joshkmartinez Posted May 5, 2017 ID:1122438 Share Posted May 5, 2017 I have installed multiple antivirus software and none can fix my problem. Whenever I try to start an antivirus it says "the requested system resource is in use". I know malware bytes can probably fix my problem if I install it. I have searched the web for a solution and I have tried many of them, they all don't work. I am also getting a faulty search engine. if I open a new tab I see google and I can search stuff, but I soon as I click search it redirects me to nova.rambler.ru's search engine and searches what I searched on google (if that makes sense). I would also like help removing this problem. I am glad to have help from anyone I have attached screenshots of the popup I am getting. (I even tried changing the names, but it still wont work) Thanks Link to post Share on other sites More sharing options...
Aura Posted May 5, 2017 ID:1122448 Share Posted May 5, 2017 Hi joshkmartinez My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state. As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens; As long as I'm assisting you on Malwarebytes Forums, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you; The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system; If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!; If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off; Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced; I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against Malwarebytes Forums's rules; In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process; I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread; This being said, it's time to clean-up some malware, so let's get started, shall we? Follow the instructions in the thread below, and provide me the content of the "mbar-log-TODAY'S-date.txt" log after running the scan and deleting the threats it detected (the log will be located in the MBAR folder). https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/ If you cannot run MBAR, please let me know. Link to post Share on other sites More sharing options...
joshkmartinez Posted May 6, 2017 Author ID:1122543 Share Posted May 6, 2017 Thank you for helping me with my problem. I have run MBAR and below is the log I now can run other antivirus software, in other words, the 'requested resource is in use error' is gone. mbar-log-2017-05-05 (16-23-34).txt Link to post Share on other sites More sharing options...
Aura Posted May 6, 2017 ID:1122545 Share Posted May 6, 2017 Good Now you should be able to install Malwarebytes and run a scan with it, so let's do it. Malwarebytes - Clean Mode Download and install the free version of MalwarebytesNote: It's your choice if you want to enable the free trial of Malwarebytes Premium or not. Enabling it will give you real-time protection from the program, as well as access to all the Premium features.Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point; Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so; Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan; Let the scan run, the time required to complete the scan depends of your system and computer specs; Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button;If it asks you to restart your computer to complete the removal, do so; Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply; Link to post Share on other sites More sharing options...
joshkmartinez Posted May 6, 2017 Author ID:1122554 Share Posted May 6, 2017 Ok will run the scan asap tomorrow and export the summary, I just have a few questions. I still have the nova rambler ru search engine type problem on chrome, will malware bytes fix that? And I also have software that I am fond of but Malwarebytes detects them as PUP's how do I whitelist them? Link to post Share on other sites More sharing options...
joshkmartinez Posted May 6, 2017 Author ID:1122557 Share Posted May 6, 2017 Most of the PUP's again are stuff that i purposfully instaled and use. I also occsionally mine bitcion on my pc so i would also like to whitelist that specific program. ok below is the results: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 5/5/17 Scan Time: 10:47 PM Logfile: Administrator: Yes -Software Information- Version: 3.0.6.1469 Components Version: 1.0.103 Update Package Version: 1.0.1879 License: Trial -System Information- OS: Windows 10 CPU: x64 File System: NTFS User: DESKTOP-0F8BR2O\ckurl -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 452959 Time Elapsed: 22 min, 57 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 2 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, No Action By User, [1480], [395260],1.0.1879 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCTRAY.EXE, No Action By User, [1480], [395260],1.0.1879 Module: 3 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, No Action By User, [1480], [395260],1.0.1879 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCTRAY.EXE, No Action By User, [1480], [395260],1.0.1879 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\OFCOMMON.DLL, No Action By User, [1480], [395260],1.0.1879 Registry Key: 2 PUP.Optional.AdvancedSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ADVANCEDSYSTEMCARESERVICE10, No Action By User, [1480], [395260],1.0.1879 PUP.Optional.SpyHunter, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SpyHunter 4 Service, No Action By User, [1329], [340933],1.0.1879 Registry Value: 2 PUP.Optional.AdvancedSystemCare, HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Advanced SystemCare 10, No Action By User, [1480], [395260],1.0.1879 PUP.Optional.AdvancedSystemCare, HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ADVANCED SYSTEMCARE ULTIMATE, No Action By User, [1480], [395260],1.0.1879 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 9 PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Downloads, No Action By User, [1329], [331702],1.0.1879 PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Rollback, No Action By User, [1329], [331702],1.0.1879 PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Data, No Action By User, [1329], [331702],1.0.1879 PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\defs, No Action By User, [1329], [331702],1.0.1879 PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Log, No Action By User, [1329], [331702],1.0.1879 PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\mon, No Action By User, [1329], [331702],1.0.1879 PUP.Optional.SpyHunter, C:\PROGRAM FILES\ENIGMA SOFTWARE GROUP\SPYHUNTER, No Action By User, [1329], [331702],1.0.1879 PUP.Optional.SpyHunter, C:\USERS\CKURL\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SPYHUNTER, No Action By User, [1329], [331712],1.0.1879 PUP.Optional.RegCurePro, C:\USERS\CKURL\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\PARETOLOGIC\REGCURE PRO, No Action By User, [1476], [352843],1.0.1879 File: 84 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, No Action By User, [1480], [395260],1.0.1879 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCTRAY.EXE, No Action By User, [1480], [395260],1.0.1879 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\OFCOMMON.DLL, No Action By User, [1480], [395260],1.0.1879 PUP.Optional.SpyHunter, C:\PROGRAM FILES\ENIGMA SOFTWARE GROUP\SPYHUNTER\SH4SERVICE.EXE, No Action By User, [1329], [340933],1.0.1879 PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE ULTIMATE\ASCTRAY.EXE, No Action By User, [1480], [395260],1.0.1879 PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Data\dns.dat, No Action By User, [1329], [331702],1.0.1879 PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\defs\2017043001.def, No Action By User, [1329], [331702],1.0.1879 PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\defs\def.dat, No Action By User, [1329], [331702],1.0.1879 PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20170430_162238.log, No Action By User, [1329], [331702],1.0.1879 PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\mon\autoexec.bat.bk, No Action By User, [1329], [331702],1.0.1879 PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\mon\hosts.bk, No Action By User, [1329], [331702],1.0.1879 PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\mon\system.ini.bk, No Action By User, [1329], [331702],1.0.1879 PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\mon\win.ini.bk, No Action By User, [1329], [331702],1.0.1879 PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Rollback\arch_1020874808a7552da63ea3649e1d846c_131380863217800000.esg, No Action By User, [1329], [331702],1.0.1879 PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Indonesian.lng, No Action By User, [1329], [331702],1.0.1879 PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Brazilian.lng, No Action By User, [1329], [331702],1.0.1879 PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Chinese(Simplified).lng, No Action By User, [1329], [331702],1.0.1879 PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Chinese(Traditional).lng, No Action By User, [1329], [331702],1.0.1879 PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Common.dll, No Action By User, [1329], [331702],1.0.1879 PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\cos.dat, No Action By User, [1329], [331702],1.0.1879 PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Croatian.lng, No Action By User, [1329], [331702],1.0.1879 PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Czech.lng, No Action By User, [1329], [331702],1.0.1879 PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Danish.lng, No Action By User, [1329], [331702],1.0.1879 PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Defman.dll, No Action By User, [1329], [331702],1.0.1879 PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Dutch.lng, No Action By User, [1329], [331702],1.0.1879 PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\English.lng, No Action By User, [1329], [331702],1.0.1879 PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys, No Action By User, [1329], [331702],1.0.1879 PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\EsgScanner.inf, No Action By User, [1329], [331702],1.0.1879 PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\EsgScanner.sys, No Action By User, [1329], [331702],1.0.1879 PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\ExecutionGuard.dll, No Action By User, [1329], [331702],1.0.1879 PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Finnish.lng, No Action By User, [1329], [331702],1.0.1879 PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\French.lng, No Action By User, [1329], [331702],1.0.1879 PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\gas.dat, No Action By User, [1329], [331702],1.0.1879 PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\German.lng, No Action By User, [1329], [331702],1.0.1879 PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\gil.dat, No Action By User, [1329], [331702],1.0.1879 PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Greek.lng, No Action By User, [1329], [331702],1.0.1879 PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Italian.lng, No Action By User, [1329], [331702],1.0.1879 PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Japanese.lng, No Action By User, [1329], [331702],1.0.1879 PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\key.dat, No Action By User, [1329], [331702],1.0.1879 PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\license.txt, No Action By User, [1329], [331702],1.0.1879 PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Lithuanian.lng, No Action By User, [1329], [331702],1.0.1879 PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\native.exe, No Action By User, [1329], [331702],1.0.1879 PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Norwegian.lng, No Action By User, [1329], [331702],1.0.1879 PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Polish.lng, No Action By User, [1329], [331702],1.0.1879 PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Portuguese.lng, No Action By User, [1329], [331702],1.0.1879 PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\purl.dat, No Action By User, [1329], [331702],1.0.1879 PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Romanian.lng, No Action By User, [1329], [331702],1.0.1879 PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Russian.lng, No Action By User, [1329], [331702],1.0.1879 PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\scanlog.log, No Action By User, [1329], [331702],1.0.1879 PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\shortcuts.txt, No Action By User, [1329], [331702],1.0.1879 PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\ShScanner.dll, No Action By User, [1329], [331702],1.0.1879 PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Slovene.lng, No Action By User, [1329], [331702],1.0.1879 PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\SND.nfo, No Action By User, [1329], [331702],1.0.1879 PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Spanish.lng, No Action By User, [1329], [331702],1.0.1879 PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\spyhunter.4.3.32-patch.exe, No Action By User, [1329], [331702],1.0.1879 PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.com, No Action By User, [1329], [331702],1.0.1879 PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe, No Action By User, [1329], [331702],1.0.1879 PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\spyhunterS4.exe, No Action By User, [1329], [331702],1.0.1879 PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\supportlog.txt, No Action By User, [1329], [331702],1.0.1879 PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group\SpyHunter\Swedish.lng, No Action By User, [1329], [331702],1.0.1879 PUP.Optional.SpyHunter, C:\Users\ckurl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\SpyHunter Emergency Startup.lnk, No Action By User, [1329], [331712],1.0.1879 PUP.Optional.SpyHunter, C:\Users\ckurl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\SpyHunter.lnk, No Action By User, [1329], [331712],1.0.1879 PUP.Optional.SpyHunter, C:\Users\ckurl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\Uninstall.lnk, No Action By User, [1329], [331712],1.0.1879 PUP.Optional.RegCurePro, C:\Users\ckurl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic\RegCure Pro\RegCure Pro.lnk, No Action By User, [1476], [352843],1.0.1879 PUP.Optional.RegCurePro, C:\Users\ckurl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic\RegCure Pro\Uninstall RegCure Pro.lnk, No Action By User, [1476], [352843],1.0.1879 PUP.Optional.SpyHunter, C:\USERS\CKURL\APPDATA\ROAMING\ENIGMA SOFTWARE GROUP\SH_INSTALLER.EXE, No Action By User, [1329], [345850],1.0.1879 PUP.Optional.SpyHunter, C:\USERS\CKURL\DESKTOP\SPYHUNTER.LNK, No Action By User, [1329], [331703],1.0.1879 PUP.Optional.RegCurePro, C:\USERS\CKURL\DESKTOP\REGCURE PRO.LNK, No Action By User, [1476], [335014],1.0.1879 PUP.Optional.AdvancedSystemCare, C:\USERS\PUBLIC\DESKTOP\ADVANCED SYSTEMCARE 10.LNK, No Action By User, [1480], [380338],1.0.1879 PUP.Optional.SpyHunter, C:\USERS\CKURL\DOWNLOADS\SPYHUNTER-INSTALLER (4).EXE, No Action By User, [1329], [345850],1.0.1879 PUP.Optional.Plumbytes, C:\USERS\CKURL\DOWNLOADS\ANTIMALWARESETUP.EXE, No Action By User, [9078], [123575],1.0.1879 PUP.Optional.Plumbytes, C:\USERS\CKURL\DOWNLOADS\ANTIMALWARESETUP (1).EXE, No Action By User, [9078], [123575],1.0.1879 RiskWare.BitCoinMiner, C:\USERS\CKURL\DOWNLOADS\NICEHASHMINER_V1.7.5.10.ZIP, No Action By User, [108], [314153],1.0.1879 PUP.Optional.RegCurePro, C:\USERS\CKURL\DOWNLOADS\REGCUREPROSETUP_82275F87-0808-4EBE-BFFF-1B15274F83AE_.EXE, No Action By User, [1476], [336305],1.0.1879 Trojan.BitCoinStealer, C:\USERS\CKURL\DOWNLOADS\SCRIPT (1).RAR, No Action By User, [865], [94682],1.0.1879 PUP.Optional.SpyHunter, C:\USERS\CKURL\DOWNLOADS\SPYHUNTER-INSTALLER (5).EXE, No Action By User, [1329], [345850],1.0.1879 PUP.Optional.SpyHunter, C:\USERS\CKURL\DOWNLOADS\SPYHUNTER-INSTALLER (2).EXE, No Action By User, [1329], [345850],1.0.1879 PUP.Optional.RegCurePro, C:\USERS\CKURL\DOWNLOADS\REDCURE PRO V3.1.7 + CRACK.RAR, No Action By User, [1476], [336305],1.0.1879 PUP.Optional.SpyHunter, C:\USERS\CKURL\DOWNLOADS\SPYHUNTER-INSTALLER (6).EXE, No Action By User, [1329], [345850],1.0.1879 PUP.Optional.SpyHunter, C:\USERS\CKURL\DOWNLOADS\SPYHUNTER-INSTALLER (1).EXE, No Action By User, [1329], [345850],1.0.1879 PUP.Optional.SpyHunter, C:\USERS\CKURL\DOWNLOADS\SPYHUNTER-INSTALLER.EXE, No Action By User, [1329], [345850],1.0.1879 Trojan.BitCoinStealer, C:\USERS\CKURL\DOWNLOADS\SCRIPT.RAR, No Action By User, [865], [94682],1.0.1879 PUP.Optional.SpyHunter, C:\USERS\CKURL\DOWNLOADS\SPYHUNTER-INSTALLER (3).EXE, No Action By User, [1329], [345850],1.0.1879 PUP.Optional.AdvancedSystemCare, C:\WINDOWS\SYSTEM32\TASKS\ASC10_PerformanceMonitor, No Action By User, [1480], [380341],1.0.1879 Physical Sector: 0 (No malicious items detected) (end) Link to post Share on other sites More sharing options...
Aura Posted May 6, 2017 ID:1122696 Share Posted May 6, 2017 Which PUPs do you use? From what I can see, Advanced SystemCare and SpyHunter are installed on your system. RegCure Pro and Plumbytes are detections you want to delete. As for the Bitcoin miner, I guess you're referring to these? RiskWare.BitCoinMiner, C:\USERS\CKURL\DOWNLOADS\NICEHASHMINER_V1.7.5.10.ZIP, No Action By User, [108], [314153],1.0.1879 Trojan.BitCoinStealer, C:\USERS\CKURL\DOWNLOADS\SCRIPT (1).RAR, No Action By User, [865], [94682],1.0.1879 Trojan.BitCoinStealer, C:\USERS\CKURL\DOWNLOADS\SCRIPT.RAR, No Action By User, [865], [94682],1.0.1879 You can configure Malwarebytes so it will ignore PUP detections, and/or exclude files and folders. In your case, excluding folders would be better. Link to post Share on other sites More sharing options...
joshkmartinez Posted May 6, 2017 Author ID:1122697 Share Posted May 6, 2017 Yes, they are, however, the files are actually on the desktop, not in the downloads folder so I can delete those. What should I do next? Link to post Share on other sites More sharing options...
joshkmartinez Posted May 6, 2017 Author ID:1122698 Share Posted May 6, 2017 I have excluded some of the programs that I use Link to post Share on other sites More sharing options...
Aura Posted May 6, 2017 ID:1122699 Share Posted May 6, 2017 (edited) Delete the rest of the detections. Once done, we'll run a sweep with JRT and AdwCleaner. Junkware Removal Tool (JRT) Download Junkware Removal Tool (JRT) and move it to your Desktop; Right-click on JRT.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users); Press on any key to launch the scan and let it complete;Credits : BleepingComputer.com Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply; AdwCleaner - Fix Mode Download AdwCleaner and move it to your Desktop; Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users); Accept the EULA (I accept), let the database update, then click on Scan; Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes; Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it; After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply; Your next reply(ies) should therefore contain: [*]Copy/pasted JRT log; [*]Copy/pasted AdwCleaner clean log; [/list] Edited May 6, 2017 by Aura Link to post Share on other sites More sharing options...
joshkmartinez Posted May 6, 2017 Author ID:1122705 Share Posted May 6, 2017 AWD Cleaner log: # AdwCleaner v6.046 - Logfile created 06/05/2017 at 14:22:54 # Updated on 24/04/2017 by Malwarebytes # Database : 2017-05-05.1 [Local] # Operating System : Windows 10 Home (X64) # Username : ckurl - DESKTOP-0F8BR2O # Running from : C:\Users\ckurl\Desktop\adwcleaner_6.046.exe # Mode: Clean # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** [-] Service deleted: scan [-] Service deleted: SpyHunter 4 Service [!] Service not deleted: AdvancedSystemCareService10 ***** [ Folders ] ***** [-] Folder deleted: C:\Users\ckurl\AppData\Local\llssoft [-] Folder deleted: C:\Users\ckurl\AppData\LocalLow\IObit\Advanced SystemCare [-] Folder deleted: C:\Users\ckurl\AppData\Roaming\Enigma Software Group [!] Folder not deleted: C:\Users\ckurl\AppData\Roaming\IObit\Advanced SystemCare [-] Folder deleted: C:\Users\ckurl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic [#] Folder deleted on reboot: C:\Users\ckurl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PARETOLOGIC [!] Folder not deleted: C:\ProgramData\IObit\ASCDownloader [!] Folder not deleted: C:\ProgramData\IObit\Advanced SystemCare [!] Folder not deleted: C:\ProgramData\Application Data\IObit\ASCDownloader [!] Folder not deleted: C:\ProgramData\Application Data\IObit\Advanced SystemCare [!] Folder not deleted: C:\Program Files (x86)\IObit\Advanced SystemCare [!] Folder not deleted: C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare [!] Folder not deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare ***** [ Files ] ***** ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled Tasks ] ***** [!] Task not deleted: ASC10_PerformanceMonitor ***** [ Registry ] ***** [!] Key not deleted: HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\Software\ParetoLogic [!] Key not deleted: HKLM\SOFTWARE\IOBIT\ASC [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{65416821-217D-44BD-9C61-F53398FB1B46} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{4ABDD67C-44E3-42E0-816D-D7F0E54761DF} [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{34F4FEAF-4921-4B5D-8BE5-CA384BFFC2CE} [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{39A37965-0A96-43A3-870E-821FE5C84B0B} [-] Key deleted: HKCU\Software\ParetoLogic [-] Key deleted: HKLM\SOFTWARE\ParetoLogic [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C547F361-5750-4CD1-9FB6-BC93827CB6C1} [#] Key deleted on reboot: [x64] HKCU\Software\ParetoLogic ***** [ Web browsers ] ***** ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [12035 Bytes] - [25/10/2016 22:47:47] C:\AdwCleaner\AdwCleaner[C10].txt - [8005 Bytes] - [30/04/2017 12:58:49] C:\AdwCleaner\AdwCleaner[C11].txt - [8774 Bytes] - [01/05/2017 07:35:50] C:\AdwCleaner\AdwCleaner[C12].txt - [2961 Bytes] - [06/05/2017 14:22:54] C:\AdwCleaner\AdwCleaner[C2].txt - [9639 Bytes] - [26/10/2016 18:23:35] C:\AdwCleaner\AdwCleaner[C3].txt - [1792 Bytes] - [29/10/2016 22:04:34] C:\AdwCleaner\AdwCleaner[C4].txt - [2340 Bytes] - [31/10/2016 00:38:26] C:\AdwCleaner\AdwCleaner[C5].txt - [6153 Bytes] - [12/11/2016 21:07:31] C:\AdwCleaner\AdwCleaner[C6].txt - [5404 Bytes] - [14/11/2016 17:43:36] C:\AdwCleaner\AdwCleaner[C7].txt - [3129 Bytes] - [17/11/2016 17:54:13] C:\AdwCleaner\AdwCleaner[C8].txt - [5364 Bytes] - [19/03/2017 09:02:22] C:\AdwCleaner\AdwCleaner[C9].txt - [4299 Bytes] - [19/03/2017 18:50:58] C:\AdwCleaner\AdwCleaner[S0].txt - [11857 Bytes] - [25/10/2016 22:22:04] C:\AdwCleaner\AdwCleaner[S10].txt - [2175 Bytes] - [31/10/2016 00:48:17] C:\AdwCleaner\AdwCleaner[S11].txt - [2249 Bytes] - [31/10/2016 10:48:52] C:\AdwCleaner\AdwCleaner[S12].txt - [2322 Bytes] - [31/10/2016 15:07:31] C:\AdwCleaner\AdwCleaner[S13].txt - [2397 Bytes] - [31/10/2016 21:08:42] C:\AdwCleaner\AdwCleaner[S14].txt - [2471 Bytes] - [01/11/2016 23:47:54] C:\AdwCleaner\AdwCleaner[S15].txt - [3227 Bytes] - [03/11/2016 22:34:06] C:\AdwCleaner\AdwCleaner[S16].txt - [5985 Bytes] - [12/11/2016 19:05:31] C:\AdwCleaner\AdwCleaner[S17].txt - [6059 Bytes] - [12/11/2016 19:35:22] C:\AdwCleaner\AdwCleaner[S18].txt - [5407 Bytes] - [14/11/2016 17:43:15] C:\AdwCleaner\AdwCleaner[S19].txt - [2987 Bytes] - [15/11/2016 09:04:34] C:\AdwCleaner\AdwCleaner[S1].txt - [9266 Bytes] - [26/10/2016 16:33:24] C:\AdwCleaner\AdwCleaner[S20].txt - [3061 Bytes] - [15/11/2016 18:57:51] C:\AdwCleaner\AdwCleaner[S21].txt - [3138 Bytes] - [16/11/2016 21:42:52] C:\AdwCleaner\AdwCleaner[S22].txt - [3254 Bytes] - [17/11/2016 17:37:32] C:\AdwCleaner\AdwCleaner[S23].txt - [3356 Bytes] - [18/11/2016 00:49:03] C:\AdwCleaner\AdwCleaner[S24].txt - [3430 Bytes] - [24/11/2016 21:07:17] C:\AdwCleaner\AdwCleaner[S25].txt - [3504 Bytes] - [25/11/2016 19:57:09] C:\AdwCleaner\AdwCleaner[S26].txt - [3578 Bytes] - [01/12/2016 17:40:30] C:\AdwCleaner\AdwCleaner[S27].txt - [3652 Bytes] - [02/12/2016 18:58:38] C:\AdwCleaner\AdwCleaner[S28].txt - [3726 Bytes] - [05/12/2016 21:08:34] C:\AdwCleaner\AdwCleaner[S29].txt - [3800 Bytes] - [08/12/2016 21:11:57] C:\AdwCleaner\AdwCleaner[S2].txt - [1443 Bytes] - [27/10/2016 20:28:33] C:\AdwCleaner\AdwCleaner[S30].txt - [3874 Bytes] - [15/12/2016 18:11:27] C:\AdwCleaner\AdwCleaner[S31].txt - [3948 Bytes] - [19/12/2016 21:03:20] C:\AdwCleaner\AdwCleaner[S32].txt - [4022 Bytes] - [07/01/2017 16:28:19] C:\AdwCleaner\AdwCleaner[S33].txt - [5285 Bytes] - [19/03/2017 09:00:54] C:\AdwCleaner\AdwCleaner[S34].txt - [4399 Bytes] - [19/03/2017 18:50:31] C:\AdwCleaner\AdwCleaner[S35].txt - [4390 Bytes] - [20/03/2017 20:51:22] C:\AdwCleaner\AdwCleaner[S36].txt - [4464 Bytes] - [29/03/2017 15:42:10] C:\AdwCleaner\AdwCleaner[S37].txt - [4538 Bytes] - [02/04/2017 09:56:20] C:\AdwCleaner\AdwCleaner[S38].txt - [6747 Bytes] - [06/04/2017 22:52:42] C:\AdwCleaner\AdwCleaner[S39].txt - [9876 Bytes] - [28/04/2017 22:15:36] C:\AdwCleaner\AdwCleaner[S3].txt - [1515 Bytes] - [27/10/2016 22:47:07] C:\AdwCleaner\AdwCleaner[S40].txt - [9249 Bytes] - [30/04/2017 10:56:51] C:\AdwCleaner\AdwCleaner[S41].txt - [8103 Bytes] - [30/04/2017 12:52:13] C:\AdwCleaner\AdwCleaner[S42].txt - [8386 Bytes] - [01/05/2017 07:15:04] C:\AdwCleaner\AdwCleaner[S43].txt - [6790 Bytes] - [06/05/2017 14:21:42] C:\AdwCleaner\AdwCleaner[S4].txt - [1589 Bytes] - [29/10/2016 09:21:55] C:\AdwCleaner\AdwCleaner[S5].txt - [1662 Bytes] - [29/10/2016 19:31:04] C:\AdwCleaner\AdwCleaner[S6].txt - [1891 Bytes] - [29/10/2016 20:11:34] C:\AdwCleaner\AdwCleaner[S7].txt - [1880 Bytes] - [30/10/2016 21:02:44] C:\AdwCleaner\AdwCleaner[S8].txt - [2356 Bytes] - [30/10/2016 23:46:45] C:\AdwCleaner\AdwCleaner[S9].txt - [2429 Bytes] - [31/10/2016 00:34:07] ########## EOF - C:\AdwCleaner\AdwCleaner[C12].txt - [6866 Bytes] ########## JRT log: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.1.3 (04.10.2017) Operating System: Windows 10 Home x64 Ran by ckurl (Administrator) on Sat 05/06/2017 at 14:57:42.18 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 9 Successfully deleted: C:\ProgramData\productdata (Folder) Successfully deleted: C:\Users\ckurl\AppData\Roaming\productdata (Folder) Successfully deleted: C:\Users\Public\asr.dat (File) Successfully deleted: C:\Windows\system32\Tasks\Driver Booster Scheduler (Task) Successfully deleted: C:\Windows\system32\Tasks\Driver Booster SkipUAC (ckurl) (Task) Successfully deleted: C:\Windows\system32\Tasks\SmartDefrag_Startup (Task) Successfully deleted: C:\Windows\system32\Tasks\Uninstaller_SkipUac_ckurl (Task) Successfully deleted: C:\Windows\Tasks\Uninstaller_SkipUac_ckurl.job (Task) Successfully deleted: C:\Windows\wininit.ini (File) Registry: 1 Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_66D18CA9E687EDBAD4EE44B54E7465E7 (Registry Value) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sat 05/06/2017 at 15:02:39.32 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Link to post Share on other sites More sharing options...
joshkmartinez Posted May 7, 2017 Author ID:1122731 Share Posted May 7, 2017 note I am still getting some (not as many) pop-up ads on chrome and still have the nova rambler ru search engine Link to post Share on other sites More sharing options...
Aura Posted May 8, 2017 ID:1122958 Share Posted May 8, 2017 Expected. Now, we'll run FRST to see what's left to remove from your system. Farbar Recovery Scan Tool (FRST) - Scan mode Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply. Download the right version of FRST for your system: FRST 64-bitNote: Only the right version will run on your system, the other will throw an error message. So if you don't know what your system's version is, simply download both of them, and the one that works is the one you should be using. Move the executable (FRST.exe or FRST64.exe) on your Desktop; Right-click on the executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users); Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds; Make sure the Addition.txt box is checked; Click on the Scan button; On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files; Copy and paste the content of both FRST.txt and Addition.txt in your next reply; Link to post Share on other sites More sharing options...
joshkmartinez Posted May 8, 2017 Author ID:1122996 Share Posted May 8, 2017 Addition: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-05-2017 Ran by ckurl (08-05-2017 07:32:18) Running from F:\iAmInfected\FRST64 Windows 10 Home Version 1607 (X64) (2016-08-22 11:45:11) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3379452668-3058411388-1845388906-500 - Administrator - Disabled) ckurl (S-1-5-21-3379452668-3058411388-1845388906-1001 - Administrator - Enabled) => C:\Users\ckurl DefaultAccount (S-1-5-21-3379452668-3058411388-1845388906-503 - Limited - Disabled) Guest (S-1-5-21-3379452668-3058411388-1845388906-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Total Security (Disabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Kaspersky Total Security (Disabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Total Security (Disabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 123D Design R2.2 (HKLM\...\123D Design) (Version: 2.2.14 - Autodesk, Inc.) Adobe Flash Player 25 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated) Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.) Adobe Photoshop Elements 13 (HKLM-x32\...\{609818B9-23EB-4196-B466-EFE05E92A32F}) (Version: 13.1 - Adobe Systems Incorporated) Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.8.198 - Adobe Systems, Inc.) Advanced SystemCare 10 (HKLM-x32\...\Advanced SystemCare_is1) (Version: 10.3.0 - IObit) Ansel (Version: 376.82 - NVIDIA Corporation) Hidden Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) Application Insights Tools for Visual Studio 2015 (x32 Version: 3.3 - Microsoft Corporation) Hidden Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 5.0.142.14 - Autodesk) Autodesk DirectConnect 2016 64-bit (HKLM\...\Autodesk DirectConnect 2016 64-bit) (Version: 10.0.98.0 - Autodesk) Autodesk DirectConnect 2016 64-bit (Version: 10.0.98.0 - Autodesk) Hidden Autodesk Maya 2016 (HKLM\...\Autodesk Maya 2016) (Version: 16.0.1312.0 - Autodesk) Autodesk Maya 2016 (Version: 16.0.1312.0 - Autodesk) Hidden AutoHotkey 1.1.24.02 (HKLM\...\AutoHotkey) (Version: 1.1.24.02 - Lexikos) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) BattleStick (HKLM\...\Steam App 394380) (Version: - Pinterac) Betternet for Windows (HKLM-x32\...\{2E77104D-96E1-4A9C-86F2-C7CF4C703740}) (Version: 3.7.4.0 - Betternet Technologies Inc.) Bitcoin Core (64-bit) (HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\Bitcoin Core (64-bit)) (Version: 0.14.1 - Bitcoin Core project) Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden Bloons TD Battles (HKLM\...\Steam App 444640) (Version: - Ninja Kiwi) BlueJ (HKLM-x32\...\{7D66971C-652B-4065-A6B1-B3EE313C254B}) (Version: 3.1.7 - BlueJ Team) BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.6.104.6367 - BlueStack Systems, Inc.) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform) Cheat Engine 6.6 (HKLM-x32\...\Cheat Engine 6.6_is1) (Version: - Cheat Engine) Chrome Remote Desktop Host (HKLM-x32\...\{88D5D9A4-48C4-4D0A-88B9-3E18661CF0D9}) (Version: 57.0.2987.37 - Google Inc.) CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.6.6907 - CyberLink Corp.) CyberLink PhotoDirector (Version: 5.0.6.6907 - CyberLink Corp.) Hidden CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.6.7428 - CyberLink Corp.) CyberLink YouCam (HKLM-x32\...\{A9CEDD6E-4792-493e-BB35-D86D2E188A5A}) (Version: 6.0.2.4508 - CyberLink Corp.) DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden Driver Booster 4.3 (HKLM-x32\...\Driver Booster_is1) (Version: 4.3.0 - IObit) Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company) Entity Framework 6.1.3 Tools for Visual Studio 2015 Update 1 (HKLM-x32\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation) Epic Pen version Epic Pen (HKLM-x32\...\Epic Pen_is1) (Version: Epic Pen - TANK Media) GIMP 2.8.20 (HKLM\...\GIMP-2_is1) (Version: 2.8.20 - The GIMP Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.81 - Google Inc.) Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.) Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden HP 3D DriveGuard (HKLM-x32\...\{E8D0E2B8-B64B-44BC-8E01-00DDACBDF78A}) (Version: 6.0.28.1 - Hewlett-Packard Company) HP CoolSense (HKLM-x32\...\{1504CF6F-8139-497F-86FC-46174B67CF7F}) (Version: 2.20.51 - Hewlett-Packard Company) HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP) HP Officejet Pro 8620 Basic Device Software (HKLM\...\{A977D10D-989A-40D4-B0B1-450954516543}) (Version: 32.3.198.49673 - Hewlett-Packard Co.) HP Officejet Pro 8620 Help (HKLM-x32\...\{9A4D71AB-9C68-4702-A4A2-A4DB7B0FE270}) (Version: 32.0.0 - Hewlett Packard) HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8305.5282 - Hewlett-Packard) HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.4.14.41 - Hewlett-Packard Company) HP Support Solutions Framework (HKLM-x32\...\{D7D5F438-26EF-45AB-AB89-C476FBCF8584}) (Version: 12.6.14.19 - Hewlett-Packard Company) HP System Event Utility (HKLM-x32\...\{1BB20774-0FA8-4CFF-AB69-7B7AAE2DCE6C}) (Version: 1.4.19 - HP Inc.) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - Hewlett-Packard Company) HP Wireless Button Driver (HKLM-x32\...\{AF4C5F64-4E6A-438B-9832-8BDEE0E7B43D}) (Version: 1.1.17.1 - HP) I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP) iFreeUp 1.0 (HKLM-x32\...\iFreeUp_is1) (Version: 1.0.12 - IObit) Intel(R) Chipset Device Software (x32 Version: 10.1.1.9 - Intel(R) Corporation) Hidden Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10603.192 - Intel Corporation) Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1163 - Intel Corporation) Intel(R) PRO/Wireless Driver (HKLM\...\{4200af36-26bc-4a5a-ae8b-1291373ec2e1}) (Version: 18.40.0003.4359 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4542 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.2.1088 - Intel Corporation) Intel(R) WiDi (HKLM\...\{5DD8D7E4-87F1-4134-AD28-4228FB1A03BA}) (Version: 6.0.44.0 - Intel Corporation) Intel(R) WiDi Software Asset Manager (x32 Version: 1.1.383 - Intel Corporation) Hidden Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{5068B0F8-CE24-4B61-9C2F-301B411FFB9C}) (Version: 18.1.1611.3223 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{d5572863-793c-4ec8-872a-43cccc68b948}) (Version: 18.40.0 - Intel Corporation) IObit Malware Fighter 5 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 5.0 - IObit) IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 6.3.0.18 - IObit) IOTransfer 1.2 (HKLM-x32\...\IOTransfer_is1) (Version: 1.2.0 - iFunSoft) iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.) Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation) Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation) Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation) Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation) Java SE Development Kit 8 Update 102 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180102}) (Version: 8.0.1020.14 - Oracle Corporation) Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab) Kaspersky Secure Connection (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden Kaspersky Security Scan (HKLM-x32\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C5}) (Version: 16.0.0.1344 - Kaspersky Lab) Kaspersky Security Scan (x32 Version: 16.0.0.1344 - Kaspersky Lab) Hidden Kaspersky Software Updater Beta (HKLM-x32\...\InstallWIX_{A19807B6-6057-456E-A560-A2A04862C1C6}) (Version: 1.5.1.202 - Kaspersky Lab) Kaspersky Software Updater Beta (x32 Version: 1.5.1.202 - Kaspersky Lab) Hidden Kaspersky Total Security (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab) Kaspersky Total Security (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden KGB Archiver 1.2.1.24 (HKLM-x32\...\KGB Archiver_is1) (Version: - Tomasz Pawlak) Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.12 - Magical Jelly Bean) Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes) mental ray renderer for Autodesk Maya 2016 (HKLM\...\{59AC9438-6EE3-4B22-860F-525308329228}) (Version: 16.0.1312.0 - mental ray) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation) Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation) Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.7967.2139 - Microsoft Corporation) Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server Data Tools - enu (14.0.50616.0) (HKLM-x32\...\{58246C80-3941-4B69-AE31-264644E2ADB8}) (Version: 14.0.50616.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation) Microsoft Visual Studio Community 2015 with Updates (HKLM-x32\...\{79b486b9-c5f0-4096-a00c-8351f59587c2}) (Version: 14.0.25420.1 - Microsoft Corporation) Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) Mp3tag v2.81 (HKLM-x32\...\Mp3tag) (Version: 2.81 - Florian Heidenreich) Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden NVIDIA GeForce Experience 2.11.3.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.3.5 - NVIDIA Corporation) NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7967.2139 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7967.2139 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (Version: 16.0.7967.2139 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7668.2066 - Microsoft Corporation) Hidden Prerequisites for SSDT (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation) Product Improvement Study for HP Officejet Pro 8620 (HKLM\...\{99039186-EBEB-4127-BFA2-18B10A05ACE2}) (Version: 32.3.198.49673 - Hewlett-Packard Co.) Python 2.7 pygame-1.9.1 (HKLM-x32\...\{5D13804A-67B7-49DA-9B15-65B70A83B9C3}) (Version: 1.9.1 - Pete Shinners, Rene Dudfield, Marcus von Appen, Bob Pendleton, others...) Python 2.7.12 (64-bit) (HKLM\...\{9DA28CE5-0AA5-429E-86D8-686ED898C666}) (Version: 2.7.12150 - Python Software Foundation) Python 2.7.12 (HKLM-x32\...\{9DA28CE5-0AA5-429E-86D8-686ED898C665}) (Version: 2.7.12150 - Python Software Foundation) Python 3.5.2 (32-bit) (HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\{cf72a2ab-2f1d-49fd-a0d7-1065e6357e1e}) (Version: 3.5.2150.0 - Python Software Foundation) Python 3.5.2 Core Interpreter (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden Python 3.5.2 Development Libraries (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden Python 3.5.2 Documentation (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden Python 3.5.2 Executables (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden Python 3.5.2 pip Bootstrap (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden Python 3.5.2 Standard Library (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden Python 3.5.2 Tcl/Tk Support (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden Python 3.5.2 Test Suite (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden Python 3.5.2 Utility Scripts (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden Python Launcher (HKLM-x32\...\{963ECCDD-F09F-4C24-9367-8B5D748AA7C8}) (Version: 3.5.2121.0 - Python Software Foundation) Rainmeter (HKLM-x32\...\Rainmeter) (Version: 4.0 r2746 - ) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.21296 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.7.107.2016 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8098 - Realtek Semiconductor Corp.) Reason Core Security (HKLM-x32\...\Reason Core Security) (Version: 2.1.0.9 - Reason Software Company Inc.) Remote Mouse version 3.002 (HKLM-x32\...\{01E4BC6D-3ACC-45E1-8928-C2FF626F63F3}_is1) (Version: 3.002 - Remote Mouse) RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version: - Punk Software) SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.11.3.5 - NVIDIA Corporation) Hidden Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.) Smart Defrag 5 (HKLM-x32\...\Smart Defrag_is1) (Version: 5.5.1 - IObit) Spotify (HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\Spotify) (Version: 1.0.53.758.gde3fc4b2 - Spotify AB) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Sublime Text Build 3126 (HKLM\...\Sublime Text 3_is1) (Version: - Sublime HQ Pty Ltd) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1240 - SUPERAntiSpyware.com) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.11.37 - Synaptics Incorporated) System Explorer 7.0.0 (HKLM-x32\...\{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1) (Version: - Mister Group) Team Fortress 2 (HKLM\...\Steam App 440) (Version: - Valve) Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN) VMware Player (HKLM\...\{B5D82DF0-AC2F-469F-8E97-599653947166}) (Version: 12.5.5 - VMware, Inc.) Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.) Vumaa (x32 Version: 1.0.0 - Vumaa) Hidden War Thunder (HKLM\...\Steam App 236390) (Version: - Gaijin Entertainment) Wargaming.net Game Center (HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\Wargaming.net Game Center) (Version: - Wargaming.net) WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation) Windows Driver Package - Apple, Inc. (USBAAPL64) USB (05/18/2015 6.0.9999.67) (HKLM\...\D72867649A47CA593E7F2327E5E49CB8D25B5534) (Version: 05/18/2015 6.0.9999.67 - Apple, Inc.) WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) Wondershare Filmora(Build 8.2.2) (HKLM\...\Wondershare Filmora_is1) (Version: - Wondershare Software) Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare) World of Tanks Blitz (HKLM\...\Steam App 444200) (Version: - Wargaming Group Limited) World of Warplanes NA (HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\WOWP.NA.PRODUCTION) (Version: - Wargaming.net) Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.72.0.388 - Zemana Ltd.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3379452668-3058411388-1845388906-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3379452668-3058411388-1845388906-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3379452668-3058411388-1845388906-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3379452668-3058411388-1845388906-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3379452668-3058411388-1845388906-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3379452668-3058411388-1845388906-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {00615077-DD07-4963-B529-208732E0CC98} - \LUMOS\TBW\TBW_04_00 -> No File <==== ATTENTION Task: {066FDB27-482E-45EC-89FE-296A667BEF47} - \LUMOS\TBW\TBW_07_00 -> No File <==== ATTENTION Task: {0E4101FA-8822-4899-894F-EEE20C8AE418} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-28] (Google Inc.) Task: {0E6157E1-9324-4F79-AC2F-0596760AA289} - \LUMOS\TBW\TBW_20_30 -> No File <==== ATTENTION Task: {11486291-E2F9-4EE7-910A-470A06389DFF} - \Auslogics\Driver Updater\Start Driver Updater оn ckurl logon -> No File <==== ATTENTION Task: {18EBC82C-3381-4698-958E-21312A662977} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-04-06] (HP Inc.) Task: {19C37EF1-1335-4460-B43D-3AF1D9063D1A} - \LUMOS\TBW\TBW_18_00 -> No File <==== ATTENTION Task: {1AA14685-00A4-46CA-A3A0-524A35C08D62} - \LUMOS\TBW\TBW_09_00 -> No File <==== ATTENTION Task: {1D491542-565C-4D42-9C3A-8327E8698C03} - \LUMOS\TBW\TBW_10_00 -> No File <==== ATTENTION Task: {1F930566-392B-4389-879A-60A5F17BF86A} - \LUMOS\TBW\TBW_05_30 -> No File <==== ATTENTION Task: {22A38E86-B381-4AAA-86CF-78135A11FEE5} - System32\Tasks\Reason Core Security Scheduled Scan => C:\Program Files\Reason\Security\rsUI.exe [2017-03-30] (Reason Software Company Inc.) Task: {23E29108-D829-42F6-AE0D-D612C6B15C40} - \LUMOS\TBW\TBW_08_00 -> No File <==== ATTENTION Task: {258AB952-D067-4A4C-B5F9-A0A7CE4333DE} - \LUMOS\TBW\TBW_06_00 -> No File <==== ATTENTION Task: {2C11FB30-2DDB-4572-BCCA-8D2AB6BCA3AA} - System32\Tasks\IObitSelfCheckTask => C:\Program Files (x86)\IObit\Smart Defrag\IObitSelfCheck.exe [2016-10-18] (IObit) Task: {31F2C749-E3F5-405F-BE25-C6AB8493AF06} - \LUMOS\TBW\TBW_06_30 -> No File <==== ATTENTION Task: {33D1363B-6D6D-4058-B2BF-41506E76FD76} - \LUMOS\TBW\TBW_00_30 -> No File <==== ATTENTION Task: {394F64C8-F8F9-496B-8089-32BB7D1BD066} - System32\Tasks\ASC10_SkipUac_ckurl => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [2017-03-30] (IObit) Task: {3DD3387A-4A4E-4037-817D-68B3F2C709DB} - System32\Tasks\Reason Core Security => C:\Program Files\Reason\Security\rsUI.exe [2017-03-30] (Reason Software Company Inc.) Task: {3F2B1D6F-7BC1-4AA4-ACD8-38BCB8421B3D} - \LUMOS\TBW\TBW_19_00 -> No File <==== ATTENTION Task: {3FD84776-7ECB-4583-BC41-F920B0F5EC18} - System32\Tasks\HPCustParticipation HP Officejet Pro 8620 => C:\Program Files\HP\HP Officejet Pro 8620\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP) Task: {42AC9147-6EEF-4E4D-A5EE-D69E847E064F} - System32\Tasks\Driver Booster SkipUAC (ckurl) => C:\Program Files (x86)\IObit\Driver Booster\4.3.0\DriverBooster.exe [2017-03-17] (IObit) Task: {4353D761-CAA6-401D-A9F8-016FBE030398} - \LUMOS\TBW\TBW_21_30 -> No File <==== ATTENTION Task: {4683F5E9-B5D6-4639-A8DD-A11F0427AC13} - \LUMOS\TBW\TBW_11_30 -> No File <==== ATTENTION Task: {4B474376-DB93-48CE-BB10-6D0DC4A189BF} - \LUMOS\TBW\TBW_12_00 -> No File <==== ATTENTION Task: {4F70AE9C-AF6E-4B32-8448-CE394D105174} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.) Task: {51DE424C-A785-4DF7-A92E-FB4EBF43B006} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-04-19] (Microsoft Corporation) Task: {570D73E8-473C-4611-8E63-319EA59BC8E4} - \LUMOS\TBW\TBW_01_00 -> No File <==== ATTENTION Task: {58652A9D-3B8B-4596-951F-9DAA9880BD62} - \LUMOS\TBW\TBW_18_30 -> No File <==== ATTENTION Task: {590D43C8-FA84-4D87-B7C5-483E782AC9DA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.) Task: {594B2083-7247-4219-B4C5-339936DF174E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.) Task: {599E7A49-954A-40B7-93D9-B2997CACF2DD} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-ckurlawalla@cox.net => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated) Task: {59D14286-9C19-408B-B974-F313B0B0FC37} - \ASC10_PerformanceMonitor -> No File <==== ATTENTION Task: {626D8EED-BDD6-437C-84CB-47A931E89599} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.) Task: {64EF5A71-0F8E-45DE-B6A8-67CA93417278} - \LUMOS\TBW\TBW_02_30 -> No File <==== ATTENTION Task: {66038ABA-6B68-4142-BE8E-B54E4D9182C0} - System32\Tasks\{D952195F-F2FE-479E-8CAC-E5117817E8CF} => pcalua.exe -a C:\Users\ckurl\AppData\Local\{A1FA97A6-8552-FB1E-E8CA-DEF6CCA2226E}\uninst.exe -c -FN=""-P=/Uninstall /s /noun /DelSelfDir Task: {662D2B71-DF00-49B8-9288-E9218EBD5F5B} - \LUMOS\TBW\TBW_23_00 -> No File <==== ATTENTION Task: {663C14AB-0200-49F2-A7C1-635EB0C630CD} - \LUMOS\TBW\TBW_14_30 -> No File <==== ATTENTION Task: {6A5E418C-F4A4-49D7-9B32-ED928294C4C2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.) Task: {6AEC7E8A-3555-4F99-885C-26A156468358} - \LUMOS\TBW\TBW_07_30 -> No File <==== ATTENTION Task: {70357E3C-EC2A-44DE-97BF-6620BDCCE2CF} - \LUMOS\TBW\TBW_02_00 -> No File <==== ATTENTION Task: {706FF03A-76EB-4301-ADEE-0D7AA2B80C37} - \LUMOS\TBW\TBW_17_00 -> No File <==== ATTENTION Task: {7163B70E-D9C2-4664-B09A-4B088E5B43EB} - \LUMOS\TBW\TBW_15_00 -> No File <==== ATTENTION Task: {72025C8A-AC8B-4F57-96BE-FB58B2AF847F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.) Task: {73828F83-23BF-49CB-B246-45FB18801357} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NOUACCHECK Task: {7395F4F1-A6C4-4FA2-9BB9-47FF5409FCCF} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [2016-06-06] (IObit) Task: {73FEA031-3747-4D9A-B2E7-5142E8441DA8} - \LUMOS\TBW\TBW_13_00 -> No File <==== ATTENTION Task: {74291B77-07DF-435A-A75A-507BFAB03B6B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-04-01] (HP Inc.) Task: {763690B7-F07B-4672-996D-1049B67D2F1A} - \LUMOS\TBW\TBW_13_30 -> No File <==== ATTENTION Task: {7AADE947-A724-489E-BA0F-8AED0BD2E068} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.) Task: {7C7E0AB9-8E3D-4D54-900A-1894713952F3} - \LUMOS\TBW\TBW_23_30 -> No File <==== ATTENTION Task: {7CA047E5-F6FF-4312-939B-BD0B41906552} - \LUMOS\TBW\TBW_22_30 -> No File <==== ATTENTION Task: {7F004AD8-97CE-4218-B29F-D423DA5739BB} - \LUMOS\TBW\TBW_03_30 -> No File <==== ATTENTION Task: {8490D1E7-7C5A-4505-A69C-FC678D0329B6} - \AVAST Software\Avast settings backup -> No File <==== ATTENTION Task: {8EA30A1E-66DF-488B-AF03-D5697FC34169} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2015-06-05] (Intel Corporation) Task: {93D1A584-2E08-4B3A-988C-5F43839092B7} - \LUMOS\TBW\TBW_00_00 -> No File <==== ATTENTION Task: {95B87259-C355-438B-98D0-3996291B8C94} - \LUMOS\TBW\TBW_19_30 -> No File <==== ATTENTION Task: {98E9A800-5DD9-4AEA-99DE-B7ACBCAF6C51} - \LUMOS\TBW\TBW_16_30 -> No File <==== ATTENTION Task: {98F7D864-643F-4B06-8BCE-105F38E8E408} - \LUMOS\TBW\TBW_10_30 -> No File <==== ATTENTION Task: {9BBAA623-5637-4AB6-B1A2-D02BFD2AA917} - \LUMOS\TBW\TBW_16_00 -> No File <==== ATTENTION Task: {9EB3B544-7A4D-450D-B5E6-E86293419287} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_25_0_0_148_pepper.exe [2017-04-15] (Adobe Systems Incorporated) Task: {9F5DC6EB-C8D8-485B-AE44-10DCE23333E2} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe [2017-04-19] (IObit) Task: {9FBDB771-1A2A-4AA5-AC16-7BB81A07B935} - \LUMOS\TBW\TBW_14_00 -> No File <==== ATTENTION Task: {A04BE138-B8D0-4884-AFC5-EE20360D641A} - System32\Tasks\{BDA69597-C186-49A4-856F-CFDA838F02C2} => pcalua.exe -a "C:\Program Files (x86)\UX Pack\uxuninst.exe" Task: {A16C1DEC-60F1-43A8-99F7-F338620FC0CB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN48LDW1GK => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-04-06] (HP Inc.) Task: {A226D1C6-80D7-4B66-A2C4-60F0D7B29C3B} - \LUMOS\TBW\TBW_05_00 -> No File <==== ATTENTION Task: {A2350C05-DFD0-4221-9B74-4A562084FF4E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-28] (Google Inc.) Task: {A388301C-230A-415A-BEF5-A7840BCA7B47} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2015-05-21] (Hewlett-Packard Development Company, L.P.) Task: {A511EA96-0F5C-4843-AEF0-1B198F52A08D} - System32\Tasks\iFreeUp_SkipUac_ckurl => C:\Program Files (x86)\IObit\iFreeUp\iFreeUp.exe [2016-09-30] (IObit) Task: {ABFDEB59-EF7D-42FF-945C-8EF93C0A26FC} - \LUMOS\TBW\TBW_11_00 -> No File <==== ATTENTION Task: {AFF2EAB9-3C96-4026-8355-2FCA2C0A4323} - System32\Tasks\MSFT_TaskSettings3\CaesarsSlots => powershell.exe -NoProfile -WindowStyle Hidden -command cmd.exe /c if exist C:\Users\ckurl\AppData\Local\Packages\Playtika.CaesarsSlotsFreeCasino_7vjeg68vnncd2 start explorer.exe shell:appsFolder\Playtika.CaesarsSlotsFreeCasino_7vjeg68vnncd2!App Task: {B46896D8-A0A0-467F-A902-E284333916AD} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\4.3.0\Scheduler.exe [2017-03-10] (IObit) Task: {B65F44B6-3A8C-46CA-8199-9061FE7DE060} - \LUMOS\TBW\TBW_22_00 -> No File <==== ATTENTION Task: {BF4F149F-849F-45A2-857C-07EFCD93964C} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [2017-04-10] (IObit) Task: {C2A071E2-CDEA-4B77-8B95-B91B32E537E5} - \LUMOS\TBW\TBW_04_30 -> No File <==== ATTENTION Task: {C2F43BCD-C074-41B9-91FB-A289B3680FEE} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2016-08-23] (AO Kaspersky Lab) Task: {C5FB4CB2-655B-4CE5-9BC6-703B38243AE5} - System32\Tasks\HPCeeScheduleForckurl => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard) Task: {C9287A7F-1852-4CB4-8863-6FC1BBE18FFE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-04-06] (HP Inc.) Task: {C986952E-0BBD-409A-AB94-9E76A333A9E3} - \LUMOS\TBW\TBW_09_30 -> No File <==== ATTENTION Task: {CF0D73FD-4D4A-4B93-8CDC-B97C707868B2} - \LUMOS\TBW\TBW_03_00 -> No File <==== ATTENTION Task: {D04459FA-C462-41A7-9452-B6114EF22E20} - \LUMOS\TBW\TBW_01_30 -> No File <==== ATTENTION Task: {D148F1C2-FFA9-42E0-9A0E-0FF77561A0D1} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-06-24] (Intel Corporation) Task: {D1B49010-67AF-4CE1-9F7B-30005A024538} - System32\Tasks\{792C56D5-DC60-4C20-8BB6-DACFE96AE1E2} => pcalua.exe -a C:\Users\ckurl\AppData\Local\{2D001B5C-09A8-77E4-6430-520C4058AE94}\uninst.exe -c -FN="C:\Users\ckurl\AppData\Local\{2D5D1BE6-080F-7690-6339-5142BFEBAC7C}\synctask.exe"-P=/Uninstall /s /noun /DelSelfDir Task: {D4B869AC-5FA5-42EB-A6BD-524DA6022FBE} - \LUMOS\TBW\TBW_20_00 -> No File <==== ATTENTION Task: {DADCC053-0B75-4D91-BDED-4919B81FAAF7} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-06-24] (Intel Corporation) Task: {DCC3C08E-7A9E-4EA6-B1D6-6145FB1B3F74} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-04-19] (Microsoft Corporation) Task: {E5B95B77-76B5-4279-9232-69EED1F8BADE} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-15] (Adobe Systems Incorporated) Task: {E8ABAC0E-18E7-4C95-B6FC-29967670B6EA} - \LUMOS\TBW\TBW_08_30 -> No File <==== ATTENTION Task: {ED545D42-49C3-4C07-A529-4C11A95EBD5B} - \LUMOS\TBW\TBW_17_30 -> No File <==== ATTENTION Task: {EE57BD88-6082-4BBF-AE6B-6597145B7C46} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe [2016-06-20] (Microsoft Corporation) Task: {F1ACF427-6DC0-46B2-8169-D5875F5B04C7} - \LUMOS\TBW\TBW_15_30 -> No File <==== ATTENTION Task: {F5919863-BE80-4B09-ACB0-FACDB74FD707} - \LUMOS\TBW\TBW_21_00 -> No File <==== ATTENTION Task: {FA58FFA8-AE40-4B62-B8A3-F03AC84680CB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-03] (Piriform Ltd) Task: {FA774262-2713-4544-A3DA-E6414D962C40} - \LUMOS\TBW\TBW_12_30 -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\HPCeeScheduleForckurl.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\ckurl\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square ==================== Loaded Modules (Whitelisted) ============== 2016-07-16 04:42 - 2016-07-16 04:42 - 00231424 _____ () C:\Windows\SYSTEM32\ism32k.dll 2017-04-11 16:15 - 2017-03-27 23:22 - 02681200 _____ () C:\Windows\system32\CoreUIComponents.dll 2017-01-13 14:56 - 2017-01-13 14:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2017-01-13 14:56 - 2017-01-13 14:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2017-03-13 18:12 - 2016-12-29 17:22 - 00021504 _____ () C:\Users\ckurl\Desktop\Wallpaper.Engine\bin\wallpaperservice32_c.exe 2017-05-07 08:50 - 2017-05-07 08:52 - 00303896 _____ () C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe 2017-05-07 08:50 - 2017-05-07 08:52 - 00625432 _____ () C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_bg.exe 2017-04-11 16:15 - 2017-03-27 23:22 - 02681200 _____ () C:\Windows\SYSTEM32\CoreUIComponents.dll 2017-05-01 14:31 - 2017-05-01 14:31 - 08931008 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll 2016-09-19 06:55 - 2016-09-06 21:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2017-03-14 18:14 - 2017-03-03 23:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2017-03-14 18:15 - 2017-03-03 23:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-03-14 18:15 - 2017-03-03 23:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-03-14 18:15 - 2017-03-03 23:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2017-04-11 16:15 - 2017-03-27 22:08 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2017-04-11 16:15 - 2017-03-27 22:11 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2017-01-27 22:48 - 2017-01-27 22:48 - 00085504 _____ () C:\Users\ckurl\AppData\Roaming\Rainmeter\Plugins\IsFullScreen.DLL 2017-01-27 22:48 - 2017-01-27 22:48 - 00008192 _____ () C:\Users\ckurl\AppData\Roaming\Rainmeter\Plugins\FrostedGlass.DLL 2017-01-01 06:59 - 2017-01-01 06:59 - 00136704 _____ () C:\Program Files\Rainmeter\Plugins\Win7AudioPlugin.dll 2017-01-27 22:48 - 2017-01-27 22:48 - 00024064 _____ () C:\Users\ckurl\AppData\Roaming\Rainmeter\Plugins\Backlight.DLL 2017-01-01 06:59 - 2017-01-01 06:59 - 00111104 _____ () C:\Program Files\Rainmeter\Plugins\PowerPlugin.DLL 2017-01-01 06:59 - 2017-01-01 06:59 - 00125952 _____ () C:\Program Files\Rainmeter\Plugins\WifiStatus.DLL 2017-01-01 07:00 - 2017-01-01 07:00 - 00023040 _____ () C:\Program Files\Rainmeter\Plugins\InputText.dll 2017-01-01 06:59 - 2017-01-01 06:59 - 00184832 _____ () C:\Program Files\Rainmeter\Plugins\FileView.DLL 2017-01-01 06:59 - 2017-01-01 06:59 - 00095744 _____ () C:\Program Files\Rainmeter\Plugins\FolderInfo.dll 2017-01-01 06:59 - 2017-01-01 06:59 - 00173568 _____ () C:\Program Files\Rainmeter\Plugins\AudioLevel.DLL 2017-01-01 06:59 - 2017-01-01 06:59 - 00102400 _____ () C:\Program Files\Rainmeter\Plugins\AdvancedCPU.DLL 2017-01-01 06:59 - 2017-01-01 06:59 - 00130560 _____ () C:\Program Files\Rainmeter\Plugins\SysInfo.DLL 2017-01-15 21:07 - 2017-01-15 21:07 - 00152064 _____ () C:\Users\ckurl\AppData\Roaming\Rainmeter\Plugins\HotKey.DLL 2016-05-25 05:38 - 2016-05-25 05:38 - 00129304 _____ () C:\Program Files\Reason\Security\x64\lz4_x64.dll 2017-04-26 16:03 - 2017-04-18 22:03 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\libglesv2.dll 2017-04-26 16:03 - 2017-04-18 22:03 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\libegl.dll 2016-06-28 00:19 - 2016-06-28 00:19 - 00865232 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\kpcengine.2.3.dll 2017-04-11 18:48 - 2017-03-28 17:08 - 00442144 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl 2017-04-11 18:48 - 2017-03-28 17:08 - 00210720 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl 2017-04-11 18:48 - 2017-03-28 17:08 - 00059680 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl 2017-05-06 22:14 - 2016-08-18 18:43 - 00442144 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madExcept_.bpl 2017-05-06 22:14 - 2016-08-18 18:43 - 00210720 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madBasic_.bpl 2017-05-06 22:14 - 2016-08-18 18:43 - 00059680 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madDisAsm_.bpl 2017-05-06 22:14 - 2016-11-01 10:11 - 00078624 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\GetProcessDLL.dll 2017-05-06 22:13 - 2016-01-11 17:03 - 00899872 _____ () C:\Program Files (x86)\IObit\Smart Defrag\webres.dll 2017-05-06 22:13 - 2016-01-11 17:02 - 00630048 _____ () C:\Program Files (x86)\IObit\Smart Defrag\ProductStatistics.dll 2017-04-11 18:48 - 2017-03-28 17:09 - 00899872 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\webres.dll 2017-04-11 18:48 - 2017-03-28 17:09 - 00631072 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\ProductStatistics.dll 2016-03-05 06:35 - 2016-10-19 20:15 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2017-05-06 22:14 - 2015-12-28 13:50 - 00899872 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\webres.dll 2017-05-06 22:14 - 2016-09-26 13:59 - 00631072 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStatistics.dll 2017-05-06 23:43 - 2017-05-03 06:22 - 01249528 _____ () \\?\C:\Program Files (x86)\Wargaming.net\GameCenter\dlls\libGLESv2.dll 2017-05-06 23:43 - 2017-05-03 06:22 - 00027384 _____ () \\?\C:\Program Files (x86)\Wargaming.net\GameCenter\dlls\libEGL.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\ckurl:Heroes & Generals [38] AlternateDataStreams: C:\ProgramData\Temp:ECF54A0E [135] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\D46ABDF2.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\D46ABDF2.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2017-04-04 00:04 - 2017-05-08 07:17 - 00006634 _____ C:\Windows\system32\Drivers\etc\hosts 0.0.0.0 a.ads1.msn.com 0.0.0.0 a.ads2.msads.net 0.0.0.0 a.ads2.msn.com 0.0.0.0 a.rad.msn.com 0.0.0.0 a-0001.a-msedge.net 0.0.0.0 a-0002.a-msedge.net 0.0.0.0 a-0003.a-msedge.net 0.0.0.0 a-0004.a-msedge.net 0.0.0.0 a-0005.a-msedge.net 0.0.0.0 a-0006.a-msedge.net 0.0.0.0 a-0007.a-msedge.net 0.0.0.0 a-0008.a-msedge.net 0.0.0.0 a-0009.a-msedge.net 0.0.0.0 ac3.msn.com 0.0.0.0 ad.doubleclick.net 0.0.0.0 adnexus.net 0.0.0.0 adnxs.com 0.0.0.0 ads.msn.com 0.0.0.0 ads1.msads.net 0.0.0.0 ads1.msn.com 0.0.0.0 aidps.atdmt.com 0.0.0.0 aka-cdn-ns.adtech.de 0.0.0.0 a-msedge.net 0.0.0.0 apps.skype.com 0.0.0.0 az361816.vo.msecnd.net 0.0.0.0 az512334.vo.msecnd.net 0.0.0.0 b.ads1.msn.com 0.0.0.0 b.ads2.msads.net 0.0.0.0 b.rad.msn.com 0.0.0.0 bs.serving-sys.com There are 126 more lines. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ckurl\pictures\wallpapers\windows 3840x2160.png DNS Servers: 10.0.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: ) (ConsentPromptBehaviorUser: ) (EnableLUA: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\Run: => "RTHDVCPL" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "AccelerometerSysTrayApplet" HKLM\...\StartupApproved\Run32: => "ADSKAppManager" HKLM\...\StartupApproved\Run32: => "HP Software Update" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "DelaypluginInstall" HKLM\...\StartupApproved\Run32: => "Aimersoft Helper Compact.exe" HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\StartupApproved\StartupFolder: => "Adobe Gamma.lnk" HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\StartupApproved\Run: => "GoogleDriveSync" HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\StartupApproved\Run: => "BlueStacks Agent" HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\StartupApproved\Run: => "Spotify" HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\StartupApproved\Run: => "Spotify Web Helper" HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\StartupApproved\Run: => "CyberGhost" HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\StartupApproved\Run: => "CCleaner Monitoring" HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\StartupApproved\Run: => "Gaijin.Net Agent" HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\StartupApproved\Run: => "WallpaperEngine" HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\StartupApproved\Run: => "KeepVidMusicService" HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\StartupApproved\Run: => "SUPERAntiSpyware" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{08A35E91-2DAA-4B10-9F6C-4D4FBB557986}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe FirewallRules: [{9C36B7DB-1395-4203-8E1E-484FB1E08160}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{E41F980E-18DC-48A0-BC60-B8D37E6FC63C}] => (Allow) LPort=5357 FirewallRules: [{71DA1969-10BD-4D52-A940-20691A44A47A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\Bin\DeviceSetup.exe FirewallRules: [{82393F2A-8FE0-4CF9-A2BC-133DFDCB9DF2}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\bin\SendAFax.exe FirewallRules: [{08EE574E-C780-4A0A-8A84-15FC528E534A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\bin\DigitalWizards.exe FirewallRules: [{AC67D5B3-B6BF-402B-8B68-7025D074629E}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\bin\FaxApplications.exe FirewallRules: [UDP Query User{6CCCD7DA-C397-44A6-8F58-526EBEECFA23}C:\users\ckurl\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\ckurl\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{C8181A2F-67E7-41DC-BE47-A572CE0C4609}C:\users\ckurl\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\ckurl\appdata\roaming\spotify\spotify.exe FirewallRules: [{90437998-AD6B-4BF0-89A2-45E83C3B2840}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe FirewallRules: [{3343FA1C-CDAB-4CA1-97C4-E845610362FB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{C076D986-0C87-4452-864C-2A2B14B86787}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{893381B6-9067-495F-A11B-3B1D72E772E5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{FE714242-3C37-4E7A-98DB-3CE0661805F8}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{352A5975-79A1-4F95-A83A-AA1740205DA2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{E7CA0E69-4FB3-41DD-B168-A31849B21CAD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{F851A9E7-C088-45F0-B108-7F02569752C5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{2630EC62-F0ED-4BA0-8EC4-D8CF2157E57D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{CCE24987-E953-4900-A307-A56DF726DB7C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{F4528E7C-3C4F-47A6-AA68-6043D715BDC2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{DAD1EA0F-7E2B-4D6D-A52D-F06F242CF002}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{BCF1AB69-8E27-4FD7-AE7E-DF4EADC8E1E0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{7125B5DB-3C65-4F11-A2AC-34C2046DCCF7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [TCP Query User{27BB9FFC-978F-4A5B-A092-70594B7DAFF6}C:\users\ckurl\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ckurl\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{6C6DEB51-2AFB-4DE1-BA0D-7849BBA276E8}C:\users\ckurl\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ckurl\appdata\roaming\spotify\spotify.exe FirewallRules: [{7B0FE1CE-C0D7-4190-9850-DCD12A6A42EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe FirewallRules: [{82E523C8-BA74-4C68-B679-2061C4189AD6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe FirewallRules: [{D3847724-CD24-46A5-B5A7-B676EDF48FD0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe FirewallRules: [{E40D8A8C-CD78-4656-B2B4-376CD6E5C794}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe FirewallRules: [{7E23BC4F-7B38-493A-9264-238268F12C07}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe FirewallRules: [{787CDB8E-33FD-4B6F-A06D-1D8B0CD402AF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe FirewallRules: [{0E951922-BA91-4747-B75D-97A14066D3CB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe FirewallRules: [{CF8FADFD-D9B5-48D5-A6DB-05ADFE24361A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{0492B74A-1A16-4A2F-93DC-4ECCDE5251C8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{041D3032-EC99-4917-966A-2DA0A2DD7646}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe FirewallRules: [{3C0BBB7E-0B9F-4ED6-8E4E-868C1B75265A}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe FirewallRules: [{80ECA06A-1F0B-49DF-B867-9746ACA0F0E2}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe FirewallRules: [{DBC75535-ECD9-47C1-AD04-7259B4FE56AA}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe FirewallRules: [{F2501263-CFD1-4A18-B56E-93F1AF502EF9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bloons TD Battles\Battles-Win.exe FirewallRules: [{1A0B6016-4E76-4E04-8F10-A01FA2DB705F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bloons TD Battles\Battles-Win.exe FirewallRules: [{D586A867-1014-4787-925F-BFB519D8DC61}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BattleStick\BattleStick.exe FirewallRules: [{80A7938D-138A-4462-B5AC-9429C35921A0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BattleStick\BattleStick.exe FirewallRules: [{F44DB9CF-CEEB-4A69-8169-5D0CBD869400}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\World of Tanks Blitz\wotblitz.exe FirewallRules: [{2A0D1D58-7785-46F3-B80B-17076753F01B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\World of Tanks Blitz\wotblitz.exe FirewallRules: [{E4D3578E-9A1E-4D67-BE7B-72F9CF322FE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War Thunder\launcher.exe FirewallRules: [{37750B42-C099-4DD9-B926-F49056435D64}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War Thunder\launcher.exe FirewallRules: [{C5BC2A42-60B7-4EAE-A941-A1A18B9CA068}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{4FCF2231-7783-4D26-BB8E-F2721022AE7C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{EB8CC388-95F2-42E7-AEF3-67001ADACF98}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{5B6181B6-87BC-4B6E-85CE-8FAA555C8406}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{6F29CACF-AD20-4C12-9EDA-964BBC5777AF}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{5CA8615D-1DE5-464C-828D-3C98BB721619}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{3A596DFB-ED6F-4A75-8F33-F2A00EF7E59B}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.3.0\DriverBooster.exe FirewallRules: [{BF748A6C-4E23-41F1-86F2-8EBDB9BA3050}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.3.0\DriverBooster.exe FirewallRules: [{93A9FFAB-EC7B-476B-9000-79D82B96FABB}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.3.0\DBDownloader.exe FirewallRules: [{546D16E2-BB79-4EFD-824E-BFE8E256563B}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.3.0\DBDownloader.exe FirewallRules: [{35DBF99C-3DE7-4B43-8E2A-E717261EA027}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.3.0\AutoUpdate.exe FirewallRules: [{8EF1D191-1F7F-4944-83B3-D1E8B3AA70BF}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.3.0\AutoUpdate.exe FirewallRules: [{60E6D465-398E-4850-BE86-7EF7620A2377}] => (Block) C:\windows\system32\svchost.exe FirewallRules: [{2765E0F4-2918-4A46-B9C9-43CDD8FCBA2B}] => (Block) C:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe FirewallRules: [{B4DC9C30-1778-47A6-A116-2204419765B3}] => (Block) C:\Windows\explorer.exe FirewallRules: [{521BBAD2-C7A1-4A62-ABD0-9137800BE650}] => (Allow) C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe FirewallRules: [{5A16C40B-0863-4205-8566-82B228A7EA89}] => (Allow) C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe FirewallRules: [{201975D0-A4AA-4FEB-BE73-5E5DA2943663}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe FirewallRules: [{569557EC-F6DB-479B-B40B-AFFE214109A9}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe FirewallRules: [TCP Query User{74617A01-158B-420A-AF63-F3273E43E2D0}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe FirewallRules: [UDP Query User{2612BF1D-46AA-4430-920C-EAD58E1F19EF}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe FirewallRules: [{DEC0230A-EE35-4708-9756-F764CB19EF3C}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\57.0.2987.37\remoting_host.exe FirewallRules: [{3E2F294B-F889-4CE0-A4E5-D06E91F6BABB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{99E382A7-3F2F-4895-8C52-12CCA0BE0F13}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe FirewallRules: [{EF6E1ABF-9364-4AB0-9BA7-553A8D443DBF}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe FirewallRules: [{E1B39E0C-9058-4CBF-9F83-C446684C8982}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe FirewallRules: [{88CFD134-191B-4583-ADAF-3E93AFFD1BC0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe FirewallRules: [{C9EB2928-6C83-44E8-BD8C-B81C9A6AB1ED}] => (Allow) C:\Program Files (x86)\Wargaming.net\GameCenter\wgc.exe ==================== Restore Points ========================= 06-05-2017 14:57:42 JRT Pre-Junkware Removal ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318} Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (05/08/2017 07:26:38 AM) (Source: HP Active Health) (EventID: 91) (User: ) Description: Unhandled Exception. Application will terminate immediately. System.NullReferenceException: Object reference not set to an instance of an object. at HP.ActiveHealth.Commons.Objects.ElevatedProcessVerifier.IsUacEnabled() at HP.ActiveHealth.Commons.Objects.ElevatedProcessVerifier.IsProcessElevated(Process process) at HP.ActiveHealth.Core.Program..ctor(String[] args, Boolean mustCheckSignature, Boolean validateIni, Boolean setupPowerOptimization) at HP.ActiveHealth.Core.ActiveHealthMain.Main(String[] args) Error: (05/08/2017 07:22:43 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (05/08/2017 07:22:08 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: IAStorDataMgrSvc.exe, version: 14.5.2.1088, time stamp: 0x55af5809 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x0375d5f5 Faulting process id: 0x18c8 Faulting application start time: 0x01d2c8065ed5975a Faulting application path: C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe Faulting module path: unknown Report Id: a519b0e3-2f3d-4106-b63a-eada27557332 Faulting package full name: Faulting package-relative application ID: Error: (05/08/2017 07:22:06 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: IAStorDataMgrSvc.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.NullReferenceException at IAStorUtil.SystemDataModelListener.ProcessSystemDataModelChanges() at IAStorUtil.SystemDataModelListener.LoadSavedSystemState() at IAStorDataMgr.EventRelay.<Start>b__0(System.Object) at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() at System.Threading.ThreadPoolWorkQueue.Dispatch() at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() Error: (05/08/2017 07:18:01 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: NvStreamNetworkService.exe, version: 7.1.2071.1338, time stamp: 0x5726e00c Faulting module name: MessageBus.dll, version: 0.0.0.0, time stamp: 0x5726d98c Exception code: 0xc0000005 Fault offset: 0x0000000000010f73 Faulting process id: 0x138c Faulting application start time: 0x01d2c805e51659a0 Faulting application path: C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe Faulting module path: C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll Report Id: 828135c0-9e81-4b4c-8bf6-11881a39dfed Faulting package full name: Faulting package-relative application ID: Error: (05/08/2017 07:17:38 AM) (Source: DPTF) (EventID: 256) (User: ) Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.2.11000.2996) TYPE: ERROR MODULE: DPTF TIME 54590 ms DPTF Build Version: 8.2.11000.2996 DPTF Build Date: Aug 10 2016 11:44:33 Source File: ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 989 Executing Function: PolicyBase::takeControlOfOsc Message: Critical Policy: Failed to acquire OSC: Failure during execution of _OSC: DPTF Build Version: 8.2.11000.2996 DPTF Build Date: Aug 10 2016 11:44:33 Source File: ..\..\..\Sources\Manager\EsifServices.cpp @ line 472 Executing Function: EsifServices::primitiveExecuteSet Message: Error returned from ESIF services interface function call Participant: NoParticipant Domain: NoDomain ESIF Primitive: SET_OPERATING_SYSTEM_CAPABILITIES [93] ESIF Instance: 255 ESIF Return Code: ESIF_E_UNSUPPORTED_ACTION_TYPE [1202] Policy: Critical Policy [3] Error: (05/08/2017 07:17:37 AM) (Source: DPTF) (EventID: 256) (User: ) Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.2.11000.2996) TYPE: ERROR MODULE: DPTF TIME 53776 ms DPTF Build Version: 8.2.11000.2996 DPTF Build Date: Aug 10 2016 11:44:33 Source File: ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 989 Executing Function: PolicyBase::takeControlOfOsc Message: Active Policy: Failed to acquire OSC: Failure during execution of _OSC: DPTF Build Version: 8.2.11000.2996 DPTF Build Date: Aug 10 2016 11:44:33 Source File: ..\..\..\Sources\Manager\EsifServices.cpp @ line 472 Executing Function: EsifServices::primitiveExecuteSet Message: Error returned from ESIF services interface function call Participant: NoParticipant Domain: NoDomain ESIF Primitive: SET_OPERATING_SYSTEM_CAPABILITIES [93] ESIF Instance: 255 ESIF Return Code: ESIF_E_UNSUPPORTED_ACTION_TYPE [1202] Policy: Active Policy [0] Error: (05/07/2017 06:28:44 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "WmiApRpl" in DLL "C:\Windows\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (05/07/2017 06:28:44 PM) (Source: Perflib) (EventID: 1018) (User: ) Description: Disabled performance counter data collection for this session from the "VMware" service because the performance counter library for that service has generated one or more errors. The errors that forced this action have been written to the application event log. Error: (05/07/2017 06:28:44 PM) (Source: Perflib) (EventID: 1022) (User: ) Description: Windows cannot open the 64-bit extensible counter DLL VMware in a 32-bit environment. Contact the file vendor to obtain a 32-bit version. Alternatively if you are running a 64-bit native environment, you can open the 64-bit extensible counter DLL by using the 64-bit version of Performance Monitor. To use this tool, open the Windows folder, open the System32 folder, and then start Perfmon.exe. System errors: ============= Error: (05/08/2017 07:30:33 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80070490: HP - Other hardware, Printer - Null Fax - HP Officejet Pro 8620. Error: (05/08/2017 07:26:42 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (05/08/2017 07:22:18 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s). Error: (05/08/2017 07:17:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The WinDefend service failed to start due to the following error: Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Error: (05/08/2017 07:16:49 AM) (Source: volmgr) (EventID: 46) (User: ) Description: Crash dump initialization failed! Error: (05/07/2017 08:40:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (05/07/2017 07:59:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (05/07/2017 06:43:44 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (05/07/2017 04:29:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (05/07/2017 01:16:40 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80070490: HP - Other hardware, Printer - Null Fax - HP Officejet Pro 8620. CodeIntegrity: =================================== Date: 2017-05-08 07:31:33.357 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aadcloudap.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-05-08 07:31:33.323 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aadcloudap.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-05-08 07:18:42.036 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\BTHUSB.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-05-08 07:18:39.750 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\BTHUSB.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-05-08 07:18:37.459 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\BTHUSB.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-05-08 07:18:35.175 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\BTHUSB.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-05-08 07:18:32.889 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\BTHUSB.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-05-08 07:18:30.603 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\BTHUSB.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-05-08 07:18:28.317 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\BTHUSB.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-05-08 07:18:26.028 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\BTHUSB.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz Percentage of memory in use: 24% Total physical RAM: 16204.34 MB Available physical RAM: 12262.48 MB Total Virtual: 17228.34 MB Available Virtual: 12860.77 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:904.87 GB) (Free:542.31 GB) NTFS Drive d: (RECOVERY) (Fixed) (Total:25.43 GB) (Free:2.84 GB) NTFS ==>[system with boot components (obtained from drive)] Drive f: (BIGstick) (Removable) (Total:29.89 GB) (Free:27.47 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 0664B0C4) Partition: GPT. ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 29.9 GB) (Disk ID: D94646C9) Partition 1: (Active) - (Size=29.9 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ FRST: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-05-2017 Ran by ckurl (administrator) on DESKTOP-0F8BR2O (08-05-2017 07:30:37) Running from F:\iAmInfected\FRST64 Loaded Profiles: ckurl (Available Profiles: ckurl) Platform: Windows 10 Home Version 1607 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\igfxCUIService.exe (IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe (Mister Group) C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe (Intel Corporation) C:\Windows\System32\ibtsiva.exe (IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe () C:\Users\ckurl\Desktop\Wallpaper.Engine\bin\wallpaperservice32_c.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe () C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe () C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_bg.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe (IObit) C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avpui.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\igfxEM.exe (Intel Corporation) C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (IObit) C:\Program Files (x86)\IObit\Driver Booster\4.3.0\Scheduler.exe (IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe (Wargaming.net) C:\Program Files (x86)\Wargaming.net\GameCenter\wgc.exe (Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8620\Bin\HPNetworkCommunicatorCom.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe (Rainmeter) C:\Program Files\Rainmeter\Rainmeter.exe (HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe (Wargaming.net) C:\Program Files (x86)\Wargaming.net\GameCenter\dlls\wgc_watchdog.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe (Reason Software Company Inc.) C:\Program Files\Reason\Security\rsUI.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe (Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1051_none_7f2bf7ea21d201b2\TiWorker.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9209856 2017-04-29] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-10-19] (NVIDIA Corporation) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [1062392 2017-03-15] (HP Inc.) HKLM\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab) HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\Run: [HP Officejet Pro 8620 (NET)] => C:\Program Files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP) HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google) HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\Run: [Gaijin.Net Agent] => C:\Users\ckurl\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [1912840 2017-02-13] () HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27427808 2017-02-08] (Skype Technologies S.A.) HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] () HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\Run: [Spotify Web Helper] => C:\Users\ckurl\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-04-25] (Spotify Ltd) HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-03] (Piriform Ltd) HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7946656 2017-04-04] (SUPERAntiSpyware) HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\Run: [Advanced SystemCare 10] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [3920672 2017-03-30] (IObit) HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\Run: [Wargaming.net Game Center] => C:\Program Files (x86)\Wargaming.net\GameCenter\wgc.exe [1618168 2017-05-03] (Wargaming.net) HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\RunOnce: [Uninstall C:\Users\ckurl\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_2\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\ckurl\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_2\amd64" HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1 HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\...\Winlogon: [Shell] C:\windows\explorer.exe [4674360 2017-03-04] (Microsoft Corporation) <==== ATTENTION HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-07-16] (Microsoft Corporation) HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0 Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kaspersky Software Updater Beta.lnk [2016-05-29] ShortcutTarget: Kaspersky Software Updater Beta.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe (AO Kaspersky Lab) Startup: C:\Users\ckurl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2017-01-13] ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Rainmeter) BootExecute: autocheck autochk * ?????????????SmartDefragBootTime.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 10.0.1.1 Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4 Tcpip\..\Interfaces\{cfe21422-8cd3-41c5-9d18-19018f8541fe}: [DhcpNameServer] 10.0.1.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\Software\Microsoft\Internet Explorer\Main,Start Page = HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3379452668-3058411388-1845388906-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2017-03-28] (IObit) BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2017-03-29] (AO Kaspersky Lab) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-04-30] (Oracle Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-05-01] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-30] (Oracle Corporation) BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-07-15] (Intel Security) BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll [2017-03-29] (AO Kaspersky Lab) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-04-30] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-30] (Oracle Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.) BHO-x32: IObit Ads Removal -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Adblock\Adblock.dll [2016-06-23] (IObit) Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-07-15] (Intel Security) Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll [2017-03-29] (AO Kaspersky Lab) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-01] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-01] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-01] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-01] (Microsoft Corporation) Handler: WSKVAllmytubechrome - No CLSID Value Edge: ====== Edge Session Restore: HKU\S-1-5-21-3379452668-3058411388-1845388906-1001 -> is enabled. FireFox: ======== FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2017-03-29] FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi FF HKLM-x32\...\Firefox\Extensions: [firefox@gingersoftware.2.0.0.74.com] - C:\Program Files (x86)\Ginger\Mozilla\firefox@gingersoftware.2.0.0.74.com => not found FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-30] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-30] (Oracle Corporation) FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-06-08] (Unity Technologies ApS) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1228198.dll [2017-02-27] (Adobe Systems, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-30] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-30] (Oracle Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-03-05] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems) FF Plugin HKU\.DEFAULT: gingersoftware.com/gingerPlugin -> C:\Program Files (x86)\Ginger\GingerServices\GingerServicesProxy.dll [No File] StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxp://www.google.com/ CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms} CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms} CHR Session Restore: Default -> is enabled. CHR Profile: C:\Users\ckurl\AppData\Local\Google\Chrome\User Data\Default [2017-05-08] CHR Extension: (Google Slides) - C:\Users\ckurl\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-24] CHR Extension: (Google Docs) - C:\Users\ckurl\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-24] CHR Extension: (Google Drive) - C:\Users\ckurl\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-24] CHR Extension: (YouTube) - C:\Users\ckurl\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-24] CHR Extension: (OneTab) - C:\Users\ckurl\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2017-02-20] CHR Extension: (Adblock for Youtube™) - C:\Users\ckurl\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2017-05-03] CHR Extension: (Google Sheets) - C:\Users\ckurl\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-24] CHR Extension: (HTTPS Everywhere) - C:\Users\ckurl\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2017-05-03] CHR Extension: (Google Docs Offline) - C:\Users\ckurl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-24] CHR Extension: (AdBlock) - C:\Users\ckurl\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-04-16] CHR Extension: (Grammarly for Chrome) - C:\Users\ckurl\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-05-05] CHR Extension: (Black carbon + silver metal) - C:\Users\ckurl\AppData\Local\Google\Chrome\User Data\Default\Extensions\lodhggoaglindpoejnjldimdlikkphph [2017-05-03] CHR Extension: (Google Mail Checker) - C:\Users\ckurl\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2017-05-03] CHR Extension: (Chrome Web Store Payments) - C:\Users\ckurl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08] CHR Extension: (Gmail) - C:\Users\ckurl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-24] CHR Extension: (Chrome Media Router) - C:\Users\ckurl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-28] CHR Profile: C:\Users\ckurl\AppData\Local\Google\Chrome\User Data\System Profile [2017-04-30] CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com) S3 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [1145928 2016-02-23] (Autodesk Inc.) S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2016-11-11] (Adobe Systems) [File not signed] S3 AdobeActiveFileMonitor13.0; C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe [231120 2015-01-30] (Adobe Systems Incorporated) R2 AdvancedSystemCareService10; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [462624 2017-03-21] (IObit) R2 AESMService; C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe [3715208 2015-12-14] (Intel Corporation) S3 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.) S3 AppReadiness; C:\Windows\system32\AppReadiness.dll [560128 2017-03-03] (Microsoft Corporation) [File not signed] R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab) R2 BFE; C:\Windows\System32\bfe.dll [795648 2016-07-16] (Microsoft Corporation) [File not signed] S2 BITS; C:\Windows\System32\qmgr.dll [1054208 2016-10-14] (Microsoft Corporation) [File not signed] S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [428056 2017-03-03] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [406040 2017-03-03] (BlueStack Systems, Inc.) S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [452632 2017-03-03] (BlueStack Systems, Inc.) R2 CDPSvc; C:\Windows\System32\CDPSvc.dll [411648 2016-11-11] (Microsoft Corporation) [File not signed] S2 CDPUserSvc; C:\Windows\System32\CDPUserSvc.dll [339456 2016-11-11] (Microsoft Corporation) [File not signed] S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\57.0.2987.37\remoting_host.exe [72024 2017-02-07] (Google Inc.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3801280 2017-04-19] (Microsoft Corporation) S3 cphs; C:\Windows\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\IntelCpHeciSvc.exe [310240 2017-02-22] (Intel Corporation) S3 cplspcon; C:\Windows\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\IntelCpHDCPSvc.exe [488928 2017-02-22] (Intel Corporation) S3 dot3svc; C:\Windows\System32\dot3svc.dll [262144 2016-07-16] (Microsoft Corporation) [File not signed] R2 esifsvc; C:\Windows\system32\Intel\DPTF\esif_uf.exe [2208888 2017-04-02] (Intel Corporation) S3 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-05-01] (NVIDIA Corporation) R2 HPSupportSolutionsFrameworkService; c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [33640 2017-04-07] (HP Inc.) R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [630776 2017-02-06] (HP Inc.) S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-07-22] (Intel Corporation) R2 igfxCUIService2.0.0.0; C:\Windows\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\igfxCUIService.exe [350688 2017-02-22] (Intel Corporation) R2 IKEEXT; C:\Windows\System32\ikeext.dll [932352 2016-07-16] (Microsoft Corporation) [File not signed] R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [1764640 2017-03-17] (IObit) R3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation) S3 Intel(R) WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-06-24] (Intel Corporation) S3 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3026584 2016-05-06] (Intel(R) Corporation) R2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [360736 2017-03-28] (IObit) R2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [945664 2017-03-03] (Microsoft Corporation) [File not signed] R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-08-14] (Intel Corporation) S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab) R2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab) S2 kss; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab) S3 KvAppService; C:\Program Files (x86)\Keepvid\KAF\2.4.2.222\KvAppService.exe [474824 2017-03-10] (Keepvid) S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-04-04] () R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-04-19] (NVIDIA Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-10-19] (NVIDIA Corporation) S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-01] (NVIDIA Corporation) S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-01] (NVIDIA Corporation) S3 p2pimsvc; C:\Windows\system32\pnrpsvc.dll [345088 2016-07-16] (Microsoft Corporation) [File not signed] S3 p2psvc; C:\Windows\system32\p2psvc.dll [425472 2016-07-16] (Microsoft Corporation) [File not signed] S3 PNRPAutoReg; C:\Windows\system32\pnrpauto.dll [27648 2016-07-16] (Microsoft Corporation) [File not signed] S3 PNRPsvc; C:\Windows\system32\pnrpsvc.dll [345088 2016-07-16] (Microsoft Corporation) [File not signed] S3 RasAuto; C:\Windows\System32\rasauto.dll [105472 2016-07-16] (Microsoft Corporation) [File not signed] S3 RemoteMouseService; C:\Program Files (x86)\Remote Mouse\RemoteMouseService.exe [18432 2016-06-25] () [File not signed] R2 rscp; C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe [303896 2017-05-07] () S3 rsService; C:\Program Files\Reason\Security\rsService.exe [254232 2017-03-29] (Reason Software Company Inc.) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324608 2017-04-29] (Realtek Semiconductor) R3 SessionEnv; C:\Windows\SysWOW64\sessenv.dll [331776 2016-09-15] (Microsoft Corporation) [File not signed] S3 SmsRouter; C:\Windows\system32\SmsRouterSvc.dll [590848 2016-07-16] (Microsoft Corporation) [File not signed] R3 StateRepository; C:\Windows\system32\windows.staterepository.dll [4136448 2016-11-11] (Microsoft Corporation) [File not signed] R3 StateRepository; C:\Windows\SysWOW64\windows.staterepository.dll [3370496 2016-11-11] (Microsoft Corporation) [File not signed] R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [258152 2017-04-02] (Synaptics Incorporated) R2 SystemExplorerHelpService; C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [820960 2014-12-20] (Mister Group) S3 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [908256 2016-07-14] (McAfee, Inc.) S3 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [15736 2016-07-14] (McAfee, Inc.) S4 tzautoupdate; C:\Windows\system32\tzautoupdate.dll [95232 2017-03-03] (Microsoft Corporation) [File not signed] S3 vmicguestinterface; C:\Windows\System32\icsvc.dll [305152 2016-09-15] (Microsoft Corporation) [File not signed] S3 vmicheartbeat; C:\Windows\System32\icsvc.dll [305152 2016-09-15] (Microsoft Corporation) [File not signed] S3 vmickvpexchange; C:\Windows\System32\icsvc.dll [305152 2016-09-15] (Microsoft Corporation) [File not signed] S3 vmicrdv; C:\Windows\System32\icsvcext.dll [349696 2017-03-03] (Microsoft Corporation) [File not signed] S3 vmicshutdown; C:\Windows\System32\icsvc.dll [305152 2016-09-15] (Microsoft Corporation) [File not signed] S3 vmictimesync; C:\Windows\System32\icsvc.dll [305152 2016-09-15] (Microsoft Corporation) [File not signed] S3 vmicvmsession; C:\Windows\System32\icsvc.dll [305152 2016-09-15] (Microsoft Corporation) [File not signed] S3 vmicvss; C:\Windows\System32\icsvcext.dll [349696 2017-03-03] (Microsoft Corporation) [File not signed] R2 Wallpaper Engine Service; C:\Users\ckurl\Desktop\Wallpaper.Engine\bin\wallpaperservice32_c.exe [21504 2016-12-29] () [File not signed] S2 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [837632 2016-12-13] (Microsoft Corporation) [File not signed] S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2017-03-27] (Microsoft Corporation) S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2017-03-27] (Microsoft Corporation) S3 wlidsvc; C:\Windows\system32\wlidsvc.dll [2104320 2016-11-11] (Microsoft Corporation) [File not signed] S3 XblAuthManager; C:\Windows\System32\XblAuthManager.dll [1016320 2017-03-03] (Microsoft Corporation) [File not signed] S3 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14522512 2017-04-03] (Copyright 2017.) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3833248 2016-04-04] (Intel® Corporation) R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2017-03-03] (BlueStack Systems) S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [270904 2017-03-03] (Bluestack System Inc. ) S3 BthEnum; C:\Windows\System32\drivers\BthEnum.sys [114176 2016-08-19] (Microsoft Corporation) [File not signed] S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [249856 2016-09-15] (Microsoft Corporation) [File not signed] S3 BthPan; C:\Windows\System32\drivers\bthpan.sys [128512 2016-10-05] (Microsoft Corporation) [File not signed] S3 BTHPORT; C:\Windows\System32\drivers\BTHport.sys [967168 2016-11-11] (Microsoft Corporation) [File not signed] S3 BTHUSB; C:\Windows\System32\drivers\BTHUSB.sys [84992 2016-08-19] (Microsoft Corporation) [File not signed] R3 clwvd6; C:\Windows\system32\DRIVERS\clwvd6.sys [41400 2015-08-31] (CyberLink Corporation) R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab) R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [66624 2017-04-02] (Intel Corporation) R3 esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [350272 2017-04-02] (Intel Corporation) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-03-22] () R3 HpqKbFiltr; C:\Windows\System32\drivers\HpqKbFiltr64.sys [37112 2017-04-29] (Hewlett-Packard Company) R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-04-02] (REALiX(tm)) S3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [253184 2017-04-02] (Intel Corporation) R3 igfx; C:\Windows\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\igdkmd64.sys [11036640 2017-02-22] (Intel Corporation) R1 IMFCameraProtect; C:\Windows\system32\drivers\IMFCameraProtect.sys [51904 2017-03-17] (IObit.com) R3 IMFDownProtect; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFDownProtect.sys [39288 2017-03-08] (IObit.com) R3 IMFForceDelete; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFForceDelete.sys [33600 2017-02-17] (IObit.com) S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [85504 2016-07-16] (Microsoft Corporation) [File not signed] R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab) R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab) R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab) R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab) S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [28792 2016-03-31] (AO Kaspersky Lab) R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [197336 2017-04-11] (AO Kaspersky Lab) R1 klhk; C:\Windows\System32\drivers\klhk.sys [244448 2017-03-13] (AO Kaspersky Lab) S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1018592 2017-04-11] (AO Kaspersky Lab) R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [57424 2017-03-29] (AO Kaspersky Lab) R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [52136 2016-05-19] (AO Kaspersky Lab) R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab) R3 kltap; C:\Windows\System32\drivers\kltap.sys [52152 2016-06-07] (The OpenVPN Project) R0 klupd_klif_arkmon; C:\Windows\System32\Drivers\klupd_klif_arkmon.sys [229288 2017-04-27] (AO Kaspersky Lab) R3 klupd_klif_kimul; C:\Windows\System32\Drivers\klupd_klif_kimul.sys [87584 2017-03-29] (AO Kaspersky Lab) R3 klupd_klif_klark; C:\Windows\System32\Drivers\klupd_klif_klark.sys [251656 2017-04-27] (AO Kaspersky Lab) R0 klupd_klif_klbg; C:\Windows\System32\Drivers\klupd_klif_klbg.sys [112912 2017-04-27] (AO Kaspersky Lab) R3 klupd_klif_mark; C:\Windows\System32\Drivers\klupd_klif_mark.sys [173144 2017-04-27] (AO Kaspersky Lab) R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [85320 2016-06-18] (AO Kaspersky Lab) R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [136416 2017-03-29] (AO Kaspersky Lab) R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [199392 2017-03-29] (AO Kaspersky Lab) R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-05-05] (Malwarebytes) S3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-05-05] (Malwarebytes) S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-05-05] (Malwarebytes) R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251832 2017-05-05] (Malwarebytes) S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [92096 2017-05-06] (Malwarebytes) S3 MFE_RR; C:\Users\ckurl\AppData\Local\Temp\mfe_rr.sys [24120 2017-05-06] (McAfee, Inc.) <==== ATTENTION S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () U5 Netwtw02; C:\Windows\System32\Drivers\Netwtw02.sys [6731520 2016-05-28] (Intel Corporation) R3 Netwtw04; C:\Windows\System32\drivers\Netwtw04.sys [7621376 2017-04-29] (Intel Corporation) R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvhmi.inf_amd64_c93098c8f8471348\nvlddmkm.sys [14847088 2017-04-29] (NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-01] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [49208 2017-04-29] (NVIDIA Corporation) R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation) S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [17408 2016-07-16] (Microsoft Corporation) [File not signed] R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [954368 2017-04-29] (Realtek ) S3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [781792 2017-04-02] (Realsil Semiconductor Corporation) U5 RTSUER; C:\Windows\System32\Drivers\RTSUER.sys [413912 2017-03-12] (Realsil Semiconductor Corporation) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 SGXEPC; C:\Windows\System32\drivers\sgx_driver.sys [54768 2015-06-19] (Windows (R) Win 7 DDK provider) R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [30744 2017-03-09] (IObit) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [33448 2015-07-27] (Synaptics Incorporated) S3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [64104 2017-04-02] (Synaptics Incorporated) S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [442848 2017-04-13] (BitDefender S.R.L.) R1 VBoxUSBMon; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [127432 2015-09-15] (BigNox Corporation) R1 vmkbd3; C:\Windows\system32\DRIVERS\vmkbd.sys [52288 2017-03-21] (VMware, Inc.) R0 vsock; C:\Windows\system32\DRIVERS\vsock.sys [91712 2016-09-30] (VMware, Inc.) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [31656 2016-04-14] (HP) S1 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [22528 2016-07-16] (Microsoft Corporation) [File not signed] S3 WsAudioDevice_383; C:\Windows\system32\drivers\VirtualAudio.sys [22528 2017-03-14] () [File not signed] S3 xboxgip; C:\Windows\System32\drivers\xboxgip.sys [258560 2017-03-03] (Microsoft Corporation) [File not signed] S3 xinputhid; C:\Windows\System32\drivers\xinputhid.sys [43520 2016-08-19] (Microsoft Corporation) [File not signed] R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2017-05-07] (Zemana Ltd.) R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-05-07] (Zemana Ltd.) U3 aswbdisk; no ImagePath S0 D46ABDF2; system32\drivers\D46ABDF2.sys [X] U4 DiagTrack; no ImagePath S3 klids; \??\C:\ProgramData\Kaspersky Lab\AVP16.0.1\Bases\klids.sys [X] U0 Partizan; system32\drivers\Partizan.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-05-08 07:28 - 2017-05-08 07:29 - 02429440 _____ (Farbar) C:\Users\ckurl\Downloads\FRST64.exe 2017-05-08 07:24 - 2017-05-08 07:24 - 00003038 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (ckurl) 2017-05-08 07:17 - 2017-05-08 07:30 - 00086463 _____ C:\Windows\ZAM.krnl.trace 2017-05-08 07:17 - 2017-05-08 07:30 - 00040400 _____ C:\Windows\ZAM_Guard.krnl.trace 2017-05-07 16:17 - 2017-05-08 07:17 - 00000364 _____ C:\Windows\Tasks\HPCeeScheduleForckurl.job 2017-05-07 16:17 - 2017-05-07 16:17 - 00003256 _____ C:\Windows\System32\Tasks\HPCeeScheduleForckurl 2017-05-07 15:00 - 2017-05-07 15:00 - 00000000 ____D C:\Users\ckurl\Desktop\Atari Games 2017-05-07 14:59 - 2017-05-07 14:59 - 02881762 _____ C:\Users\ckurl\Downloads\Atari Games Program.rar 2017-05-07 14:59 - 2017-05-07 14:59 - 02881762 _____ C:\Users\ckurl\Desktop\Atari Games Program.rar 2017-05-07 10:24 - 2017-05-07 10:24 - 00092334 _____ C:\Users\ckurl\Downloads\CER_4_Rational_and_Irrational_Numbers.pdf 2017-05-07 08:50 - 2017-05-07 08:51 - 00003466 _____ C:\Windows\System32\Tasks\Reason Core Security 2017-05-07 08:50 - 2017-05-07 08:50 - 00003712 _____ C:\Windows\System32\Tasks\Reason Core Security Scheduled Scan 2017-05-07 08:50 - 2017-05-07 08:50 - 00001182 _____ C:\Users\ckurl\Desktop\Reason Core Security.lnk 2017-05-07 08:50 - 2017-05-07 08:50 - 00000000 ____D C:\ProgramData\Reason 2017-05-07 08:50 - 2017-05-07 08:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reason Core Security 2017-05-07 08:49 - 2017-05-07 08:49 - 00000000 ____D C:\Program Files\Reason 2017-05-07 08:48 - 2017-05-07 08:49 - 07790192 _____ (Reason Software Company Inc.) C:\Users\ckurl\Downloads\reason-core-security-setup.exe 2017-05-07 00:50 - 2017-05-07 00:50 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys 2017-05-07 00:50 - 2017-05-07 00:50 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys 2017-05-07 00:50 - 2017-05-07 00:50 - 00001238 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk 2017-05-07 00:50 - 2017-05-07 00:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware 2017-05-07 00:50 - 2017-05-07 00:50 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware 2017-05-07 00:49 - 2017-05-07 00:49 - 05774688 _____ (Zemana Ltd. ) C:\Users\ckurl\Downloads\Zemana.AntiMalware.Setup.exe 2017-05-07 00:49 - 2017-05-07 00:49 - 05774688 _____ (Zemana Ltd. ) C:\Users\ckurl\Desktop\Zemana.AntiMalware.Setup.exe 2017-05-06 23:44 - 2017-05-07 16:08 - 00000000 ____D C:\Users\ckurl\AppData\Roaming\Wargaming.net 2017-05-06 23:44 - 2017-05-07 00:32 - 00001700 _____ C:\Users\ckurl\Desktop\World of Warplanes NA.lnk 2017-05-06 23:44 - 2017-05-06 23:44 - 00000000 ____D C:\Users\ckurl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wargaming.net 2017-05-06 23:44 - 2017-05-06 23:44 - 00000000 ____D C:\ProgramData\boost_interprocess 2017-05-06 23:43 - 2017-05-06 23:43 - 00001352 _____ C:\Users\Public\Desktop\Wargaming.net Game Center.lnk 2017-05-06 23:43 - 2017-05-06 23:43 - 00000000 ___HD C:\Windows\msdownld.tmp 2017-05-06 23:43 - 2017-05-06 23:43 - 00000000 ____D C:\ProgramData\Wargaming.net 2017-05-06 23:43 - 2017-05-06 23:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wargaming.net 2017-05-06 23:43 - 2017-05-06 23:43 - 00000000 ____D C:\Program Files (x86)\Wargaming.net 2017-05-06 23:42 - 2017-05-06 23:42 - 06608032 _____ (Wargaming.net (c) 2009-2017 ) C:\Users\ckurl\Downloads\world_of_warplanes_install_na.exe 2017-05-06 23:25 - 2017-05-06 23:25 - 00003394 _____ C:\Windows\System32\Tasks\Driver Booster Scheduler 2017-05-06 22:15 - 2017-05-06 22:15 - 00002908 _____ C:\Windows\System32\Tasks\ASC10_SkipUac_ckurl 2017-05-06 22:14 - 2017-05-06 23:25 - 00002259 _____ C:\Users\Public\Desktop\Advanced SystemCare 10.lnk 2017-05-06 22:14 - 2017-05-06 22:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 2017-05-06 22:13 - 2017-05-06 22:13 - 00003264 _____ C:\Windows\System32\Tasks\SmartDefrag_AutoAnalyze 2017-05-06 22:13 - 2017-05-06 22:13 - 00003104 _____ C:\Windows\System32\Tasks\SmartDefrag_Startup 2017-05-06 22:13 - 2017-05-06 22:13 - 00001246 _____ C:\Users\Public\Desktop\Smart Defrag 5.lnk 2017-05-06 22:13 - 2017-03-09 13:53 - 00030744 _____ (IObit) C:\Windows\system32\Drivers\SmartDefragDriver.sys 2017-05-06 22:13 - 2016-03-25 14:33 - 00128288 _____ (IObit) C:\Windows\system32\IObitSmartDefragExtension.dll 2017-05-06 16:42 - 2017-05-06 23:25 - 00000000 ____D C:\ProgramData\ProductData 2017-05-06 15:02 - 2017-05-06 15:02 - 00001353 _____ C:\Users\ckurl\Desktop\JRT.txt 2017-05-06 14:54 - 2017-05-06 14:54 - 00003240 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} 2017-05-06 14:18 - 2017-05-06 14:18 - 04102600 _____ C:\Users\ckurl\Desktop\adwcleaner_6.046.exe 2017-05-06 14:16 - 2017-05-06 14:16 - 01663672 _____ (Malwarebytes) C:\Users\ckurl\Desktop\JRT.exe 2017-05-05 22:45 - 2017-05-06 12:53 - 00092096 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2017-05-05 22:45 - 2017-05-05 22:45 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys 2017-05-05 22:45 - 2017-05-05 22:45 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2017-05-05 22:45 - 2017-05-05 22:45 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2017-05-05 22:45 - 2017-05-05 22:45 - 00001927 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-05-05 22:45 - 2017-05-05 22:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-05-05 22:45 - 2017-03-22 11:02 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys 2017-05-05 17:59 - 2017-05-05 17:59 - 00673784 _____ C:\Users\ckurl\Desktop\p4_JoshMartinez_suitcase_grey.stl 2017-05-05 16:23 - 2017-05-05 22:45 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-05-05 16:23 - 2017-05-05 22:42 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2017-05-05 16:18 - 2017-05-05 18:33 - 00000000 ____D C:\Users\ckurl\Desktop\mbar 2017-05-05 16:18 - 2017-05-05 16:18 - 16564750 _____ (Malwarebytes Corp.) C:\Users\ckurl\Desktop\mbar-1.09.4.1001.exe 2017-05-05 08:08 - 2017-05-05 08:08 - 00748412 _____ C:\Windows\Minidump\050517-179000-01.dmp 2017-05-04 17:31 - 2017-05-04 17:31 - 01473412 ____N C:\Windows\Minidump\050417-42296-01.dmp 2017-05-04 16:40 - 2017-05-08 07:30 - 00000000 ____D C:\FRST 2017-05-04 16:37 - 2017-05-04 16:37 - 00001999 _____ C:\ProgramData\Microsoft\Windows\Start Menu\123D Design.lnk 2017-05-04 16:37 - 2017-05-04 16:37 - 00001993 _____ C:\Users\Public\Desktop\123D Design.lnk 2017-05-03 19:28 - 2017-05-03 19:28 - 00000258 __RSH C:\ProgramData\ntuser.pol 2017-05-03 19:19 - 2017-05-03 19:19 - 00000207 _____ C:\Windows\tweaking.com-regbackup-DESKTOP-0F8BR2O-Windows-10-Home-(64-bit).dat 2017-05-03 19:18 - 2017-05-03 19:18 - 00000000 ____D C:\RegBackup 2017-05-03 19:16 - 2017-05-03 19:16 - 00000110 _____ C:\Windows\system32\zerobyte_files_deleted.txt 2017-05-03 19:16 - 2017-05-03 19:16 - 00000076 _____ C:\Windows\zerobyte_files_deleted.txt 2017-05-03 18:58 - 2017-05-03 18:58 - 00053248 _____ C:\Windows\SysWOW64\zlib.dll 2017-05-03 18:45 - 2017-05-03 18:45 - 01467716 ____N C:\Windows\Minidump\050317-38937-01.dmp 2017-05-03 17:18 - 2017-05-03 17:18 - 01466236 ____N C:\Windows\Minidump\050317-45953-01.dmp 2017-05-03 07:43 - 2017-05-05 22:42 - 00000250 _____ C:\Windows\SysWOW64\PARTIZAN.TXT 2017-05-03 07:38 - 2017-05-03 15:21 - 00000000 ____D C:\@RestoreQuarantine 2017-05-03 07:18 - 2017-05-06 23:38 - 00000000 ____D C:\Users\ckurl\AppData\Local\NPE 2017-05-03 07:12 - 2017-05-04 22:20 - 00000000 ____D C:\ProgramData\RegRun 2017-05-03 07:11 - 2017-05-06 12:34 - 00000000 ____D C:\Users\ckurl\Documents\RegRun2 2017-05-03 07:11 - 2017-05-03 07:11 - 00000002 RSHOT C:\Windows\winstart.bat 2017-05-03 07:11 - 2017-05-03 07:11 - 00000002 RSHOT C:\Windows\SysWOW64\CONFIG.NT 2017-05-03 07:11 - 2017-05-03 07:11 - 00000002 RSHOT C:\Windows\SysWOW64\AUTOEXEC.NT 2017-05-02 21:51 - 2017-05-02 21:52 - 00826396 _____ C:\Windows\Minidump\050217-113843-01.dmp 2017-05-02 21:50 - 2017-05-05 08:07 - 1220034660 ____N C:\Windows\MEMORY.DMP 2017-05-02 21:43 - 2017-05-05 08:08 - 00000000 ____D C:\Windows\Minidump 2017-05-02 21:43 - 2017-05-02 21:43 - 01470780 ____N C:\Windows\Minidump\050217-63765-01.dmp 2017-05-01 15:56 - 2017-05-04 07:23 - 00000000 ____D C:\Windows\pss 2017-05-01 14:50 - 2017-05-01 14:50 - 00000600 _____ C:\Users\ckurl\AppData\Roaming\winscp.rnd 2017-05-01 14:45 - 2017-05-01 14:45 - 00000000 ____D C:\Users\ckurl\AppData\Roaming\Far Manager 2017-05-01 14:45 - 2017-05-01 14:45 - 00000000 ____D C:\Users\ckurl\AppData\Local\Far Manager 2017-05-01 14:38 - 2017-05-01 14:38 - 00065736 _____ (Prevx) C:\Windows\system32\Drivers\pxrts.sys 2017-05-01 14:38 - 2017-05-01 14:38 - 00024024 _____ (Prevx) C:\Windows\system32\Drivers\pxkbf.sys 2017-05-01 14:37 - 2017-05-06 14:04 - 00000000 ____D C:\ProgramData\PrevxCSI 2017-05-01 14:36 - 2017-05-01 14:36 - 04922400 _____ (AO Kaspersky Lab) C:\Users\ckurl\Desktop\tdsskiller.exe 2017-05-01 14:10 - 2017-05-06 23:44 - 00000000 ____D C:\Program Files\BDServices 2017-05-01 07:53 - 2017-05-03 15:24 - 00000000 ____D C:\Users\ckurl\AppData\Local\LLSSOFT.del 2017-05-01 06:54 - 2017-05-01 06:54 - 00000000 ____D C:\Users\ckurl\AppData\Local\Zemana 2017-04-30 21:35 - 2017-04-14 09:19 - 00000000 ____D C:\Users\ckurl\Desktop\SpyHunter Pro v4.25.6.4782 by Aquí Lo Encuentras!! 2017-04-30 21:25 - 2017-05-03 15:24 - 00000000 ____D C:\Users\ckurl\AppData\Local\NTUSERLITELIST.del 2017-04-30 21:20 - 2017-05-05 18:40 - 00000000 ____D C:\Users\ckurl\AppData\Local\kxgdc 2017-04-30 21:20 - 2017-05-05 18:40 - 00000000 ____D C:\Users\ckurl\AppData\Local\GVPGIOZPG.del 2017-04-30 16:23 - 2017-04-30 16:23 - 00000000 _____ C:\autoexec.bat 2017-04-30 15:36 - 2017-04-30 15:36 - 00000000 ____D C:\Program Files (x86)\NSIS Uninstall Information 2017-04-30 13:29 - 2017-05-06 23:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Easy 2017-04-30 13:24 - 2017-04-30 13:23 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2017-04-30 13:24 - 2017-04-30 13:22 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2017-04-30 13:20 - 2017-04-30 13:20 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA 2017-04-30 12:58 - 2017-04-30 12:58 - 00001172 _____ C:\Users\ckurl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk 2017-04-30 12:24 - 2016-07-16 04:42 - 02861568 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll 2017-04-30 12:24 - 2016-07-16 04:42 - 00587264 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll 2017-04-30 12:24 - 2016-07-16 04:42 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\uxinit.dll 2017-04-30 09:56 - 2017-04-30 09:56 - 00000000 ____D C:\Program Files\Malwarebytes 2017-04-29 19:35 - 2017-04-29 19:35 - 13332880 _____ C:\Windows\system32\Drivers\Netwfw04.dat 2017-04-29 19:34 - 2017-04-29 19:35 - 07621376 _____ (Intel Corporation) C:\Windows\system32\Drivers\Netwtw04.sys 2017-04-29 19:33 - 2017-04-29 19:33 - 00954368 _____ (Realtek ) C:\Windows\system32\Drivers\rt640x64.sys 2017-04-29 19:33 - 2017-04-29 19:33 - 00122880 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll 2017-04-29 19:32 - 2017-04-19 17:44 - 00548472 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll 2017-04-29 19:28 - 2017-04-29 19:28 - 11056272 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll 2017-04-29 19:27 - 2017-04-29 19:28 - 09014976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll 2017-04-29 19:27 - 2017-04-29 19:27 - 10635008 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2017-04-29 19:27 - 2017-04-29 19:27 - 08876456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2017-04-29 19:26 - 2017-04-29 19:27 - 35354232 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2017-04-29 19:25 - 2017-04-29 19:26 - 28590712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2017-04-29 19:24 - 2017-04-29 19:25 - 14847088 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2017-04-29 19:24 - 2017-04-29 19:24 - 01988216 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6438189.dll 2017-04-29 19:24 - 2017-04-29 19:24 - 01589880 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6438189.dll 2017-04-29 19:24 - 2017-04-29 19:24 - 00688968 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll 2017-04-29 19:24 - 2017-04-29 19:24 - 00577728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll 2017-04-29 19:24 - 2017-04-29 19:24 - 00043956 _____ C:\Windows\system32\nvinfo.pb 2017-04-29 19:22 - 2017-04-29 19:22 - 11111392 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2017-04-29 19:22 - 2017-04-29 19:22 - 09316648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2017-04-29 19:22 - 2017-04-29 19:22 - 03789248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2017-04-29 19:22 - 2017-04-29 19:22 - 03246200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2017-04-29 19:19 - 2017-04-29 19:21 - 40201152 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2017-04-29 19:16 - 2017-04-29 19:19 - 35280320 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2017-04-29 19:16 - 2017-04-29 19:16 - 04085712 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll 2017-04-29 19:16 - 2017-04-29 19:16 - 03602112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2017-04-29 19:16 - 2017-04-29 19:16 - 01278712 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll 2017-04-29 19:16 - 2017-04-29 19:16 - 01054144 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2017-04-29 19:16 - 2017-04-29 19:16 - 00995736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll 2017-04-29 19:16 - 2017-04-29 19:16 - 00990328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2017-04-29 19:16 - 2017-04-29 19:16 - 00960632 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2017-04-29 19:16 - 2017-04-29 19:16 - 00911296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2017-04-29 19:16 - 2017-04-29 19:16 - 00776048 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll 2017-04-29 19:16 - 2017-04-29 19:16 - 00612088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll 2017-04-29 19:16 - 2017-04-29 19:16 - 00609912 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll 2017-04-29 19:16 - 2017-04-29 19:16 - 00499136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll 2017-04-29 19:16 - 2017-04-29 19:16 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json 2017-04-29 19:16 - 2017-04-29 19:16 - 00000669 _____ C:\Windows\system32\nv-vk64.json 2017-04-29 19:05 - 2017-04-29 19:05 - 00155192 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll 2017-04-29 19:05 - 2017-04-29 19:05 - 00129080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2017-04-29 19:05 - 2017-04-29 19:05 - 00049208 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2017-04-29 18:19 - 2017-04-29 18:20 - 00000000 ____D C:\ProgramData\FreeDriverScout 2017-04-29 18:19 - 2017-04-29 18:19 - 00000000 ____D C:\Users\ckurl\Documents\Freemium Driver Utilities 2017-04-29 18:13 - 2017-04-29 18:13 - 00799744 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorA.sys 2017-04-29 18:08 - 2017-04-29 19:04 - 03122656 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll 2017-04-29 18:08 - 2017-04-29 19:04 - 01003504 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDHF64.dll 2017-04-29 18:08 - 2017-04-29 19:04 - 00866088 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SEHDHF32.dll 2017-04-29 18:08 - 2017-04-29 19:04 - 00859912 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDRA64.dll 2017-04-29 18:08 - 2017-04-29 19:04 - 00856288 _____ (Sound Research, Corp.) C:\Windows\system32\SECOMN64.dll 2017-04-29 18:08 - 2017-04-29 19:04 - 00726624 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SECOMN32.dll 2017-04-29 18:08 - 2017-04-29 19:04 - 00518528 _____ (Sound Research, Corp.) C:\Windows\system32\SEAPO64.dll 2017-04-29 18:08 - 2017-04-29 19:03 - 03410832 _____ (DTS, Inc.) C:\Windows\system32\slcnt64.dll 2017-04-29 18:08 - 2017-04-29 19:03 - 01435136 _____ (Synopsys, Inc.) C:\Windows\system32\SRRPTR64.dll 2017-04-29 18:08 - 2017-04-29 19:03 - 00984912 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll 2017-04-29 18:08 - 2017-04-29 19:03 - 00689880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll 2017-04-29 18:08 - 2017-04-29 19:03 - 00467152 _____ (Synopsys, Inc.) C:\Windows\system32\SRAPO64.dll 2017-04-29 18:08 - 2017-04-29 19:03 - 00381408 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM64.dll 2017-04-29 18:08 - 2017-04-29 19:03 - 00341144 _____ (Synopsys, Inc.) C:\Windows\SysWOW64\SRCOM.dll 2017-04-29 18:08 - 2017-04-29 19:03 - 00341144 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM.dll 2017-04-29 18:08 - 2017-04-29 19:03 - 00258856 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll 2017-04-29 18:08 - 2017-04-29 19:02 - 72520712 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat 2017-04-29 18:08 - 2017-04-29 18:57 - 10755842 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT 2017-04-29 18:08 - 2017-04-29 18:52 - 00387304 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll 2017-04-29 18:08 - 2017-04-29 18:52 - 00321712 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll 2017-04-29 18:08 - 2017-04-29 18:52 - 00321712 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll 2017-04-29 18:08 - 2017-04-29 18:52 - 00214832 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll 2017-04-29 18:08 - 2017-04-29 18:52 - 00110984 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll 2017-04-29 18:08 - 2017-04-29 18:52 - 00088344 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll 2017-04-29 18:08 - 2017-04-29 18:51 - 00343696 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll 2017-04-29 18:08 - 2017-04-29 18:50 - 03503040 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll 2017-04-29 18:08 - 2017-04-29 18:50 - 01353272 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll 2017-04-29 18:08 - 2017-04-29 18:50 - 00532376 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll 2017-04-29 18:08 - 2017-04-29 18:50 - 00192976 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll 2017-04-29 18:08 - 2017-04-29 18:50 - 00166200 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll 2017-04-29 18:08 - 2017-04-29 18:49 - 03205120 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll 2017-04-29 18:08 - 2017-04-29 18:49 - 02203136 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll 2017-04-29 18:08 - 2017-04-29 18:49 - 00023688 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll 2017-04-29 18:08 - 2017-04-29 18:48 - 03493760 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll 2017-04-29 18:08 - 2017-04-29 18:41 - 03014656 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl 2017-04-29 18:07 - 2017-04-29 18:39 - 05702144 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys 2017-04-29 18:07 - 2017-04-29 18:37 - 00122312 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll 2017-04-29 18:06 - 2017-04-29 18:06 - 01804696 _____ (Microsoft Corporation) C:\Windows\system32\wdfcoinstaller01011.dll 2017-04-29 18:06 - 2017-04-29 18:06 - 00204920 _____ (Intel Corporation) C:\Windows\system32\Drivers\TeeDriverW8x64.sys 2017-04-29 18:06 - 2017-04-29 18:06 - 00037112 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\HpqKbFiltr64.sys 2017-04-29 09:49 - 2017-04-29 20:59 - 00000000 ____D C:\Users\ckurl\AppData\Local\Drpbx 2017-04-29 07:37 - 2017-04-29 07:37 - 00000000 ____D C:\Users\ckurl\AppData\Roaming\Google 2017-04-29 06:38 - 2017-04-29 20:58 - 00000061 _____ C:\Users\ckurl\AppData\Roaming\DATA.del 2017-04-29 06:34 - 2017-04-30 09:37 - 00000045 ___HT C:\Windows\SysWOW64\5a4d4b35566e6f7e6335507a686b7e696870623b5a756f72364d72696e683559573548534e4f5f544c55566e6f7e63 2017-04-28 22:05 - 2017-05-03 17:32 - 00001306 _____ C:\Users\ckurl\Desktop\NiceHashMiner.exe.lnk 2017-04-28 22:04 - 2017-04-28 22:04 - 00001455 _____ C:\Users\ckurl\Desktop\bitcoin-wallet.lnk 2017-04-28 22:03 - 2017-05-06 18:28 - 00000000 ____D C:\Users\ckurl\Desktop\NiceHashMiner_v1.7.5.10 2017-04-28 17:14 - 2017-04-28 17:14 - 00000000 ____D C:\Users\ckurl\AppData\Roaming\poclbm 2017-04-28 16:01 - 2017-04-28 16:01 - 00000000 ____D C:\Users\ckurl\Documents\xgen 2017-04-28 07:05 - 2017-05-07 15:25 - 00000000 ____D C:\Users\ckurl\AppData\Roaming\Bitcoin 2017-04-28 07:05 - 2017-04-28 07:05 - 00000000 ____D C:\Users\ckurl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitcoin Core 2017-04-28 07:04 - 2017-04-28 07:05 - 00000000 ____D C:\Program Files\Bitcoin 2017-04-28 06:57 - 2017-04-29 17:27 - 00000000 ____D C:\Users\ckurl\Desktop\guiminer 2017-04-27 20:30 - 2017-04-27 20:31 - 00000000 ____D C:\Users\ckurl\Documents\3Dobjects 2017-04-27 16:31 - 2016-05-29 19:13 - 00001955 _____ C:\Users\ckurl\Desktop\BlueJ.lnk 2017-04-27 16:13 - 2017-04-27 16:13 - 00000000 ____D C:\Users\ckurl\AppData\Local\Wondershare 2017-04-27 16:12 - 2017-04-27 16:12 - 00001098 _____ C:\Users\Public\Desktop\Wondershare Filmora.lnk 2017-04-27 16:12 - 2017-04-27 16:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare 2017-04-27 16:11 - 2017-04-27 19:18 - 00000000 ____D C:\Users\ckurl\Documents\Wondershare Filmora 2017-04-27 16:11 - 2017-04-27 16:11 - 00000000 ____D C:\ProgramData\Wondershare Video Editor 2017-04-27 16:11 - 2017-04-27 16:11 - 00000000 ____D C:\Program Files\Wondershare 2017-04-27 16:11 - 2017-03-17 11:43 - 01250304 _____ (CineForm Inc.) C:\Windows\system32\CFDecode64.ax 2017-04-27 16:10 - 2017-04-27 16:11 - 00000000 ____D C:\Users\Public\Documents\Wondershare 2017-04-27 16:02 - 2017-04-27 20:25 - 00000000 ____D C:\Users\ckurl\Desktop\OCMaker 2017-04-27 07:16 - 2017-04-27 07:16 - 00251656 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_klark.sys 2017-04-27 07:15 - 2017-04-27 07:15 - 00229288 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_arkmon.sys 2017-04-27 07:15 - 2017-04-27 07:15 - 00173144 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_mark.sys 2017-04-27 07:15 - 2017-04-27 07:15 - 00112912 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_klbg.sys 2017-04-26 21:01 - 2017-04-28 22:01 - 00000000 ____D C:\Users\ckurl\Desktop\ipas 2017-04-26 21:01 - 2017-04-26 21:01 - 00000796 _____ C:\Users\ckurl\Desktop\Impactor.exe.lnk 2017-04-26 20:24 - 2017-04-26 20:50 - 00000000 ____D C:\Users\ckurl\Documents\CydiaImpactor 2017-04-26 18:47 - 2017-04-26 18:49 - 00000000 ____D C:\Users\ckurl\Desktop\PhotoISArt 2017-04-25 22:56 - 2017-04-27 07:03 - 00000000 ___RD C:\Users\ckurl\Desktop\TakeOwnership 2017-04-25 22:36 - 2017-04-27 07:47 - 00000000 ____D C:\Users\ckurl\AppData\Roaming\Mp3tag 2017-04-25 22:35 - 2017-04-25 22:35 - 00001059 _____ C:\Users\Public\Desktop\Mp3tag.lnk 2017-04-25 22:35 - 2017-04-25 22:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag 2017-04-25 22:35 - 2017-04-25 22:35 - 00000000 ____D C:\Program Files (x86)\Mp3tag 2017-04-25 22:27 - 2017-04-27 07:06 - 00000000 ___RD C:\Users\ckurl\Desktop\iphone music 2017-04-25 17:25 - 2017-04-25 17:25 - 00000000 ____D C:\Users\ckurl\AppData\Roaming\dvdcss 2017-04-25 16:30 - 2017-04-25 16:30 - 00000000 ____D C:\Users\ckurl\AppData\Local\FonePaw 2017-04-24 07:47 - 2017-04-24 07:47 - 00000843 _____ C:\Users\ckurl\AppData\Local\recently-used.xbel 2017-04-23 09:58 - 2017-04-23 09:58 - 00000000 ____D C:\ProgramData\{EBB358F6-C727-49FC-A863-9F03BD8AC976} 2017-04-22 21:25 - 2017-04-22 21:25 - 00000144 _____ C:\Users\ckurl\.geocom 2017-04-20 20:36 - 2017-04-20 20:36 - 00001172 _____ C:\Users\Public\Desktop\KeyFinder.lnk 2017-04-20 20:36 - 2017-04-20 20:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyFinder 2017-04-20 20:36 - 2017-04-20 20:36 - 00000000 ____D C:\Program Files (x86)\Magical Jelly Bean 2017-04-19 00:12 - 2017-05-07 19:02 - 00000000 ____D C:\Users\Default\AppData\Roaming\VMware 2017-04-19 00:12 - 2017-05-07 19:02 - 00000000 ____D C:\Users\Default User\AppData\Roaming\VMware 2017-04-18 23:51 - 2017-05-07 19:35 - 00000000 ____D C:\Users\ckurl\AppData\Local\VMware 2017-04-18 23:50 - 2017-05-07 19:02 - 00000000 ____D C:\Users\ckurl\AppData\Roaming\VMware 2017-04-18 23:47 - 2017-04-18 23:47 - 00000000 ____D C:\Users\ckurl\AppData\RoamingStartup Manager 2017-04-18 23:42 - 2017-03-21 19:18 - 00400872 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe 2017-04-18 23:42 - 2017-03-21 19:18 - 00366568 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe 2017-04-18 23:42 - 2017-03-21 19:13 - 00088128 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys 2017-04-18 23:42 - 2017-03-21 19:13 - 00052288 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmkbd.sys 2017-04-18 23:42 - 2017-03-21 19:01 - 00066520 _____ (VMware, Inc.) C:\Windows\system32\vnetinst.dll 2017-04-18 23:42 - 2017-03-21 19:01 - 00043992 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys 2017-04-18 23:42 - 2016-09-30 01:12 - 00091712 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vsock.sys 2017-04-18 23:42 - 2016-09-30 01:12 - 00069104 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll 2017-04-18 23:42 - 2016-09-30 01:12 - 00065016 _____ (VMware, Inc.) C:\Windows\SysWOW64\vsocklib.dll 2017-04-18 23:41 - 2017-04-18 23:41 - 00001272 _____ C:\Users\Public\Desktop\VMware Workstation 12 Player.lnk 2017-04-18 23:41 - 2017-04-18 23:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware 2017-04-18 23:41 - 2017-03-21 19:18 - 01149416 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll 2017-04-18 23:41 - 2017-02-20 08:02 - 00083008 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys 2017-04-18 23:40 - 2017-04-28 21:44 - 00000000 ____D C:\ProgramData\VMware 2017-04-18 23:40 - 2017-04-18 23:40 - 00000000 ____D C:\Program Files\Common Files\VMware 2017-04-18 23:40 - 2017-04-18 23:40 - 00000000 ____D C:\Program Files (x86)\VMware 2017-04-18 23:36 - 2017-05-07 19:35 - 00000000 ____D C:\MacOS 2017-04-18 22:34 - 2017-05-03 07:28 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software 2017-04-18 21:52 - 2017-04-18 21:53 - 112665056 _____ (Kaspersky Lab ZAO) C:\Users\ckurl\Desktop\MobileKapersy.exe 2017-04-18 21:42 - 2017-04-18 12:00 - 00053248 _____ (Nenad Hrg (SoftwareOK.com)) C:\Users\ckurl\Desktop\4ur-Windows-8-Mouse-Balls.exe 2017-04-18 21:40 - 2017-01-20 21:55 - 00039936 _____ C:\Users\ckurl\Desktop\12-Ants.exe 2017-04-17 14:32 - 2017-04-19 18:11 - 00000000 ____D C:\Users\ckurl\AppData\Roaming\Cacir 2017-04-17 14:31 - 2017-04-30 10:49 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.6 2017-04-17 14:31 - 2017-04-17 14:31 - 00001175 _____ C:\Users\ckurl\Desktop\Cheat Engine.lnk 2017-04-17 14:31 - 2017-04-17 14:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.6 2017-04-17 13:53 - 2017-05-07 15:53 - 00000000 ____D C:\Program Files\UNP 2017-04-17 13:53 - 2017-04-17 13:53 - 00000000 ____D C:\Windows\system32\UNP 2017-04-16 19:50 - 2017-05-07 17:42 - 00000000 ____D C:\Users\ckurl\Desktop\MyMissleCommand 2017-04-16 14:57 - 2017-04-16 14:57 - 00002982 _____ C:\Windows\System32\Tasks\iFreeUp_SkipUac_ckurl 2017-04-16 14:57 - 2017-04-16 14:57 - 00001181 _____ C:\Users\Public\Desktop\iFreeUp.lnk 2017-04-16 14:57 - 2017-04-16 14:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iFreeUp 2017-04-16 11:45 - 2017-05-07 15:25 - 00000000 ____D C:\Users\ckurl\Desktop\Python3pygame 2017-04-15 19:03 - 2017-04-15 19:03 - 05063256 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2017-04-13 10:27 - 2017-04-13 10:27 - 00442848 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\Trufos.sys 2017-04-11 18:48 - 2017-04-11 18:48 - 00001448 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk 2017-04-11 18:48 - 2017-04-11 18:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller 2017-04-11 18:44 - 2017-04-11 18:44 - 00000000 ____D C:\Users\ckurl\AppData\Roaming\Acapela Group 2017-04-11 18:43 - 2017-04-11 18:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ginger 2017-04-11 16:18 - 2017-04-01 11:52 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-04-11 16:18 - 2017-04-01 11:52 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-04-11 16:16 - 2017-03-28 00:10 - 00484584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2017-04-11 16:16 - 2017-03-28 00:10 - 00315744 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2017-04-11 16:16 - 2017-03-27 23:32 - 00198856 _____ (Microsoft Corporation) C:\Windows\system32\wscapi.dll 2017-04-11 16:16 - 2017-03-27 23:29 - 02213248 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2017-04-11 16:16 - 2017-03-27 23:28 - 00773720 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2017-04-11 16:16 - 2017-03-27 23:26 - 00218520 _____ (Microsoft Corporation) C:\Windows\system32\LsaIso.exe 2017-04-11 16:16 - 2017-03-27 23:21 - 00167848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll 2017-04-11 16:16 - 2017-03-27 23:20 - 01181024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys 2017-04-11 16:16 - 2017-03-27 23:19 - 00601712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2017-04-11 16:16 - 2017-03-27 23:18 - 01705976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2017-04-11 16:16 - 2017-03-27 23:15 - 02048496 _____ C:\Windows\SysWOW64\CoreUIComponents.dll 2017-04-11 16:16 - 2017-03-27 23:11 - 01860288 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll 2017-04-11 16:16 - 2017-03-27 23:11 - 00360040 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe 2017-04-11 16:16 - 2017-03-27 23:10 - 07220184 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll 2017-04-11 16:16 - 2017-03-27 23:10 - 01293152 _____ (Microsoft Corporation) C:\Windows\system32\LicenseManager.dll 2017-04-11 16:16 - 2017-03-27 23:09 - 00097128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Credentials.UI.CredentialPicker.dll 2017-04-11 16:16 - 2017-03-27 23:07 - 00263472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Storage.ApplicationData.dll 2017-04-11 16:16 - 2017-03-27 23:06 - 00092512 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2017-04-11 16:16 - 2017-03-27 23:05 - 22221368 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2017-04-11 16:16 - 2017-03-27 23:05 - 08168512 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll 2017-04-11 16:16 - 2017-03-27 23:05 - 04260576 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll 2017-04-11 16:16 - 2017-03-27 23:05 - 01988048 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll 2017-04-11 16:16 - 2017-03-27 23:05 - 01848584 _____ (Microsoft Corporation) C:\Windows\system32\mfsrcsnk.dll 2017-04-11 16:16 - 2017-03-27 23:05 - 01702392 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll 2017-04-11 16:16 - 2017-03-27 23:05 - 01504056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2017-04-11 16:16 - 2017-03-27 23:05 - 01302136 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll 2017-04-11 16:16 - 2017-03-27 23:05 - 01072248 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll 2017-04-11 16:16 - 2017-03-27 23:04 - 05721808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll 2017-04-11 16:16 - 2017-03-27 23:04 - 02262776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2017-04-11 16:16 - 2017-03-27 23:04 - 01431232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll 2017-04-11 16:16 - 2017-03-27 23:04 - 00975744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll 2017-04-11 16:16 - 2017-03-27 23:04 - 00861024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LicenseManager.dll 2017-04-11 16:16 - 2017-03-27 23:04 - 00277344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2017-04-11 16:16 - 2017-03-27 23:04 - 00136032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CloudExperienceHostUser.dll 2017-04-11 16:16 - 2017-03-27 23:04 - 00116568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CloudExperienceHostCommon.dll 2017-04-11 16:16 - 2017-03-27 23:02 - 01980768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2017-04-11 16:16 - 2017-03-27 23:02 - 00846560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinTypes.dll 2017-04-11 16:16 - 2017-03-27 23:02 - 00576408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2017-04-11 16:16 - 2017-03-27 22:59 - 06667520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll 2017-04-11 16:16 - 2017-03-27 22:59 - 04023008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll 2017-04-11 16:16 - 2017-03-27 22:59 - 02533728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2017-04-11 16:16 - 2017-03-27 22:58 - 20967840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2017-04-11 16:16 - 2017-03-27 22:58 - 01851688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll 2017-04-11 16:16 - 2017-03-27 22:58 - 01360464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll 2017-04-11 16:16 - 2017-03-27 22:58 - 01344448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsrcsnk.dll 2017-04-11 16:16 - 2017-03-27 22:58 - 01277856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll 2017-04-11 16:16 - 2017-03-27 22:58 - 01202936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll 2017-04-11 16:16 - 2017-03-27 22:58 - 00981888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll 2017-04-11 16:16 - 2017-03-27 22:58 - 00961192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll 2017-04-11 16:16 - 2017-03-27 22:58 - 00387872 _____ (Microsoft Corporation) C:\Windows\system32\wmpps.dll 2017-04-11 16:16 - 2017-03-27 22:53 - 01414728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll 2017-04-11 16:16 - 2017-03-27 22:53 - 00545944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe 2017-04-11 16:16 - 2017-03-27 22:52 - 00306800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.MediaControl.dll 2017-04-11 16:16 - 2017-03-27 22:48 - 05685760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll 2017-04-11 16:16 - 2017-03-27 22:42 - 00095232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataTimeUtil.dll 2017-04-11 16:16 - 2017-03-27 22:42 - 00051712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usoapi.dll 2017-04-11 16:16 - 2017-03-27 22:41 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbcconf.dll 2017-04-11 16:16 - 2017-03-27 22:40 - 00224256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExSMime.dll 2017-04-11 16:16 - 2017-03-27 22:40 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XblAuthManagerProxy.dll 2017-04-11 16:16 - 2017-03-27 22:40 - 00037376 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2017-04-11 16:16 - 2017-03-27 22:39 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Radios.dll 2017-04-11 16:16 - 2017-03-27 22:39 - 00040960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBrokerUI.dll 2017-04-11 16:16 - 2017-03-27 22:38 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDeviceRegistration.dll 2017-04-11 16:16 - 2017-03-27 22:38 - 00119808 _____ (Microsoft Corporation) C:\Windows\system32\UserDataTimeUtil.dll 2017-04-11 16:16 - 2017-03-27 22:38 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XblAuthTokenBrokerExt.dll 2017-04-11 16:16 - 2017-03-27 22:37 - 00255488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\unimdm.tsp 2017-04-11 16:16 - 2017-03-27 22:37 - 00215552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apds.dll 2017-04-11 16:16 - 2017-03-27 22:37 - 00177664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Web.Diagnostics.dll 2017-04-11 16:16 - 2017-03-27 22:37 - 00138240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DisplayManager.dll 2017-04-11 16:16 - 2017-03-27 22:37 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.HostName.dll 2017-04-11 16:16 - 2017-03-27 22:37 - 00097792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.System.SystemManagement.dll 2017-04-11 16:16 - 2017-03-27 22:37 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\musdialoghandlers.dll 2017-04-11 16:16 - 2017-03-27 22:37 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BasicRender.sys 2017-04-11 16:16 - 2017-03-27 22:36 - 00769024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ipsecsnp.dll 2017-04-11 16:16 - 2017-03-27 22:36 - 00237568 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Web.Diagnostics.dll 2017-04-11 16:16 - 2017-03-27 22:36 - 00136192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinRtTracing.dll 2017-04-11 16:16 - 2017-03-27 22:36 - 00129024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.SerialCommunication.dll 2017-04-11 16:16 - 2017-03-27 22:36 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll 2017-04-11 16:16 - 2017-03-27 22:36 - 00094208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryClient.dll 2017-04-11 16:16 - 2017-03-27 22:36 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll 2017-04-11 16:16 - 2017-03-27 22:36 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.System.UserDeviceAssociation.dll 2017-04-11 16:16 - 2017-03-27 22:36 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BasicDisplay.sys 2017-04-11 16:16 - 2017-03-27 22:35 - 00505856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcastdvr.exe 2017-04-11 16:16 - 2017-03-27 22:35 - 00392192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Gaming.Input.dll 2017-04-11 16:16 - 2017-03-27 22:35 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.LowLevel.dll 2017-04-11 16:16 - 2017-03-27 22:35 - 00315904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Gaming.XboxLive.Storage.dll 2017-04-11 16:16 - 2017-03-27 22:35 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe 2017-04-11 16:16 - 2017-03-27 22:35 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.LockScreen.dll 2017-04-11 16:16 - 2017-03-27 22:35 - 00184320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserMgrProxy.dll 2017-04-11 16:16 - 2017-03-27 22:35 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgent.exe 2017-04-11 16:16 - 2017-03-27 22:35 - 00142336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.WiFi.dll 2017-04-11 16:16 - 2017-03-27 22:35 - 00118272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppointmentActivation.dll 2017-04-11 16:16 - 2017-03-27 22:35 - 00113152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Lights.dll 2017-04-11 16:16 - 2017-03-27 22:35 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\MusNotificationUx.exe 2017-04-11 16:16 - 2017-03-27 22:35 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll 2017-04-11 16:16 - 2017-03-27 22:34 - 00299520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataAccountApis.dll 2017-04-11 16:16 - 2017-03-27 22:34 - 00237568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncSettings.dll 2017-04-11 16:16 - 2017-03-27 22:34 - 00117760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AuthBroker.dll 2017-04-11 16:16 - 2017-03-27 22:34 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Core.dll 2017-04-11 16:16 - 2017-03-27 22:33 - 00670208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.PointOfService.dll 2017-04-11 16:16 - 2017-03-27 22:33 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Import.dll 2017-04-11 16:16 - 2017-03-27 22:33 - 00557568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StoreAgent.dll 2017-04-11 16:16 - 2017-03-27 22:33 - 00483840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.AllJoyn.dll 2017-04-11 16:16 - 2017-03-27 22:33 - 00467968 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Gaming.XboxLive.Storage.dll 2017-04-11 16:16 - 2017-03-27 22:33 - 00436736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ipsmsnap.dll 2017-04-11 16:16 - 2017-03-27 22:33 - 00265728 _____ C:\Windows\SysWOW64\Windows.Perception.Stub.dll 2017-04-11 16:16 - 2017-03-27 22:33 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\WinRtTracing.dll 2017-04-11 16:16 - 2017-03-27 22:33 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Core.dll 2017-04-11 16:16 - 2017-03-27 22:32 - 01243136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.FaceAnalysis.dll 2017-04-11 16:16 - 2017-03-27 22:32 - 00562176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.SmartCards.dll 2017-04-11 16:16 - 2017-03-27 22:32 - 00426496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Wallet.dll 2017-04-11 16:16 - 2017-03-27 22:32 - 00386048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.WiFiDirect.dll 2017-04-11 16:16 - 2017-03-27 22:32 - 00332288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Bluetooth.dll 2017-04-11 16:16 - 2017-03-27 22:32 - 00325120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll 2017-04-11 16:16 - 2017-03-27 22:32 - 00298496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Management.dll 2017-04-11 16:16 - 2017-03-27 22:32 - 00284672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepsync.dll 2017-04-11 16:16 - 2017-03-27 22:32 - 00271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\deviceaccess.dll 2017-04-11 16:16 - 2017-03-27 22:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgentUserBroker.exe 2017-04-11 16:16 - 2017-03-27 22:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WwaApi.dll 2017-04-11 16:16 - 2017-03-27 22:32 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vaultcli.dll 2017-04-11 16:16 - 2017-03-27 22:32 - 00202752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll 2017-04-11 16:16 - 2017-03-27 22:32 - 00185856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll 2017-04-11 16:16 - 2017-03-27 22:32 - 00175616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Scanners.dll 2017-04-11 16:16 - 2017-03-27 22:32 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepapi.dll 2017-04-11 16:16 - 2017-03-27 22:31 - 00711680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2017-04-11 16:16 - 2017-03-27 22:31 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mbsmsapi.dll 2017-04-11 16:16 - 2017-03-27 22:31 - 00431616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\efswrt.dll 2017-04-11 16:16 - 2017-03-27 22:31 - 00390656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CredProvDataModel.dll 2017-04-11 16:16 - 2017-03-27 22:31 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\NetworkBindingEngineMigPlugin.dll 2017-04-11 16:16 - 2017-03-27 22:30 - 00846336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebcamUi.dll 2017-04-11 16:16 - 2017-03-27 22:30 - 00819200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppContracts.dll 2017-04-11 16:16 - 2017-03-27 22:30 - 00816640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NaturalLanguage6.dll 2017-04-11 16:16 - 2017-03-27 22:30 - 00787968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sbe.dll 2017-04-11 16:16 - 2017-03-27 22:30 - 00748544 _____ (Microsoft Corporation) C:\Windows\system32\StoreAgent.dll 2017-04-11 16:16 - 2017-03-27 22:30 - 00262144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Picker.dll 2017-04-11 16:16 - 2017-03-27 22:30 - 00075264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\updatepolicy.dll 2017-04-11 16:16 - 2017-03-27 22:29 - 00747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Ocr.dll 2017-04-11 16:16 - 2017-03-27 22:29 - 00590336 _____ (Microsoft Corporation) C:\Windows\system32\efswrt.dll 2017-04-11 16:16 - 2017-03-27 22:29 - 00529920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll 2017-04-11 16:16 - 2017-03-27 22:29 - 00314368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Usb.dll 2017-04-11 16:16 - 2017-03-27 22:29 - 00293888 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll 2017-04-11 16:16 - 2017-03-27 22:29 - 00284672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.dll 2017-04-11 16:16 - 2017-03-27 22:29 - 00238080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AboveLockAppHost.dll 2017-04-11 16:16 - 2017-03-27 22:28 - 00755712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2017-04-11 16:16 - 2017-03-27 22:28 - 00584192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.Web.Core.dll 2017-04-11 16:16 - 2017-03-27 22:28 - 00561664 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Wallet.dll 2017-04-11 16:16 - 2017-03-27 22:28 - 00551936 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll 2017-04-11 16:16 - 2017-03-27 22:28 - 00500224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Graphics.Printing.dll 2017-04-11 16:16 - 2017-03-27 22:28 - 00456192 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll 2017-04-11 16:16 - 2017-03-27 22:28 - 00358912 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.dll 2017-04-11 16:16 - 2017-03-27 22:27 - 01388544 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Cred.dll 2017-04-11 16:16 - 2017-03-27 22:27 - 00671744 _____ (Microsoft Corporation) C:\Windows\system32\mbsmsapi.dll 2017-04-11 16:16 - 2017-03-27 22:27 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\AccountsRt.dll 2017-04-11 16:16 - 2017-03-27 22:27 - 00288256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CryptoWinRT.dll 2017-04-11 16:16 - 2017-03-27 22:27 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\WwaApi.dll 2017-04-11 16:16 - 2017-03-27 22:26 - 01534464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Graphics.Printing.3D.dll 2017-04-11 16:16 - 2017-03-27 22:26 - 01145344 _____ (Microsoft Corporation) C:\Windows\system32\EmailApis.dll 2017-04-11 16:16 - 2017-03-27 22:26 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.InkControls.dll 2017-04-11 16:16 - 2017-03-27 22:26 - 00549376 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll 2017-04-11 16:16 - 2017-03-27 22:26 - 00468992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.InkControls.dll 2017-04-11 16:16 - 2017-03-27 22:26 - 00313856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll 2017-04-11 16:16 - 2017-03-27 22:25 - 02333184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2017-04-11 16:16 - 2017-03-27 22:25 - 01196544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscui.cpl 2017-04-11 16:16 - 2017-03-27 22:25 - 00963584 _____ (Microsoft Corporation) C:\Windows\system32\WebcamUi.dll 2017-04-11 16:16 - 2017-03-27 22:25 - 00653312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.AccountsControl.dll 2017-04-11 16:16 - 2017-03-27 22:24 - 06474752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspaint.exe 2017-04-11 16:16 - 2017-03-27 22:24 - 06288384 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll 2017-04-11 16:16 - 2017-03-27 22:24 - 04614656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll 2017-04-11 16:16 - 2017-03-27 22:24 - 00901120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Bluetooth.dll 2017-04-11 16:16 - 2017-03-27 22:24 - 00675840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll 2017-04-11 16:16 - 2017-03-27 22:23 - 03733504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll 2017-04-11 16:16 - 2017-03-27 22:23 - 00886272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aadtb.dll 2017-04-11 16:16 - 2017-03-27 22:23 - 00589312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Sensors.dll 2017-04-11 16:16 - 2017-03-27 22:23 - 00395264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dmenrollengine.dll 2017-04-11 16:16 - 2017-03-27 22:22 - 00516096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlidcli.dll 2017-04-11 16:16 - 2017-03-27 22:22 - 00355328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RTMediaFrame.dll 2017-04-11 16:16 - 2017-03-27 22:22 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\enrollmentapi.dll 2017-04-11 16:16 - 2017-03-27 22:21 - 03778048 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll 2017-04-11 16:16 - 2017-03-27 22:21 - 01403392 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Editing.dll 2017-04-11 16:16 - 2017-03-27 22:21 - 01077760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Editing.dll 2017-04-11 16:16 - 2017-03-27 22:21 - 00458752 _____ (Microsoft Corporation) C:\Windows\system32\RTMediaFrame.dll 2017-04-11 16:16 - 2017-03-27 22:20 - 03307008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll 2017-04-11 16:16 - 2017-03-27 22:20 - 00795648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MiracastReceiver.dll 2017-04-11 16:16 - 2017-03-27 22:20 - 00078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmjpegdec.dll 2017-04-11 16:16 - 2017-03-27 22:19 - 07655424 _____ (Microsoft Corporation) C:\Windows\system32\mos.dll 2017-04-11 16:16 - 2017-03-27 22:19 - 00746496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdtcprx.dll 2017-04-11 16:16 - 2017-03-27 22:19 - 00713216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpnapps.dll 2017-04-11 16:16 - 2017-03-27 22:19 - 00343040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PlayToDevice.dll 2017-04-11 16:16 - 2017-03-27 22:19 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dlnashext.dll 2017-04-11 16:16 - 2017-03-27 22:19 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dialclient.dll 2017-04-11 16:16 - 2017-03-27 22:18 - 01255936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AzureSettingSyncProvider.dll 2017-04-11 16:16 - 2017-03-27 22:18 - 01078784 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Streaming.dll 2017-04-11 16:16 - 2017-03-27 22:17 - 06109696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mos.dll 2017-04-11 16:16 - 2017-03-27 22:17 - 00895488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Streaming.dll 2017-04-11 16:16 - 2017-03-27 22:17 - 00220672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PlayToReceiver.dll 2017-04-11 16:16 - 2017-03-27 22:17 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll 2017-04-11 16:16 - 2017-03-27 22:16 - 03198464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdp.dll 2017-04-11 16:16 - 2017-03-27 22:16 - 01221120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Audio.dll 2017-04-11 16:16 - 2017-03-27 22:16 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Audio.dll 2017-04-11 16:16 - 2017-03-27 22:16 - 00134144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ErrorDetails.dll 2017-04-11 16:16 - 2017-03-27 22:15 - 02390016 _____ (Microsoft Corporation) C:\Windows\system32\smartscreen.exe 2017-04-11 16:16 - 2017-03-27 22:15 - 01247232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll 2017-04-11 16:16 - 2017-03-27 22:14 - 07468544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2017-04-11 16:16 - 2017-03-27 22:14 - 03520512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xpsrchvw.exe 2017-04-11 16:16 - 2017-03-27 22:14 - 01080320 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Ocr.dll 2017-04-11 16:16 - 2017-03-27 22:14 - 00947712 _____ (Microsoft Corporation) C:\Windows\system32\MSVP9DEC.dll 2017-04-11 16:16 - 2017-03-27 22:14 - 00641024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MCRecvSrc.dll 2017-04-11 16:16 - 2017-03-27 22:14 - 00400384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PlayToManager.dll 2017-04-11 16:16 - 2017-03-27 22:14 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Geolocation.dll 2017-04-11 16:16 - 2017-03-27 22:14 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Devices.dll 2017-04-11 16:16 - 2017-03-27 22:13 - 04596224 _____ (Microsoft Corporation) C:\Windows\system32\xpsrchvw.exe 2017-04-11 16:16 - 2017-03-27 22:13 - 02138112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InputService.dll 2017-04-11 16:16 - 2017-03-27 22:13 - 01656320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Perception.dll 2017-04-11 16:16 - 2017-03-27 22:13 - 01232384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.Maps.dll 2017-04-11 16:16 - 2017-03-27 22:13 - 01170944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Speech.dll 2017-04-11 16:16 - 2017-03-27 22:13 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.dll 2017-04-11 16:16 - 2017-03-27 22:13 - 00611328 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Graphics.Printing.dll 2017-04-11 16:16 - 2017-03-27 22:13 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll 2017-04-11 16:16 - 2017-03-27 22:12 - 02682880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netshell.dll 2017-04-11 16:16 - 2017-03-27 22:12 - 01013248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Web.Http.dll 2017-04-11 16:16 - 2017-03-27 22:12 - 01004544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll 2017-04-11 16:16 - 2017-03-27 22:12 - 00862208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll 2017-04-11 16:16 - 2017-03-27 22:12 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\MbaeApiPublic.dll 2017-04-11 16:16 - 2017-03-27 22:12 - 00827904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll 2017-04-11 16:16 - 2017-03-27 22:12 - 00691200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBroker.dll 2017-04-11 16:16 - 2017-03-27 22:12 - 00654336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MbaeApiPublic.dll 2017-04-11 16:16 - 2017-03-27 22:12 - 00620544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.dll 2017-04-11 16:16 - 2017-03-27 22:12 - 00598528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Web.dll 2017-04-11 16:16 - 2017-03-27 22:12 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ShareHost.dll 2017-04-11 16:16 - 2017-03-27 22:12 - 00542208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.Connectivity.dll 2017-04-11 16:16 - 2017-03-27 22:12 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Midi.dll 2017-04-11 16:16 - 2017-03-27 22:11 - 02994176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys 2017-04-11 16:16 - 2017-03-27 22:11 - 02646528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertEnroll.dll 2017-04-11 16:16 - 2017-03-27 22:11 - 01981440 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2017-04-11 16:16 - 2017-03-27 22:11 - 01600000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2017-04-11 16:16 - 2017-03-27 22:11 - 01576448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll 2017-04-11 16:16 - 2017-03-27 22:11 - 01170944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.Phone.dll 2017-04-11 16:16 - 2017-03-27 22:11 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Sensors.dll 2017-04-11 16:16 - 2017-03-27 22:11 - 00751104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll 2017-04-11 16:16 - 2017-03-27 22:10 - 08076288 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2017-04-11 16:16 - 2017-03-27 22:10 - 02483200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2017-04-11 16:16 - 2017-03-27 22:10 - 02424320 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Perception.dll 2017-04-11 16:16 - 2017-03-27 22:10 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Maps.dll 2017-04-11 16:16 - 2017-03-27 22:10 - 01266176 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Input.Inking.dll 2017-04-11 16:16 - 2017-03-27 22:10 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll 2017-04-11 16:16 - 2017-03-27 22:09 - 04149248 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2017-04-11 16:16 - 2017-03-27 22:09 - 03106304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe 2017-04-11 16:16 - 2017-03-27 22:09 - 01369088 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Phone.dll 2017-04-11 16:16 - 2017-03-27 22:08 - 01564160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll 2017-04-11 16:16 - 2017-03-27 22:08 - 00783360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll 2017-04-11 16:16 - 2017-03-27 22:08 - 00299008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RADCUI.dll 2017-04-11 16:16 - 2017-03-27 22:06 - 00999424 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2017-04-11 16:16 - 2017-03-27 21:48 - 00483840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreMessaging.dll 2017-04-11 16:15 - 2017-03-27 23:36 - 01617760 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2017-04-11 16:15 - 2017-03-27 23:36 - 01294688 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2017-04-11 16:15 - 2017-03-27 23:36 - 00565088 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2017-04-11 16:15 - 2017-03-27 23:36 - 00343904 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2017-04-11 16:15 - 2017-03-27 23:36 - 00142176 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2017-04-11 16:15 - 2017-03-27 23:35 - 00379232 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2017-04-11 16:15 - 2017-03-27 23:28 - 07786336 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2017-04-11 16:15 - 2017-03-27 23:26 - 00603488 _____ (Microsoft Corporation) C:\Windows\system32\ContentDeliveryManager.Utilities.dll 2017-04-11 16:15 - 2017-03-27 23:22 - 02681200 _____ C:\Windows\system32\CoreUIComponents.dll 2017-04-11 16:15 - 2017-03-27 23:20 - 00764392 _____ (Microsoft Corporation) C:\Windows\system32\CoreMessaging.dll 2017-04-11 16:15 - 2017-03-27 23:12 - 00328008 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Storage.ApplicationData.dll 2017-04-11 16:15 - 2017-03-27 23:11 - 02187616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2017-04-11 16:15 - 2017-03-27 23:11 - 01738560 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2017-04-11 16:15 - 2017-03-27 23:11 - 00402784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys 2017-04-11 16:15 - 2017-03-27 23:10 - 02758648 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2017-04-11 16:15 - 2017-03-27 23:10 - 01157008 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll 2017-04-11 16:15 - 2017-03-27 23:10 - 00178528 _____ (Microsoft Corporation) C:\Windows\system32\CloudExperienceHostUser.dll 2017-04-11 16:15 - 2017-03-27 23:10 - 00146776 _____ (Microsoft Corporation) C:\Windows\system32\CloudExperienceHostCommon.dll 2017-04-11 16:15 - 2017-03-27 23:09 - 02446704 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2017-04-11 16:15 - 2017-03-27 23:09 - 00682816 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2017-04-11 16:15 - 2017-03-27 23:09 - 00624048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2017-04-11 16:15 - 2017-03-27 23:08 - 01267504 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll 2017-04-11 16:15 - 2017-03-27 23:08 - 01100128 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe 2017-04-11 16:15 - 2017-03-27 23:08 - 00989024 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe 2017-04-11 16:15 - 2017-03-27 23:04 - 01600632 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll 2017-04-11 16:15 - 2017-03-27 23:04 - 01276760 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll 2017-04-11 16:15 - 2017-03-27 23:04 - 00241504 _____ (Microsoft Corporation) C:\Windows\system32\CloudExperienceHost.dll 2017-04-11 16:15 - 2017-03-27 23:04 - 00160088 _____ (Microsoft Corporation) C:\Windows\system32\CloudExperienceHostBroker.dll 2017-04-11 16:15 - 2017-03-27 23:00 - 01569184 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll 2017-04-11 16:15 - 2017-03-27 23:00 - 00628552 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe 2017-04-11 16:15 - 2017-03-27 22:58 - 00372440 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.MediaControl.dll 2017-04-11 16:15 - 2017-03-27 22:44 - 07216640 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll 2017-04-11 16:15 - 2017-03-27 22:41 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\RDXTaskFactory.dll 2017-04-11 16:15 - 2017-03-27 22:38 - 00584192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbonRes.dll 2017-04-11 16:15 - 2017-03-27 22:38 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2017-04-11 16:15 - 2017-03-27 22:37 - 22568960 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll 2017-04-11 16:15 - 2017-03-27 22:37 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\XblAuthManagerProxy.dll 2017-04-11 16:15 - 2017-03-27 22:37 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\DdcWnsListener.dll 2017-04-11 16:15 - 2017-03-27 22:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbonRes.dll 2017-04-11 16:15 - 2017-03-27 22:36 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\RdpRelayTransport.dll 2017-04-11 16:15 - 2017-03-27 22:36 - 00045056 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2017-04-11 16:15 - 2017-03-27 22:36 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\odbcconf.dll 2017-04-11 16:15 - 2017-03-27 22:35 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\DisplayManager.dll 2017-04-11 16:15 - 2017-03-27 22:35 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\Family.Client.dll 2017-04-11 16:15 - 2017-03-27 22:35 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Windows.System.SystemManagement.dll 2017-04-11 16:15 - 2017-03-27 22:35 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Printers.dll 2017-04-11 16:15 - 2017-03-27 22:34 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\unimdm.tsp 2017-04-11 16:15 - 2017-03-27 22:34 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\Family.SyncEngine.dll 2017-04-11 16:15 - 2017-03-27 22:34 - 00162304 _____ (Microsoft Corporation) C:\Windows\system32\dmcertinst.exe 2017-04-11 16:15 - 2017-03-27 22:34 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_ClosedCaptioning.dll 2017-04-11 16:15 - 2017-03-27 22:34 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll 2017-04-11 16:15 - 2017-03-27 22:34 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\XblAuthTokenBrokerExt.dll 2017-04-11 16:15 - 2017-03-27 22:33 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2017-04-11 16:15 - 2017-03-27 22:33 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\UserDeviceRegistration.dll 2017-04-11 16:15 - 2017-03-27 22:33 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.WiFi.dll 2017-04-11 16:15 - 2017-03-27 22:33 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\DeviceDirectoryClient.dll 2017-04-11 16:15 - 2017-03-27 22:33 - 00122880 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryClient.dll 2017-04-11 16:15 - 2017-03-27 22:33 - 00101888 _____ (Microsoft Corporation) C:\Windows\system32\UserDeviceRegistration.Ngc.dll 2017-04-11 16:15 - 2017-03-27 22:33 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\Windows.System.UserDeviceAssociation.dll 2017-04-11 16:15 - 2017-03-27 22:32 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\FlightSettings.dll 2017-04-11 16:15 - 2017-03-27 22:32 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\OneBackupHandler.dll 2017-04-11 16:15 - 2017-03-27 22:32 - 00306176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieproxy.dll 2017-04-11 16:15 - 2017-03-27 22:32 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Radios.dll 2017-04-11 16:15 - 2017-03-27 22:31 - 00547840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Gaming.Input.dll 2017-04-11 16:15 - 2017-03-27 22:31 - 00418304 _____ C:\Windows\system32\Windows.Perception.Stub.dll 2017-04-11 16:15 - 2017-03-27 22:31 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.BlockedShutdown.dll 2017-04-11 16:15 - 2017-03-27 22:31 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll 2017-04-11 16:15 - 2017-03-27 22:31 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.SmartCards.Phone.dll 2017-04-11 16:15 - 2017-03-27 22:31 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\DeveloperOptionsSettingsHandlers.dll 2017-04-11 16:15 - 2017-03-27 22:31 - 00276992 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2017-04-11 16:15 - 2017-03-27 22:31 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\CloudDomainJoinDataModelServer.dll 2017-04-11 16:15 - 2017-03-27 22:31 - 00236544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2017-04-11 16:15 - 2017-03-27 22:31 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2017-04-11 16:15 - 2017-03-27 22:31 - 00211968 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgent.exe 2017-04-11 16:15 - 2017-03-27 22:31 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.SerialCommunication.dll 2017-04-11 16:15 - 2017-03-27 22:31 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Lights.dll 2017-04-11 16:15 - 2017-03-27 22:30 - 00692224 _____ (Microsoft Corporation) C:\Windows\system32\CellularAPI.dll 2017-04-11 16:15 - 2017-03-27 22:30 - 00651264 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.AllJoyn.dll 2017-04-11 16:15 - 2017-03-27 22:30 - 00568320 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.LowLevel.dll 2017-04-11 16:15 - 2017-03-27 22:30 - 00505856 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.WiFiDirect.dll 2017-04-11 16:15 - 2017-03-27 22:30 - 00340480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2017-04-11 16:15 - 2017-03-27 22:30 - 00268800 _____ (Microsoft Corporation) C:\Windows\system32\UserMgrProxy.dll 2017-04-11 16:15 - 2017-03-27 22:30 - 00239104 _____ (Microsoft Corporation) C:\Windows\system32\dafpos.dll 2017-04-11 16:15 - 2017-03-27 22:30 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\TokenBrokerUI.dll 2017-04-11 16:15 - 2017-03-27 22:29 - 00912384 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.SmartCards.dll 2017-04-11 16:15 - 2017-03-27 22:29 - 00852480 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Import.dll 2017-04-11 16:15 - 2017-03-27 22:29 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll 2017-04-11 16:15 - 2017-03-27 22:29 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2017-04-11 16:15 - 2017-03-27 22:29 - 00379904 _____ (Microsoft Corporation) C:\Windows\system32\apprepsync.dll 2017-04-11 16:15 - 2017-03-27 22:29 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.LockScreen.dll 2017-04-11 16:15 - 2017-03-27 22:29 - 00311296 _____ (Microsoft Corporation) C:\Windows\system32\SyncSettings.dll 2017-04-11 16:15 - 2017-03-27 22:29 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.HumanInterfaceDevice.dll 2017-04-11 16:15 - 2017-03-27 22:29 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\vaultcli.dll 2017-04-11 16:15 - 2017-03-27 22:29 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgentUserBroker.exe 2017-04-11 16:15 - 2017-03-27 22:29 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Scanners.dll 2017-04-11 16:15 - 2017-03-27 22:29 - 00206336 _____ (Microsoft Corporation) C:\Windows\system32\psmsrv.dll 2017-04-11 16:15 - 2017-03-27 22:29 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2017-04-11 16:15 - 2017-03-27 22:29 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\AuthBroker.dll 2017-04-11 16:15 - 2017-03-27 22:29 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2017-04-11 16:15 - 2017-03-27 22:28 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WpcWebFilter.dll 2017-04-11 16:15 - 2017-03-27 22:28 - 00431616 _____ (Microsoft Corporation) C:\Windows\system32\WpAXHolder.dll 2017-04-11 16:15 - 2017-03-27 22:28 - 00407552 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Management.dll 2017-04-11 16:15 - 2017-03-27 22:28 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Picker.dll 2017-04-11 16:15 - 2017-03-27 22:28 - 00261632 _____ (Microsoft Corporation) C:\Windows\system32\indexeddbserver.dll 2017-04-11 16:15 - 2017-03-27 22:28 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.Identity.Provider.dll 2017-04-11 16:15 - 2017-03-27 22:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\apprepapi.dll 2017-04-11 16:15 - 2017-03-27 22:27 - 01060352 _____ (Microsoft Corporation) C:\Windows\system32\AppContracts.dll 2017-04-11 16:15 - 2017-03-27 22:27 - 00949248 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.PointOfService.dll 2017-04-11 16:15 - 2017-03-27 22:27 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2017-04-11 16:15 - 2017-03-27 22:27 - 00472064 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Bluetooth.dll 2017-04-11 16:15 - 2017-03-27 22:27 - 00425984 _____ (Microsoft Corporation) C:\Windows\system32\aadcloudap.dll 2017-04-11 16:15 - 2017-03-27 22:27 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\updatepolicy.dll 2017-04-11 16:15 - 2017-03-27 22:26 - 00437248 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Usb.dll 2017-04-11 16:15 - 2017-03-27 22:26 - 00329728 _____ (Microsoft Corporation) C:\Windows\system32\deviceaccess.dll 2017-04-11 16:15 - 2017-03-27 22:26 - 00284160 _____ (Microsoft Corporation) C:\Windows\system32\AboveLockAppHost.dll 2017-04-11 16:15 - 2017-03-27 22:25 - 18364928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll 2017-04-11 16:15 - 2017-03-27 22:25 - 01010176 _____ (Microsoft Corporation) C:\Windows\system32\enterprisecsps.dll 2017-04-11 16:15 - 2017-03-27 22:25 - 00966144 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll 2017-04-11 16:15 - 2017-03-27 22:25 - 00896512 _____ (Microsoft Corporation) C:\Windows\system32\Windows.AccountsControl.dll 2017-04-11 16:15 - 2017-03-27 22:25 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\GamePanel.exe 2017-04-11 16:15 - 2017-03-27 22:25 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2017-04-11 16:15 - 2017-03-27 22:24 - 19416576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2017-04-11 16:15 - 2017-03-27 22:24 - 01220096 _____ (Microsoft Corporation) C:\Windows\system32\wscui.cpl 2017-04-11 16:15 - 2017-03-27 22:24 - 00410112 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll 2017-04-11 16:15 - 2017-03-27 22:23 - 09130496 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll 2017-04-11 16:15 - 2017-03-27 22:23 - 00932864 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2017-04-11 16:15 - 2017-03-27 22:23 - 00691712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2017-04-11 16:15 - 2017-03-27 22:23 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll 2017-04-11 16:15 - 2017-03-27 22:22 - 00175616 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettings.DeviceEncryptionHandlers.dll 2017-04-11 16:15 - 2017-03-27 22:21 - 23681536 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2017-04-11 16:15 - 2017-03-27 22:21 - 01589760 _____ (Microsoft Corporation) C:\Windows\system32\msdtctm.dll 2017-04-11 16:15 - 2017-03-27 22:21 - 00104960 _____ (Microsoft Corporation) C:\Windows\system32\CastLaunch.dll 2017-04-11 16:15 - 2017-03-27 22:20 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\MiracastReceiver.dll 2017-04-11 16:15 - 2017-03-27 22:20 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\mfmjpegdec.dll 2017-04-11 16:15 - 2017-03-27 22:19 - 00864256 _____ (Microsoft Corporation) C:\Windows\system32\wpnapps.dll 2017-04-11 16:15 - 2017-03-27 22:19 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\PlayToDevice.dll 2017-04-11 16:15 - 2017-03-27 22:19 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dlnashext.dll 2017-04-11 16:15 - 2017-03-27 22:19 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\flvprophandler.dll 2017-04-11 16:15 - 2017-03-27 22:18 - 12181504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2017-04-11 16:15 - 2017-03-27 22:18 - 01908224 _____ (Microsoft Corporation) C:\Windows\system32\AzureSettingSyncProvider.dll 2017-04-11 16:15 - 2017-03-27 22:18 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\wpninprc.dll 2017-04-11 16:15 - 2017-03-27 22:17 - 13087232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2017-04-11 16:15 - 2017-03-27 22:17 - 05114368 _____ (Microsoft Corporation) C:\Windows\system32\cdp.dll 2017-04-11 16:15 - 2017-03-27 22:17 - 04749312 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll 2017-04-11 16:15 - 2017-03-27 22:17 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\PlayToReceiver.dll 2017-04-11 16:15 - 2017-03-27 22:16 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\ErrorDetails.dll 2017-04-11 16:15 - 2017-03-27 22:16 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\vss_ps.dll 2017-04-11 16:15 - 2017-03-27 22:15 - 00981504 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.OnlineId.dll 2017-04-11 16:15 - 2017-03-27 22:15 - 00945664 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebFilter.dll 2017-04-11 16:15 - 2017-03-27 22:15 - 00937984 _____ (Microsoft Corporation) C:\Windows\system32\MCRecvSrc.dll 2017-04-11 16:15 - 2017-03-27 22:15 - 00539136 _____ (Microsoft Corporation) C:\Windows\system32\PlayToManager.dll 2017-04-11 16:15 - 2017-03-27 22:15 - 00467968 _____ (Microsoft Corporation) C:\Windows\system32\Geolocation.dll 2017-04-11 16:15 - 2017-03-27 22:15 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\SensorsApi.dll 2017-04-11 16:15 - 2017-03-27 22:15 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Devices.dll 2017-04-11 16:15 - 2017-03-27 22:14 - 08126976 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll 2017-04-11 16:15 - 2017-03-27 22:14 - 01692160 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll 2017-04-11 16:15 - 2017-03-27 22:14 - 01643008 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Speech.dll 2017-04-11 16:15 - 2017-03-27 22:14 - 00975872 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe 2017-04-11 16:15 - 2017-03-27 22:14 - 00913920 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.dll 2017-04-11 16:15 - 2017-03-27 22:14 - 00869888 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2017-04-11 16:15 - 2017-03-27 22:14 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.Web.Core.dll 2017-04-11 16:15 - 2017-03-27 22:14 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll 2017-04-11 16:15 - 2017-03-27 22:13 - 06045184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll 2017-04-11 16:15 - 2017-03-27 22:13 - 04474368 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll 2017-04-11 16:15 - 2017-03-27 22:13 - 02095616 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2017-04-11 16:15 - 2017-03-27 22:13 - 01359872 _____ (Microsoft Corporation) C:\Windows\system32\SharedStartModel.dll 2017-04-11 16:15 - 2017-03-27 22:13 - 01040896 _____ (Microsoft Corporation) C:\Windows\system32\NaturalLanguage6.dll 2017-04-11 16:15 - 2017-03-27 22:13 - 00759296 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2017-04-11 16:15 - 2017-03-27 22:13 - 00650752 _____ (Microsoft Corporation) C:\Windows\system32\RDXService.dll 2017-04-11 16:15 - 2017-03-27 22:13 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Midi.dll 2017-04-11 16:15 - 2017-03-27 22:12 - 05611008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2017-04-11 16:15 - 2017-03-27 22:12 - 02208768 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Graphics.Printing.3D.dll 2017-04-11 16:15 - 2017-03-27 22:12 - 02026496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2017-04-11 16:15 - 2017-03-27 22:12 - 01509376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2017-04-11 16:15 - 2017-03-27 22:12 - 00376832 _____ (Microsoft Corporation) C:\Windows\system32\CryptoWinRT.dll 2017-04-11 16:15 - 2017-03-27 22:11 - 02914816 _____ (Microsoft Corporation) C:\Windows\system32\CertEnroll.dll 2017-04-11 16:15 - 2017-03-27 22:11 - 01275392 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Bluetooth.dll 2017-04-11 16:15 - 2017-03-27 22:10 - 02316288 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2017-04-11 16:15 - 2017-03-27 22:10 - 01783296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2017-04-11 16:15 - 2017-03-27 22:10 - 01637888 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2017-04-11 16:15 - 2017-03-27 22:10 - 01586176 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll 2017-04-11 16:15 - 2017-03-27 22:10 - 01231872 _____ (Microsoft Corporation) C:\Windows\system32\dosvc.dll 2017-04-11 16:15 - 2017-03-27 22:10 - 00875520 _____ (Microsoft Corporation) C:\Windows\system32\TokenBroker.dll 2017-04-11 16:15 - 2017-03-27 22:10 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Web.dll 2017-04-11 16:15 - 2017-03-27 22:09 - 01513472 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys 2017-04-11 16:15 - 2017-03-27 22:09 - 01328640 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Web.Http.dll 2017-04-11 16:15 - 2017-03-27 22:09 - 01131008 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2017-04-11 16:15 - 2017-03-27 22:09 - 01064448 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll 2017-04-11 16:15 - 2017-03-27 22:09 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ShareHost.dll 2017-04-11 16:15 - 2017-03-27 22:08 - 03612672 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys 2017-04-11 16:15 - 2017-03-27 22:08 - 03542016 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll 2017-04-11 16:15 - 2017-03-27 22:08 - 02895872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2017-04-11 16:15 - 2017-03-27 22:08 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\enrollmentapi.dll 2017-04-11 16:15 - 2017-03-27 22:07 - 00908800 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll 2017-04-11 16:15 - 2017-03-27 22:07 - 00701952 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.Connectivity.dll 2017-04-11 16:15 - 2017-03-27 22:07 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\FontProvider.dll 2017-04-11 16:15 - 2017-03-27 22:06 - 01121280 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll 2017-04-11 16:15 - 2017-03-27 22:06 - 00924672 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll 2017-04-11 16:15 - 2017-03-27 22:05 - 01633792 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2017-04-11 16:15 - 2017-03-18 09:50 - 00956416 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll 2017-04-11 16:15 - 2017-03-18 09:35 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll 2017-04-11 13:31 - 2017-05-04 22:25 - 00000000 ____D C:\Windows\CbsTemp 2017-04-11 12:49 - 2017-05-06 14:42 - 00000000 ____D C:\Users\ckurl\AppData\LocalLow\IObit 2017-04-11 09:08 - 2017-04-11 09:03 - 01018592 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys 2017-04-11 09:08 - 2017-04-11 09:03 - 00197336 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys 2017-04-10 21:32 - 2017-04-10 21:32 - 00000000 ____D C:\ProgramData\BDLogging 2017-04-10 21:32 - 2017-04-10 21:32 - 00000000 ____D C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690} 2017-04-10 21:32 - 2017-04-10 21:32 - 00000000 ____D C:\ProgramData\{ACBCD40A-42A8-4FF9-BD42-ABCD14998CBA} 2017-04-10 21:28 - 2017-04-10 21:28 - 00001872 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk 2017-04-10 21:28 - 2017-04-10 21:28 - 00000000 ____D C:\Users\ckurl\AppData\Roaming\SUPERAntiSpyware.com 2017-04-10 21:28 - 2017-04-10 21:28 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com 2017-04-10 21:28 - 2017-04-10 21:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2017-04-10 21:28 - 2017-04-10 21:28 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2017-04-10 21:24 - 2017-04-10 21:24 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking 2017-04-09 18:45 - 2017-04-09 18:45 - 00000000 ____D C:\Windows\IObit 2017-04-09 18:40 - 2017-05-08 07:27 - 00000000 ____D C:\Windows\AppReadiness 2017-04-09 18:40 - 2017-04-09 18:40 - 00000000 ____D C:\Windows\Panther 2017-04-09 10:44 - 2017-04-30 11:10 - 00000000 ____D C:\ProgramData\BSD 2017-04-09 09:59 - 2017-04-09 09:59 - 00001269 _____ C:\Users\Public\Desktop\IObit Malware Fighter.lnk 2017-04-09 09:59 - 2017-04-09 09:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter 2017-04-09 09:59 - 2017-04-09 09:59 - 00000000 ____D C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705} 2017-04-09 09:59 - 2017-03-17 16:39 - 00051904 _____ (IObit.com) C:\Windows\system32\Drivers\IMFCameraProtect.sys 2017-04-08 16:32 - 2017-04-08 16:32 - 00000000 ____D C:\ProgramData\YSFLIGHT.COM ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-05-08 07:21 - 2016-05-29 18:51 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2017-05-08 07:19 - 2016-08-22 04:06 - 00000000 ____D C:\Users\ckurl 2017-05-08 07:19 - 2016-05-28 10:44 - 00000000 __SHD C:\Users\ckurl\IntelGraphicsProfiles 2017-05-08 07:17 - 2016-08-22 04:33 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-05-08 07:17 - 2016-08-22 04:00 - 00000000 ____D C:\ProgramData\NVIDIA 2017-05-07 20:40 - 2016-07-31 16:43 - 00000000 ____D C:\Program Files (x86)\Steam 2017-05-07 20:40 - 2016-07-15 23:04 - 00786432 _____ C:\Windows\system32\config\BBI 2017-05-07 20:32 - 2016-08-22 03:56 - 00000000 ____D C:\Windows\system32\SleepStudy 2017-05-07 18:50 - 2016-06-11 22:06 - 00000000 ____D C:\Users\ckurl\AppData\Roaming\Spotify 2017-05-07 18:28 - 2017-03-26 10:37 - 00000000 ____D C:\ProgramData\BlueStacksSetup 2017-05-07 13:16 - 2016-07-16 04:45 - 00000000 ____D C:\Windows\INF 2017-05-07 11:52 - 2016-05-28 17:22 - 00000000 ____D C:\Program Files (x86)\Google 2017-05-07 11:27 - 2017-02-08 18:38 - 00000000 ____D C:\Users\ckurl\Documents\DAVAProject 2017-05-07 02:00 - 2016-05-30 10:26 - 00000000 ____D C:\Users\ckurl\AppData\Local\Adobe 2017-05-06 23:44 - 2016-09-11 07:43 - 00000000 ____D C:\Games 2017-05-06 23:44 - 2016-09-02 17:23 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared 2017-05-06 23:44 - 2016-08-22 04:45 - 00000000 ____D C:\inetpub 2017-05-06 23:44 - 2016-08-20 18:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 14.0 2017-05-06 23:44 - 2016-07-16 04:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2017-05-06 23:44 - 2016-05-28 17:25 - 00000000 ____D C:\Program Files\TrueKey 2017-05-06 23:44 - 2016-03-05 06:34 - 00000000 ____D C:\Intel 2017-05-06 22:13 - 2017-04-02 14:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 2017-05-06 22:13 - 2017-04-02 09:59 - 00000000 ____D C:\ProgramData\IObit 2017-05-06 14:45 - 2016-08-22 04:05 - 02058910 _____ C:\Windows\system32\PerfStringBackup.INI 2017-05-06 14:22 - 2016-10-25 22:20 - 00000000 ____D C:\AdwCleaner 2017-05-06 14:06 - 2016-05-29 08:44 - 00000000 ____D C:\Users\ckurl\AppData\Local\CrashDumps 2017-05-05 22:45 - 2016-10-31 16:39 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-05-05 18:56 - 2016-07-11 21:01 - 00000000 ____D C:\Program Files\Common Files\AV 2017-05-05 08:04 - 2016-08-03 20:16 - 00000236 _____ C:\Users\ckurl\Desktop\Text Document.txt 2017-05-04 22:24 - 2016-07-16 04:47 - 00000000 ____D C:\Windows\system32\appraiser 2017-05-04 20:28 - 2016-09-02 17:14 - 00000000 ____D C:\ProgramData\Autodesk 2017-05-04 17:21 - 2016-07-09 18:09 - 00000000 ____D C:\Users\ckurl\AppData\Local\HP 2017-05-04 16:37 - 2016-09-02 17:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk 2017-05-04 15:52 - 2015-10-29 23:28 - 00000000 ____D C:\Users\Default.migrated 2017-05-03 19:33 - 2016-07-16 04:47 - 00000000 ____D C:\Windows\system32\spool 2017-05-03 18:07 - 2016-11-15 08:23 - 00000000 ____D C:\Users\ckurl\AppData\Roaming\CyberLink 2017-05-03 18:07 - 2016-03-05 06:54 - 00000000 ____D C:\ProgramData\CyberLink 2017-05-03 07:19 - 2017-01-29 15:56 - 00000000 ____D C:\ProgramData\Norton 2017-05-02 21:43 - 2016-07-16 04:47 - 00000000 ____D C:\Windows\LiveKernelReports 2017-05-02 07:25 - 2017-02-02 21:18 - 00000000 ____D C:\Users\ckurl\AppData\Roaming\vlc 2017-05-01 21:05 - 2017-03-14 17:34 - 00000000 ____D C:\ProgramData\Betternet 2017-05-01 16:02 - 2016-08-22 03:56 - 00251728 _____ C:\Windows\system32\FNTCACHE.DAT 2017-05-01 14:37 - 2016-07-16 04:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2017-05-01 14:33 - 2016-03-05 07:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2017-05-01 14:05 - 2016-03-05 06:55 - 00000000 ____D C:\Program Files\CyberLink 2017-05-01 14:05 - 2016-03-05 06:31 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2017-05-01 14:04 - 2016-08-22 03:59 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos 2017-05-01 07:03 - 2016-11-30 22:13 - 00007602 _____ C:\Users\ckurl\AppData\Local\Resmon.ResmonCfg 2017-04-30 16:23 - 2016-07-16 04:47 - 00000000 ____D C:\Windows\system32\NDF 2017-04-30 15:37 - 2016-03-05 06:51 - 00000000 ____D C:\Program Files (x86)\HP 2017-04-30 15:37 - 2015-08-06 08:21 - 00000000 ____D C:\SWSetup 2017-04-30 15:36 - 2016-11-13 10:03 - 00002304 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Power Media Player 14.lnk 2017-04-30 15:36 - 2016-03-05 06:41 - 00000000 ____D C:\ProgramData\SUPPORTDIR 2017-04-30 15:36 - 2016-03-05 06:41 - 00000000 ____D C:\ProgramData\install_clap 2017-04-30 15:35 - 2016-03-05 06:41 - 00000000 ____D C:\ProgramData\Temp 2017-04-30 13:45 - 2016-07-16 04:47 - 00000000 ___HD C:\Program Files\WindowsApps 2017-04-30 13:45 - 2016-05-28 10:44 - 00000000 ____D C:\Users\ckurl\AppData\Local\Packages 2017-04-30 13:39 - 2017-03-05 18:32 - 00001550 _____ C:\Users\ckurl\Desktop\sublime_text.lnk 2017-04-30 13:26 - 2017-04-02 14:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IOTransfer 2017-04-30 13:26 - 2017-03-04 22:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch 2017-04-30 13:26 - 2017-03-04 21:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net 2017-04-30 13:25 - 2017-04-02 10:49 - 00002362 _____ C:\Users\Public\Desktop\Driver Booster 4.lnk 2017-04-30 13:24 - 2016-08-20 19:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit 2017-04-30 13:24 - 2016-07-24 08:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2017-04-30 13:24 - 2016-03-05 06:33 - 00000000 ____D C:\ProgramData\Package Cache 2017-04-30 13:23 - 2016-08-20 19:56 - 00000000 ____D C:\Program Files\Java 2017-04-30 13:21 - 2016-07-24 08:57 - 00000000 ____D C:\Program Files (x86)\Java 2017-04-30 13:02 - 2017-04-02 09:59 - 00000000 ____D C:\Users\ckurl\AppData\Roaming\IObit 2017-04-30 13:02 - 2017-04-02 09:59 - 00000000 ____D C:\Program Files (x86)\IObit 2017-04-30 12:58 - 2017-01-09 16:36 - 00000000 ____D C:\Users\ckurl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps 2017-04-30 12:37 - 2016-09-10 14:18 - 00000000 ____D C:\Users\ckurl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Grammarly 2017-04-30 12:30 - 2016-11-24 13:09 - 00002355 ____H C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-04-30 12:30 - 2016-11-24 13:09 - 00002343 ____H C:\Users\Public\Desktop\Google Chrome.lnk 2017-04-30 12:26 - 2017-03-21 19:25 - 00000000 ____D C:\Users\ckurl\Documents\Backups 2017-04-30 11:47 - 2016-08-22 04:33 - 00003416 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2017-04-30 11:47 - 2016-08-22 04:33 - 00003292 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2017-04-30 10:50 - 2015-10-30 00:24 - 00000000 ____D C:\Windows\system32\Tasks_Migrated 2017-04-30 10:05 - 2016-06-11 22:09 - 00000000 ____D C:\Users\ckurl\AppData\Local\Spotify 2017-04-30 09:15 - 2015-07-10 04:04 - 00000000 ___HD C:\Windows\system32\GroupPolicy 2017-04-30 07:27 - 2016-08-22 04:00 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2017-04-29 20:59 - 2016-08-22 03:59 - 00023379 _____ C:\Windows\system32\Drivers\rtkhdasetting.zip 2017-04-29 19:31 - 2016-08-22 04:00 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2017-04-29 19:05 - 2016-09-02 21:56 - 00002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bang & Olufsen.lnk 2017-04-29 19:04 - 2016-08-22 03:59 - 00000000 ____D C:\Windows\SysWOW64\RTCOM 2017-04-29 16:17 - 2016-09-02 18:20 - 00000000 ____D C:\Users\ckurl\Documents\maya 2017-04-29 15:20 - 2016-12-03 17:17 - 00000000 ____D C:\Users\ckurl\Documents\Python 2017-04-29 09:53 - 2017-02-12 00:21 - 00003654 _____ C:\Windows\System32\Tasks\CreateExplorerShellUnelevatedTask 2017-04-29 09:52 - 2016-08-22 04:33 - 00003828 _____ C:\Windows\System32\Tasks\HPCustParticipation HP Officejet Pro 8620 2017-04-29 07:45 - 2016-09-04 13:16 - 00000000 ____D C:\ProgramData\Google 2017-04-27 19:39 - 2016-05-28 17:22 - 00000000 ____D C:\Users\ckurl\AppData\Local\Google 2017-04-27 16:32 - 2017-04-04 00:29 - 00000000 ____D C:\ProgramData\wondershare 2017-04-27 07:32 - 2016-07-16 04:47 - 00000000 ____D C:\Windows\rescache 2017-04-24 22:32 - 2017-02-11 16:18 - 00000000 ____D C:\Users\ckurl\.gimp-2.8 2017-04-24 07:47 - 2017-02-11 16:21 - 00000000 ____D C:\Users\ckurl\AppData\Local\gtk-2.0 2017-04-19 17:45 - 2017-02-09 17:22 - 00001951 _____ C:\Windows\NvContainerRecovery.bat 2017-04-19 17:44 - 2016-08-22 04:00 - 06437312 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll 2017-04-19 17:44 - 2016-08-22 04:00 - 02479736 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll 2017-04-19 17:44 - 2016-08-22 04:00 - 01762936 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll 2017-04-19 17:44 - 2016-08-22 04:00 - 00392312 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll 2017-04-19 17:44 - 2016-08-22 04:00 - 00082040 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll 2017-04-19 17:44 - 2016-08-22 04:00 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll 2017-04-19 15:29 - 2016-08-22 04:00 - 07915387 _____ C:\Windows\system32\nvcoproc.bin 2017-04-19 00:25 - 2016-08-14 08:01 - 00000218 _____ C:\Users\ckurl\AppData\Roaming\WB.CFG 2017-04-18 23:41 - 2016-08-22 04:05 - 01860954 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2017-04-18 22:46 - 2017-04-02 17:39 - 00001573 _____ C:\Users\ckurl\Desktop\Road Rush Racer.lnk 2017-04-17 14:33 - 2017-02-12 00:26 - 00003304 _____ C:\Windows\System32\Tasks\{BDA69597-C186-49A4-856F-CFDA838F02C2} 2017-04-17 14:33 - 2017-01-29 21:09 - 00003458 _____ C:\Windows\System32\Tasks\{D952195F-F2FE-479E-8CAC-E5117817E8CF} 2017-04-17 14:33 - 2016-10-29 19:46 - 00003618 _____ C:\Windows\System32\Tasks\{792C56D5-DC60-4C20-8BB6-DACFE96AE1E2} 2017-04-15 19:03 - 2016-08-22 04:33 - 00004552 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2017-04-15 19:03 - 2016-07-16 04:47 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2017-04-15 19:03 - 2016-07-16 04:47 - 00000000 ____D C:\Windows\system32\Macromed 2017-04-14 16:00 - 2016-04-26 23:39 - 00000000 __RHD C:\Users\Public\AccountPictures 2017-04-11 19:04 - 2016-07-16 04:47 - 00000000 ___SD C:\Windows\SysWOW64\F12 2017-04-11 19:04 - 2016-07-16 04:47 - 00000000 ___SD C:\Windows\system32\F12 2017-04-11 19:04 - 2016-07-16 04:47 - 00000000 ___RD C:\Windows\ImmersiveControlPanel 2017-04-11 19:04 - 2016-07-16 04:47 - 00000000 ___RD C:\Program Files\Windows Defender 2017-04-11 19:04 - 2016-07-16 04:47 - 00000000 ____D C:\Windows\SysWOW64\setup 2017-04-11 19:04 - 2016-07-16 04:47 - 00000000 ____D C:\Windows\system32\setup 2017-04-11 19:04 - 2016-07-16 04:47 - 00000000 ____D C:\Windows\ShellExperiences 2017-04-11 19:04 - 2016-07-16 04:47 - 00000000 ____D C:\Windows\Provisioning 2017-04-11 19:04 - 2016-07-16 04:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer 2017-04-11 19:04 - 2016-07-16 04:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2017-04-11 19:04 - 2016-07-16 04:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2017-04-11 19:04 - 2016-07-15 23:04 - 00000000 ____D C:\Windows\system32\Dism 2017-04-11 19:01 - 2017-03-26 10:30 - 00000000 ____D C:\Users\ckurl\AppData\Local\Bluestacks 2017-04-11 19:01 - 2017-03-25 15:56 - 00000000 ____D C:\Users\ckurl\AppData\LocalLow\Heroes and Generals 2017-04-11 19:01 - 2016-09-02 18:20 - 00000000 ____D C:\ProgramData\FLEXnet 2017-04-11 19:01 - 2016-08-14 07:01 - 00000000 __HDC C:\ProgramData\{3A83B8C4-5F70-453E-A723-B5672F107885} 2017-04-11 19:01 - 2016-08-05 20:06 - 00000000 ____D C:\Users\ckurl\vmlogs 2017-04-11 19:01 - 2016-08-05 20:05 - 00000000 ____D C:\Users\ckurl\AppData\Local\Nox 2017-04-11 18:56 - 2017-04-04 00:27 - 00000000 ____D C:\Program Files (x86)\KeepVid 2017-04-11 18:56 - 2016-08-05 20:10 - 00000000 ____D C:\Users\ckurl\.android 2017-04-10 20:25 - 2016-07-15 23:04 - 00032768 _____ C:\Windows\system32\config\ELAM 2017-04-09 10:55 - 2016-11-24 13:06 - 00000000 ____D C:\Users\ckurl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2017-04-09 10:55 - 2016-10-19 21:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ophcrack 2017-04-09 10:55 - 2016-09-26 20:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KGB Archiver 2017-04-09 10:55 - 2016-09-13 17:34 - 00000000 ____D C:\Users\ckurl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike Global Offensive 2017-04-09 10:51 - 2016-07-16 04:47 - 00000000 __RSD C:\Windows\Media 2017-04-09 10:51 - 2016-07-16 04:47 - 00000000 ____D C:\Windows\security 2017-04-09 10:51 - 2016-07-16 04:47 - 00000000 ____D C:\Windows\Registration 2017-04-09 10:51 - 2016-07-16 04:47 - 00000000 ____D C:\Windows\Help 2017-04-09 10:44 - 2015-07-10 04:04 - 00000187 _____ C:\Windows\win.ini ==================== Files in the root of some directories ======= 2017-04-29 06:38 - 2017-04-29 20:58 - 0000061 _____ () C:\Users\ckurl\AppData\Roaming\DATA.del 2017-05-01 14:10 - 2017-05-01 15:47 - 0000115 _____ () C:\Users\ckurl\AppData\Roaming\LogFile.txt 2016-08-27 06:31 - 2016-08-27 06:31 - 2768916 _____ () C:\Users\ckurl\AppData\Roaming\sb250.dat 2016-08-14 08:01 - 2017-04-19 00:25 - 0000218 _____ () C:\Users\ckurl\AppData\Roaming\WB.CFG 2017-05-01 14:50 - 2017-05-01 14:50 - 0000600 _____ () C:\Users\ckurl\AppData\Roaming\winscp.rnd 2017-04-24 07:47 - 2017-04-24 07:47 - 0000843 _____ () C:\Users\ckurl\AppData\Local\recently-used.xbel 2016-11-30 22:13 - 2017-05-01 07:03 - 0007602 _____ () C:\Users\ckurl\AppData\Local\Resmon.ResmonCfg 2017-03-26 10:50 - 2017-03-26 10:50 - 0000552 _____ () C:\Users\ckurl\AppData\Local\TroubleshooterConfig.json 2016-11-02 18:34 - 2016-12-21 11:17 - 0000906 _____ () C:\Users\ckurl\AppData\Local\_settings.ini 2016-08-19 10:52 - 2016-08-19 10:52 - 0000057 _____ () C:\ProgramData\Ament.ini Some files in TEMP: ==================== 2017-05-07 09:59 - 2017-05-07 09:59 - 0008192 _____ () C:\Users\ckurl\AppData\Local\Temp\iuqebq21.dll ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-05-04 07:41 ==================== End of FRST.txt ============================ Link to post Share on other sites More sharing options...
Aura Posted May 8, 2017 ID:1123035 Share Posted May 8, 2017 Alright, let's give this a go. Farbar Recovery Scan Tool (FRST) - Fix mode Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply. Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located); Right-click on the FRST executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users); Click on the Fix button; On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad; Copy and paste its content in your next reply; fixlist.txt Link to post Share on other sites More sharing options...
joshkmartinez Posted May 8, 2017 Author ID:1123120 Share Posted May 8, 2017 Fix Log: Fix result of Farbar Recovery Scan Tool (x64) Version: 08-05-2017 Ran by ckurl (08-05-2017 14:40:35) Run:1 Running from F:\iAmInfected\FRST64 Loaded Profiles: ckurl (Available Profiles: ckurl) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION FF Plugin HKU\.DEFAULT: gingersoftware.com/gingerPlugin -> C:\Program Files (x86)\Ginger\GingerServices\GingerServicesProxy.dll [No File] CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms} CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms} CHR Extension: (Adblock for Youtube™) - C:\Users\ckurl\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2017-05-03] CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx S3 MFE_RR; C:\Users\ckurl\AppData\Local\Temp\mfe_rr.sys [24120 2017-05-06] (McAfee, Inc.) <==== ATTENTION S0 D46ABDF2; system32\drivers\D46ABDF2.sys [X] U0 Partizan; system32\drivers\Partizan.sys [X] Task: {00615077-DD07-4963-B529-208732E0CC98} - \LUMOS\TBW\TBW_04_00 -> No File <==== ATTENTION Task: {066FDB27-482E-45EC-89FE-296A667BEF47} - \LUMOS\TBW\TBW_07_00 -> No File <==== ATTENTION Task: {0E6157E1-9324-4F79-AC2F-0596760AA289} - \LUMOS\TBW\TBW_20_30 -> No File <==== ATTENTION Task: {11486291-E2F9-4EE7-910A-470A06389DFF} - \Auslogics\Driver Updater\Start Driver Updater оn ckurl logon -> No File <==== ATTENTION Task: {19C37EF1-1335-4460-B43D-3AF1D9063D1A} - \LUMOS\TBW\TBW_18_00 -> No File <==== ATTENTION Task: {1AA14685-00A4-46CA-A3A0-524A35C08D62} - \LUMOS\TBW\TBW_09_00 -> No File <==== ATTENTION Task: {1D491542-565C-4D42-9C3A-8327E8698C03} - \LUMOS\TBW\TBW_10_00 -> No File <==== ATTENTION Task: {1F930566-392B-4389-879A-60A5F17BF86A} - \LUMOS\TBW\TBW_05_30 -> No File <==== ATTENTION Task: {23E29108-D829-42F6-AE0D-D612C6B15C40} - \LUMOS\TBW\TBW_08_00 -> No File <==== ATTENTION Task: {258AB952-D067-4A4C-B5F9-A0A7CE4333DE} - \LUMOS\TBW\TBW_06_00 -> No File <==== ATTENTION Task: {31F2C749-E3F5-405F-BE25-C6AB8493AF06} - \LUMOS\TBW\TBW_06_30 -> No File <==== ATTENTION Task: {33D1363B-6D6D-4058-B2BF-41506E76FD76} - \LUMOS\TBW\TBW_00_30 -> No File <==== ATTENTION Task: {3F2B1D6F-7BC1-4AA4-ACD8-38BCB8421B3D} - \LUMOS\TBW\TBW_19_00 -> No File <==== ATTENTION Task: {4353D761-CAA6-401D-A9F8-016FBE030398} - \LUMOS\TBW\TBW_21_30 -> No File <==== ATTENTION Task: {4683F5E9-B5D6-4639-A8DD-A11F0427AC13} - \LUMOS\TBW\TBW_11_30 -> No File <==== ATTENTION Task: {4B474376-DB93-48CE-BB10-6D0DC4A189BF} - \LUMOS\TBW\TBW_12_00 -> No File <==== ATTENTION Task: {570D73E8-473C-4611-8E63-319EA59BC8E4} - \LUMOS\TBW\TBW_01_00 -> No File <==== ATTENTION Task: {58652A9D-3B8B-4596-951F-9DAA9880BD62} - \LUMOS\TBW\TBW_18_30 -> No File <==== ATTENTION Task: {59D14286-9C19-408B-B974-F313B0B0FC37} - \ASC10_PerformanceMonitor -> No File <==== ATTENTION Task: {64EF5A71-0F8E-45DE-B6A8-67CA93417278} - \LUMOS\TBW\TBW_02_30 -> No File <==== ATTENTION Task: {662D2B71-DF00-49B8-9288-E9218EBD5F5B} - \LUMOS\TBW\TBW_23_00 -> No File <==== ATTENTION Task: {663C14AB-0200-49F2-A7C1-635EB0C630CD} - \LUMOS\TBW\TBW_14_30 -> No File <==== ATTENTION Task: {6AEC7E8A-3555-4F99-885C-26A156468358} - \LUMOS\TBW\TBW_07_30 -> No File <==== ATTENTION Task: {70357E3C-EC2A-44DE-97BF-6620BDCCE2CF} - \LUMOS\TBW\TBW_02_00 -> No File <==== ATTENTION Task: {706FF03A-76EB-4301-ADEE-0D7AA2B80C37} - \LUMOS\TBW\TBW_17_00 -> No File <==== ATTENTION Task: {7163B70E-D9C2-4664-B09A-4B088E5B43EB} - \LUMOS\TBW\TBW_15_00 -> No File <==== ATTENTION Task: {73FEA031-3747-4D9A-B2E7-5142E8441DA8} - \LUMOS\TBW\TBW_13_00 -> No File <==== ATTENTION Task: {763690B7-F07B-4672-996D-1049B67D2F1A} - \LUMOS\TBW\TBW_13_30 -> No File <==== ATTENTION Task: {7C7E0AB9-8E3D-4D54-900A-1894713952F3} - \LUMOS\TBW\TBW_23_30 -> No File <==== ATTENTION Task: {7CA047E5-F6FF-4312-939B-BD0B41906552} - \LUMOS\TBW\TBW_22_30 -> No File <==== ATTENTION Task: {7F004AD8-97CE-4218-B29F-D423DA5739BB} - \LUMOS\TBW\TBW_03_30 -> No File <==== ATTENTION Task: {8490D1E7-7C5A-4505-A69C-FC678D0329B6} - \AVAST Software\Avast settings backup -> No File <==== ATTENTION Task: {93D1A584-2E08-4B3A-988C-5F43839092B7} - \LUMOS\TBW\TBW_00_00 -> No File <==== ATTENTION Task: {95B87259-C355-438B-98D0-3996291B8C94} - \LUMOS\TBW\TBW_19_30 -> No File <==== ATTENTION Task: {98E9A800-5DD9-4AEA-99DE-B7ACBCAF6C51} - \LUMOS\TBW\TBW_16_30 -> No File <==== ATTENTION Task: {98F7D864-643F-4B06-8BCE-105F38E8E408} - \LUMOS\TBW\TBW_10_30 -> No File <==== ATTENTION Task: {9BBAA623-5637-4AB6-B1A2-D02BFD2AA917} - \LUMOS\TBW\TBW_16_00 -> No File <==== ATTENTION Task: {9FBDB771-1A2A-4AA5-AC16-7BB81A07B935} - \LUMOS\TBW\TBW_14_00 -> No File <==== ATTENTION Task: {A04BE138-B8D0-4884-AFC5-EE20360D641A} - System32\Tasks\{BDA69597-C186-49A4-856F-CFDA838F02C2} => pcalua.exe -a "C:\Program Files (x86)\UX Pack\uxuninst.exe" Task: {A226D1C6-80D7-4B66-A2C4-60F0D7B29C3B} - \LUMOS\TBW\TBW_05_00 -> No File <==== ATTENTION Task: {ABFDEB59-EF7D-42FF-945C-8EF93C0A26FC} - \LUMOS\TBW\TBW_11_00 -> No File <==== ATTENTION Task: {AFF2EAB9-3C96-4026-8355-2FCA2C0A4323} - System32\Tasks\MSFT_TaskSettings3\CaesarsSlots => powershell.exe -NoProfile -WindowStyle Hidden -command cmd.exe /c if exist C:\Users\ckurl\AppData\Local\Packages\Playtika.CaesarsSlotsFreeCasino_7vjeg68vnncd2 start explorer.exe shell:appsFolder\Playtika.CaesarsSlotsFreeCasino_7vjeg68vnncd2!App Task: {B65F44B6-3A8C-46CA-8199-9061FE7DE060} - \LUMOS\TBW\TBW_22_00 -> No File <==== ATTENTION Task: {C2A071E2-CDEA-4B77-8B95-B91B32E537E5} - \LUMOS\TBW\TBW_04_30 -> No File <==== ATTENTION Task: {C986952E-0BBD-409A-AB94-9E76A333A9E3} - \LUMOS\TBW\TBW_09_30 -> No File <==== ATTENTION Task: {CF0D73FD-4D4A-4B93-8CDC-B97C707868B2} - \LUMOS\TBW\TBW_03_00 -> No File <==== ATTENTION Task: {D04459FA-C462-41A7-9452-B6114EF22E20} - \LUMOS\TBW\TBW_01_30 -> No File <==== ATTENTION Task: {D1B49010-67AF-4CE1-9F7B-30005A024538} - System32\Tasks\{792C56D5-DC60-4C20-8BB6-DACFE96AE1E2} => pcalua.exe -a C:\Users\ckurl\AppData\Local\{2D001B5C-09A8-77E4-6430-520C4058AE94}\uninst.exe -c -FN="C:\Users\ckurl\AppData\Local\{2D5D1BE6-080F-7690-6339-5142BFEBAC7C}\synctask.exe"-P=/Uninstall /s /noun /DelSelfDir Task: {D4B869AC-5FA5-42EB-A6BD-524DA6022FBE} - \LUMOS\TBW\TBW_20_00 -> No File <==== ATTENTION Task: {E8ABAC0E-18E7-4C95-B6FC-29967670B6EA} - \LUMOS\TBW\TBW_08_30 -> No File <==== ATTENTION Task: {ED545D42-49C3-4C07-A529-4C11A95EBD5B} - \LUMOS\TBW\TBW_17_30 -> No File <==== ATTENTION Task: {F1ACF427-6DC0-46B2-8169-D5875F5B04C7} - \LUMOS\TBW\TBW_15_30 -> No File <==== ATTENTION Task: {F5919863-BE80-4B09-ACB0-FACDB74FD707} - \LUMOS\TBW\TBW_21_00 -> No File <==== ATTENTION Task: {FA774262-2713-4544-A3DA-E6414D962C40} - \LUMOS\TBW\TBW_12_30 -> No File <==== ATTENTION AlternateDataStreams: C:\Users\ckurl:Heroes & Generals [38] AlternateDataStreams: C:\ProgramData\Temp:ECF54A0E [135] HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\D46ABDF2.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\D46ABDF2.sys => ""="Driver" C:\ProgramData\install_clap C:\ProgramData\ntuser.pol C:\Users\ckurl\AppData\Local\kxgdc C:\Windows\SysWOW64\5a4d4b35566e6f7e6335507a686b7e696870623b5a756f72364d72696e683559573548534e4f5f544c55566e6f7e63 EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully HKU\.DEFAULT\Software\MozillaPlugins\gingersoftware.com/gingerPlugin => key removed successfully C:\Program Files (x86)\Ginger\GingerServices\GingerServicesProxy.dll => not found. Chrome DefaultSearchURL => removed successfully Chrome DefaultSuggestURL => removed successfully C:\Users\ckurl\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk => moved successfully HKLM\SOFTWARE\Google\Chrome\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib => key removed successfully HKLM\SOFTWARE\Google\Chrome\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce => key removed successfully HKU\S-1-5-21-3379452668-3058411388-1845388906-1001\SOFTWARE\Google\Chrome\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce => key removed successfully HKLM\System\CurrentControlSet\Services\MFE_RR => key removed successfully MFE_RR => service removed successfully HKLM\System\CurrentControlSet\Services\D46ABDF2 => key removed successfully D46ABDF2 => service removed successfully HKLM\System\CurrentControlSet\Services\Partizan => key removed successfully Partizan => service removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{00615077-DD07-4963-B529-208732E0CC98} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00615077-DD07-4963-B529-208732E0CC98} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_04_00 => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{066FDB27-482E-45EC-89FE-296A667BEF47} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{066FDB27-482E-45EC-89FE-296A667BEF47} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_07_00 => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0E6157E1-9324-4F79-AC2F-0596760AA289} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E6157E1-9324-4F79-AC2F-0596760AA289} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_20_30 => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{11486291-E2F9-4EE7-910A-470A06389DFF} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11486291-E2F9-4EE7-910A-470A06389DFF} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Auslogics\Driver Updater\Start Driver Updater оn ckurl logon => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{19C37EF1-1335-4460-B43D-3AF1D9063D1A} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{19C37EF1-1335-4460-B43D-3AF1D9063D1A} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_18_00 => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1AA14685-00A4-46CA-A3A0-524A35C08D62} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1AA14685-00A4-46CA-A3A0-524A35C08D62} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_09_00 => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1D491542-565C-4D42-9C3A-8327E8698C03} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D491542-565C-4D42-9C3A-8327E8698C03} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_10_00 => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1F930566-392B-4389-879A-60A5F17BF86A} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F930566-392B-4389-879A-60A5F17BF86A} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_05_30 => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{23E29108-D829-42F6-AE0D-D612C6B15C40} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23E29108-D829-42F6-AE0D-D612C6B15C40} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_08_00 => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{258AB952-D067-4A4C-B5F9-A0A7CE4333DE} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{258AB952-D067-4A4C-B5F9-A0A7CE4333DE} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_06_00 => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{31F2C749-E3F5-405F-BE25-C6AB8493AF06} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31F2C749-E3F5-405F-BE25-C6AB8493AF06} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_06_30 => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{33D1363B-6D6D-4058-B2BF-41506E76FD76} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{33D1363B-6D6D-4058-B2BF-41506E76FD76} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_00_30 => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3F2B1D6F-7BC1-4AA4-ACD8-38BCB8421B3D} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F2B1D6F-7BC1-4AA4-ACD8-38BCB8421B3D} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_19_00 => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4353D761-CAA6-401D-A9F8-016FBE030398} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4353D761-CAA6-401D-A9F8-016FBE030398} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_21_30 => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4683F5E9-B5D6-4639-A8DD-A11F0427AC13} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4683F5E9-B5D6-4639-A8DD-A11F0427AC13} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_11_30 => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4B474376-DB93-48CE-BB10-6D0DC4A189BF} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B474376-DB93-48CE-BB10-6D0DC4A189BF} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_12_00 => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{570D73E8-473C-4611-8E63-319EA59BC8E4} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{570D73E8-473C-4611-8E63-319EA59BC8E4} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_01_00 => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{58652A9D-3B8B-4596-951F-9DAA9880BD62} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{58652A9D-3B8B-4596-951F-9DAA9880BD62} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_18_30 => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{59D14286-9C19-408B-B974-F313B0B0FC37} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59D14286-9C19-408B-B974-F313B0B0FC37} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC10_PerformanceMonitor => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{64EF5A71-0F8E-45DE-B6A8-67CA93417278} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{64EF5A71-0F8E-45DE-B6A8-67CA93417278} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_02_30 => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{662D2B71-DF00-49B8-9288-E9218EBD5F5B} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{662D2B71-DF00-49B8-9288-E9218EBD5F5B} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_23_00 => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{663C14AB-0200-49F2-A7C1-635EB0C630CD} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{663C14AB-0200-49F2-A7C1-635EB0C630CD} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_14_30 => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6AEC7E8A-3555-4F99-885C-26A156468358} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6AEC7E8A-3555-4F99-885C-26A156468358} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_07_30 => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{70357E3C-EC2A-44DE-97BF-6620BDCCE2CF} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{70357E3C-EC2A-44DE-97BF-6620BDCCE2CF} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_02_00 => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{706FF03A-76EB-4301-ADEE-0D7AA2B80C37} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{706FF03A-76EB-4301-ADEE-0D7AA2B80C37} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_17_00 => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7163B70E-D9C2-4664-B09A-4B088E5B43EB} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7163B70E-D9C2-4664-B09A-4B088E5B43EB} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_15_00 => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{73FEA031-3747-4D9A-B2E7-5142E8441DA8} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73FEA031-3747-4D9A-B2E7-5142E8441DA8} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_13_00 => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{763690B7-F07B-4672-996D-1049B67D2F1A} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{763690B7-F07B-4672-996D-1049B67D2F1A} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_13_30 => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7C7E0AB9-8E3D-4D54-900A-1894713952F3} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C7E0AB9-8E3D-4D54-900A-1894713952F3} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_23_30 => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7CA047E5-F6FF-4312-939B-BD0B41906552} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7CA047E5-F6FF-4312-939B-BD0B41906552} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_22_30 => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7F004AD8-97CE-4218-B29F-D423DA5739BB} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7F004AD8-97CE-4218-B29F-D423DA5739BB} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_03_30 => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{8490D1E7-7C5A-4505-A69C-FC678D0329B6} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8490D1E7-7C5A-4505-A69C-FC678D0329B6} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Avast settings backup => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{93D1A584-2E08-4B3A-988C-5F43839092B7} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{93D1A584-2E08-4B3A-988C-5F43839092B7} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_00_00 => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{95B87259-C355-438B-98D0-3996291B8C94} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{95B87259-C355-438B-98D0-3996291B8C94} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_19_30 => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{98E9A800-5DD9-4AEA-99DE-B7ACBCAF6C51} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98E9A800-5DD9-4AEA-99DE-B7ACBCAF6C51} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_16_30 => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{98F7D864-643F-4B06-8BCE-105F38E8E408} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98F7D864-643F-4B06-8BCE-105F38E8E408} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_10_30 => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9BBAA623-5637-4AB6-B1A2-D02BFD2AA917} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9BBAA623-5637-4AB6-B1A2-D02BFD2AA917} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_16_00 => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9FBDB771-1A2A-4AA5-AC16-7BB81A07B935} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9FBDB771-1A2A-4AA5-AC16-7BB81A07B935} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_14_00 => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A04BE138-B8D0-4884-AFC5-EE20360D641A} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A04BE138-B8D0-4884-AFC5-EE20360D641A} => key removed successfully C:\Windows\System32\Tasks\{BDA69597-C186-49A4-856F-CFDA838F02C2} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BDA69597-C186-49A4-856F-CFDA838F02C2} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A226D1C6-80D7-4B66-A2C4-60F0D7B29C3B} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A226D1C6-80D7-4B66-A2C4-60F0D7B29C3B} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_05_00 => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ABFDEB59-EF7D-42FF-945C-8EF93C0A26FC} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ABFDEB59-EF7D-42FF-945C-8EF93C0A26FC} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_11_00 => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AFF2EAB9-3C96-4026-8355-2FCA2C0A4323} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AFF2EAB9-3C96-4026-8355-2FCA2C0A4323} => key removed successfully C:\Windows\System32\Tasks\MSFT_TaskSettings3\CaesarsSlots => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MSFT_TaskSettings3\CaesarsSlots => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B65F44B6-3A8C-46CA-8199-9061FE7DE060} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B65F44B6-3A8C-46CA-8199-9061FE7DE060} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_22_00 => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C2A071E2-CDEA-4B77-8B95-B91B32E537E5} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2A071E2-CDEA-4B77-8B95-B91B32E537E5} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_04_30 => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C986952E-0BBD-409A-AB94-9E76A333A9E3} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C986952E-0BBD-409A-AB94-9E76A333A9E3} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_09_30 => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CF0D73FD-4D4A-4B93-8CDC-B97C707868B2} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF0D73FD-4D4A-4B93-8CDC-B97C707868B2} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_03_00 => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D04459FA-C462-41A7-9452-B6114EF22E20} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D04459FA-C462-41A7-9452-B6114EF22E20} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_01_30 => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D1B49010-67AF-4CE1-9F7B-30005A024538} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1B49010-67AF-4CE1-9F7B-30005A024538} => key removed successfully C:\Windows\System32\Tasks\{792C56D5-DC60-4C20-8BB6-DACFE96AE1E2} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{792C56D5-DC60-4C20-8BB6-DACFE96AE1E2} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D4B869AC-5FA5-42EB-A6BD-524DA6022FBE} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4B869AC-5FA5-42EB-A6BD-524DA6022FBE} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_20_00 => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E8ABAC0E-18E7-4C95-B6FC-29967670B6EA} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8ABAC0E-18E7-4C95-B6FC-29967670B6EA} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_08_30 => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ED545D42-49C3-4C07-A529-4C11A95EBD5B} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ED545D42-49C3-4C07-A529-4C11A95EBD5B} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_17_30 => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F1ACF427-6DC0-46B2-8169-D5875F5B04C7} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F1ACF427-6DC0-46B2-8169-D5875F5B04C7} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_15_30 => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F5919863-BE80-4B09-ACB0-FACDB74FD707} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5919863-BE80-4B09-ACB0-FACDB74FD707} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_21_00 => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA774262-2713-4544-A3DA-E6414D962C40} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA774262-2713-4544-A3DA-E6414D962C40} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LUMOS\TBW\TBW_12_30 => key removed successfully C:\Users\ckurl => ":Heroes & Generals" ADS removed successfully. C:\ProgramData\Temp => ":ECF54A0E" ADS removed successfully. HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\D46ABDF2.sys => key removed successfully HKLM\System\CurrentControlSet\Control\SafeBoot\Network\D46ABDF2.sys => key removed successfully C:\ProgramData\install_clap => moved successfully C:\ProgramData\ntuser.pol => moved successfully C:\Users\ckurl\AppData\Local\kxgdc => moved successfully C:\Windows\SysWOW64\5a4d4b35566e6f7e6335507a686b7e696870623b5a756f72364d72696e683559573548534e4f5f544c55566e6f7e63 => moved successfully =========== EmptyTemp: ========== BITS transfer queue => 0 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 29011216 B Java, Flash, Steam htmlcache => 261692113 B Windows/system/drivers => 2343192 B Edge => 206234 B Chrome => 534758194 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 6786 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 128 B LocalService => 1703534 B NetworkService => 16592 B ckurl => 14011973 B RecycleBin => 17338900241 B EmptyTemp: => 16.9 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 14:42:11 ==== THIS REMOVED ALL OF MY CHROME EXTENSIONS, SAVED PASSWORDS, AND ACCOUNTS. Is there any way to get them back automatically? I use onetab and some very important tabs were saved. Or do i just have to deal with it. The faulty search enginge was removed but i still have (muxh less) pop up ads. Link to post Share on other sites More sharing options...
Aura Posted May 9, 2017 ID:1123216 Share Posted May 9, 2017 Can you check in Google Chrome if you are still signed in? If not, sign in, and all your extensions, passwords, accounts, etc. should comeback. Link to post Share on other sites More sharing options...
joshkmartinez Posted May 9, 2017 Author ID:1123265 Share Posted May 9, 2017 I wasn't signed in in the first place. I have already manually added my stuff back. I still get the occasional pop-up ad and redirect links Link to post Share on other sites More sharing options...
Aura Posted May 9, 2017 ID:1123309 Share Posted May 9, 2017 In that case, it's possible that the adware is living inside your Google Chrome installation, and the next step would be to uninstall and reinstall it. If you sign in your Google account and have the sync enabled, you'll be able to access your bookmarks, extensions, passwords, etc. everywhere. Link to post Share on other sites More sharing options...
joshkmartinez Posted May 9, 2017 Author ID:1123352 Share Posted May 9, 2017 ok is there a recommended uninstaller, or just use the built it windows one? Link to post Share on other sites More sharing options...
Aura Posted May 9, 2017 ID:1123358 Share Posted May 9, 2017 The built-in Windows uninstaller should do the job. Link to post Share on other sites More sharing options...
joshkmartinez Posted May 10, 2017 Author ID:1123390 Share Posted May 10, 2017 I uninstalled and reinstalled and I just got another pop-up ad. I have no idea what to do next Link to post Share on other sites More sharing options...
Aura Posted May 10, 2017 ID:1123474 Share Posted May 10, 2017 Install uBlock Origin for Google Chrome, and let me know if you get any more pop-up ads. https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm?hl=en Link to post Share on other sites More sharing options...
joshkmartinez Posted May 11, 2017 Author ID:1123691 Share Posted May 11, 2017 nope after a day I have not received any more pop up ads, however, i would like to stop the ads at the source(not use an extension to block them), so is there any way I can delete them or something? Link to post Share on other sites More sharing options...
Aura Posted May 11, 2017 ID:1123698 Share Posted May 11, 2017 From what I can see, you aren't infected by an adware. The ads you are getting are from the various websites you visit, and most of them look intrusive (welcome to the world of malvertising). I see that you have Adblock installed, but in 2017, it really is outdated and of no use. Only uBlock Origin seems to be really efficient from my experience. Link to post Share on other sites More sharing options...
Recommended Posts