 07:58 - 000000000 _____ C:\Users\Marty\AppData\Local\D22163.tmp
2018-02-22 06:42 - 2018-02-23 03:56 - 000000000 ____D C:\Users\Marty\AppData\Local\D2B4FE.tmpd
2018-02-22 06:42 - 2018-02-23 03:56 - 000000000 ____D C:\Users\Marty\AppData\Local\D2AA1.tmpd
2018-02-22 06:42 - 2018-02-22 06:42 - 000000000 _____ C:\Users\Marty\AppData\Local\D2B4FE.tmp
2018-02-22 06:42 - 2018-02-22 06:42 - 000000000 _____ C:\Users\Marty\AppData\Local\D2AA1.tmp
2018-02-22 06:39 - 2018-02-23 03:56 - 000000000 ____D C:\Users\Marty\AppData\Local\D2B9AF.tmpd
2018-02-22 06:39 - 2018-02-22 06:39 - 000000000 _____ C:\Users\Marty\AppData\Local\D2B9AF.tmp
2018-02-22 04:58 - 2018-02-23 03:56 - 000000000 ____D C:\Users\Marty\AppData\Local\D2622A.tmpd
2018-02-22 04:58 - 2018-02-23 03:56 - 000000000 ____D C:\Users\Marty\AppData\Local\D228BA.tmpd
2018-02-22 04:58 - 2018-02-22 04:58 - 000000000 _____ C:\Users\Marty\AppData\Local\D2622A.tmp
2018-02-22 04:58 - 2018-02-22 04:58 - 000000000 _____ C:\Users\Marty\AppData\Local\D228BA.tmp
2018-02-22 04:57 - 2018-02-23 03:56 - 000000000 ____D C:\Users\Marty\AppData\Local\D2A54.tmpd
2018-02-22 04:57 - 2018-02-22 04:57 - 000000000 _____ C:\Users\Marty\AppData\Local\D2A54.tmp
2018-02-22 02:10 - 2018-02-23 03:56 - 000000000 ____D C:\Users\Marty\AppData\Local\D2AE22.tmpd
2018-02-22 02:10 - 2018-02-22 02:10 - 000000000 _____ C:\Users\Marty\AppData\Local\D2AE22.tmp
2018-02-22 02:03 - 2018-02-23 03:56 - 000000000 ____D C:\Users\Marty\AppData\Local\D26C4.tmpd
2018-02-22 02:03 - 2018-02-22 02:03 - 000000000 _____ C:\Users\Marty\AppData\Local\D26C4.tmp
2018-02-22 01:27 - 2018-02-23 03:56 - 000000000 ____D C:\Users\Marty\AppData\Local\D21357.tmpd
2018-02-22 01:27 - 2018-02-22 01:27 - 000000000 _____ C:\Users\Marty\AppData\Local\D21357.tmp
2018-02-21 23:37 - 2018-02-23 03:56 - 000000000 ____D C:\Users\Marty\AppData\Local\D215EE.tmpd
2018-02-21 23:37 - 2018-02-21 23:37 - 000000000 _____ C:\Users\Marty\AppData\Local\D215EE.tmp
2018-02-21 22:33 - 2018-02-23 03:56 - 000000000 ____D C:\Users\Marty\AppData\Local\D247F9.tmpd
2018-02-21 22:33 - 2018-02-21 22:33 - 000000000 _____ C:\Users\Marty\AppData\Local\D247F9.tmp
2018-02-21 21:21 - 2018-02-23 03:56 - 000000000 ____D C:\Users\Marty\AppData\Local\D2909C.tmpd
2018-02-21 21:21 - 2018-02-21 21:21 - 000000000 _____ C:\Users\Marty\AppData\Local\D2909C.tmp
2018-02-21 20:28 - 2018-02-23 03:56 - 000000000 ____D C:\Users\Marty\AppData\Local\D2F1A6.tmpd
2018-02-21 20:28 - 2018-02-21 20:28 - 000000000 _____ C:\Users\Marty\AppData\Local\D2F1A6.tmp
2018-02-21 19:25 - 2018-02-21 19:25 - 000001968 _____ C:\Users\Marty\Desktop\MindZoom.lnk
2018-02-21 19:25 - 2018-02-21 19:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MindZoom
2018-02-21 19:25 - 2004-03-09 00:00 - 000224016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tabctl32.ocx
2018-02-21 19:25 - 1998-06-24 01:00 - 000108336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSWINSCK.OCX
2018-02-21 19:25 - 1998-06-24 00:00 - 000609584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\COMCTL32.OCX
2018-02-21 19:25 - 1998-06-24 00:00 - 000198456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCI32.OCX
2018-02-21 19:24 - 2018-02-21 19:26 - 000000000 ____D C:\Users\Marty\AppData\Local\Mindzoom
2018-02-21 19:24 - 2018-02-21 19:25 - 000000000 ____D C:\Program Files (x86)\Mindzoom
2018-02-21 19:24 - 2005-04-15 20:58 - 001071088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSCOMCTL.OCX
2018-02-21 19:24 - 2002-10-16 20:03 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\COMDLG32.OCX
2018-02-21 14:43 - 2018-02-23 03:56 - 000000000 ____D C:\Users\Marty\AppData\Local\D29128.tmpd
2018-02-21 14:43 - 2018-02-21 14:43 - 000000000 _____ C:\Users\Marty\AppData\Local\D29128.tmp
2018-02-21 14:40 - 2018-02-23 03:56 - 000000000 ____D C:\Users\Marty\AppData\Local\D27ABB.tmpd
2018-02-21 14:40 - 2018-02-21 14:40 - 000000000 _____ C:\Users\Marty\AppData\Local\D27ABB.tmp
2018-02-20 22:04 - 2018-02-23 03:56 - 000000000 ____D C:\Users\Marty\AppData\Local\D2957B.tmpd
2018-02-20 22:04 - 2018-02-20 22:04 - 000000000 _____ C:\Users\Marty\AppData\Local\D2957B.tmp
2018-02-16 17:10 - 2018-02-16 17:10 - 000001551 _____ C:\Users\Marty\Desktop\D2 2 2nd window.lnk
2018-02-16 17:10 - 2018-02-16 17:10 - 000001551 _____ C:\Users\Marty\Desktop\D2 12ndwindow.lnk
2018-02-16 14:43 - 2018-02-16 14:43 - 000000000 ____D C:\Users\Marty\Documents\FeedbackHub
2018-02-15 19:25 - 2018-02-15 19:25 - 000000000 ____D C:\Users\Marty\AppData\Roaming\.mono
2018-02-15 05:40 - 2018-02-15 05:40 - 000000000 ____D C:\Users\Marty\Documents\WB Games
2018-02-15 02:47 - 2018-02-15 02:47 - 000000222 _____ C:\Users\Marty\Desktop\Middle-earth Shadow of Mordor.url
2018-02-14 17:25 - 2018-02-14 17:25 - 000000000 ____D C:\Users\Marty\AppData\LocalLow\Temp
2018-02-14 10:35 - 2018-02-14 10:35 - 000000057 _____ C:\Users\Marty\Desktop\Cox Cable Store.txt
2018-02-14 01:11 - 2018-02-14 01:11 - 011217568 _____ (Piriform Ltd) C:\Users\Marty\Downloads\ccsetup540.exe
2018-02-13 16:46 - 2018-02-09 22:04 - 001430760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2018-02-13 16:46 - 2018-02-09 21:09 - 002338776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2018-02-13 16:46 - 2018-02-09 21:07 - 000089504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2018-02-13 16:46 - 2018-02-09 20:47 - 017160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-02-13 16:46 - 2018-02-09 20:47 - 013704192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2018-02-13 16:46 - 2018-02-09 20:46 - 002393600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-02-13 16:46 - 2018-02-09 20:46 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-02-13 16:46 - 2018-02-09 20:44 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe
2018-02-13 16:46 - 2018-02-09 20:44 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-02-13 16:46 - 2018-02-09 20:43 - 018923008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-02-13 16:46 - 2018-02-09 20:43 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCShellCommonProxyStub.dll
2018-02-13 16:46 - 2018-02-09 20:42 - 001216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2018-02-13 16:46 - 2018-02-09 20:42 - 000975872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2018-02-13 16:46 - 2018-02-09 20:42 - 000731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Magnify.exe
2018-02-13 16:46 - 2018-02-09 20:42 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-02-13 16:46 - 2018-02-09 20:42 - 000225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2018-02-13 16:46 - 2018-02-09 20:42 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2018-02-13 16:46 - 2018-02-09 20:41 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-02-13 16:46 - 2018-02-09 20:41 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-02-13 16:46 - 2018-02-09 20:41 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2018-02-13 16:46 - 2018-02-09 20:40 - 000940544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2018-02-13 16:46 - 2018-02-09 20:40 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-02-13 16:46 - 2018-02-09 20:40 - 000343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-02-13 16:46 - 2018-02-09 20:39 - 001669120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2018-02-13 16:46 - 2018-02-09 20:38 - 006722560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2018-02-13 16:46 - 2018-02-09 20:38 - 002184192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2018-02-13 16:46 - 2018-02-09 20:38 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-02-13 16:46 - 2018-02-09 20:38 - 000653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll
2018-02-13 16:46 - 2018-02-09 20:38 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2018-02-13 16:46 - 2018-02-09 20:37 - 003578368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2018-02-13 16:46 - 2018-02-09 20:37 - 000199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe
2018-02-13 16:46 - 2018-02-09 20:36 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2018-02-13 16:46 - 2018-02-09 20:36 - 001759744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2018-02-13 16:46 - 2018-02-09 20:36 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-02-13 16:46 - 2018-02-09 20:36 - 001342464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2018-02-13 16:46 - 2018-02-09 20:35 - 000332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srchadmin.dll
2018-02-13 16:46 - 2018-02-09 20:34 - 006532096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2018-02-13 16:46 - 2018-02-09 20:34 - 002983936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmcndmgr.dll
2018-02-13 16:46 - 2018-02-09 20:33 - 001936384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmc.exe
2018-02-13 16:46 - 2018-02-09 20:32 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.ProxyStub.dll
2018-02-13 16:46 - 2018-02-09 20:31 - 001488896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmc.exe
2018-02-13 16:45 - 2018-02-09 22:24 - 000270744 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-02-13 16:45 - 2018-02-09 22:23 - 001577880 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-02-13 16:45 - 2018-02-09 22:23 - 000758168 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-02-13 16:45 - 2018-02-09 22:23 - 000613272 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-02-13 16:45 - 2018-02-09 22:23 - 000138136 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-02-13 16:45 - 2018-02-09 22:22 - 002003352 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-02-13 16:45 - 2018-02-09 22:22 - 000662936 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-02-13 16:45 - 2018-02-09 22:22 - 000460696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-02-13 16:45 - 2018-02-09 22:22 - 000387480 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-02-13 16:45 - 2018-02-09 22:22 - 000272800 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-02-13 16:45 - 2018-02-09 22:22 - 000070040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-02-13 16:45 - 2018-02-09 22:22 - 000035224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-02-13 16:45 - 2018-02-09 22:21 - 001092016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-02-13 16:45 - 2018-02-09 22:21 - 000479912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-02-13 16:45 - 2018-02-09 22:21 - 000279456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-02-13 16:45 - 2018-02-09 22:20 - 001206680 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-02-13 16:45 - 2018-02-09 22:20 - 001055640 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-02-13 16:45 - 2018-02-09 22:20 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-02-13 16:45 - 2018-02-09 22:20 - 000599448 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-02-13 16:45 - 2018-02-09 22:20 - 000077208 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-02-13 16:45 - 2018-02-09 22:19 - 001133888 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2018-02-13 16:45 - 2018-02-09 22:18 - 001193192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryPS.dll
2018-02-13 16:45 - 2018-02-09 22:18 - 000319864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-02-13 16:45 - 2018-02-09 22:18 - 000098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\FsIso.exe
2018-02-13 16:45 - 2018-02-09 22:18 - 000022400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2018-02-13 16:45 - 2018-02-09 22:17 - 001209240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-02-13 16:45 - 2018-02-09 22:16 - 008603032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-02-13 16:45 - 2018-02-09 22:16 - 002406456 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-02-13 16:45 - 2018-02-09 22:16 - 000739696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2018-02-13 16:45 - 2018-02-09 22:15 - 002514944 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-02-13 16:45 - 2018-02-09 22:15 - 001954048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-02-13 16:45 - 2018-02-09 22:15 - 001415296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-02-13 16:45 - 2018-02-09 22:15 - 000471968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-02-13 16:45 - 2018-02-09 22:14 - 004504464 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-02-13 16:45 - 2018-02-09 22:14 - 002395032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-02-13 16:45 - 2018-02-09 22:14 - 001002592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-02-13 16:45 - 2018-02-09 22:13 - 001416392 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2018-02-13 16:45 - 2018-02-09 22:13 - 000535960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2018-02-13 16:45 - 2018-02-09 22:13 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-02-13 16:45 - 2018-02-09 22:13 - 000373656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2018-02-13 16:45 - 2018-02-09 22:12 - 004537040 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2018-02-13 16:45 - 2018-02-09 22:12 - 001313016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Taskmgr.exe
2018-02-13 16:45 - 2018-02-09 22:12 - 001277848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-02-13 16:45 - 2018-02-09 22:12 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-02-13 16:45 - 2018-02-09 22:11 - 001029528 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2018-02-13 16:45 - 2018-02-09 22:11 - 000711432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-02-13 16:45 - 2018-02-09 22:11 - 000677784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-02-13 16:45 - 2018-02-09 22:11 - 000494496 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-02-13 16:45 - 2018-02-09 22:10 - 002447768 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2018-02-13 16:45 - 2018-02-09 22:10 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-02-13 16:45 - 2018-02-09 22:10 - 000614160 _____ (Microsoft Corporation) C:\WINDOWS\system32\StateRepository.Core.dll
2018-02-13 16:45 - 2018-02-09 22:10 - 000246168 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-02-13 16:45 - 2018-02-09 22:10 - 000154520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2018-02-13 16:45 - 2018-02-09 22:09 - 003904296 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-02-13 16:45 - 2018-02-09 22:09 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2018-02-13 16:45 - 2018-02-09 22:09 - 000525208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2018-02-13 16:45 - 2018-02-09 22:09 - 000491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2018-02-13 16:45 - 2018-02-09 22:09 - 000075160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-02-13 16:45 - 2018-02-09 22:08 - 021351624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-02-13 16:45 - 2018-02-09 22:08 - 007675784 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-02-13 16:45 - 2018-02-09 22:08 - 003010248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-02-13 16:45 - 2018-02-09 22:08 - 002574232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-02-13 16:45 - 2018-02-09 22:08 - 000687552 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2018-02-13 16:45 - 2018-02-09 22:08 - 000398824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2018-02-13 16:45 - 2018-02-09 22:08 - 000096200 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbrand.dll
2018-02-13 16:45 - 2018-02-09 22:08 - 000048112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2018-02-13 16:45 - 2018-02-09 22:07 - 004506576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-02-13 16:45 - 2018-02-09 22:07 - 002710728 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-02-13 16:45 - 2018-02-09 22:07 - 000705944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2018-02-13 16:45 - 2018-02-09 22:07 - 000436632 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2018-02-13 16:45 - 2018-02-09 22:06 - 004486904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2018-02-13 16:45 - 2018-02-09 22:06 - 000824896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2018-02-13 16:45 - 2018-02-09 22:06 - 000819096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2018-02-13 16:45 - 2018-02-09 22:06 - 000727448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-02-13 16:45 - 2018-02-09 22:06 - 000594048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-02-13 16:45 - 2018-02-09 22:06 - 000519144 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-02-13 16:45 - 2018-02-09 22:06 - 000494488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2018-02-13 16:45 - 2018-02-09 22:06 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-02-13 16:45 - 2018-02-09 22:06 - 000356952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-02-13 16:45 - 2018-02-09 22:06 - 000189336 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-02-13 16:45 - 2018-02-09 22:06 - 000100248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2018-02-13 16:45 - 2018-02-09 22:06 - 000087384 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2018-02-13 16:45 - 2018-02-09 22:05 - 000688064 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2018-02-13 16:45 - 2018-02-09 22:05 - 000413888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-02-13 16:45 - 2018-02-09 22:05 - 000097176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2018-02-13 16:45 - 2018-02-09 22:05 - 000070856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2018-02-13 16:45 - 2018-02-09 22:04 - 007384576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-02-13 16:45 - 2018-02-09 22:04 - 006791984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-02-13 16:45 - 2018-02-09 22:04 - 001778584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2018-02-13 16:45 - 2018-02-09 22:04 - 001628056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2018-02-13 16:45 - 2018-02-09 22:04 - 001426672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-02-13 16:45 - 2018-02-09 22:04 - 001254144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2018-02-13 16:45 - 2018-02-09 22:04 - 001170008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-02-13 16:45 - 2018-02-09 22:04 - 000614296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2018-02-13 16:45 - 2018-02-09 22:04 - 000603920 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-02-13 16:45 - 2018-02-09 22:04 - 000374032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
2018-02-13 16:45 - 2018-02-09 22:04 - 000339872 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2018-02-13 16:45 - 2018-02-09 22:04 - 000260896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-02-13 16:45 - 2018-02-09 22:04 - 000212880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2018-02-13 16:45 - 2018-02-09 22:04 - 000093592 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-02-13 16:45 - 2018-02-09 22:03 - 001619808 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2018-02-13 16:45 - 2018-02-09 22:03 - 000849304 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2018-02-13 16:45 - 2018-02-09 22:03 - 000722616 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2018-02-13 16:45 - 2018-02-09 22:03 - 000706600 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2018-02-13 16:45 - 2018-02-09 22:03 - 000404888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2018-02-13 16:45 - 2018-02-09 22:03 - 000098712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceReactivation.dll
2018-02-13 16:45 - 2018-02-09 22:02 - 002773400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-02-13 16:45 - 2018-02-09 22:02 - 002220952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2018-02-13 16:45 - 2018-02-09 22:02 - 001420696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2018-02-13 16:45 - 2018-02-09 22:02 - 001103768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-02-13 16:45 - 2018-02-09 22:02 - 000831384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2018-02-13 16:45 - 2018-02-09 22:02 - 000813976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2018-02-13 16:45 - 2018-02-09 22:02 - 000744856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2018-02-13 16:45 - 2018-02-09 22:02 - 000670104 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2018-02-13 16:45 - 2018-02-09 22:02 - 000645528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2018-02-13 16:45 - 2018-02-09 22:02 - 000628632 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp_win.dll
2018-02-13 16:45 - 2018-02-09 22:02 - 000617304 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-02-13 16:45 - 2018-02-09 22:02 - 000495000 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2018-02-13 16:45 - 2018-02-09 22:02 - 000397720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2018-02-13 16:45 - 2018-02-09 22:02 - 000231320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2018-02-13 16:45 - 2018-02-09 22:02 - 000040352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClientPS.dll
2018-02-13 16:45 - 2018-02-09 21:22 - 001930224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-02-13 16:45 - 2018-02-09 21:21 - 001615712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-02-13 16:45 - 2018-02-09 21:18 - 001384288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2018-02-13 16:45 - 2018-02-09 21:18 - 000022424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hvsicontainerservice.dll
2018-02-13 16:45 - 2018-02-09 21:17 - 002255112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-02-13 16:45 - 2018-02-09 21:17 - 000597160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2018-02-13 16:45 - 2018-02-09 21:17 - 000542856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryPS.dll
2018-02-13 16:45 - 2018-02-09 21:17 - 000211864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-02-13 16:45 - 2018-02-09 21:15 - 001145624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-02-13 16:45 - 2018-02-09 21:12 - 004382032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2018-02-13 16:45 - 2018-02-09 21:11 - 001250528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Taskmgr.exe
2018-02-13 16:45 - 2018-02-09 21:10 - 000422592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2018-02-13 16:45 - 2018-02-09 21:09 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-02-13 16:45 - 2018-02-09 21:09 - 003485392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-02-13 16:45 - 2018-02-09 21:09 - 001123456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2018-02-13 16:45 - 2018-02-09 21:09 - 000559976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2018-02-13 16:45 - 2018-02-09 21:09 - 000354200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2018-02-13 16:45 - 2018-02-09 21:08 - 003980720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2018-02-13 16:45 - 2018-02-09 21:08 - 002193168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-02-13 16:45 - 2018-02-09 21:08 - 000592792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2018-02-13 16:45 - 2018-02-09 21:07 - 025253376 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-02-13 16:45 - 2018-02-09 21:07 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-02-13 16:45 - 2018-02-09 21:07 - 000543920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2018-02-13 16:45 - 2018-02-09 21:07 - 000527864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StateRepository.Core.dll
2018-02-13 16:45 - 2018-02-09 21:07 - 000284112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2018-02-13 16:45 - 2018-02-09 21:07 - 000123808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2018-02-13 16:45 - 2018-02-09 21:07 - 000083216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbrand.dll
2018-02-13 16:45 - 2018-02-09 21:07 - 000061024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2018-02-13 16:45 - 2018-02-09 21:06 - 006481640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-02-13 16:45 - 2018-02-09 21:06 - 006014688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2018-02-13 16:45 - 2018-02-09 21:06 - 004670728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-02-13 16:45 - 2018-02-09 21:06 - 000982528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-02-13 16:45 - 2018-02-09 21:05 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-02-13 16:45 - 2018-02-09 21:05 - 001149272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2018-02-13 16:45 - 2018-02-09 21:05 - 000718232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2018-02-13 16:45 - 2018-02-09 21:05 - 000662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2018-02-13 16:45 - 2018-02-09 21:05 - 000654456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
2018-02-13 16:45 - 2018-02-09 21:05 - 000551672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2018-02-13 16:45 - 2018-02-09 21:05 - 000386424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2018-02-13 16:45 - 2018-02-09 21:05 - 000193248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2018-02-13 16:45 - 2018-02-09 21:05 - 000129184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-02-13 16:45 - 2018-02-09 21:05 - 000079256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceReactivation.dll
2018-02-13 16:45 - 2018-02-09 21:05 - 000077552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudNotifications.exe
2018-02-13 16:45 - 2018-02-09 21:05 - 000074992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2018-02-13 16:45 - 2018-02-09 21:04 - 001491352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2018-02-13 16:45 - 2018-02-09 21:04 - 000027032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVClientPS.dll
2018-02-13 16:45 - 2018-02-09 21:03 - 000505160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp_win.dll
2018-02-13 16:45 - 2018-02-09 20:50 - 003665408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-02-13 16:45 - 2018-02-09 20:50 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-02-13 16:45 - 2018-02-09 20:50 - 001294848 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-02-13 16:45 - 2018-02-09 20:50 - 000849920 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2018-02-13 16:45 - 2018-02-09 20:50 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-02-13 16:45 - 2018-02-09 20:49 - 001664512 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2018-02-13 16:45 - 2018-02-09 20:49 - 000848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-02-13 16:45 - 2018-02-09 20:49 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-02-13 16:45 - 2018-02-09 20:49 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2018-02-13 16:45 - 2018-02-09 20:49 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-02-13 16:45 - 2018-02-09 20:49 - 000326656 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-02-13 16:45 - 2018-02-09 20:49 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\convertvhd.exe
2018-02-13 16:45 - 2018-02-09 20:49 - 000211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-02-13 16:45 - 2018-02-09 20:49 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-02-13 16:45 - 2018-02-09 20:48 - 002890240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2018-02-13 16:45 - 2018-02-09 20:48 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2018-02-13 16:45 - 2018-02-09 20:48 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtClient.dll
2018-02-13 16:45 - 2018-02-09 20:47 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2018-02-13 16:45 - 2018-02-09 20:47 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-02-13 16:45 - 2018-02-09 20:47 - 000201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
2018-02-13 16:45 - 2018-02-09 20:47 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-02-13 16:45 - 2018-02-09 20:47 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-02-13 16:45 - 2018-02-09 20:47 - 000055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\virtdisk.dll
2018-02-13 16:45 - 2018-02-09 20:47 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-02-13 16:45 - 2018-02-09 20:47 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-02-13 16:45 - 2018-02-09 20:47 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2018-02-13 16:45 - 2018-02-09 20:47 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-02-13 16:45 - 2018-02-09 20:46 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-02-13 16:45 - 2018-02-09 20:46 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2018-02-13 16:45 - 2018-02-09 20:46 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-02-13 16:45 - 2018-02-09 20:46 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-02-13 16:45 - 2018-02-09 20:46 - 000199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll
2018-02-13 16:45 - 2018-02-09 20:46 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2018-02-13 16:45 - 2018-02-09 20:46 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2018-02-13 16:45 - 2018-02-09 20:46 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2018-02-13 16:45 - 2018-02-09 20:46 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsetup.dll
2018-02-13 16:45 - 2018-02-

#2 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,113 posts

Posted 04 March 2018 - 08:06 AM

Hello psychicguy and welcome back to SpywareInfo Forum.
I'm Android 8888 and I'll be helping you with your computer issues. Please ask questions if anything is unclear.

I see that you have a P2P (Peer-to-Peer) file sharing program installed (Torrent). I highly recommend that you consider uninstalling it since P2P programs represent a security threat to the information on your system as they allow others to access your system.

It is pretty much certain that if you continue to use P2P programs, sooner or later you will get infected again. It is just a question of time.
If you choose to remove it, you can do so via Start > Control Panel > Programs and Features.
If you wish to keep it, please DO NOT use it until the removal process is complete.


I suggest you remove this extension GAuth Authenticator from Chrome since it is not reliable. Please read the users reviews about this extension here.

 

Open Google Chrome;
Type chrome://extensions in the address bar and press Enter;
Click the trash can icon by the extension GAuth Authenticator.
A confirmation dialog appears, click Remove.


Next,

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Press the Windows key + R on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and click the OK button.
Please copy the entire contents of the code box below. To do this highlight the contents of the box and right click on it and select Copy.
Paste this into the open Notepad.
 

Start::
CreateRestorePoint:
CloseProcesses:
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
AlternateDataStreams: C:\Users\Public\AppData:CSM [464]
CMD: ipconfig /flushDNS
EmptyTemp:
End::

Save the file as fixlist.txt in to the same folder as FRST.
Right-click the FRST icon and select Run as administrator to run the tool.
Click the Fix button only once and wait.
When finished FRST will generate a log (Fixlog.txt) on the same folder as FRST. Please post its content to your next reply.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.


Next,

  • Download AdwCleaner and move it to your computer Desktop;
  • Right-click on AdwCleaner.exe and select Run as Administrator;
  • Accept the EULA (I accept), then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button;
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in.
  • Please copy and paste the content of that log in your next reply.

 

 

In your next reply I would like to see the contents of the following logs:
Fixlog.txt
AdwCleaner clean log.

How is the system running? Let me know what issue persists with the computer.

Android 8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#3 psychicguy

psychicguy

    Advanced Member

  • Helper Trainee
  • PipPipPip
  • 126 posts

Posted 04 March 2018 - 10:37 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 04.03.2018
Ran by Marty (04-03-2018 08:25:19) Run:3
Running from C:\Users\Marty\Desktop
Loaded Profiles: Marty (Available Profiles: Marty)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
AlternateDataStreams: C:\Users\Public\AppData:CSM [464]
CMD: ipconfig /flushDNS
EmptyTemp:
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
C:\Users\Public\AppData => ":CSM" ADS removed successfully
 
========= ipconfig /flushDNS =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 199948755 B
Java, Flash, Steam htmlcache => 29320238 B
Windows/system/drivers => 41012 B
Edge => 0 B
Chrome => 28690978 B
Firefox => 7050899 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 822 B
NetworkService => 0 B
Marty => 67244007 B
 
RecycleBin => 0 B
EmptyTemp: => 324.4 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 08:25:37 ====
 
# AdwCleaner 7.0.8.0 - Logfile created on Sun Mar 04 16:32:54 2018
# Updated on 2018/08/02 by Malwarebytes 
# Database: 03-02-2018.1
# Running on Windows 10 Pro (X64)
# Mode: scan
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries.
 
*************************
 
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########

#4 psychicguy

psychicguy

    Advanced Member

  • Helper Trainee
  • PipPipPip
  • 126 posts

Posted 05 March 2018 - 01:47 AM

I've found out the problem.  I was playing a game called LaTale.  When I wanted to buy something for the game inside of it's client it was wanting to only open Internet Explorer 11 when I only use chrome or firefox.  So Internet Explorer wasn't completely opening it because of my adblock plus and kaspersky internet security web browser blocker had it opening new browsers every time because it was crashing due to that issue.

 

That was the only issue I have seen.

 

I think I'll be okay unless you see anything else that is of great importance to remove.  Please let me know.

 

Thanks for your patience! :)


#5 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,113 posts

Posted 05 March 2018 - 09:48 AM

Hello psychicguy.

You're welcome. :thumbup:

Although your default browser is Chrome, most likely the game is optimized for Internet Explorer instead for other browsers. Anyway, I'm glad you have figured that out by yourself.
 

That was the only issue I have seen.

Yes, your logs are clean.

However, to be sure the computer is completely clean I would like you to run an online scan with Sophos Virus Removal Tool to search for leftovers. This is a very thorough scan so it can take several hours to complete, depending on the number of programs and files you have installed but it's worth it.

This tool scans the following areas of your computer:

  • Memory, including system memory on 32-bit (x86) versions of Windows;
  • The Windows Registry;
  • All local hard drives, fixed and removable;

Note 1: Mapped network drives are not scanned.

Note 2: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan.


Please download Sophos Virus Removal Tool and save it to your computer Desktop.

  • Right-click the icon and select Run as administrator.
  • Click Yes to accept any security warnings that may appear.
  • Click the Next button.
  • Select 'I accept the terms in the license agreement', then click Next twice.
  • Click the Install button and wait until the installation is complete.
  • Click the Finish button. The tool created a shortcut icon on the Desktop of your computer.
  • Now, double-click the Sophos Virus Removal Tool shortcut icon to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • After it updates and a "Start Scanning" button appears in the lower right:
    • Disconnect from the Internet or physically unplug your Internet cable connection.
    • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
    • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • Click the "Start Scanning" button in the lower right to start the scan.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, if it detected anything there will be a "Start Clean-up" button, click it and allow it to finish.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
  • If any threats are found click Details, then View Log file (bottom left-hand corner).
  • Copy and paste its contents in your next reply and note any errors encountered.
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup.
  • Click Exit to close the program.
  • If no threats were found, please confirm that result.

Note: Whenever necessary, the log will be in the following location:

C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.
Back to Malware Removal


  1. SpywareInfo Forum
  2. Spyware, thiefware, browser hijackers, and other advertising parasites
  3. Malware Removal
  4. Privacy Policy
Member of ASAP and UNITE
Support SpywareInfo Forum - click the button