Jump to content

Russian Hijack Adware


Recommended Posts

I seemed to have downloaded a malware when getting some software. My desktop changed and had a new tool bar with Russian characters. I found and removed an entry in the Windows registry HKEY_CUEERNT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.  I am running Windows 10 with all current updates. I ran Microsoft Defender, AdwCleaner, Malwarebytes and microsoft MSRT and many threats were quarantines and removed but I am still infected. When I launch Chrome I get constant notifications from Malwarebytes that outgoing traffic to many ".ru" sites is being blocked. Malwarebytes fails to clean "PUP Operational Legacy, Firefox search Provider, inline.go.mail.ru and suggests.go.mail.ru and reports that it failed to clean these. Before this happened I did not have to enter a password to get into Windows, I now have to enter my password and the entry screes indicates that there are two accounts so I think this malware somehow created a new account that I can't find to remove. One last weird thing is that I can no linger click on links in my Thunderbird emails and have them open the website (for instance my Costco weekly offers) - when I click on the link nothing happens. I don't know where to go from here. Any help or suggestions would be appreciated.

Link to post
Share on other sites

Hello caper0831 and welcome to Malwarebytes,

Continue with the following:

If you do not have Malwarebytes installed do the following:

Download Malwarebytes version 3 from the following link:

https://www.malwarebytes.com/mwb-download/thankyou/

Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions....

When the install completes or Malwarebytes is already installed do the following:

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes deal with any found entries...

To get the log from Malwarebytes do the following:
 
  • Click on the Report tab > from main interface.
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs in your reply...

Thank you,

Kevin....
Link to post
Share on other sites

Thanks, Kevin, for the quick response. Here is the information from the Malwarebytes scan:

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 4/16/18
Protection Event Time: 6:50 PM
Log File: 1d29538e-41c0-11e8-bd73-50465de5d48d.json
Administrator: Yes

-Software Information-
Version: 3.4.5.2467
Components Version: 1.0.342
Update Package Version: 1.0.4758
License: Trial

-System Information-
OS: Windows 10 (Build 16299.371)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Category: Malware
Domain: v1hcmqbaqw.ru
IP Address: 185.80.53.62
Port: [49849]
Type: Outbound
File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

(end)

Here are the logs from FARBAR:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15.04.2018
Ran by ameyb_000 (administrator) on MAIN (17-04-2018 19:27:07)
Running from C:\Users\ameyb_000\Desktop
Loaded Profiles: UpdatusUser & ameyb_000 (Available Profiles: UpdatusUser & ameyb_000)
Platform: Windows 10 Home Version 1709 16299.371 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.3.909.11573\AdAwareService.exe
() C:\Windows\System32\DptfParticipantProcessorService.exe
() C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
() C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe
() C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\SkypeHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 4\x64\Win64ShellLink.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 4\Integrator.exe
() C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.3.909.11573\AdAwareTray.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
() C:\Program Files\Google\Drive\googledrivesync.exe
(© 2015 Microsoft Corporation) C:\Users\ameyb_000\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
() C:\Program Files\Google\Drive\googledrivesync.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191312 2012-08-07] (Realtek Semiconductor)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe********************************************* [107192 2012-08-24] ()
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1795728 2015-08-23] (NVIDIA Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AdAwareTray] => C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.3.909.11573\AdAwareTray.exe [4745688 2018-02-24] ()
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-27] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKU\S-1-5-21-3443199759-2312325277-567934048-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
HKU\S-1-5-21-3443199759-2312325277-567934048-1002\...\Run: [BitTorrent] => C:\Users\ameyb_000\AppData\Roaming\BitTorrent\BitTorrent.exe [1388888 2014-11-26] (BitTorrent Inc.)
HKU\S-1-5-21-3443199759-2312325277-567934048-1002\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [46139776 2018-03-15] ()
HKU\S-1-5-21-3443199759-2312325277-567934048-1002\...\Run: [BingSvc] => C:\Users\ameyb_000\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-15] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3443199759-2312325277-567934048-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27784672 2017-06-27] (Skype Technologies S.A.)
HKU\S-1-5-21-3443199759-2312325277-567934048-1002\...\MountPoints2: {cc06ddff-50db-11e3-824f-806e6f6e6963} - "E:\SETUP.EXE"
HKU\S-1-5-21-3443199759-2312325277-567934048-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [36864 2017-09-29] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2016-03-25]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2016-03-25]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk [2016-03-25]
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 142.166.166.166
Tcpip\..\Interfaces\{97525bfe-4f82-4331-b242-a00e1d69e78c}: [DhcpNameServer] 192.168.2.1 142.166.166.166

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3443199759-2312325277-567934048-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3443199759-2312325277-567934048-1002 -> DefaultScope {A06ED961-D98F-4CF9-A89B-80AB11DB149C} URL =
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-05-30] (LastPass)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-05-30] (LastPass)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-05-30] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-05-30] (LastPass)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-06-01] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\ameyb_000\AppData\Roaming\Mozilla\Firefox\Profiles\8gbp1fo5.default [2018-04-17]
FF Homepage: Mozilla\Firefox\Profiles\8gbp1fo5.default -> hxxp://www.google.ca/
FF Extension: (F.B Purity - Cleans up Facebook (WX)) - C:\Users\ameyb_000\AppData\Roaming\Mozilla\Firefox\Profiles\8gbp1fo5.default\Extensions\fbpElectroWebExt@fbpurity.com.xpi [2018-03-09]
FF Extension: (LastPass: Free Password Manager) - C:\Users\ameyb_000\AppData\Roaming\Mozilla\Firefox\Profiles\8gbp1fo5.default\Extensions\support@lastpass.com.xpi [2018-04-14]
FF Extension: (Microsoft .NET Framework Assistant) - C:\Users\ameyb_000\AppData\Roaming\Mozilla\Firefox\Profiles\8gbp1fo5.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013-11-22] [Legacy] [not signed]
FF Extension: (TLS 1.3 gradual roll-out) - C:\Users\ameyb_000\AppData\Roaming\Mozilla\Firefox\Profiles\8gbp1fo5.default\features\{ad06404a-de98-4e2e-9daa-c553e65b563a}\tls13-rollout-bug1442042@mozilla.org.xpi [2018-04-03] [Legacy]
FF SearchPlugin: C:\Users\ameyb_000\AppData\Roaming\Mozilla\Firefox\Profiles\8gbp1fo5.default\searchplugins\bing-.xml [2015-11-15]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_29_0_0_140.dll [2018-04-10] ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2014-05-30] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_140.dll [2018-04-10] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll [2014-05-30] (LastPass)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3443199759-2312325277-567934048-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\ameyb_000\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2017-05-18] (Unity Technologies ApS)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.ca/"
CHR Profile: C:\Users\ameyb_000\AppData\Local\Google\Chrome\User Data\Default [2018-04-17]
CHR Extension: (Google Drive) - C:\Users\ameyb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-08]
CHR Extension: (Adobe Acrobat) - C:\Users\ameyb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-10-01]
CHR Extension: (Google Docs Offline) - C:\Users\ameyb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-25]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\ameyb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2018-04-15]
CHR Extension: (No Name) - C:\Users\ameyb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnoejnlbkbnckikbkmnpippafneemknp [2018-04-15]
CHR Extension: (Skype) - C:\Users\ameyb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-11]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\ameyb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-11-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ameyb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-07]
CHR Extension: (Chrome Media Router) - C:\Users\ameyb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-24]
CHR HKU\S-1-5-21-3443199759-2312325277-567934048-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\ameyb_000\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-11-07]
CHR HKU\S-1-5-21-3443199759-2312325277-567934048-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3443199759-2312325277-567934048-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 adawareantivirusservice; C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.3.909.11573\AdAwareService.exe [587832 2018-02-24] ()
R2 DptfParticipantProcessorService; C:\WINDOWS\system32\DptfParticipantProcessorService.exe [29056 2012-07-30] ()
R2 DptfPolicyConfigTDPService; C:\WINDOWS\system32\DptfPolicyConfigTDPService.exe [30592 2012-07-30] ()
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [24888 2015-07-26] (Hewlett-Packard Company)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-30] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [3894760 2017-10-19] (Paramount Software UK Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [288256 2010-09-08] (WDC) [File not signed]
R2 WDFME; C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe [1034752 2010-09-08] () [File not signed]
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17613.18039-0\NisSrv.exe [4633248 2018-04-12] (Microsoft Corporation)
R2 WDSC; C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe [485376 2010-09-08] () [File not signed]
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17613.18039-0\MsMpEng.exe [104680 2018-04-12] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R0 BootDefragDriver; C:\WINDOWS\System32\drivers\BootDefragDriver.sys [17088 2013-12-02] (Glarysoft Ltd)
R3 dlcdcncm; C:\WINDOWS\System32\drivers\dlcdcncm62_x64.sys [92400 2017-05-29] (DisplayLink Corp.)
R3 dlusbaudio; C:\WINDOWS\system32\DRIVERS\dlusbaudio_x64.sys [238320 2017-05-29] (DisplayLink Corp.)
R3 DptfDevDram; C:\WINDOWS\system32\DRIVERS\DptfDevDram.sys [107328 2012-07-13] (Intel Corporation)
R3 DptfDevFan; C:\WINDOWS\system32\DRIVERS\DptfDevFan.sys [42816 2012-07-13] (Intel Corporation)
R3 DptfDevGen; C:\WINDOWS\system32\DRIVERS\DptfDevGen.sys [64832 2012-07-13] (Intel Corporation)
R3 DptfDevPch; C:\WINDOWS\system32\DRIVERS\DptfDevPch.sys [96064 2012-07-13] (Intel Corporation)
R3 DptfDevProc; C:\WINDOWS\system32\DRIVERS\DptfDevProc.sys [228672 2012-07-13] (Intel Corporation)
R3 DptfManager; C:\WINDOWS\system32\DRIVERS\DptfManager.sys [361792 2012-07-13] (Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [76192 2018-03-19] ()
R1 excfs; C:\WINDOWS\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)
R0 excsd; C:\WINDOWS\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)
R3 irstrtdv; C:\WINDOWS\System32\drivers\irstrtdv.sys [43800 2012-07-30] (Intel Corporation)
R3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193768 2018-04-16] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [112864 2018-04-17] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [44768 2018-04-17] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-04-16] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [102112 2018-04-17] (Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvlddmkm.sys [13754936 2016-09-12] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek )
R3 Trufos; C:\WINDOWS\System32\DRIVERS\Trufos.sys [467040 2018-01-22] (BitDefender S.R.L.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46072 2018-04-12] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [311848 2018-04-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60456 2018-04-12] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-17 19:27 - 2018-04-17 19:27 - 000021505 _____ C:\Users\ameyb_000\Desktop\FRST.txt
2018-04-17 19:26 - 2018-04-17 19:27 - 000000000 ____D C:\FRST
2018-04-17 19:26 - 2018-04-17 18:47 - 002403328 _____ (Farbar) C:\Users\ameyb_000\Desktop\FRST64.exe
2018-04-17 19:02 - 2018-04-17 18:28 - 073254968 _____ (Malwarebytes ) C:\Users\ameyb_000\Downloads\mb3-setup-consumer-3.4.5.2467-1.0.342-1.0.4766.exe
2018-04-17 15:37 - 2018-04-17 15:34 - 043604600 _____ (Microsoft Corporation) C:\Users\ameyb_000\Desktop\Windows-KB890830-x64-V5.59.exe
2018-04-16 19:16 - 2018-04-16 19:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2018-04-16 19:15 - 2018-04-17 13:57 - 000000000 ____D C:\Program Files (x86)\Microsoft Works
2018-04-16 19:15 - 2018-04-16 19:15 - 000000000 ____D C:\WINDOWS\PCHEALTH
2018-04-16 19:15 - 2018-04-16 19:15 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2018-04-16 19:13 - 2018-04-16 19:13 - 000000000 ____D C:\Program Files\Microsoft Office
2018-04-16 19:13 - 2018-04-16 19:13 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2018-04-16 19:12 - 2018-04-16 19:15 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-04-16 18:34 - 2018-04-17 18:58 - 000102112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-04-16 18:34 - 2018-04-17 15:49 - 000112864 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-04-16 18:34 - 2018-04-17 15:49 - 000044768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-04-16 18:34 - 2018-04-16 18:34 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-04-16 18:34 - 2018-04-16 18:34 - 000193768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-04-16 18:34 - 2018-04-16 18:34 - 000001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-04-16 18:34 - 2018-04-16 18:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-04-16 18:34 - 2018-03-19 12:57 - 000076192 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-04-16 18:33 - 2018-04-16 18:33 - 073446016 _____ (Malwarebytes ) C:\Users\ameyb_000\Downloads\mb3-setup-consumer-3.4.5.2467-1.0.342-1.0.4756.exe
2018-04-16 18:33 - 2018-04-16 18:33 - 000000000 ____D C:\Program Files\Malwarebytes
2018-04-16 15:11 - 2018-04-16 15:11 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-04-16 15:11 - 2018-04-16 15:11 - 000000995 _____ C:\Users\Public\Desktop\Firefox.lnk
2018-04-16 15:10 - 2018-04-16 15:11 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-04-16 15:10 - 2018-04-16 15:07 - 000313520 _____ (Mozilla) C:\Users\ameyb_000\Desktop\Firefox Installer.exe
2018-04-16 12:54 - 2018-04-16 12:55 - 000000000 ____D C:\AdwCleaner
2018-04-16 12:54 - 2018-04-16 11:23 - 007256272 _____ (Malwarebytes) C:\Users\ameyb_000\Desktop\adwcleaner_7.1.0.0.exe
2018-04-15 19:04 - 2018-04-15 19:04 - 000002418 _____ C:\Users\Public\Desktop\Adaware Antivirus.lnk
2018-04-15 19:04 - 2018-04-15 19:04 - 000000000 ____D C:\Users\ameyb_000\AppData\Roaming\adaware
2018-04-15 19:04 - 2018-04-15 19:04 - 000000000 ____D C:\Users\ameyb_000\AppData\Local\AdAwareDesktop
2018-04-15 19:04 - 2018-04-15 19:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\adaware
2018-04-15 19:03 - 2018-04-15 19:03 - 000000000 ____D C:\Users\ameyb_000\AppData\Local\AdAwareUpdater
2018-04-15 19:03 - 2018-04-15 19:03 - 000000000 ____D C:\Program Files\adaware
2018-04-15 19:02 - 2018-04-15 19:02 - 002630064 _____ C:\Users\ameyb_000\Downloads\Adaware_Installer.exe
2018-04-15 19:02 - 2018-04-15 19:02 - 000000000 ____D C:\ProgramData\adaware
2018-04-15 19:02 - 2018-04-15 19:02 - 000000000 ____D C:\Program Files\Common Files\adaware
2018-04-15 15:08 - 2018-04-15 15:08 - 000000000 ____D C:\Users\ameyb_000\AppData\Local\NetBoxLogs
2018-04-15 13:38 - 2018-04-15 13:47 - 000000000 ____D C:\Users\ameyb_000\AppData\Roaming\AGData
2018-04-15 13:35 - 2018-04-15 13:36 - 069329823 _____ C:\Users\ameyb_000\Downloads\mstoolkit265stable.zip
2018-04-15 12:59 - 2018-04-15 12:59 - 000000000 __RHD C:\MSOCache
2018-04-10 20:17 - 2018-04-03 16:37 - 000835064 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-04-10 20:17 - 2018-04-03 16:37 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-04-10 17:23 - 2018-03-30 09:34 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-04-10 17:23 - 2018-03-30 02:18 - 001092008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-04-10 17:23 - 2018-03-30 02:14 - 000423320 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-04-10 17:23 - 2018-03-30 02:12 - 000599448 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-04-10 17:23 - 2018-03-30 02:10 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-04-10 17:23 - 2018-03-30 02:08 - 002513920 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-04-10 17:23 - 2018-03-30 02:08 - 001568160 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-04-10 17:23 - 2018-03-30 02:08 - 001415296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-04-10 17:23 - 2018-03-30 02:08 - 000137112 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-04-10 17:23 - 2018-03-30 02:07 - 000300448 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-04-10 17:23 - 2018-03-30 02:07 - 000069528 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-04-10 17:23 - 2018-03-30 02:06 - 000166304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2018-04-10 17:23 - 2018-03-30 02:05 - 001206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-04-10 17:23 - 2018-03-30 02:05 - 001056152 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-04-10 17:23 - 2018-03-30 02:05 - 000748448 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-04-10 17:23 - 2018-03-30 02:05 - 000066720 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll
2018-04-10 17:23 - 2018-03-30 02:05 - 000015632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumdll.dll
2018-04-10 17:23 - 2018-03-30 02:04 - 002002336 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-04-10 17:23 - 2018-03-30 02:04 - 000608160 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-04-10 17:23 - 2018-03-30 02:04 - 000035224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-04-10 17:23 - 2018-03-30 02:03 - 001277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-04-10 17:23 - 2018-03-30 02:03 - 000664992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-04-10 17:23 - 2018-03-30 02:03 - 000508272 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2018-04-10 17:23 - 2018-03-30 02:03 - 000479920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-04-10 17:23 - 2018-03-30 02:03 - 000460704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-04-10 17:23 - 2018-03-30 02:03 - 000319864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-04-10 17:23 - 2018-03-30 02:03 - 000292384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2018-04-10 17:23 - 2018-03-30 02:03 - 000272288 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-04-10 17:23 - 2018-03-30 02:03 - 000077216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-04-10 17:23 - 2018-03-30 02:03 - 000059808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bam.sys
2018-04-10 17:23 - 2018-03-30 02:03 - 000022400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2018-04-10 17:23 - 2018-03-30 02:01 - 008600480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-04-10 17:23 - 2018-03-30 02:01 - 001209760 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-04-10 17:23 - 2018-03-30 02:01 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2018-04-10 17:23 - 2018-03-30 02:01 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-04-10 17:23 - 2018-03-30 02:01 - 000471968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-04-10 17:23 - 2018-03-30 02:00 - 002395040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-04-10 17:23 - 2018-03-30 01:59 - 000398744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2018-04-10 17:23 - 2018-03-30 01:59 - 000082840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-04-10 17:23 - 2018-03-30 01:58 - 000898216 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-04-10 17:23 - 2018-03-30 01:58 - 000129432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2018-04-10 17:23 - 2018-03-30 01:57 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-04-10 17:23 - 2018-03-30 01:57 - 000540064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-04-10 17:23 - 2018-03-30 01:57 - 000109976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-04-10 17:23 - 2018-03-30 01:57 - 000081304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2018-04-10 17:23 - 2018-03-30 01:55 - 000367344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2018-04-10 17:23 - 2018-03-30 01:55 - 000062880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fsdepends.sys
2018-04-10 17:23 - 2018-03-30 01:54 - 002574240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-04-10 17:23 - 2018-03-30 01:54 - 000749984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-04-10 17:23 - 2018-03-30 01:54 - 000461728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2018-04-10 17:23 - 2018-03-30 01:54 - 000408992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-04-10 17:23 - 2018-03-30 01:53 - 007676304 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-04-10 17:23 - 2018-03-30 01:53 - 002710736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-04-10 17:23 - 2018-03-30 01:53 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-04-10 17:23 - 2018-03-30 01:53 - 000549552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2018-04-10 17:23 - 2018-03-30 01:53 - 000246176 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-04-10 17:23 - 2018-03-30 01:53 - 000163744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2018-04-10 17:23 - 2018-03-30 01:52 - 021351632 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-04-10 17:23 - 2018-03-30 01:52 - 002457504 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2018-04-10 17:23 - 2018-03-30 01:52 - 000727456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-04-10 17:23 - 2018-03-30 01:52 - 000677280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-04-10 17:23 - 2018-03-30 01:52 - 000428960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-04-10 17:23 - 2018-03-30 01:51 - 000902928 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-04-10 17:23 - 2018-03-30 01:51 - 000147872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-04-10 17:23 - 2018-03-30 01:50 - 001336344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-04-10 17:23 - 2018-03-30 01:50 - 000057760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbios.sys
2018-04-10 17:23 - 2018-03-30 01:48 - 001101728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-04-10 17:23 - 2018-03-30 01:48 - 000614304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2018-04-10 17:23 - 2018-03-30 01:28 - 001929712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-04-10 17:23 - 2018-03-30 01:28 - 000777912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-04-10 17:23 - 2018-03-30 01:27 - 000481464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2018-04-10 17:23 - 2018-03-30 01:24 - 000212896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-04-10 17:23 - 2018-03-30 01:23 - 000566664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-04-10 17:23 - 2018-03-30 01:19 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-04-10 17:23 - 2018-03-30 01:16 - 000289824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2018-04-10 17:23 - 2018-03-30 01:13 - 002193176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-04-10 17:23 - 2018-03-30 01:13 - 000450936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2018-04-10 17:23 - 2018-03-30 01:10 - 000704080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-04-10 17:23 - 2018-03-30 01:09 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-04-10 17:23 - 2018-03-30 01:07 - 001003160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-04-10 17:23 - 2018-03-30 00:55 - 025253888 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-04-10 17:23 - 2018-03-30 00:46 - 018925056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-04-10 17:23 - 2018-03-30 00:46 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-04-10 17:23 - 2018-03-30 00:46 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2018-04-10 17:23 - 2018-03-30 00:45 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-04-10 17:23 - 2018-03-30 00:45 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2018-04-10 17:23 - 2018-03-30 00:43 - 019355136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-04-10 17:23 - 2018-03-30 00:43 - 006576128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-04-10 17:23 - 2018-03-30 00:43 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-04-10 17:23 - 2018-03-30 00:43 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\virtdisk.dll
2018-04-10 17:23 - 2018-03-30 00:42 - 000397824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2018-04-10 17:23 - 2018-03-30 00:42 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2018-04-10 17:23 - 2018-03-30 00:42 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2018-04-10 17:23 - 2018-03-30 00:42 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2018-04-10 17:23 - 2018-03-30 00:41 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-04-10 17:23 - 2018-03-30 00:41 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2018-04-10 17:23 - 2018-03-30 00:41 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-04-10 17:23 - 2018-03-30 00:41 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-04-10 17:23 - 2018-03-30 00:41 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2018-04-10 17:23 - 2018-03-30 00:40 - 011924992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-04-10 17:23 - 2018-03-30 00:40 - 000344064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-04-10 17:23 - 2018-03-30 00:40 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2018-04-10 17:23 - 2018-03-30 00:39 - 001485312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2018-04-10 17:23 - 2018-03-30 00:39 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-04-10 17:23 - 2018-03-30 00:38 - 006032384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-04-10 17:23 - 2018-03-30 00:38 - 000966656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2018-04-10 17:23 - 2018-03-30 00:38 - 000956928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2018-04-10 17:23 - 2018-03-30 00:38 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-04-10 17:23 - 2018-03-30 00:38 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-04-10 17:23 - 2018-03-30 00:38 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-04-10 17:23 - 2018-03-30 00:38 - 000235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2018-04-10 17:23 - 2018-03-30 00:37 - 003677184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-04-10 17:23 - 2018-03-30 00:37 - 001298944 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-04-10 17:23 - 2018-03-30 00:36 - 003664384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-04-10 17:23 - 2018-03-30 00:36 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-04-10 17:23 - 2018-03-30 00:36 - 002014720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-04-10 17:23 - 2018-03-30 00:36 - 001560064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-04-10 17:23 - 2018-03-30 00:36 - 001474560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-04-10 17:23 - 2018-03-30 00:36 - 000897024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-04-10 17:23 - 2018-03-30 00:36 - 000825856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-04-10 17:23 - 2018-03-30 00:36 - 000098304 _____ C:\WINDOWS\system32\runexehelper.exe
2018-04-10 17:23 - 2018-03-30 00:35 - 000858112 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-04-10 17:23 - 2018-03-30 00:35 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-04-10 17:23 - 2018-03-30 00:35 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-04-10 17:23 - 2018-03-30 00:35 - 000400384 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-04-10 17:23 - 2018-03-30 00:35 - 000249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-04-10 17:23 - 2018-03-30 00:35 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\convertvhd.exe
2018-04-10 17:23 - 2018-03-30 00:35 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2018-04-10 17:23 - 2018-03-30 00:35 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2018-04-10 17:23 - 2018-03-30 00:35 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2018-04-10 17:23 - 2018-03-30 00:33 - 008031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-04-10 17:23 - 2018-03-30 00:33 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2018-04-10 17:23 - 2018-03-30 00:33 - 000055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\virtdisk.dll
2018-04-10 17:23 - 2018-03-30 00:33 - 000017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmApplicationHealthMonitorProxy.dll
2018-04-10 17:23 - 2018-03-30 00:32 - 023674880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-04-10 17:23 - 2018-03-30 00:32 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-04-10 17:23 - 2018-03-30 00:32 - 000212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2018-04-10 17:23 - 2018-03-30 00:32 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-04-10 17:23 - 2018-03-30 00:32 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-04-10 17:23 - 2018-03-30 00:32 - 000186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2018-04-10 17:23 - 2018-03-30 00:32 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2018-04-10 17:23 - 2018-03-30 00:32 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2018-04-10 17:23 - 2018-03-30 00:32 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-04-10 17:23 - 2018-03-30 00:31 - 000795136 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalAuth.dll
2018-04-10 17:23 - 2018-03-30 00:31 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-04-10 17:23 - 2018-03-30 00:31 - 000416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2018-04-10 17:23 - 2018-03-30 00:31 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-04-10 17:23 - 2018-03-30 00:31 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2018-04-10 17:23 - 2018-03-30 00:31 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2018-04-10 17:23 - 2018-03-30 00:31 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2018-04-10 17:23 - 2018-03-30 00:30 - 012833280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-04-10 17:23 - 2018-03-30 00:30 - 001498112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-04-10 17:23 - 2018-03-30 00:30 - 000748032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2018-04-10 17:23 - 2018-03-30 00:30 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2018-04-10 17:23 - 2018-03-30 00:30 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcncsvc.dll
2018-04-10 17:23 - 2018-03-30 00:30 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-04-10 17:23 - 2018-03-30 00:30 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-04-10 17:23 - 2018-03-30 00:30 - 000369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\APHostService.dll
2018-04-10 17:23 - 2018-03-30 00:30 - 000276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2018-04-10 17:23 - 2018-03-30 00:30 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2018-04-10 17:23 - 2018-03-30 00:30 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2018-04-10 17:23 - 2018-03-30 00:29 - 001495552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-04-10 17:23 - 2018-03-30 00:29 - 000791552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-04-10 17:23 - 2018-03-30 00:29 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-04-10 17:23 - 2018-03-30 00:29 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2018-04-10 17:23 - 2018-03-30 00:29 - 000555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2018-04-10 17:23 - 2018-03-30 00:29 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2018-04-10 17:23 - 2018-03-30 00:29 - 000436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-04-10 17:23 - 2018-03-30 00:29 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
2018-04-10 17:23 - 2018-03-30 00:29 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2018-04-10 17:23 - 2018-03-30 00:29 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-04-10 17:23 - 2018-03-30 00:28 - 003121664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2018-04-10 17:23 - 2018-03-30 00:28 - 001245184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2018-04-10 17:23 - 2018-03-30 00:28 - 000970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2018-04-10 17:23 - 2018-03-30 00:28 - 000951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2018-04-10 17:23 - 2018-03-30 00:28 - 000815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-04-10 17:23 - 2018-03-30 00:28 - 000757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-04-10 17:23 - 2018-03-30 00:28 - 000721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-04-10 17:23 - 2018-03-30 00:28 - 000624128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2018-04-10 17:23 - 2018-03-30 00:28 - 000595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-04-10 17:23 - 2018-03-30 00:28 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2018-04-10 17:23 - 2018-03-30 00:28 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2018-04-10 17:23 - 2018-03-30 00:27 - 008104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-04-10 17:23 - 2018-03-30 00:27 - 003170816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-04-10 17:23 - 2018-03-30 00:27 - 001657856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2018-04-10 17:23 - 2018-03-30 00:27 - 001097728 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2018-04-10 17:23 - 2018-03-30 00:27 - 001002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-04-10 17:23 - 2018-03-30 00:27 - 000985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-04-10 17:23 - 2018-03-30 00:27 - 000813568 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-04-10 17:23 - 2018-03-30 00:27 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2018-04-10 17:23 - 2018-03-30 00:27 - 000258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2018-04-10 17:23 - 2018-03-30 00:26 - 004747776 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-04-10 17:23 - 2018-03-30 00:26 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-04-10 17:23 - 2018-03-30 00:26 - 002209280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-04-10 17:23 - 2018-03-30 00:26 - 002086400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-04-10 17:23 - 2018-03-30 00:26 - 001816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-04-10 17:23 - 2018-03-30 00:26 - 001573376 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2018-04-10 17:23 - 2018-03-30 00:26 - 001343488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2018-04-10 17:23 - 2018-03-30 00:26 - 000716288 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-04-10 17:23 - 2018-03-30 00:25 - 002628608 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-04-10 17:23 - 2018-03-30 00:25 - 002528256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-04-10 17:23 - 2018-03-30 00:25 - 002083840 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-04-10 17:23 - 2018-03-30 00:25 - 001822720 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-04-10 17:23 - 2018-03-30 00:25 - 001597952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-04-10 17:23 - 2018-03-30 00:25 - 001548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-04-10 17:23 - 2018-03-30 00:25 - 001424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-04-10 17:23 - 2018-03-30 00:25 - 001055744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-04-10 17:23 - 2018-03-30 00:25 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-04-10 17:23 - 2018-03-30 00:25 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-04-10 17:23 - 2018-03-30 00:25 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-04-10 17:23 - 2018-03-30 00:24 - 000925184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-04-10 17:23 - 2018-03-30 00:24 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-04-10 17:23 - 2018-03-30 00:23 - 000963584 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-04-10 17:23 - 2018-03-30 00:23 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-04-10 17:23 - 2018-03-30 00:23 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll
2018-04-10 17:23 - 2018-03-30 00:21 - 002511360 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2018-04-10 17:23 - 2018-03-30 00:21 - 001160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2018-04-10 17:23 - 2018-03-30 00:20 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys
2018-04-10 17:23 - 2018-03-13 04:03 - 005907288 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-04-10 17:23 - 2018-03-13 04:03 - 000779960 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-04-10 17:23 - 2018-03-13 04:03 - 000739696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2018-04-10 17:23 - 2018-03-13 04:03 - 000382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-04-10 17:23 - 2018-03-13 04:03 - 000279960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-04-10 17:23 - 2018-03-13 04:02 - 001954048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-04-10 17:23 - 2018-03-13 03:59 - 000535968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2018-04-10 17:23 - 2018-03-13 03:58 - 000377760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-04-10 17:23 - 2018-03-13 03:58 - 000170904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-04-10 17:23 - 2018-03-13 03:55 - 000979352 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2018-04-10 17:23 - 2018-03-13 03:54 - 000555936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-04-10 17:23 - 2018-03-13 03:53 - 001054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-04-10 17:23 - 2018-03-13 03:53 - 000113568 _____ (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll
2018-04-10 17:23 - 2018-03-13 03:52 - 007384576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-04-10 17:23 - 2018-03-13 03:51 - 002773408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-04-10 17:23 - 2018-03-13 03:50 - 000617312 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-04-10 17:23 - 2018-03-13 02:40 - 000121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-04-10 17:23 - 2018-03-13 02:36 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2018-04-10 17:23 - 2018-03-13 02:35 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2018-04-10 17:23 - 2018-03-13 02:33 - 007544832 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-04-10 17:23 - 2018-03-13 02:33 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2018-04-10 17:23 - 2018-03-13 02:32 - 005195776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-04-10 17:23 - 2018-03-13 02:32 - 000286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2018-04-10 17:23 - 2018-03-13 02:29 - 003211776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2018-04-10 17:23 - 2018-03-13 02:28 - 002857984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-04-10 17:23 - 2018-03-13 02:28 - 001967104 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2018-04-10 17:23 - 2018-03-13 02:28 - 001157632 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2018-04-10 17:23 - 2018-03-13 02:28 - 000939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2018-04-10 17:23 - 2018-03-13 02:28 - 000508928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2018-04-10 17:23 - 2018-03-13 02:27 - 003125760 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-04-10 17:23 - 2018-03-13 02:27 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingMonitor.dll
2018-04-10 17:23 - 2018-03-13 02:23 - 001556992 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2018-04-10 17:23 - 2018-03-13 02:23 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2018-04-10 17:23 - 2018-03-13 02:23 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2018-04-10 17:23 - 2018-03-13 02:22 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-04-10 17:23 - 2018-03-13 02:19 - 001615712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-04-10 17:23 - 2018-03-13 02:15 - 000597160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2018-04-10 17:23 - 2018-03-13 02:08 - 000747416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2018-04-10 17:23 - 2018-03-13 02:04 - 006481096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-04-10 17:23 - 2018-03-13 02:04 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-04-10 17:23 - 2018-03-13 01:43 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-04-10 17:23 - 2018-03-13 01:39 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2018-04-10 17:23 - 2018-03-13 01:38 - 006466560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-04-10 17:23 - 2018-03-13 01:37 - 003181568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-04-10 17:23 - 2018-03-13 01:37 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2018-04-10 17:23 - 2018-03-13 01:33 - 002464768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-04-10 17:23 - 2018-03-13 01:31 - 000862208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2018-04-10 17:23 - 2018-03-13 01:31 - 000402432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2018-04-10 17:23 - 2018-03-13 01:30 - 002349568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2018-04-10 17:23 - 2018-03-13 01:27 - 000190464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2018-04-10 17:23 - 2018-03-13 01:27 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2018-04-10 17:22 - 2018-03-30 02:12 - 000270208 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2018-04-10 17:22 - 2018-03-30 02:12 - 000075168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpci.sys
2018-04-10 17:22 - 2018-03-30 02:06 - 000053152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pcw.sys
2018-04-10 17:22 - 2018-03-30 02:05 - 000191824 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2018-04-10 17:22 - 2018-03-30 02:05 - 000073120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-04-10 17:22 - 2018-03-30 02:05 - 000059808 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvhostsvc.dll
2018-04-10 17:22 - 2018-03-30 02:05 - 000035744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SDFHost.dll
2018-04-10 17:22 - 2018-03-30 02:05 - 000022800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumbase.dll
2018-04-10 17:22 - 2018-03-30 02:05 - 000022208 _____ (Microsoft Corporation) C:\WINDOWS\system32\IumSdk.dll
2018-04-10 17:22 - 2018-03-30 02:05 - 000020888 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2018-04-10 17:22 - 2018-03-30 02:03 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
2018-04-10 17:22 - 2018-03-30 02:03 - 000139680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2018-04-10 17:22 - 2018-03-30 02:02 - 000128416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2018-04-10 17:22 - 2018-03-30 02:01 - 000034208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fs_rec.sys
2018-04-10 17:22 - 2018-03-30 02:00 - 000103320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2018-04-10 17:22 - 2018-03-30 02:00 - 000094104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\disk.sys
2018-04-10 17:22 - 2018-03-30 01:58 - 000039328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storvsc.sys
2018-04-10 17:22 - 2018-03-30 01:57 - 000711944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-04-10 17:22 - 2018-03-30 01:57 - 000121248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2018-04-10 17:22 - 2018-03-30 01:57 - 000031640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhv.sys
2018-04-10 17:22 - 2018-03-30 01:56 - 000018680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshhyperv.dll
2018-04-10 17:22 - 2018-03-30 01:53 - 000094080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwapi.dll
2018-04-10 17:22 - 2018-03-30 01:52 - 000282528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdyboost.sys
2018-04-10 17:22 - 2018-03-30 01:52 - 000247480 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoncli.dll
2018-04-10 17:22 - 2018-03-30 01:52 - 000192416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2018-04-10 17:22 - 2018-03-30 01:52 - 000054688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vdrvroot.sys
2018-04-10 17:22 - 2018-03-30 01:52 - 000047512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmstorfl.sys
2018-04-10 17:22 - 2018-03-30 01:52 - 000028520 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmbuspipe.dll
2018-04-10 17:22 - 2018-03-30 01:51 - 000125568 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2018-04-10 17:22 - 2018-03-30 01:51 - 000123800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mup.sys
2018-04-10 17:22 - 2018-03-30 01:51 - 000071208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WindowsTrustedRT.sys
2018-04-10 17:22 - 2018-03-30 01:49 - 000204184 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2018-04-10 17:22 - 2018-03-30 01:48 - 000586800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp110_win.dll
2018-04-10 17:22 - 2018-03-30 01:18 - 000016600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshhyperv.dll
2018-04-10 17:22 - 2018-03-30 01:13 - 000073896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wwapi.dll
2018-04-10 17:22 - 2018-03-30 01:12 - 000186520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\logoncli.dll
2018-04-10 17:22 - 2018-03-30 01:10 - 000099240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2018-04-10 17:22 - 2018-03-30 01:06 - 000180632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2018-04-10 17:22 - 2018-03-30 01:04 - 000417368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp110_win.dll
2018-04-10 17:22 - 2018-03-30 00:46 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2018-04-10 17:22 - 2018-03-30 00:45 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2018-04-10 17:22 - 2018-03-30 00:44 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll
2018-04-10 17:22 - 2018-03-30 00:44 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2018-04-10 17:22 - 2018-03-30 00:44 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-04-10 17:22 - 2018-03-30 00:43 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\url.dll
2018-04-10 17:22 - 2018-03-30 00:43 - 000152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iexpress.exe
2018-04-10 17:22 - 2018-03-30 00:43 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wextract.exe
2018-04-10 17:22 - 2018-03-30 00:43 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IEAdvpack.dll
2018-04-10 17:22 - 2018-03-30 00:43 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-04-10 17:22 - 2018-03-30 00:43 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2018-04-10 17:22 - 2018-03-30 00:43 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2018-04-10 17:22 - 2018-03-30 00:43 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2018-04-10 17:22 - 2018-03-30 00:43 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2018-04-10 17:22 - 2018-03-30 00:43 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2018-04-10 17:22 - 2018-03-30 00:43 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2018-04-10 17:22 - 2018-03-30 00:43 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pngfilt.dll
2018-04-10 17:22 - 2018-03-30 00:43 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsnmp32.dll
2018-04-10 17:22 - 2018-03-30 00:43 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2018-04-10 17:22 - 2018-03-30 00:43 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2018-04-10 17:22 - 2018-03-30 00:43 - 000013824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedssync.exe
2018-04-10 17:22 - 2018-03-30 00:43 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshta.exe
2018-04-10 17:22 - 2018-03-30 00:43 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2018-04-10 17:22 - 2018-03-30 00:42 - 000253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp
2018-04-10 17:22 - 2018-03-30 00:42 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2018-04-10 17:22 - 2018-03-30 00:42 - 000099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2018-04-10 17:22 - 2018-03-30 00:42 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inseng.dll
2018-04-10 17:22 - 2018-03-30 00:42 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imgutil.dll
2018-04-10 17:22 - 2018-03-30 00:42 - 000027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licmgr10.dll
2018-04-10 17:22 - 2018-03-30 00:41 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2018-04-10 17:22 - 2018-03-30 00:41 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2018-04-10 17:22 - 2018-03-30 00:41 - 000126464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\occache.dll
2018-04-10 17:22 - 2018-03-30 00:40 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2018-04-10 17:22 - 2018-03-30 00:40 - 000314880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2018-04-10 17:22 - 2018-03-30 00:40 - 000257536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2018-04-10 17:22 - 2018-03-30 00:40 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\keyiso.dll
2018-04-10 17:22 - 2018-03-30 00:40 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedsbs.dll
2018-04-10 17:22 - 2018-03-30 00:39 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2018-04-10 17:22 - 2018-03-30 00:36 - 000276992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2018-04-10 17:22 - 2018-03-30 00:35 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2018-04-10 17:22 - 2018-03-30 00:35 - 000371200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskcomp.dll
2018-04-10 17:22 - 2018-03-30 00:35 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2018-04-10 17:22 - 2018-03-30 00:35 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2018-04-10 17:22 - 2018-03-30 00:35 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhvr.sys
2018-04-10 17:22 - 2018-03-30 00:34 - 000339456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SessEnv.dll
2018-04-10 17:22 - 2018-03-30 00:33 - 000707584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2018-04-10 17:22 - 2018-03-30 00:33 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2018-04-10 17:22 - 2018-03-30 00:33 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2018-04-10 17:22 - 2018-03-30 00:33 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\irda.sys
2018-04-10 17:22 - 2018-03-30 00:33 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2018-04-10 17:22 - 2018-03-30 00:33 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2018-04-10 17:22 - 2018-03-30 00:33 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2018-04-10 17:22 - 2018-03-30 00:33 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2018-04-10 17:22 - 2018-03-30 00:33 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storqosflt.sys
2018-04-10 17:22 - 2018-03-30 00:33 - 000072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\IcsEntitlementHost.exe
2018-04-10 17:22 - 2018-03-30 00:33 - 000065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2018-04-10 17:22 - 2018-03-30 00:33 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenanceClient.dll
2018-04-10 17:22 - 2018-03-30 00:33 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2018-04-10 17:22 - 2018-03-30 00:33 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmictimeprovider.dll
2018-04-10 17:22 - 2018-03-30 00:33 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dmvsc.sys
2018-04-10 17:22 - 2018-03-30 00:33 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-04-10 17:22 - 2018-03-30 00:33 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnEapPeerProxy.dll
2018-04-10 17:22 - 2018-03-30 00:33 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnEapAuthProxy.dll
2018-04-10 17:22 - 2018-03-30 00:33 - 000028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\HyperVideo.sys
2018-04-10 17:22 - 2018-03-30 00:33 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\VMBusHID.sys
2018-04-10 17:22 - 2018-03-30 00:33 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysntfy.dll
2018-04-10 17:22 - 2018-03-30 00:33 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidtel.exe
2018-04-10 17:22 - 2018-03-30 00:33 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\nrpsrv.dll
2018-04-10 17:22 - 2018-03-30 00:33 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasacd.sys
2018-04-10 17:22 - 2018-03-30 00:33 - 000016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hyperkbd.sys
2018-04-10 17:22 - 2018-03-30 00:33 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmgencounter.sys
2018-04-10 17:22 - 2018-03-30 00:33 - 000012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2018-04-10 17:22 - 2018-03-30 00:33 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmgid.sys
2018-04-10 17:22 - 2018-03-30 00:33 - 000009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vms3cap.sys
2018-04-10 17:22 - 2018-03-30 00:33 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-04-10 17:22 - 2018-03-30 00:32 - 000198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2018-04-10 17:22 - 2018-03-30 00:32 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iexpress.exe
2018-04-10 17:22 - 2018-03-30 00:32 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2018-04-10 17:22 - 2018-03-30 00:32 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wextract.exe
2018-04-10 17:22 - 2018-03-30 00:32 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-04-10 17:22 - 2018-03-30 00:32 - 000125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2018-04-10 17:22 - 2018-03-30 00:32 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2018-04-10 17:22 - 2018-03-30 00:32 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\efslsaext.dll
2018-04-10 17:22 - 2018-03-30 00:32 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2018-04-10 17:22 - 2018-03-30 00:32 - 000065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndisuio.sys
2018-04-10 17:22 - 2018-03-30 00:32 - 000065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\lltdio.sys
2018-04-10 17:22 - 2018-03-30 00:32 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Synth3dVsc.sys
2018-04-10 17:22 - 2018-03-30 00:32 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsnmp32.dll
2018-04-10 17:22 - 2018-03-30 00:32 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll
2018-04-10 17:22 - 2018-03-30 00:32 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\efssvc.dll
2018-04-10 17:22 - 2018-03-30 00:32 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerSvc.dll
2018-04-10 17:22 - 2018-03-30 00:32 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdPnp.dll
2018-04-10 17:22 - 2018-03-30 00:32 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2018-04-10 17:22 - 2018-03-30 00:32 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2018-04-10 17:22 - 2018-03-30 00:32 - 000032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2018-04-10 17:22 - 2018-03-30 00:32 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmiprop.dll
2018-04-10 17:22 - 2018-03-30 00:32 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWNet.dll
2018-04-10 17:22 - 2018-03-30 00:32 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfhost.exe
2018-04-10 17:22 - 2018-03-30 00:32 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
2018-04-10 17:22 - 2018-03-30 00:32 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe
2018-04-10 17:22 - 2018-03-30 00:32 - 000008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\gpuenergydrv.sys
2018-04-10 17:22 - 2018-03-30 00:31 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2018-04-10 17:22 - 2018-03-30 00:31 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp
2018-04-10 17:22 - 2018-03-30 00:31 - 000286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsvc.dll
2018-04-10 17:22 - 2018-03-30 00:31 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll
2018-04-10 17:22 - 2018-03-30 00:31 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WPTaskScheduler.dll
2018-04-10 17:22 - 2018-03-30 00:31 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2018-04-10 17:22 - 2018-03-30 00:31 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2018-04-10 17:22 - 2018-03-30 00:31 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2018-04-10 17:22 - 2018-03-30 00:31 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEAdvpack.dll
2018-04-10 17:22 - 2018-03-30 00:31 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2018-04-10 17:22 - 2018-03-30 00:31 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2018-04-10 17:22 - 2018-03-30 00:31 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\keyiso.dll
2018-04-10 17:22 - 2018-03-30 00:31 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2018-04-10 17:22 - 2018-03-30 00:31 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2018-04-10 17:22 - 2018-03-30 00:31 - 000055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll
2018-04-10 17:22 - 2018-03-30 00:31 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\nsisvc.dll
2018-04-10 17:22 - 2018-03-30 00:30 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmrdvcore.dll
2018-04-10 17:22 - 2018-03-30 00:30 - 000309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsvcext.dll
2018-04-10 17:22 - 2018-03-30 00:30 - 000284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2018-04-10 17:22 - 2018-03-30 00:30 - 000262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrokerLib.dll
2018-04-10 17:22 - 2018-03-30 00:30 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2018-04-10 17:22 - 2018-03-30 00:30 - 000188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2018-04-10 17:22 - 2018-03-30 00:29 - 000723968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
2018-04-10 17:22 - 2018-03-30 00:29 - 000379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2018-04-10 17:22 - 2018-03-30 00:29 - 000298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2018-04-10 17:22 - 2018-03-30 00:29 - 000253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3svc.dll
2018-04-10 17:22 - 2018-03-30 00:28 - 000984064 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2018-04-10 17:22 - 2018-03-30 00:28 - 000820224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2018-04-10 17:22 - 2018-03-30 00:28 - 000147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2018-04-10 17:22 - 2018-03-30 00:27 - 000947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2018-04-10 17:22 - 2018-03-30 00:27 - 000889856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2018-04-10 17:22 - 2018-03-30 00:27 - 000332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2018-04-10 17:22 - 2018-03-30 00:27 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ssdpsrv.dll
2018-04-10 17:22 - 2018-03-30 00:26 - 000765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2018-04-10 17:22 - 2018-03-30 00:25 - 000841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2018-04-10 17:22 - 2018-03-30 00:25 - 000374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2018-04-10 17:22 - 2018-03-30 00:25 - 000276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2018-04-10 17:22 - 2018-03-30 00:25 - 000270848 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2018-04-10 17:22 - 2018-03-30 00:23 - 000387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SessEnv.dll
2018-04-10 17:22 - 2018-03-30 00:23 - 000246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2018-04-10 17:22 - 2018-03-30 00:23 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys
2018-04-10 17:22 - 2018-03-30 00:22 - 000826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
2018-04-10 17:22 - 2018-03-30 00:22 - 000027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpbus.sys
2018-04-10 17:22 - 2018-03-30 00:22 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\beep.sys
2018-04-10 17:22 - 2018-03-30 00:20 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2018-04-10 17:22 - 2018-03-30 00:20 - 000199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys
2018-04-10 17:22 - 2018-03-30 00:20 - 000180736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk8.sys
2018-04-10 17:22 - 2018-03-30 00:20 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdppm.sys
2018-04-10 17:22 - 2018-03-30 00:20 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys
2018-04-10 17:22 - 2018-03-30 00:20 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2018-04-10 17:22 - 2018-03-30 00:20 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdPnp.dll
2018-04-10 17:22 - 2018-03-30 00:20 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msfs.sys
2018-04-10 17:22 - 2018-03-30 00:20 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmiprop.dll
2018-04-10 17:22 - 2018-03-30 00:20 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWNet.dll
2018-04-10 17:22 - 2018-03-30 00:20 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\null.sys
2018-04-10 17:22 - 2018-03-28 16:54 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2018-04-10 17:22 - 2018-03-13 03:58 - 000441248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2018-04-10 17:22 - 2018-03-13 03:55 - 001778360 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2018-04-10 17:22 - 2018-03-13 03:55 - 000417440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2018-04-10 17:22 - 2018-03-13 03:55 - 000334240 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2018-04-10 17:22 - 2018-03-13 03:54 - 000128928 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2018-04-10 17:22 - 2018-03-13 03:53 - 000774560 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2018-04-10 17:22 - 2018-03-13 03:53 - 000143264 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2018-04-10 17:22 - 2018-03-13 03:53 - 000091152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
2018-04-10 17:22 - 2018-03-13 03:52 - 000172112 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2018-04-10 17:22 - 2018-03-13 03:52 - 000127136 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2018-04-10 17:22 - 2018-03-13 02:41 - 003995136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2018-04-10 17:22 - 2018-03-13 02:40 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2018-04-10 17:22 - 2018-03-13 02:38 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2018-04-10 17:22 - 2018-03-13 02:38 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2018-04-10 17:22 - 2018-03-13 02:38 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2018-04-10 17:22 - 2018-03-13 02:37 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetDriverInstall.dll
2018-04-10 17:22 - 2018-03-13 02:37 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2018-04-10 17:22 - 2018-03-13 02:37 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelineprxy.dll
2018-04-10 17:22 - 2018-03-13 02:36 - 000297984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfksproxy.dll
2018-04-10 17:22 - 2018-03-13 02:35 - 000758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2018-04-10 17:22 - 2018-03-13 02:35 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2018-04-10 17:22 - 2018-03-13 02:35 - 000245248 _____ (Microsoft Corporation) C:\WINDOWS\system32\icm32.dll
2018-04-10 17:22 - 2018-03-13 02:35 - 000240128 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsAuth.dll
2018-04-10 17:22 - 2018-03-13 02:35 - 000219648 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsCfg.dll
2018-04-10 17:22 - 2018-03-13 02:35 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlgpclnt.dll
2018-04-10 17:22 - 2018-03-13 02:34 - 008727552 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2018-04-10 17:22 - 2018-03-13 02:34 - 000309248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2018-04-10 17:22 - 2018-03-13 02:34 - 000222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsExt.dll
2018-04-10 17:22 - 2018-03-13 02:34 - 000153600 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2018-04-10 17:22 - 2018-03-13 02:34 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2018-04-10 17:22 - 2018-03-13 02:33 - 001574912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2018-04-10 17:22 - 2018-03-13 02:33 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2018-04-10 17:22 - 2018-03-13 02:33 - 000278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2018-04-10 17:22 - 2018-03-13 02:33 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2018-04-10 17:22 - 2018-03-13 02:33 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpmon.dll
2018-04-10 17:22 - 2018-03-13 02:32 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2018-04-10 17:22 - 2018-03-13 02:32 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2018-04-10 17:22 - 2018-03-13 02:32 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2018-04-10 17:22 - 2018-03-13 02:32 - 000200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2018-04-10 17:22 - 2018-03-13 02:31 - 002849792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2018-04-10 17:22 - 2018-03-13 02:31 - 001263104 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2018-04-10 17:22 - 2018-03-13 02:31 - 001173504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2018-04-10 17:22 - 2018-03-13 02:31 - 000596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mscms.dll
2018-04-10 17:22 - 2018-03-13 02:31 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2018-04-10 17:22 - 2018-03-13 02:30 - 007145472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2018-04-10 17:22 - 2018-03-13 02:30 - 003400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2018-04-10 17:22 - 2018-03-13 02:30 - 000893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2018-04-10 17:22 - 2018-03-13 02:30 - 000863744 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2018-04-10 17:22 - 2018-03-13 02:30 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2018-04-10 17:22 - 2018-03-13 02:30 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2018-04-10 17:22 - 2018-03-13 02:28 - 003160576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2018-04-10 17:22 - 2018-03-13 02:28 - 000886272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2018-04-10 17:22 - 2018-03-13 02:28 - 000837120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2018-04-10 17:22 - 2018-03-13 02:27 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2018-04-10 17:22 - 2018-03-13 02:26 - 001737728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-04-10 17:22 - 2018-03-13 02:26 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2018-04-10 17:22 - 2018-03-13 02:25 - 001346560 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2018-04-10 17:22 - 2018-03-13 02:25 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2018-04-10 17:22 - 2018-03-13 02:24 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2018-04-10 17:22 - 2018-03-13 02:24 - 000389120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll
2018-04-10 17:22 - 2018-03-13 02:24 - 000205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\sensrsvc.dll
2018-04-10 17:22 - 2018-03-13 02:22 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2018-04-10 17:22 - 2018-03-13 02:22 - 000513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll
2018-04-10 17:22 - 2018-03-13 02:22 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\racpldlg.dll
2018-04-10 17:22 - 2018-03-13 02:19 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-04-10 17:22 - 2018-03-13 02:19 - 000311200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2018-04-10 17:22 - 2018-03-13 02:08 - 001555784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2018-04-10 17:22 - 2018-03-13 02:07 - 000115104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2018-04-10 17:22 - 2018-03-13 02:06 - 000564640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2018-04-10 17:22 - 2018-03-13 02:04 - 000140592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
2018-04-10 17:22 - 2018-03-13 01:44 - 003490816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2018-04-10 17:22 - 2018-03-13 01:44 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2018-04-10 17:22 - 2018-03-13 01:40 - 006118400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2018-04-10 17:22 - 2018-03-13 01:40 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\compstui.dll
2018-04-10 17:22 - 2018-03-13 01:40 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfksproxy.dll
2018-04-10 17:22 - 2018-03-13 01:39 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\icm32.dll
2018-04-10 17:22 - 2018-03-13 01:39 - 000180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2018-04-10 17:22 - 2018-03-13 01:39 - 000164352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TtlsCfg.dll
2018-04-10 17:22 - 2018-03-13 01:38 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlgpclnt.dll
2018-04-10 17:22 - 2018-03-13 01:37 - 000981504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2018-04-10 17:22 - 2018-03-13 01:37 - 000537088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscms.dll
2018-04-10 17:22 - 2018-03-13 01:37 - 000381440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2018-04-10 17:22 - 2018-03-13 01:37 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2018-04-10 17:22 - 2018-03-13 01:37 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingMonitor.dll
2018-04-10 17:22 - 2018-03-13 01:37 - 000091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2018-04-10 17:22 - 2018-03-13 01:36 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2018-04-10 17:22 - 2018-03-13 01:36 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2018-04-10 17:22 - 2018-03-13 01:36 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2018-04-10 17:22 - 2018-03-13 01:35 - 006204416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2018-04-10 17:22 - 2018-03-13 01:34 - 002409984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2018-04-10 17:22 - 2018-03-13 01:34 - 000706048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2018-04-10 17:22 - 2018-03-13 01:33 - 000981504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2018-04-10 17:22 - 2018-03-13 01:32 - 002577408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2018-04-10 17:22 - 2018-03-13 01:32 - 001948672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2018-04-10 17:22 - 2018-03-13 01:31 - 001348608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-04-10 17:22 - 2018-03-13 01:31 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2018-04-10 17:22 - 2018-03-13 01:30 - 000464384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2018-04-10 17:22 - 2018-03-13 01:28 - 000328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll
2018-04-10 17:22 - 2018-03-13 01:26 - 000483328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll
2018-04-10 17:22 - 2017-11-26 10:32 - 000184984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2018-04-10 17:22 - 2017-11-26 08:12 - 000123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-17 19:03 - 2016-11-21 12:45 - 000000000 ____D C:\Users\ameyb_000\AppData\LocalLow\Mozilla
2018-04-17 18:43 - 2017-12-08 09:12 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-04-17 15:59 - 2015-11-07 11:35 - 000000000 ___RD C:\Users\ameyb_000\Google Drive
2018-04-17 15:55 - 2017-12-08 09:31 - 001364626 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-04-17 15:52 - 2013-11-18 13:43 - 000000452 _____ C:\Users\ameyb_000\AppData\Roaming\sp_data.sys
2018-04-17 15:49 - 2017-12-08 09:41 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-04-17 15:48 - 2017-09-29 05:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-04-17 15:37 - 2017-10-13 17:32 - 136971704 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-04-17 15:37 - 2013-11-18 21:25 - 136971704 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-04-17 13:55 - 2012-07-26 02:26 - 000000199 _____ C:\WINDOWS\win.ini
2018-04-17 13:53 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-04-17 13:00 - 2013-12-02 11:29 - 000000000 ____D C:\Program Files (x86)\Glary Utilities 4
2018-04-17 12:57 - 2017-12-08 09:12 - 000565632 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-04-17 06:09 - 2017-09-29 10:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-04-17 06:09 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-04-16 19:15 - 2017-12-06 19:33 - 000000000 ____D C:\Program Files (x86)\MSBuild
2018-04-16 19:15 - 2015-10-30 06:07 - 000000000 ____D C:\WINDOWS\ShellNew
2018-04-16 19:14 - 2017-09-29 10:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-04-16 19:08 - 2014-02-24 16:01 - 000000000 ____D C:\Users\ameyb_000\Downloads\MicroSoft Office 2007 With Key -THADOGG
2018-04-16 18:33 - 2013-11-29 15:32 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-04-16 16:27 - 2013-11-21 23:38 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-04-15 21:44 - 2017-09-29 10:44 - 000000000 ____D C:\WINDOWS\INF
2018-04-15 18:51 - 2013-11-29 20:00 - 000000000 ____D C:\Users\ameyb_000\Desktop\System Security
2018-04-15 16:11 - 2013-11-18 13:40 - 000000000 ____D C:\Users\ameyb_000\AppData\Local\ASUS
2018-04-15 16:11 - 2012-09-30 23:58 - 000000000 ____D C:\ProgramData\P4G
2018-04-15 15:58 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\registration
2018-04-15 15:53 - 2017-09-29 05:45 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-04-15 15:08 - 2015-08-23 15:26 - 000000000 __SHD C:\Users\ameyb_000\IntelGraphicsProfiles
2018-04-15 14:56 - 2014-12-29 22:32 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2018-04-15 14:44 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2018-04-15 14:44 - 2017-09-29 05:45 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2018-04-15 14:44 - 2013-08-22 12:36 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2018-04-15 14:02 - 2017-12-08 09:18 - 000000000 ____D C:\Users\ameyb_000
2018-04-15 13:54 - 2017-12-08 09:18 - 000000000 ____D C:\Users\UpdatusUser
2018-04-15 13:37 - 2015-08-23 15:25 - 000000258 __RSH C:\ProgramData\ntuser.pol
2018-04-12 17:57 - 2018-02-28 10:39 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-04-12 12:22 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\rescache
2018-04-10 20:18 - 2015-09-16 10:20 - 000000000 ___RD C:\Users\ameyb_000\3D Objects
2018-04-10 20:18 - 2013-11-18 10:05 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-04-10 20:16 - 2017-06-14 09:42 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox old
2018-04-10 20:16 - 2016-11-25 15:36 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2018-04-10 20:14 - 2017-09-29 10:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-04-10 20:14 - 2017-09-29 10:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-04-10 20:14 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-04-10 20:14 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-04-10 17:37 - 2013-11-18 21:25 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-04-10 17:34 - 2017-09-29 10:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-04-10 17:25 - 2017-12-06 19:46 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2018-04-10 13:32 - 2018-03-13 18:32 - 000004574 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-04-10 13:32 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-04-10 13:32 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-04-07 18:36 - 2018-03-04 13:12 - 000000000 ____D C:\Users\ameyb_000\Documents\Riley
2018-04-07 18:05 - 2014-03-01 18:42 - 000001471 _____ C:\Users\ameyb_000\Desktop\Roblox Player.lnk
2018-04-07 18:05 - 2014-03-01 18:41 - 000000000 ____D C:\Users\ameyb_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2018-03-24 14:29 - 2013-11-25 02:06 - 000000000 ____D C:\Program Files (x86)\Google
2018-03-24 14:28 - 2017-09-19 08:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2018-03-24 14:27 - 2018-02-06 21:27 - 000000000 ____D C:\Program Files\Google
2018-03-21 08:40 - 2017-12-08 09:41 - 000003362 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3443199759-2312325277-567934048-1002
2018-03-21 08:40 - 2015-08-23 14:34 - 000002413 _____ C:\Users\ameyb_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-03-21 08:40 - 2015-08-23 14:34 - 000000000 ___RD C:\Users\ameyb_000\OneDrive
2018-03-20 21:28 - 2013-11-25 02:07 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-20 21:28 - 2013-11-25 02:07 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk

==================== Files in the root of some directories =======

2014-05-30 10:16 - 2014-05-30 10:17 - 014936064 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2013-11-29 12:29 - 2013-11-29 12:29 - 000000021 _____ () C:\Users\ameyb_000\AppData\Roaming\my_intel.sys
2013-11-18 13:43 - 2018-04-17 15:52 - 000000452 _____ () C:\Users\ameyb_000\AppData\Roaming\sp_data.sys
2013-12-19 09:52 - 2014-02-22 01:57 - 000000145 _____ () C:\Users\ameyb_000\AppData\Roaming\WB.CFG
2016-04-09 13:46 - 2016-04-09 13:46 - 000006211 _____ () C:\Users\ameyb_000\AppData\Local\recently-used.xbel

Some files in TEMP:
====================
2018-04-15 13:46 - 2018-04-15 13:46 - 002311864 _____ () C:\Users\ameyb_000\AppData\Local\Temp\52322524.exe
2018-04-15 13:42 - 2018-04-15 13:42 - 061755600 _____ (Kometa LCC) C:\Users\ameyb_000\AppData\Local\Temp\vfOudl38Dmp2.exe
2018-04-15 13:36 - 2018-04-15 13:37 - 002311864 _____ () C:\Users\ameyb_000\AppData\Local\Temp\XhpZQ3BMVIsH.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-04-08 13:46

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15.04.2018
Ran by ameyb_000 (17-04-2018 19:28:03)
Running from C:\Users\ameyb_000\Desktop
Windows 10 Home Version 1709 16299.371 (X64) (2017-12-08 12:42:56)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3443199759-2312325277-567934048-500 - Administrator - Disabled)
ameyb_000 (S-1-5-21-3443199759-2312325277-567934048-1002 - Administrator - Enabled) => C:\Users\ameyb_000
DefaultAccount (S-1-5-21-3443199759-2312325277-567934048-503 - Limited - Disabled)
Guest (S-1-5-21-3443199759-2312325277-567934048-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3443199759-2312325277-567934048-1016 - Limited - Enabled)
UpdatusUser (S-1-5-21-3443199759-2312325277-567934048-1001 - Limited - Enabled) => C:\Users\UpdatusUser
WDAGUtilityAccount (S-1-5-21-3443199759-2312325277-567934048-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

123 Free Solitaire v10.3 (HKLM-x32\...\123 Free Solitaire_is1) (Version:  - TreeCardGames)
adaware antivirus (HKLM\...\{741277F1-ACDE-4C60-8CC3-28C9EF73A0F4}_AdAwareUpdater) (Version: 12.3.909.11573 - adaware)
AdAwareInstaller (HKLM\...\{29A136C6-8DE7-41B4-8344-3D4EC0D7876A}) (Version: 12.3.909.11573 - adaware) Hidden
AdAwareUpdater (HKLM\...\{741277F1-ACDE-4C60-8CC3-28C9EF73A0F4}) (Version: 12.3.909.11573 - adaware) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.140 - Adobe Systems Incorporated)
AntimalwareEngine (HKLM\...\{0354D65F-3A21-4A6C-BF7C-14069CF15400}) (Version: 3.0.159.0 - adaware) Hidden
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.5 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.8 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0004 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.6 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.9.120 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.) Hidden
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.309 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0022 - ASUS)
BabasChess (HKLM-x32\...\{93CF9FA6-2A5E-4F8E-923E-F7D8741CB312}) (Version: 3.9.12275 - RRaf)
Backup and Sync from Google (HKLM\...\{4B7277C7-9CEE-45FC-B36B-19AD28281B9C}) (Version: 3.40.8921.5350 - Google, Inc.)
BitTorrent (HKU\S-1-5-21-3443199759-2312325277-567934048-1002\...\BitTorrent) (Version: 7.9.2.35704 - BitTorrent Inc.)
DesignPro 5.4 Limited Edition (HKLM-x32\...\{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}) (Version: 5.2.1201 - Avery Dennison) Hidden
DesignPro 5.4 Limited Edition (HKLM-x32\...\InstallShield_{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}) (Version: 5.2.1201 - Avery Dennison)
DisplayLink Core Software (HKLM\...\{F3B9FCD6-4E63-40B6-A38F-A38644E70629}) (Version: 7.9.1589.0 - DisplayLink Corp.)
DisplayLink Graphics (HKLM\...\{4DCC733A-453C-40E6-84D3-EF3959B3CCA8}) (Version: 7.5.52889.0 - DisplayLink Corp.)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
ExpressCache (HKLM\...\{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}) (Version: 1.0.86 - Diskeeper Corporation)
EZCast (HKLM-x32\...\{74CECDD9-4B8E-4AE3-9571-8070A17F3C34}) (Version: 1.1.0.130 - Actions-Micro)
FxFoto by Triscape (HKLM-x32\...\FxFoto) (Version:  - )
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Glary Utilities 4.1 (HKLM-x32\...\Glary Utilities 4) (Version: 4.1.0.61 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Earth Pro (HKLM\...\{D9EF644E-2FAE-493B-8180-5617CC774C4F}) (Version: 7.3.1.4507 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.0.30.81 - Hewlett-Packard Company)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 6.0.5.1080 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Kobo (HKLM-x32\...\Kobo) (Version: 3.19.3665 - Rakuten Kobo Inc.)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
LEGO Digital Designer (HKLM-x32\...\New LEGO Digital Designer) (Version:  - LEGO A/S)
Macrium Reflect Free Edition (HKLM\...\{0B4A0234-4C18-45E3-BF42-29F838C53460}) (Version: 6.3.1852 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.3 - Paramount Software (UK) Ltd.)
Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3443199759-2312325277-567934048-1002\...\OneDriveSetup.exe) (Version: 18.025.0204.0009 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 59.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.2 (x64 en-US)) (Version: 59.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0.2 - Mozilla)
Mozilla Thunderbird 52.7.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.7.0 (x86 en-US)) (Version: 52.7.0 - Mozilla)
NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6699 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.27023 - Realtek Semiconductor Corp.)
Roblox Player for ameyb_000 (HKU\S-1-5-21-3443199759-2312325277-567934048-1002\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - Roblox Corporation)
ROBLOX Studio for ameyb_000 (HKU\S-1-5-21-3443199759-2312325277-567934048-1002\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.38 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.38.101 - Skype Technologies S.A.)
TOSHIBA USB Display Drivers (HKLM\...\{5E348DA7-632A-49DD-ADFA-32D696E05F5D}) (Version: 7.0.43577.0 - TOSHIBA Corporation)
Triscape FxFoto (HKLM-x32\...\TriscapeFxFoto) (Version:  - )
Unity Web Player (HKU\S-1-5-21-3443199759-2312325277-567934048-1002\...\UnityWebPlayer) (Version: 5.3.8f2 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
WD SmartWare (HKLM\...\{6F482C75-174D-42EB-A2CF-B00A1F354F7B}) (Version: 1.4.1.1 - Western Digital)
Windows Driver Package - ASUS (ATP) Mouse  (10/29/2012 1.0.0.148) (HKLM\...\C01F56FBD9B141017E63E2A1A141E59934D4DC67) (Version: 10/29/2012 1.0.0.148 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wizard101 (HKU\S-1-5-21-3443199759-2312325277-567934048-1002\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 4\x64\ContextHandler.dll [2013-12-02] (Glarysoft Ltd)
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-06-10] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2012-06-10] (Alexander Roshal)
ContextMenuHandlers2: [AdAwareContextMenu] -> {5B64240D-5B36-4B9F-A75F-4925B6A53D5B} => C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.3.909.11573\AdAwareShellExtension.dll [2018-02-24] ()
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 4\x64\ContextHandler.dll [2013-12-02] (Glarysoft Ltd)
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd)
ContextMenuHandlers3: [AdAwareContextMenu] -> {5B64240D-5B36-4B9F-A75F-4925B6A53D5B} => C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.3.909.11573\AdAwareShellExtension.dll [2018-02-24] ()
ContextMenuHandlers3: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2325} => C:\WINDOWS\system32\mscoree.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-08-01] (NVIDIA Corporation)
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 4\x64\ContextHandler.dll [2013-12-02] (Glarysoft Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-06-10] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2012-06-10] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B481C1E-9043-4C62-AC1D-A7A821CA034F} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2012-09-27] ()
Task: {17DC023B-685A-4612-A2FC-2ED042FD6A8D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {1DA26EEB-E28B-47D1-83D0-6F3CADAE0419} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.)
Task: {261C962C-C46D-4D6A-9143-B6A911FF28C5} - System32\Tasks\{D09C0F8F-DFF1-42DA-B96A-D1411D3FE709} => C:\WINDOWS\system32\pcalua.exe -a E:\AUTORun.exe -d E:\
Task: {2A12A894-2894-4D52-80DE-0C8B06FAA5C3} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3F918020-4EC3-46DA-9532-97C99EF1AA2B} - System32\Tasks\{F06C416E-DD6B-4831-9D42-5C015C2BF542} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\ameyb_000\Downloads\Displaylink_7.2.47873.0.exe -d C:\Users\ameyb_000\Downloads
Task: {4BCA6658-3650-41AC-BCB0-15AAA4D9ED29} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {4EF56B7B-1EF7-4BE2-A54B-4BFFD91D510C} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-07-25] (ASUSTeK Computer Inc.)
Task: {5187EDEB-AD82-4DD2-99CF-CF69A7EBDAC2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {5BA232EE-D0B4-4D6D-915A-4DC1FCDB256A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {5DFE236B-A607-4871-BED6-A49BE75740DA} - \AGProxyCheck -> No File <==== ATTENTION
Task: {753889F4-956F-4C52-93AA-B4621BE9BED2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {772A6DF1-82CE-45A9-B15A-D83DD1163B96} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_140_Plugin.exe [2018-04-10] (Adobe Systems Incorporated)
Task: {7B925BB0-BFF7-4CDD-830B-A28C4427C3F4} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {832019C3-1150-44E2-A92F-B4C360A13FF0} - System32\Tasks\GlaryInitialize 4 => C:\Program Files (x86)\Glary Utilities 4\Initialize.exe [2013-12-02] (Glarysoft Ltd)
Task: {8A4C72F0-7E3A-4B30-B327-97DCBEF4C006} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {8B131463-EADC-4D5A-A1DF-46CC6296990B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {95545E6F-10F9-48C5-8750-BDE846B481F9} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {9586679B-262E-4173-8ED0-B526A3A3AB85} - no filepath
Task: {98AD792F-48FC-4E9D-BF41-6B713E928C70} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe
Task: {D33F288D-9793-4C68-836C-F396B6D48487} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {E0721EF7-4140-45EE-935B-0F9BEB60CCDD} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {E527964A-34C6-4486-94BE-CD0985E4F950} - System32\Tasks\TechUtilities => C:\Program Files\TechUtilities\TechUtilities.exe
Task: {E9870908-D044-4878-9877-0C03DF52C9AE} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-04-10] (Adobe Systems Incorporated)
Task: {EC552D4D-B838-4139-B729-DB321214C71F} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {F714B5B2-0841-4DF7-959B-41085FBB89A7} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {FA9D2411-8FE3-4DDE-9B43-2E67CFC72C46} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {FAA95BE5-9E29-4059-A76A-6BE447472F11} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {FACBB943-B2AB-48F0-8296-929105D7FE4E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {FCA26EBC-F0D6-4CD5-AFBA-584920E71E9C} - System32\Tasks\{E2E96305-CAA0-44D8-933E-A5E86CE8BE45} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/6.21.0.104/en/abandoninstall?page=tsBing
Task: {FF41D0A2-2694-4E54-ADF7-66370F34D12C} - System32\Tasks\Trigger KMS Activation => C:\Program Files\KMSnano\TriggerKMS.exe [2013-01-26] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GlaryInitialize 4.job => C:\Program Files (x86)\Glary Utilities 4\Initialize.exe
Task: C:\WINDOWS\Tasks\TechUtilities.job => C:\Program Files\TechUtilities\TechUtilities.exe-t C:\Program Files\TechUtilities\TechUtilities.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-09-29 10:41 - 2017-09-29 10:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-06-19 08:59 - 2016-08-01 09:54 - 000133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2018-02-24 22:52 - 2018-02-24 22:52 - 000587832 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.3.909.11573\AdAwareService.exe
2018-02-24 22:55 - 2018-02-24 22:55 - 000125400 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.3.909.11573\boost_thread-vc140-mt-1_65_1.dll
2018-02-24 22:55 - 2018-02-24 22:55 - 000032728 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.3.909.11573\boost_system-vc140-mt-1_65_1.dll
2018-02-24 22:55 - 2018-02-24 22:55 - 000067544 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.3.909.11573\boost_date_time-vc140-mt-1_65_1.dll
2018-02-24 22:55 - 2018-02-24 22:55 - 000147416 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.3.909.11573\boost_filesystem-vc140-mt-1_65_1.dll
2018-02-24 22:55 - 2018-02-24 22:55 - 000790488 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.3.909.11573\boost_log-vc140-mt-1_65_1.dll
2018-02-24 22:55 - 2018-02-24 22:55 - 000526296 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.3.909.11573\boost_locale-vc140-mt-1_65_1.dll
2018-02-24 22:55 - 2018-02-24 22:55 - 000039896 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.3.909.11573\boost_chrono-vc140-mt-1_65_1.dll
2018-02-24 22:55 - 2018-02-24 22:55 - 011660248 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.3.909.11573\rpc_server.dll
2018-02-24 22:56 - 2018-02-24 22:56 - 003717592 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.3.909.11573\RCF.dll
2018-02-24 22:55 - 2018-02-24 22:55 - 001024472 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.3.909.11573\boost_regex-vc140-mt-1_65_1.dll
2018-02-24 22:55 - 2018-02-24 22:55 - 001228760 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.3.909.11573\AdAwareActivation.dll
2018-02-24 22:55 - 2018-02-24 22:55 - 002846680 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.3.909.11573\AdAwareApplicationUpdater.dll
2018-02-24 22:55 - 2018-02-24 22:55 - 000861656 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.3.909.11573\AdAwareGamingMode.dll
2018-02-24 22:55 - 2018-02-24 22:55 - 000123352 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.3.909.11573\AdAwareReset.dll
2018-02-24 22:55 - 2018-02-24 22:55 - 000145368 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.3.909.11573\AdAwareTime.dll
2018-02-24 22:55 - 2018-02-24 22:55 - 001049048 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.3.909.11573\AdAwareDefinitionsUpdater.dll
2018-02-24 22:55 - 2018-02-24 22:55 - 000926680 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.3.909.11573\AdAwareDefinitionsUpdaterScheduler.dll
2018-02-24 22:55 - 2018-02-24 22:55 - 001466328 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.3.909.11573\AdAwareIgnoreList.dll
2018-02-24 22:55 - 2018-02-24 22:55 - 000312792 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.3.909.11573\AdAwareQuarantine.dll
2018-02-24 22:55 - 2018-02-24 22:55 - 001732568 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.3.909.11573\AdAwareAntiMalwareEngine.dll
2018-02-24 22:55 - 2018-02-24 22:55 - 001229272 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.3.909.11573\AdAwareScannerHistory.dll
2018-02-24 22:55 - 2018-02-24 22:55 - 001574872 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.3.909.11573\AdAwareScanner.dll
2018-02-24 22:55 - 2018-02-24 22:55 - 000039384 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.3.909.11573\boost_timer-vc140-mt-1_65_1.dll
2018-02-24 22:55 - 2018-02-24 22:55 - 001052632 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.3.909.11573\AdAwareScannerScheduler.dll
2018-02-24 22:55 - 2018-02-24 22:55 - 001195992 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.3.909.11573\AdAwareRealTimeProtection.dll
2018-02-24 22:55 - 2018-02-24 22:55 - 003636696 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.3.909.11573\AdAwareIncompatibles.dll
2018-02-24 22:55 - 2018-02-24 22:55 - 001598424 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.3.909.11573\AdAwareAntiSpam.dll
2018-02-24 22:55 - 2018-02-24 22:55 - 001531352 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.3.909.11573\AdAwareAntiPhishing.dll
2018-02-24 22:55 - 2018-02-24 22:55 - 003574232 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.3.909.11573\AdAwareParentalControl.dll
2018-02-24 22:55 - 2018-02-24 22:55 - 003656152 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.3.909.11573\AdAwareWebProtection.dll
2018-02-24 22:55 - 2018-02-24 22:55 - 001683416 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.3.909.11573\AdAwareEmailProtection.dll
2018-02-24 22:55 - 2018-02-24 22:55 - 000072664 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.3.909.11573\boost_iostreams-vc140-mt-1_65_1.dll
2018-02-24 22:55 - 2018-02-24 22:55 - 001789400 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.3.909.11573\AdAwareNetworkProtection.dll
2018-02-24 22:55 - 2018-02-24 22:55 - 001220568 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.3.909.11573\AdAwarePromo.dll
2018-02-24 22:55 - 2018-02-24 22:55 - 000479192 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.3.909.11573\AdAwareFeedback.dll
2018-02-24 22:55 - 2018-02-24 22:55 - 003230168 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.3.909.11573\AdAwareThreatWorkAlliance.dll
2018-02-24 22:55 - 2018-02-24 22:55 - 000720344 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.3.909.11573\AdAwarePinCode.dll
2018-02-24 22:55 - 2018-02-24 22:55 - 001221592 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.3.909.11573\AdAwareNotice.dll
2018-02-24 22:55 - 2018-02-24 22:55 - 001674200 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.3.909.11573\AdAwareAvcEngine.dll
2018-02-24 22:55 - 2018-02-24 22:55 - 001494488 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.3.909.11573\AdAwareRealTimeProtectionHistory.dll
2018-02-24 22:55 - 2018-02-24 22:55 - 000845272 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.3.909.11573\AdAwareStatistics.dll
2012-09-07 01:41 - 2012-07-30 08:26 - 000029056 _____ () C:\WINDOWS\system32\DptfParticipantProcessorService.exe
2012-09-07 01:41 - 2012-07-30 08:27 - 000030592 _____ () C:\WINDOWS\system32\DptfPolicyConfigTDPService.exe
2010-09-08 11:45 - 2010-09-08 11:45 - 001034752 _____ () C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe
2010-09-08 11:44 - 2010-09-08 11:44 - 000485376 _____ () C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe
2018-04-16 18:34 - 2018-03-12 15:09 - 002300192 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-04-16 18:34 - 2018-03-27 13:47 - 002492704 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2012-08-24 21:26 - 2012-08-24 21:26 - 000031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2018-03-14 11:13 - 2018-02-21 21:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-03-14 11:13 - 2018-02-21 21:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-03-24 08:42 - 2018-03-24 08:43 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-03-24 08:42 - 2018-03-24 08:43 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-03-24 08:42 - 2018-03-24 08:43 - 022050304 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-03-24 08:42 - 2018-03-24 08:43 - 002584576 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\skypert.dll
2018-03-24 08:42 - 2018-03-24 08:43 - 000657408 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-02-24 22:55 - 2018-02-24 22:55 - 004745688 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.3.909.11573\AdAwareTray.exe
2018-02-24 22:55 - 2018-02-24 22:55 - 011753944 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.3.909.11573\rpc_client.dll
2018-03-15 11:31 - 2018-03-15 11:31 - 046139776 _____ () C:\Program Files\Google\Drive\googledrivesync.exe
2018-04-17 15:52 - 2018-04-17 15:52 - 000113152 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI97642\_ctypes.pyd
2018-04-17 15:52 - 2018-04-17 15:52 - 000080896 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI97642\bz2.pyd
2018-04-17 15:52 - 2018-04-17 15:52 - 001585152 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI97642\_hashlib.pyd
2018-04-17 15:52 - 2018-04-17 15:52 - 000128512 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI97642\win32api.pyd
2018-04-17 15:52 - 2018-04-17 15:52 - 000137728 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI97642\pywintypes27.dll
2018-04-17 15:52 - 2018-04-17 15:52 - 000548864 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI97642\pythoncom27.dll
2018-04-17 15:52 - 2018-04-17 15:52 - 000689664 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI97642\unicodedata.pyd
2018-04-17 15:52 - 2018-04-17 15:52 - 000438784 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI97642\win32com.shell.shell.pyd
2018-04-17 15:52 - 2018-04-17 15:52 - 001489408 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI97642\wx._core_.pyd
2018-04-17 15:52 - 2018-04-17 15:52 - 001007104 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI97642\wx._gdi_.pyd
2018-04-17 15:52 - 2018-04-17 15:52 - 001039872 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI97642\wx._windows_.pyd
2018-04-17 15:52 - 2018-04-17 15:52 - 001325056 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI97642\wx._controls_.pyd
2018-04-17 15:52 - 2018-04-17 15:52 - 000916992 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI97642\wx._misc_.pyd
2018-04-17 15:52 - 2018-04-17 15:52 - 001084416 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI97642\pysqlite2._sqlite.pyd
2018-04-17 15:52 - 2018-04-17 15:52 - 000149504 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI97642\win32file.pyd
2018-04-17 15:52 - 2018-04-17 15:52 - 000136192 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI97642\win32security.pyd
2018-04-17 15:52 - 2018-04-17 15:52 - 000007680 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI97642\hashobjs_ext.pyd
2018-04-17 15:52 - 2018-04-17 15:52 - 000020992 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI97642\thumbnails_ext.pyd
2018-04-17 15:52 - 2018-04-17 15:52 - 000118784 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI97642\usb_ext.pyd
2018-04-17 15:52 - 2018-04-17 15:52 - 000047616 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI97642\_socket.pyd
2018-04-17 15:52 - 2018-04-17 15:52 - 002224128 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI97642\_ssl.pyd
2018-04-17 15:52 - 2018-04-17 15:52 - 000014848 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI97642\common.time34.pyd
2018-04-17 15:52 - 2018-04-17 15:52 - 000023040 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI97642\win32event.pyd
2018-04-17 15:52 - 2018-04-17 15:52 - 000033280 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI97642\windows.conditional.pyd
2018-04-17 15:52 - 2018-04-17 15:52 - 000019968 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI97642\windows.winwrap.pyd
2018-04-17 15:52 - 2018-04-17 15:52 - 000107520 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI97642\windows.volumes.pyd
2018-04-17 15:52 - 2018-04-17 15:52 - 000223232 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI97642\win32gui.pyd
2018-04-17 15:52 - 2018-04-17 15:52 - 000173568 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI97642\_elementtree.pyd
2018-04-17 15:52 - 2018-04-17 15:52 - 000169472 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI97642\pyexpat.pyd
2018-04-17 15:52 - 2018-04-17 15:52 - 000048128 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI97642\win32inet.pyd
2018-04-17 15:52 - 2018-04-17 15:52 - 000103424 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI97642\wx._html2.pyd
2018-04-17 15:52 - 2018-04-17 15:52 - 000046080 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI97642\_psutil_windows.pyd
2018-04-17 15:52 - 2018-04-17 15:52 - 000633240 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI97642\windows._cacheinvalidation.pyd
2018-04-17 15:52 - 2018-04-17 15:52 - 005408256 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI97642\cello.pyd
2018-04-17 15:52 - 2018-04-17 15:52 - 000010752 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI97642\select.pyd
2018-04-17 15:52 - 2018-04-17 15:52 - 000011776 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI97642\win32crypt.pyd
2018-04-17 15:52 - 2018-04-17 15:52 - 000301568 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI97642\PIL._imaging.pyd
2018-04-17 15:52 - 2018-04-17 15:52 - 000032256 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI97642\_multiprocessing.pyd
2018-04-17 15:52 - 2018-04-17 15:52 - 000026112 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI97642\_yappi.pyd
2018-04-17 15:52 - 2018-04-17 15:52 - 000044032 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI97642\win32process.pyd
2018-04-17 15:52 - 2018-04-17 15:52 - 000027648 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI97642\win32pipe.pyd
2018-04-17 15:52 - 2018-04-17 15:52 - 000029696 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI97642\win32pdh.pyd
2018-04-17 15:52 - 2018-04-17 15:52 - 000038400 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI97642\windows.connectivity.pyd
2018-04-17 15:52 - 2018-04-17 15:52 - 000071168 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI97642\windows.device_monitor.pyd
2018-04-17 15:52 - 2018-04-17 15:52 - 000020480 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI97642\win32profile.pyd
2018-04-17 15:52 - 2018-04-17 15:52 - 000026624 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI97642\win32ts.pyd
2010-03-05 11:24 - 2010-03-05 11:24 - 000886272 _____ () C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\System.Data.SQLite.dll
2012-08-24 21:17 - 2012-08-24 21:17 - 000009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2013-12-02 04:13 - 2013-12-02 04:13 - 000080160 _____ () C:\Program Files (x86)\Glary Utilities 4\zlib1.dll
2012-09-30 23:52 - 2012-06-25 14:41 - 001198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\adawareantivirusservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\adawareantivirusservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 10:25 - 2013-08-22 10:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3443199759-2312325277-567934048-1001\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-3443199759-2312325277-567934048-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\ameyb_000\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img_1334.jpg
DNS Servers: 192.168.2.1 - 142.166.166.166
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "Install LastPass IE RunOnce.lnk"
HKLM\...\StartupApproved\Run32: => "ASUSWebStorage"
HKU\S-1-5-21-3443199759-2312325277-567934048-1002\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3443199759-2312325277-567934048-1002\...\StartupApproved\Run: => "BitTorrent"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C40E5101-C4F2-450D-B73C-DBA7D6B422DC}] => (Allow) C:\Program Files\KMSnano\qemu-system-i386.exe
FirewallRules: [{7069693A-F631-4C7B-9900-0C5A79CB8001}] => (Allow) C:\Program Files\KMSnano\qemu-system-i386.exe
FirewallRules: [{5361889E-2A05-4D64-8CFB-183C680DC916}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{DBAD6586-C803-48DD-BEC5-313A3E832948}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{A80F2471-42A9-431D-A81D-818AC41F7403}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DD3D2A4F-ADA9-4043-AE35-0D01424BE559}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6FD36A5B-8BE1-4E06-A65D-214132E2AF88}] => (Allow) C:\Users\ameyb_000\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{A1E999EE-1240-4169-BBFD-E1137CF60DDE}] => (Allow) C:\Users\ameyb_000\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [UDP Query User{6ED5ED49-2C80-403C-A75E-D3F25EA25009}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{0C7F1B2E-906C-4910-8184-AF52736F309B}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{F7E77262-790F-4D12-B01D-025B4E77EA52}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{B6B266AD-7070-4310-9D98-7BF81BBE672F}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{EF5E1F7C-86E5-4597-849D-BC3849D3943A}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{D42FCDAC-CD18-4D37-93D4-DDDEACDC2BE2}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{79555305-46E7-4AD5-AC2C-9237256C36EB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{BE1E4C1A-254E-43C1-AF97-DEE4F70E3D06}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{E127B593-FEAC-4C81-B1A0-0A1645F3F946}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{48A7319B-7BC0-4D1F-AC47-F0F5544F2550}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{45E50134-83B6-4757-8B74-E2638E2A65CD}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{26978919-6578-4188-AFB7-06DA69B28FF3}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{7E92A692-380C-49F6-9A0E-7FEEE2B3E21D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{71DD080D-934E-4D26-AE12-2496E8C3B715}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{750E6135-118E-4BF2-9D6B-63D2B15B97C6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{1D943986-9042-4EEB-99B0-48A7C40E7374}] => (Allow) C:\Users\ameyb_000\AppData\Local\yc\Application\yc.exe
FirewallRules: [{5C52EBB8-54B8-4D8C-ACCF-1653281EB130}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{074F4F08-58BD-4BE9-9AE1-F04F81D7320D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

17-04-2018 13:52:52 Windows Update
17-04-2018 13:53:33 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/17/2018 03:54:02 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (04/16/2018 07:13:09 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x8007001f, A device attached to the system is not functioning.
.


Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (04/16/2018 01:13:41 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (04/16/2018 01:38:59 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: MAIN)
Description: Package Microsoft.Windows.Photos_2018.18022.15810.1000_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

Error: (04/15/2018 06:42:48 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Restore Operation). Additional information: 0x80070005.

Error: (04/15/2018 03:09:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.16299.248, time stamp: 0x18ee648b
Faulting module name: sciter64.dll, version: 3.2.0.8, time stamp: 0x551c62e2
Exception code: 0xc0000005
Fault offset: 0x000000000001e179
Faulting process id: 0x1fc0
Faulting application start time: 0x01d3d4e4995fb4bc
Faulting application path: C:\WINDOWS\Explorer.EXE
Faulting module path: C:\Users\ameyb_000\AppData\Local\Kometa\StartButton\1.0.0.474\sciter64.dll
Report Id: 1d38cfe7-1ed2-4a5a-b5e1-1ec69ca2c517
Faulting package full name:
Faulting package-relative application ID:

Error: (04/15/2018 02:48:30 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (April15, 2018). Additional information: 0x80070005.

Error: (04/15/2018 01:47:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.16299.248, time stamp: 0x18ee648b
Faulting module name: sciter64.dll, version: 3.2.0.8, time stamp: 0x551c62e2
Exception code: 0xc0000005
Fault offset: 0x00000000001e023c
Faulting process id: 0x1b84
Faulting application start time: 0x01d3d4d4dac12696
Faulting application path: C:\WINDOWS\Explorer.EXE
Faulting module path: C:\Users\ameyb_000\AppData\Local\Kometa\StartButton\1.0.0.474\sciter64.dll
Report Id: 0c46de50-8f26-4141-8d46-90621dbd3596
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (04/17/2018 04:13:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/17/2018 04:08:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/17/2018 03:59:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/17/2018 03:50:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/17/2018 03:50:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/17/2018 03:50:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/17/2018 03:50:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/17/2018 03:50:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Windows Defender:
===================================
Date: 2018-04-16 12:49:00.217
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Dynamer!ac&threatid=2147684005&enterprise=0
Name: Trojan:Win32/Dynamer!ac
ID: 2147684005
Severity: Severe
Category: Trojan
Path: containerfile:_C:\System Volume Information\SystemRestore\FRStaging\Users\ameyb_000\AppData\Local\FileSystemDriver\FileSystemDriver.exe;file:_C:\System Volume Information\SystemRestore\FRStaging\Users\ameyb_000\AppData\Local\FileSystemDriver\FileSystemDriver.exe->[lowcase_mzpe]
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.265.737.0, AS: 1.265.737.0, NIS: 1.265.737.0
Engine Version: AM: 1.1.14700.5, NIS: 1.1.14700.5

Date: 2018-04-16 12:43:10.697
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/Xeelyak&threatid=238322&enterprise=0
Name: BrowserModifier:Win32/Xeelyak
ID: 238322
Severity: High
Category: Browser Modifier
Path: containerfile:_D:\stick\Virus Recovery\gusetup.exe;file:_D:\stick\Virus Recovery\gusetup.exe->(inno#000000)
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: User
Process Name: Unknown
Signature Version: AV: 1.265.737.0, AS: 1.265.737.0, NIS: 1.265.737.0
Engine Version: AM: 1.1.14700.5, NIS: 1.1.14700.5

Date: 2018-04-16 12:43:10.696
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Ditertag.B&threatid=2147722999&enterprise=0
Name: Trojan:Win32/Ditertag.B
ID: 2147722999
Severity: Severe
Category: Trojan
Path: file:_C:\System Volume Information\SystemRestore\FRStaging\Windows\Microsoft\svchost.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: User
Process Name: Unknown
Signature Version: AV: 1.265.737.0, AS: 1.265.737.0, NIS: 1.265.737.0
Engine Version: AM: 1.1.14700.5, NIS: 1.1.14700.5

Date: 2018-04-16 12:43:10.677
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Dynamer!ac&threatid=2147684005&enterprise=0
Name: Trojan:Win32/Dynamer!ac
ID: 2147684005
Severity: Severe
Category: Trojan
Path: containerfile:_C:\System Volume Information\SystemRestore\FRStaging\Users\ameyb_000\AppData\Local\FileSystemDriver\FileSystemDriver.exe;file:_C:\System Volume Information\SystemRestore\FRStaging\Users\ameyb_000\AppData\Local\FileSystemDriver\FileSystemDriver.exe->[lowcase_mzpe]
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: User
Process Name: Unknown
Signature Version: AV: 1.265.737.0, AS: 1.265.737.0, NIS: 1.265.737.0
Engine Version: AM: 1.1.14700.5, NIS: 1.1.14700.5

Date: 2018-04-16 07:33:24.741
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Ditertag.B&threatid=2147722999&enterprise=0
Name: Trojan:Win32/Ditertag.B
ID: 2147722999
Severity: Severe
Category: Trojan
Path: file:_C:\Windows\Microsoft\svchost.exe;process:_pid:3716,ProcessStart:131683474018364698;service:_SvcHost Service Host
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.265.737.0, AS: 1.265.737.0, NIS: 1.265.737.0
Engine Version: AM: 1.1.14700.5, NIS: 1.1.14700.5

Date: 2018-04-16 14:49:52.973
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.265.759.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14700.5
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2018-04-16 12:06:07.536
Description:
Windows Defender Antivirus has encountered an error trying to upload a suspicious file for further analysis.
Filename: C:\Windows\Temp\94825a54-18a3-428c-b7f1-48b388ae4954\tmp00000135\tmp00003c2a
Sha256:
Current Signature Version: AV: 1.265.737.0, AS: 1.265.737.0
Current Engine Version: 1.1.14700.5
Error code: 0x80508016

Date: 2018-04-16 07:35:25.329
Description:
Windows Defender Antivirus has encountered a critical error when taking action on malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Ditertag.B&threatid=2147722999&enterprise=0
Name: Trojan:Win32/Ditertag.B
ID: 2147722999
Severity: Severe
Category: Trojan
Path: file:_C:\Windows\Microsoft\svchost.exe;process:_pid:3716,ProcessStart:131683474018364698;service:_SvcHost Service Host
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Action: Remove
Action Status:  To finish removing malware and other potentially unwanted software, restart the device.
Error Code: 0x80070005
Error description: Access is denied.
Signature Version: AV: 1.265.737.0, AS: 1.265.737.0, NIS: 1.265.737.0
Engine Version: AM: 1.1.14700.5, NIS: 1.1.14700.5

Date: 2018-04-16 07:33:21.681
Description:
Windows Defender Antivirus has encountered a critical error when taking action on malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Ditertag.B&threatid=2147722999&enterprise=0
Name: Trojan:Win32/Ditertag.B
ID: 2147722999
Severity: Severe
Category: Trojan
Path: file:_C:\Windows\Microsoft\svchost.exe;process:_pid:3716,ProcessStart:131683474018364698;service:_SvcHost Service Host
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: C:\Windows\Microsoft\svchost.exe
Action: Quarantine
Action Status:  No additional actions required
Error Code: 0x80070005
Error description: Access is denied.
Signature Version: AV: 1.265.737.0, AS: 1.265.737.0, NIS: 1.265.737.0
Engine Version: AM: 1.1.14700.5, NIS: 1.1.14700.5

Date: 2018-04-15 16:13:02.559
Description:
Windows Defender Antivirus has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: Current
Error Code: 0x80070002
Error description: The system cannot find the file specified.
Signature version: 0.0.0.0;0.0.0.0
Engine version: 0.0.0.0

CodeIntegrity:
===================================

Date: 2018-04-16 18:34:29.652
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz
Percentage of memory in use: 66%
Total physical RAM: 6029.67 MB
Available physical RAM: 2002.41 MB
Total Virtual: 6989.67 MB
Available Virtual: 2730.89 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:249.11 GB) (Free:155.58 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (DATA) (Fixed) (Total:398.18 GB) (Free:391.94 GB) NTFS
Drive f: (PENDRIVE) (Removable) (Total:7.45 GB) (Free:6.09 GB) FAT32
Drive g: (My Book) (Fixed) (Total:1862.98 GB) (Free:1449.28 GB) NTFS

\\?\Volume{4c37d2ae-6acf-455e-83d1-675c8876cd87}\ () (Fixed) (Total:30 GB) (Free:29.82 GB) NTFS
\\?\Volume{68664a3f-38d7-4fb5-8f2d-8fa2b9bb7209}\ (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.25 GB) FAT32
\\?\Volume{a6548009-af32-4cfc-bc76-17d676f7749c}\ (Recovery) (Fixed) (Total:0.59 GB) (Free:0.21 GB) NTFS
\\?\Volume{477b0333-44bd-41a2-9e2b-30a4dc843492}\ () (Fixed) (Total:0.34 GB) (Free:0.31 GB) NTFS
\\?\Volume{521eee93-109a-467a-80e6-57af0417d5eb}\ (Restore) (Fixed) (Total:20 GB) (Free:8.59 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 4F359092)

Partition: GPT.

========================================================
Disk: 1 (Size: 22.4 GB) (Disk ID: 19FE62D5)

Partition: GPT.

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 00064002)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 7.5 GB) (Disk ID: 0006AC75)
Partition 1: (Active) - (Size=7.5 GB) - (Type=0B)

==================== End of Addition.txt ============================

Link to post
Share on other sites

Thanks for those logs, Uninstall the following:

Adaware

Next,

Did you asterisk out information from the following FRST log entery:

HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe********************************************* [107192 2012-08-24] ()

Next,

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Please download Zemana AntiMalware and save it to your Desktop.
 
  • Install the program and once the installation is complete it will start automatically.
  • Without changing any options, press Scan to begin.
  • After the short scan is finished, if threats are detected press Next to remove them.
    Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please re-boot your computer manually.
     
  • Open Zemana AntiMalware again.
  • Click on user posted image icon and double click the latest report.
  • Now click File > Save As and choose your Desktop before pressing Save.
  • Attach saved report in your next message.


Next,

user posted imageScan with HitmanPro

In any case don't remove on your own anything that Hitman Pro detects! This scanner is really good for checking, it has however been known for deleting files instead of curing them, in some cases this may render the machine unbootable.
Any removals will be done manually after careful analysis of the scan results!

Please download HitmanPro by SurfRight and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
 
  • Right-click on user posted image icon and select user posted imageRun as Administrator to start the tool.
  • If the program won't run please run it while holding down the left CTRL key until it's loaded!
  • Click on the Next button. You must agree with the terms of EULA (if asked).
  • Check the box beside No, I only want to perform a one-time scan to check this computer.
  • Click on the Next button.
  • The program will start to scan the computer. It would only take several minutes.
  • When the scan is done click Next
  • Click on the “Activate free license” button to begin the free 30 days trial, and remove all the malicious files from your computer.
  • Close Hitman Pro


Navigate to C:\ProgramData\HitmanPro\Logs, open the report and include it it your next reply.
 
  • Click on the Next button.
  • Click on the Save Log button.
  • Save that file to your desktop.


Please include that logfile in your next reply.

Don't forget to re-enable your security!

Next,

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror
 
  • Right-click on AdwCleaner.exe and select user posted imageRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


Next,

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

https://www.microsoft.com/en-gb/download/malicious-software-removal-tool-details.aspx


Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and Click Finish when the scan is done.


Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log

The log will include log details for each time MSRT has run, we only need the most recent log by date and time....

Let me see those logs in your reply, also tell me if there are any remaining issues or concerns....

Thank you,

Kevin...

fixlist.txt

Link to post
Share on other sites

Hi Kevin,

I completed the instructions up to reloading and running AdwCleaner. After the "Clean and Restart" I can no longer log into Windows on my sick machine. I get the Asus splash screen, the Windows 10 logo, my account logon screen which runs for an abnormally long time, when I enter my password I get "The handle is invalid" and the machine then reboots all the way back to the Asus splash screen. I had originally said that I felt that the malware had created a new account (generic windows account graphic) and this is the account presented for logon. I selected the original account (with a personal picture) but when I enter my password and enter nothing happens at all. As I am typing this on my laptop the infected laptop is now just rebooting over and over again and all of the requested log files are now locked up on it. To quote Han Solo, "I have a bad feeling about this." 

Link to post
Share on other sites

HI Kevin,

I am back on my sick laptop after using your instructions with my recovery USB stick. THANKS! so, back to where I got interrupted:

I did not asterisk out the "HKLM\......" line

FRST logs from yesterday

Fix result of Farbar Recovery Scan Tool (x64) Version: 15.04.2018
Ran by ameyb_000 (18-04-2018 09:33:42) Run:1
Running from C:\Users\ameyb_000\Desktop
Loaded Profiles: UpdatusUser & ameyb_000 &  (Available Profiles: UpdatusUser & ameyb_000)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-3443199759-2312325277-567934048-1002\...\Run: [BingSvc] => C:\Users\ameyb_000\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-15] (© 2015 Microsoft Corporation)
C:\Users\ameyb_000\AppData\Local\Microsoft\BingSvc
HKU\S-1-5-21-3443199759-2312325277-567934048-1002\...\MountPoints2: {cc06ddff-50db-11e3-824f-806e6f6e6963} - "E:\SETUP.EXE"
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
2018-04-15 13:46 - 2018-04-15 13:46 - 002311864 _____ () C:\Users\ameyb_000\AppData\Local\Temp\52322524.exe
2018-04-15 13:42 - 2018-04-15 13:42 - 061755600 _____ (Kometa LCC) C:\Users\ameyb_000\AppData\Local\Temp\vfOudl38Dmp2.exe
2018-04-15 13:36 - 2018-04-15 13:37 - 002311864 _____ () C:\Users\ameyb_000\AppData\Local\Temp\XhpZQ3BMVIsH.exe
Task: {D33F288D-9793-4C68-836C-F396B6D48487} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Hosts:
EmptyTemp:
CMD: ipconfig /flushDNS
end
*****************

Processes closed successfully.
Restore point was successfully created.
"HKU\S-1-5-21-3443199759-2312325277-567934048-1002\Software\Microsoft\Windows\CurrentVersion\Run\\BingSvc" => removed successfully
C:\Users\ameyb_000\AppData\Local\Microsoft\BingSvc => moved successfully
"HKU\S-1-5-21-3443199759-2312325277-567934048-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cc06ddff-50db-11e3-824f-806e6f6e6963}" => removed successfully
HKLM\Software\Classes\CLSID\{cc06ddff-50db-11e3-824f-806e6f6e6963} => not found
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\system32\GroupPolicy\User => moved successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => removed successfully
C:\Users\ameyb_000\AppData\Local\Temp\52322524.exe => moved successfully
C:\Users\ameyb_000\AppData\Local\Temp\vfOudl38Dmp2.exe => moved successfully
C:\Users\ameyb_000\AppData\Local\Temp\XhpZQ3BMVIsH.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D33F288D-9793-4C68-836C-F396B6D48487}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D33F288D-9793-4C68-836C-F396B6D48487}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= ipconfig /flushDNS =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 108501313 B
Java, Flash, Steam htmlcache => 71739 B
Windows/system/drivers => 1220948 B
Edge => 1971659 B
Chrome => 808415383 B
Firefox => 419190311 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6148 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 10524 B
NetworkService => 881406 B
UpdatusUser => 0 B
ameyb_000 => 195101154 B

RecycleBin => 131583862 B
EmptyTemp: => 1.6 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 10:05:47 ====

 

 

Zemana log from yesterday:

Zemana AntiMalware 2.74.2.150 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2018-4-18
Operating System       : Windows 10 64-bit
Processor              : 4X Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz
BIOS Mode              : UEFI
CUID                   : 125823F15600135CFAB2BC
Scan Type              : System Scan
Duration               : 11m 29s
Scanned Objects        : 130373
Detected Objects       : 10
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : TESTGROUP,0,2

Detected Objects
-------------------------------------------------------

Firefox Search
Status             : Scanned
Object             : Mail.Ru - http://suggests.go.mail.ru
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Firefox Search

Firefox Search
Status             : Scanned
Object             : Mail.Ru - http://inline.go.mail.ru
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Firefox Search

Firefox Search
Status             : Scanned
Object             : @Mail.Ru - http://go.mail.ru
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Firefox Search

Firefox Search
Status             : Scanned
Object             : @Mail.Ru - http://suggests.go.mail.ru
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Firefox Search

Firefox Search
Status             : Scanned
Object             : Fast Browser Search - http://fastbrowsersearch.com
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Firefox Search

{20a82645-c095-46ed-80e3-08825760534b}
Status             : Scanned
Object             : %appdata%\mozilla\firefox\profiles\8gbp1fo5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : PUA.FirefoxExt!Gr
Cleaning Action    : Repair
Related Objects    :
                Browser Extension - {20a82645-c095-46ed-80e3-08825760534b}

TechUtilities_setup.exe
Status             : Scanned
Object             : %userprofile%\downloads\techutilities_setup.exe
MD5                : 5154C759F911322513ADB5D7C93F8265
Publisher          : Seven Servos Software Private Limited
Size               : 2288624
Version            : 1.1.1.7
Detection          : Adware:Win32/AutoBulk.4e4095!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\techutilities_setup.exe

background.js
Status             : Scanned
Object             : NE->c:\users\ameyb_000\appdata\local\google\chrome\user data\default\extensions\jnoejnlbkbnckikbkmnpippafneemknp\4.5.314_0\background.js
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Adware:JS/ExtensionHijack.CHR.B!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)

agdata
Status             : Scanned
Object             : NE->c:\users\ameyb_000\appdata\roaming\agdata
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Adware:Win32/Anonymizer.D!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)

{e2e96305-caa0-44d8-933e-a5e86ce8be45}
Status             : Scanned
Object             : NE->c:\windows\system32\tasks\{e2e96305-caa0-44d8-933e-a5e86ce8be45}
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Adware:Win32/CHR.TASKSCHD.GEN.A!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)


Cleaning Result
-------------------------------------------------------
Cleaned               : 10
Reported as safe      : 0
Failed                : 0

 

HitmanPro log

HitmanPro 3.8.0.292
www.hitmanpro.com
	   Computer name . . . . : MAIN
   Windows . . . . . . . : 10.0.0.16299.X64/4
   User name . . . . . . : MAIN\ameyb_000
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (31 days left)
	   Scan date . . . . . . : 2018-04-18 10:49:28
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 9m 17s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
	   Threats . . . . . . . : 1
   Traces  . . . . . . . : 31
	   Objects scanned . . . : 2,141,941
   Files scanned . . . . : 66,179
   Remnants scanned  . . : 531,696 files / 1,544,066 keys
	Suspicious files ____________________________________________________________
	   C:\Users\ameyb_000\Desktop\FRST64.exe
      Size . . . . . . . : 2,403,328 bytes
      Age  . . . . . . . : 0.6 days (2018-04-17 19:26:00)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 5CC6A0921F97266F7F846B99E89332A7CE18A6A0B6E4AD929C9942B218035261
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
	   C:\WINDOWS\system32\drivers\mbae64.sys
      Size . . . . . . . : 76,192 bytes
      Age  . . . . . . . : 1.7 days (2018-04-16 18:34:04)
      Entropy  . . . . . : 6.4
      SHA-256  . . . . . : 6A5CAA0819BA177A510F9DEEB94BE5BC699C088769781FB512D7327FF700DBD1
      RSA Key Size . . . : 2048
      Service  . . . . . : ESProtectionDriver
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 26.0
         The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program starts automatically without user intervention.
         Time indicates that the file appeared recently on this computer.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         Starts automatically as a service during system bootup.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.
      Startup
         HKLM\SYSTEM\ControlSet001\Services\ESProtectionDriver\
      Forensic Cluster
         -7.6s C:\Windows\Prefetch\MB3-SETUP-CONSUMER-3.4.5.2467-07AF2751.pf
         -6.4s C:\Program Files\Malwarebytes\
         -6.4s C:\Program Files\Malwarebytes\Anti-Malware\
         -6.4s C:\ProgramData\Malwarebytes\MBAMService\logs\
         -6.4s C:\ProgramData\Malwarebytes\MBAMService\
         -6.4s C:\ProgramData\Malwarebytes\MBAMService\config\
         -6.4s C:\Program Files\Malwarebytes\Anti-Malware\unins000.dat
         -6.4s C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe
         -6.4s C:\Program Files\Malwarebytes\Anti-Malware\changes.txt
         -6.3s C:\Program Files\Malwarebytes\Anti-Malware\suhlpr.dll
         -6.2s C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
         -5.8s C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
         -5.7s C:\Program Files\Malwarebytes\Anti-Malware\assistant.exe
         -5.7s C:\Program Files\Malwarebytes\Anti-Malware\malwarebytes_assistant.exe
         -5.7s C:\Program Files\Malwarebytes\Anti-Malware\mbamwow.exe
         -5.7s C:\Program Files\Malwarebytes\Anti-Malware\mbshlext_proto
         -5.5s C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
         -5.3s C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
         -5.1s C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
         -5.0s C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
         -4.8s C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
         -4.7s C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
         -4.7s C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
         -4.5s C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
         -4.5s C:\Program Files\Malwarebytes\Anti-Malware\QtWinExtras\
         -4.5s C:\Program Files\Malwarebytes\Anti-Malware\QtWinExtras\JumpListDestination.qml
         -4.5s C:\Program Files\Malwarebytes\Anti-Malware\QtWinExtras\JumpListLink.qml
         -4.5s C:\Program Files\Malwarebytes\Anti-Malware\QtWinExtras\JumpListSeparator.qml
         -4.5s C:\Program Files\Malwarebytes\Anti-Malware\QtWinExtras\plugins.qmltypes
         -4.5s C:\Program Files\Malwarebytes\Anti-Malware\QtWinExtras\qmldir
         -4.5s C:\Program Files\Malwarebytes\Anti-Malware\QtWinExtras\qml_winextras.dll
         -4.5s C:\Program Files\Malwarebytes\Anti-Malware\msvcp120.dll
         -4.4s C:\Program Files\Malwarebytes\Anti-Malware\msvcr120.dll
         -4.4s C:\Program Files\Malwarebytes\Anti-Malware\iconengines\
         -4.4s C:\Program Files\Malwarebytes\Anti-Malware\iconengines\qsvgicon.dll
         -4.4s C:\Program Files\Malwarebytes\Anti-Malware\imageformats\
         -4.4s C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qgif.dll
         -4.4s C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qicns.dll
         -4.4s C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
         -4.4s C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qjpeg.dll
         -4.3s C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
         -4.3s C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qtga.dll
         -4.3s C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qtiff.dll
         -4.3s C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qwbmp.dll
         -4.3s C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qwebp.dll
         -4.3s C:\Program Files\Malwarebytes\Anti-Malware\platforms\
         -4.3s C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
         -4.2s C:\Program Files\Malwarebytes\Anti-Malware\scenegraph\
         -4.2s C:\Program Files\Malwarebytes\Anti-Malware\scenegraph\softwarecontext.dll
         -4.2s C:\Program Files\Malwarebytes\Anti-Malware\Qt\
         -4.2s C:\Program Files\Malwarebytes\Anti-Malware\Qt\labs\folderlistmodel\
         -4.2s C:\Program Files\Malwarebytes\Anti-Malware\Qt\labs\
         -4.2s C:\Program Files\Malwarebytes\Anti-Malware\Qt\labs\folderlistmodel\plugins.qmltypes
         -4.2s C:\Program Files\Malwarebytes\Anti-Malware\Qt\labs\folderlistmodel\qmldir
         -4.2s C:\Program Files\Malwarebytes\Anti-Malware\Qt\labs\folderlistmodel\qmlfolderlistmodelplugin.dll
         -4.2s C:\Program Files\Malwarebytes\Anti-Malware\Qt\labs\settings\
         -4.2s C:\Program Files\Malwarebytes\Anti-Malware\Qt\labs\settings\plugins.qmltypes
         -4.2s C:\Program Files\Malwarebytes\Anti-Malware\Qt\labs\settings\qmldir
         -4.2s C:\Program Files\Malwarebytes\Anti-Malware\Qt\labs\settings\qmlsettingsplugin.dll
         -4.2s C:\Program Files\Malwarebytes\Anti-Malware\QtQml\
         -4.2s C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\
         -4.2s C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
         -4.2s C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\plugins.qmltypes
         -4.2s C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\qmldir
         -4.2s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\
         -4.2s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\
         -4.2s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\plugins.qmltypes
         -4.2s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qmldir
         -4.2s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
         -4.1s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\
         -4.1s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\qmldir
         -4.1s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Flat\
         -4.1s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Flat\qmldir
         -4.1s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Flat\qtquickextrasflatplugin.dll
         -4.1s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\
         -4.1s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
         -4.1s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\plugins.qmltypes
         -4.1s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\qmldir
         -4.1s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\Private\
         -4.1s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\Private\dialogsprivateplugin.dll
         -4.1s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\Private\plugins.qmltypes
         -4.0s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\Private\qmldir
         -4.0s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Extras\
         -4.0s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Extras\plugins.qmltypes
         -4.0s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Extras\qmldir
         -4.0s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Extras\qtquickextrasplugin.dll
         -4.0s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\
         -4.0s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\plugins.qmltypes
         -4.0s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qmldir
         -4.0s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
         -4.0s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\
         -4.0s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\plugins.qmltypes
         -4.0s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\qmldir
         -4.0s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll
         -4.0s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\
         -4.0s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\plugins.qmltypes
         -4.0s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\qmldir
         -4.0s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
         -4.0s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\
         -4.0s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\plugins.qmltypes
         -4.0s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qmldir
         -4.0s C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
         -4.0s C:\Program Files\Malwarebytes\Anti-Malware\Languages\
         -4.0s C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_en_GB.qm
         -4.0s C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_en_US.qm
         -4.0s C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_de.qm
         -3.9s C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_fr.qm
         -3.9s C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_it.qm
         -3.9s C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_nl.qm
         -3.9s C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_pl.qm
         -3.9s C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_pt_BR.qm
         -3.9s C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_pt_PT.qm
         -3.9s C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_ru.qm
         -3.9s C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_es.qm
         -3.9s C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_sv.qm
         -3.9s C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_da.qm
         -3.9s C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_no.qm
         -3.8s C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_fi.qm
         -3.8s C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_ja.qm
         -3.8s C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_hu.qm
         -3.8s C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_cs.qm
         -3.8s C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_zh_TW.qm
         -3.8s C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_ko.qm
         -3.8s C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_ro.qm
         -3.8s C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_hr.qm
         -3.8s C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_sl.qm
         -3.8s C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_sk.qm
         -3.8s C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_bg.qm
         -3.8s C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe
         -3.6s C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
         -3.3s C:\Program Files\Malwarebytes\Anti-Malware\ArwControllerImpl.dll
         -2.5s C:\Program Files\Malwarebytes\Anti-Malware\CleanControllerImpl.dll
         -2.3s C:\Program Files\Malwarebytes\Anti-Malware\CloudControllerImpl.dll
         -2.2s C:\Program Files\Malwarebytes\Anti-Malware\LicenseControllerImpl.dll
         -2.2s C:\Program Files\Malwarebytes\Anti-Malware\MWACControllerImpl.dll
         -2.1s C:\Program Files\Malwarebytes\Anti-Malware\PoliciesControllerImpl.dll
         -2.0s C:\Program Files\Malwarebytes\Anti-Malware\RTPControllerImpl.dll
         -1.9s C:\Program Files\Malwarebytes\Anti-Malware\ScanControllerImpl.dll
         -1.8s C:\Program Files\Malwarebytes\Anti-Malware\TelemetryControllerImpl.dll
         -1.7s C:\Program Files\Malwarebytes\Anti-Malware\AEControllerImpl.dll
         -1.6s C:\Program Files\Malwarebytes\Anti-Malware\UpdateControllerImpl.dll
         -1.5s C:\Program Files\Malwarebytes\Anti-Malware\SPControllerImpl.dll
         -1.4s C:\Program Files\Malwarebytes\Anti-Malware\Actions.dll
         -0.6s C:\Program Files\Malwarebytes\Anti-Malware\ActionsShim.dll
         -0.5s C:\Program Files\Malwarebytes\Anti-Malware\BrowserSDKDLL.dll
         -0.2s C:\Program Files\Malwarebytes\Anti-Malware\BrowserSDKDLLShim.dll
         -0.1s C:\Program Files\Malwarebytes\Anti-Malware\AeShim.dll
         -0.1s C:\Program Files\Malwarebytes\Anti-Malware\mbae64.dll
          0.0s C:\Windows\System32\drivers\mbae64.sys
          0.0s C:\Program Files\Malwarebytes\Anti-Malware\mbae-api-na.dll
          0.1s C:\Program Files\Malwarebytes\Anti-Malware\ArwSdkShim.dll
          0.1s C:\Program Files\Malwarebytes\Anti-Malware\arwlib.dll
          0.2s C:\Program Files\Malwarebytes\Anti-Malware\MBAMShim.dll
          0.3s C:\Program Files\Malwarebytes\Anti-Malware\MBAMCore.dll
          0.4s C:\Program Files\Malwarebytes\Anti-Malware\MwacSdkShim.dll
          0.5s C:\Program Files\Malwarebytes\Anti-Malware\MwacLib.dll
          0.6s C:\Program Files\Malwarebytes\Anti-Malware\SwissarmyShim.dll
          0.6s C:\Program Files\Malwarebytes\Anti-Malware\Swissarmy.dll
          0.7s C:\Program Files\Malwarebytes\Anti-Malware\RtpShim.dll
          0.7s C:\Program Files\Malwarebytes\Anti-Malware\rtp.dll
          0.8s C:\Program Files\Malwarebytes\Anti-Malware\SelfProtectionShim.dll
          0.8s C:\Program Files\Malwarebytes\Anti-Malware\SelfProtectionSdk.dll
          0.9s C:\Program Files\Malwarebytes\Anti-Malware\MbamPt.exe
          0.9s C:\Program Files\Malwarebytes\Anti-Malware\mbae.dll
          4.7s C:\Program Files\Malwarebytes\Anti-Malware\7z.dll
          4.9s C:\Program Files\Malwarebytes\Anti-Malware\libeay32.dll
          5.0s C:\Program Files\Malwarebytes\Anti-Malware\ssleay32.dll
          5.1s C:\Program Files\Malwarebytes\Anti-Malware\zlib.dll
          5.3s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\
          6.1s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Malwarebytes.lnk
          6.4s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Uninstall Malwarebytes.lnk
          7.0s C:\Users\Public\Desktop\Malwarebytes.lnk
          7.0s C:\Program Files\Malwarebytes\Anti-Malware\unins000.msg
          8.2s C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json
          8.4s C:\ProgramData\Malwarebytes\MBAMService\exclusions.txt
          8.4s C:\ProgramData\Malwarebytes\MBAMService\dynconfig.dat
          8.4s C:\ProgramData\Malwarebytes\MBAMService\dbmanifest.dat
          8.4s C:\ProgramData\Malwarebytes\MBAMService\mbdigsig.dat
          8.4s C:\ProgramData\Malwarebytes\MBAMService\dbmanifest2.dat
          8.5s C:\ProgramData\Malwarebytes\MBAMService\mbdigsig2.dat
          8.5s C:\ProgramData\Malwarebytes\MBAMService\logs\MBAMSERVICE.LOG
          8.7s C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json
          8.9s C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll
          9.2s C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
          9.4s C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
         11.5s C:\ProgramData\Malwarebytes\MBAMService\lkg_db\
         11.5s C:\ProgramData\Malwarebytes\MBAMService\lkg_db\prot.mbdb
         11.5s C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rdefs.mbdb
         11.5s C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rules.mbdb
         11.5s C:\ProgramData\Malwarebytes\MBAMService\lkg_db\scan.mbdb
         11.6s C:\ProgramData\Malwarebytes\MBAMService\lkg_db\tids.mbdb
         11.6s C:\ProgramData\Malwarebytes\MBAMService\lkg_db\wprot.mbdb
         11.6s C:\ProgramData\Malwarebytes\MBAMService\lkg_db\wprot2.mbdb
         11.6s C:\ProgramData\Malwarebytes\MBAMService\lkg_db\clean.mbdb
         11.7s C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Actions.dll
         11.9s C:\ProgramData\Malwarebytes\MBAMService\lkg_db\MBAMCore.dll
         12.0s C:\ProgramData\Malwarebytes\MBAMService\lkg_db\BrowserSDKDLL.dll
         12.0s C:\ProgramData\Malwarebytes\MBAMService\lkg_db\exclusions.txt
         12.0s C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dynconfig.dat
         12.0s C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dbmanifest.dat
         12.0s C:\ProgramData\Malwarebytes\MBAMService\lkg_db\mbdigsig.dat
         12.0s C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dbmanifest2.dat
         12.0s C:\ProgramData\Malwarebytes\MBAMService\lkg_db\mbdigsig2.dat
         12.4s C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
         12.7s C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
         12.7s C:\ProgramData\Malwarebytes\MBAMService\config\telemetry.json
         13.0s C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json
         13.1s C:\ProgramData\Malwarebytes\MBAMService\ScanResults\
         13.1s C:\ProgramData\Malwarebytes\MBAMService\ArwDetections\
         13.1s C:\ProgramData\Malwarebytes\MBAMService\RtpDetections\
         13.1s C:\ProgramData\Malwarebytes\MBAMService\AeDetections\
         13.1s C:\ProgramData\Malwarebytes\MBAMService\MwacDetections\
         13.5s C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
         14.9s C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json
         15.2s C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json
         15.5s C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json
         15.8s C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
         17.4s C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json
         19.0s C:\Users\ameyb_000\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\TempState\PeopleUnifiedTileModelCache.dat
         19.8s C:\Users\ameyb_000\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_C9FB72B5AE80778A08024D8B0FDECC6F
         19.8s C:\Users\ameyb_000\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_C9FB72B5AE80778A08024D8B0FDECC6F
         21.5s C:\ProgramData\Malwarebytes\MBAMService\ARW\
         21.7s C:\Users\ameyb_000\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\TempState\relevantContactsCache\
         21.7s C:\Users\ameyb_000\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\TempState\relevantContactsCache\O365_None_default.txt
         23.7s C:\ProgramData\Malwarebytes\MBAMService\logs\mbae-default.log
         25.5s C:\ProgramData\Malwarebytes\MBAMService\logs\mbae-protector.xpe
         27.6s C:\ProgramData\Malwarebytes\MBAMService\config\MbamClientConfig.json
         28.2s C:\Windows\appcompat\Programs\Install\INSTALL_0001_2a99bec6-d46c-435b-aad4-e00f958f7171.txt
         41.1s C:\ProgramData\Malwarebytes\MBAMService\ctlrpkg\
         42.2s C:\ProgramData\Malwarebytes\MBAMService\dbupdate.log
	
Malware remnants ____________________________________________________________
	   HKLM\SOFTWARE\Classes\m\ (MySearchDial) -> Deleted
	Cookies _____________________________________________________________________
	   C:\Users\ameyb_000\AppData\Roaming\Mozilla\Firefox\Profiles\8gbp1fo5.default\cookies.sqlite:abmr.net
   C:\Users\ameyb_000\AppData\Roaming\Mozilla\Firefox\Profiles\8gbp1fo5.default\cookies.sqlite:addthis.com
   C:\Users\ameyb_000\AppData\Roaming\Mozilla\Firefox\Profiles\8gbp1fo5.default\cookies.sqlite:adnxs.com
   C:\Users\ameyb_000\AppData\Roaming\Mozilla\Firefox\Profiles\8gbp1fo5.default\cookies.sqlite:adsrvr.org
   C:\Users\ameyb_000\AppData\Roaming\Mozilla\Firefox\Profiles\8gbp1fo5.default\cookies.sqlite:adtechus.com
   C:\Users\ameyb_000\AppData\Roaming\Mozilla\Firefox\Profiles\8gbp1fo5.default\cookies.sqlite:agkn.com
   C:\Users\ameyb_000\AppData\Roaming\Mozilla\Firefox\Profiles\8gbp1fo5.default\cookies.sqlite:bidr.io
   C:\Users\ameyb_000\AppData\Roaming\Mozilla\Firefox\Profiles\8gbp1fo5.default\cookies.sqlite:bluekai.com
   C:\Users\ameyb_000\AppData\Roaming\Mozilla\Firefox\Profiles\8gbp1fo5.default\cookies.sqlite:crwdcntrl.net
   C:\Users\ameyb_000\AppData\Roaming\Mozilla\Firefox\Profiles\8gbp1fo5.default\cookies.sqlite:demdex.net
   C:\Users\ameyb_000\AppData\Roaming\Mozilla\Firefox\Profiles\8gbp1fo5.default\cookies.sqlite:dpm.demdex.net
   C:\Users\ameyb_000\AppData\Roaming\Mozilla\Firefox\Profiles\8gbp1fo5.default\cookies.sqlite:everesttech.net
   C:\Users\ameyb_000\AppData\Roaming\Mozilla\Firefox\Profiles\8gbp1fo5.default\cookies.sqlite:flashtalking.com
   C:\Users\ameyb_000\AppData\Roaming\Mozilla\Firefox\Profiles\8gbp1fo5.default\cookies.sqlite:mathtag.com
   C:\Users\ameyb_000\AppData\Roaming\Mozilla\Firefox\Profiles\8gbp1fo5.default\cookies.sqlite:media6degrees.com
   C:\Users\ameyb_000\AppData\Roaming\Mozilla\Firefox\Profiles\8gbp1fo5.default\cookies.sqlite:ml314.com
   C:\Users\ameyb_000\AppData\Roaming\Mozilla\Firefox\Profiles\8gbp1fo5.default\cookies.sqlite:mookie1.com
   C:\Users\ameyb_000\AppData\Roaming\Mozilla\Firefox\Profiles\8gbp1fo5.default\cookies.sqlite:openx.net
   C:\Users\ameyb_000\AppData\Roaming\Mozilla\Firefox\Profiles\8gbp1fo5.default\cookies.sqlite:pixel.rubiconproject.com
   C:\Users\ameyb_000\AppData\Roaming\Mozilla\Firefox\Profiles\8gbp1fo5.default\cookies.sqlite:rfihub.com
   C:\Users\ameyb_000\AppData\Roaming\Mozilla\Firefox\Profiles\8gbp1fo5.default\cookies.sqlite:rlcdn.com
   C:\Users\ameyb_000\AppData\Roaming\Mozilla\Firefox\Profiles\8gbp1fo5.default\cookies.sqlite:rubiconproject.com
   C:\Users\ameyb_000\AppData\Roaming\Mozilla\Firefox\Profiles\8gbp1fo5.default\cookies.sqlite:scorecardresearch.com
   C:\Users\ameyb_000\AppData\Roaming\Mozilla\Firefox\Profiles\8gbp1fo5.default\cookies.sqlite:simpli.fi
   C:\Users\ameyb_000\AppData\Roaming\Mozilla\Firefox\Profiles\8gbp1fo5.default\cookies.sqlite:sitescout.com
   C:\Users\ameyb_000\AppData\Roaming\Mozilla\Firefox\Profiles\8gbp1fo5.default\cookies.sqlite:skimresources.com
   C:\Users\ameyb_000\AppData\Roaming\Mozilla\Firefox\Profiles\8gbp1fo5.default\cookies.sqlite:turn.com

It was the next step, reloading AdwCleaner and running it that I enountered the booting issues.

 

Here is the log from FARBAR run today to allow logon again.

Fix result of Farbar Recovery Scan Tool (x64) Version: 15.04.2018
Ran by SYSTEM (19-04-2018 16:10:09) Run:2
Running from H:\
Boot Mode: Recovery
==============================================

fixlist content:
*****************
start
LastRegBack: 2018-04-08 13:46
end
*****************

DEFAULT => copied successfully to System32\config\HiveBackup
DEFAULT => restored successfully from registry back up
SAM => copied successfully to System32\config\HiveBackup
SAM => restored successfully from registry back up
SECURITY => copied successfully to System32\config\HiveBackup
SECURITY => restored successfully from registry back up
SOFTWARE => copied successfully to System32\config\HiveBackup
SOFTWARE => restored successfully from registry back up
SYSTEM => copied successfully to System32\config\HiveBackup
SYSTEM => restored successfully from registry back up

==== End of Fixlog 16:10:18 ====

 

Now I'm not sure if you want me to run AdwCleaner and continue with the rest of the original instructions.

Thanks

Link to post
Share on other sites

I think it is still there. The logon screen was a bit different with two accounts, one with the generic microsoft windows account graphic but the other account which had a personal picture and I think was my original account now has no picture. I used the no picture account to log in.

Link to post
Share on other sites

Hello caper0831,

Thanks for the update, can you removed the extra account..? Instructions with six different options at the following link:

https://www.tenforums.com/tutorials/5464-delete-user-account-windows-10-a.html

Next,

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt"


Thanks,

Kevin

 

Link to post
Share on other sites

Hi Kevin,

When I logon to Windows I get my user name and a message "The user name or password is incorrect" and an "OK" button. (Previous to all of this trouble I signed in without any password). When I click the OK button I see two user picks in the lower left of the screen both with the same user name; the first has no graphic and when I select it I have to enter my password, if I pick the second account with a generic microsoft graphic I am prompted for both user ID and password. I have been logging on with the first selection of password only and when I go to the account management areas I only see evidence of my ID as administrator. Maybe there is only one account and what I'm seeing on the logon screen is some kind of remnant. 

Several other odd things have happened - if I click on the Start icon nothing happens however I can right click on it and I get the expected menu for various actions; the Action Center icon shows 1 new notification but it won't open either; my Windows Defender icon in the taskbar shows a green check but when I try to open it I get an error message in a box titled "This App Can't Open".

Here are the log files you requested

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19.04.2018
Ran by ameyb_000 (administrator) on MAIN (20-04-2018 10:30:46)
Running from C:\Users\ameyb_000\Desktop
Loaded Profiles: UpdatusUser & ameyb_000 (Available Profiles: UpdatusUser & ameyb_000)
Platform: Windows 10 Home Version 1709 16299.309 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
() C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
() C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.14.17613.18039-0\MsMpEng.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
() C:\Program Files\Google\Drive\googledrivesync.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 4\Integrator.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.14.17613.18039-0\NisSrv.exe
() C:\Program Files\Google\Drive\googledrivesync.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191312 2012-08-07] (Realtek Semiconductor)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe********************************************* [107192 2012-08-24] ()
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1795728 2015-08-23] (NVIDIA Corporation)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-27] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [BCSSync] => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
HKU\S-1-5-21-3443199759-2312325277-567934048-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
HKU\S-1-5-21-3443199759-2312325277-567934048-1002\...\Run: [BitTorrent] => C:\Users\ameyb_000\AppData\Roaming\BitTorrent\BitTorrent.exe [1388888 2014-11-26] (BitTorrent Inc.)
HKU\S-1-5-21-3443199759-2312325277-567934048-1002\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [46139776 2018-03-15] ()
HKU\S-1-5-21-3443199759-2312325277-567934048-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27784672 2017-06-27] (Skype Technologies S.A.)
HKU\S-1-5-21-3443199759-2312325277-567934048-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [36864 2017-09-29] (Microsoft Corporation)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\MICROS~1\Office14\GROOVEEX.DLL -> No File
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\MICROS~1\Office14\GROOVEEX.DLL -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2016-03-25]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2016-03-25]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk [2016-03-25]
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 142.166.166.166
Tcpip\..\Interfaces\{97525bfe-4f82-4331-b242-a00e1d69e78c}: [DhcpNameServer] 192.168.2.1 142.166.166.166

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-3443199759-2312325277-567934048-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-3443199759-2312325277-567934048-1002 -> DefaultScope {A06ED961-D98F-4CF9-A89B-80AB11DB149C} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\MICROS~1\Office14\GROOVEEX.DLL => No File
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-05-30] (LastPass)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\MICROS~1\Office14\URLREDIR.DLL => No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\MICROS~1\Office14\GROOVEEX.DLL => No File
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-05-30] (LastPass)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL => No File
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-05-30] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-05-30] (LastPass)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-06-01] (Skype Technologies)
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL No File

FireFox:
========
FF ProfilePath: C:\Users\ameyb_000\AppData\Roaming\Mozilla\Firefox\Profiles\8gbp1fo5.default [2018-04-20]
FF Homepage: Mozilla\Firefox\Profiles\8gbp1fo5.default -> hxxp://www.google.ca/
FF Extension: (F.B Purity - Cleans up Facebook (WX)) - C:\Users\ameyb_000\AppData\Roaming\Mozilla\Firefox\Profiles\8gbp1fo5.default\Extensions\fbpElectroWebExt@fbpurity.com.xpi [2018-03-09]
FF Extension: (LastPass: Free Password Manager) - C:\Users\ameyb_000\AppData\Roaming\Mozilla\Firefox\Profiles\8gbp1fo5.default\Extensions\support@lastpass.com.xpi [2018-04-14]
FF SearchPlugin: C:\Users\ameyb_000\AppData\Roaming\Mozilla\Firefox\Profiles\8gbp1fo5.default\searchplugins\bing-.xml [2015-11-15]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_29_0_0_113.dll [No File]
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2014-05-30] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\MICROS~1\Office14\NPAUTHZ.DLL [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_113.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll [2014-05-30] (LastPass)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files (x86)\MICROS~1\Office14\NPAUTHZ.DLL [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\MICROS~1\Office14\NPSPWRAP.DLL [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3443199759-2312325277-567934048-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\ameyb_000\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2017-05-18] (Unity Technologies ApS)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> msn.com
CHR StartupUrls: Default -> "hxxp://www.google.ca/"
CHR Profile: C:\Users\ameyb_000\AppData\Local\Google\Chrome\User Data\Default [2018-04-20]
CHR Extension: (Google Drive) - C:\Users\ameyb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-08]
CHR Extension: (Adobe Acrobat) - C:\Users\ameyb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-10-01]
CHR Extension: (Google Docs Offline) - C:\Users\ameyb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-25]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\ameyb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2018-04-15]
CHR Extension: (Skype) - C:\Users\ameyb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-11]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\ameyb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-11-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ameyb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-07]
CHR Extension: (Chrome Media Router) - C:\Users\ameyb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-24]
CHR HKU\S-1-5-21-3443199759-2312325277-567934048-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\ameyb_000\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-11-07]
CHR HKU\S-1-5-21-3443199759-2312325277-567934048-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3443199759-2312325277-567934048-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 DptfParticipantProcessorService; C:\WINDOWS\system32\DptfParticipantProcessorService.exe [29056 2012-07-30] ()
R2 DptfPolicyConfigTDPService; C:\WINDOWS\system32\DptfPolicyConfigTDPService.exe [30592 2012-07-30] ()
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [24888 2015-07-26] (Hewlett-Packard Company)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-30] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [3894760 2017-10-19] (Paramount Software UK Ltd)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [288256 2010-09-08] (WDC) [File not signed]
R2 WDFME; C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe [1034752 2010-09-08] () [File not signed]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17613.18039-0\NisSrv.exe [4633248 2018-04-12] (Microsoft Corporation)
S2 WDSC; C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe [485376 2010-09-08] () [File not signed]
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17613.18039-0\MsMpEng.exe [104680 2018-04-12] (Microsoft Corporation)
S2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
S3 Microsoft SharePoint Workspace Audit Service; "C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE" /auditservice [X]
S3 osppsvc; "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R0 BootDefragDriver; C:\WINDOWS\System32\drivers\BootDefragDriver.sys [17088 2013-12-02] (Glarysoft Ltd)
R3 dlcdcncm; C:\WINDOWS\System32\drivers\dlcdcncm62_x64.sys [92400 2017-05-29] (DisplayLink Corp.)
R3 dlusbaudio; C:\WINDOWS\system32\DRIVERS\dlusbaudio_x64.sys [238320 2017-05-29] (DisplayLink Corp.)
R3 DptfDevDram; C:\WINDOWS\system32\DRIVERS\DptfDevDram.sys [107328 2012-07-13] (Intel Corporation)
R3 DptfDevFan; C:\WINDOWS\system32\DRIVERS\DptfDevFan.sys [42816 2012-07-13] (Intel Corporation)
R3 DptfDevGen; C:\WINDOWS\system32\DRIVERS\DptfDevGen.sys [64832 2012-07-13] (Intel Corporation)
R3 DptfDevPch; C:\WINDOWS\system32\DRIVERS\DptfDevPch.sys [96064 2012-07-13] (Intel Corporation)
R3 DptfDevProc; C:\WINDOWS\system32\DRIVERS\DptfDevProc.sys [228672 2012-07-13] (Intel Corporation)
R3 DptfManager; C:\WINDOWS\system32\DRIVERS\DptfManager.sys [361792 2012-07-13] (Intel Corporation)
R1 excfs; C:\WINDOWS\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)
R0 excsd; C:\WINDOWS\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)
R3 irstrtdv; C:\WINDOWS\System32\drivers\irstrtdv.sys [43800 2012-07-30] (Intel Corporation)
R3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvlddmkm.sys [13754936 2016-09-12] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek )
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-04-12] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [311848 2018-04-12] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60456 2018-04-12] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2018-04-18] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2018-04-18] (Zemana Ltd.)
S1 MpKsld31a0fdc; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6D8AFD82-E66A-4EEC-B432-1927444A8835}\MpKsld31a0fdc.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-20 10:30 - 2018-04-20 10:31 - 000020384 _____ C:\Users\ameyb_000\Desktop\FRST.txt
2018-04-20 10:30 - 2018-04-20 10:30 - 000000000 ____D C:\Users\ameyb_000\Desktop\FRST-OlderVersion
2018-04-19 21:10 - 2018-04-19 21:10 - 000000000 ____D C:\WINDOWS\system32\config\HiveBackup
2018-04-19 21:01 - 2018-04-19 21:01 - 000001219 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2018-04-19 21:01 - 2018-04-19 21:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2018-04-19 16:47 - 2018-04-19 16:47 - 000000322 _____ C:\Users\ameyb_000\Desktop\Jenn's Blog (2).URL
2018-04-18 11:11 - 2018-04-18 11:11 - 000003182 _____ C:\WINDOWS\System32\Tasks\AdwCleaner_onReboot
2018-04-18 11:06 - 2018-04-18 11:08 - 007256272 _____ (Malwarebytes) C:\Users\ameyb_000\Desktop\adwcleaner_7.1.0.0.exe
2018-04-18 10:49 - 2018-04-18 10:49 - 000055232 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2018-04-18 10:39 - 2018-04-18 11:05 - 000000000 ____D C:\ProgramData\HitmanPro
2018-04-18 10:38 - 2018-04-18 10:38 - 011605440 _____ (SurfRight B.V.) C:\Users\ameyb_000\Desktop\HitmanPro_x64.exe
2018-04-18 10:36 - 2018-04-18 10:36 - 000004857 _____ C:\Users\ameyb_000\Desktop\2018.04.18-10.15.32-i0-t92-d10.txt
2018-04-18 10:33 - 2018-04-18 10:33 - 006625600 _____ (Zemana Ltd. ) C:\Users\ameyb_000\Downloads\Zemana.AntiMalware.Setup.exe
2018-04-18 10:15 - 2018-04-20 10:31 - 000099037 _____ C:\WINDOWS\ZAM.krnl.trace
2018-04-18 10:15 - 2018-04-20 10:31 - 000065080 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-04-18 10:14 - 2018-04-19 21:01 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2018-04-18 10:14 - 2018-04-18 10:14 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2018-04-18 10:14 - 2018-04-18 10:14 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2018-04-18 10:14 - 2018-04-18 10:14 - 000000000 ____D C:\Users\ameyb_000\AppData\Local\Zemana
2018-04-18 10:12 - 2018-04-18 10:12 - 006625600 _____ (Zemana Ltd. ) C:\Users\ameyb_000\Desktop\Zemana.AntiMalware.Setup.exe
2018-04-18 09:33 - 2018-04-18 10:05 - 000004001 _____ C:\Users\ameyb_000\Desktop\Fixlog.txt
2018-04-17 19:28 - 2018-04-17 19:28 - 000059298 _____ C:\Users\ameyb_000\Desktop\Addition1.txt
2018-04-17 19:27 - 2018-04-17 19:28 - 000098826 _____ C:\Users\ameyb_000\Desktop\FRST1.txt
2018-04-17 19:26 - 2018-04-20 10:30 - 002404352 _____ (Farbar) C:\Users\ameyb_000\Desktop\FRST64.exe
2018-04-17 19:26 - 2018-04-20 10:30 - 000000000 ____D C:\FRST
2018-04-17 19:02 - 2018-04-17 18:28 - 073254968 _____ (Malwarebytes ) C:\Users\ameyb_000\Downloads\mb3-setup-consumer-3.4.5.2467-1.0.342-1.0.4766.exe
2018-04-17 15:37 - 2018-04-17 15:34 - 043604600 _____ (Microsoft Corporation) C:\Users\ameyb_000\Desktop\Windows-KB890830-x64-V5.59.exe
2018-04-16 19:16 - 2018-04-16 19:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2018-04-16 19:15 - 2018-04-17 13:57 - 000000000 ____D C:\Program Files (x86)\Microsoft Works
2018-04-16 19:15 - 2018-04-16 19:15 - 000000000 ____D C:\WINDOWS\PCHEALTH
2018-04-16 19:15 - 2018-04-16 19:15 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2018-04-16 19:13 - 2018-04-16 19:13 - 000000000 ____D C:\Program Files\Microsoft Office
2018-04-16 19:13 - 2018-04-16 19:13 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2018-04-16 19:12 - 2018-04-16 19:15 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-04-16 18:34 - 2018-04-16 18:34 - 000001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-04-16 18:34 - 2018-04-16 18:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-04-16 18:34 - 2018-03-19 12:57 - 000076192 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-04-16 18:33 - 2018-04-16 18:33 - 073446016 _____ (Malwarebytes ) C:\Users\ameyb_000\Downloads\mb3-setup-consumer-3.4.5.2467-1.0.342-1.0.4756.exe
2018-04-16 18:33 - 2018-04-16 18:33 - 000000000 ____D C:\Program Files\Malwarebytes
2018-04-16 15:11 - 2018-04-16 15:11 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-04-16 15:11 - 2018-04-16 15:11 - 000000995 _____ C:\Users\Public\Desktop\Firefox.lnk
2018-04-16 15:10 - 2018-04-16 15:11 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-04-16 15:10 - 2018-04-16 15:07 - 000313520 _____ (Mozilla) C:\Users\ameyb_000\Desktop\Firefox Installer.exe
2018-04-16 12:54 - 2018-04-16 12:55 - 000000000 ____D C:\AdwCleaner
2018-04-15 19:04 - 2018-04-15 19:04 - 000000000 ____D C:\Users\ameyb_000\AppData\Local\AdAwareDesktop
2018-04-15 19:03 - 2018-04-15 19:03 - 000000000 ____D C:\Users\ameyb_000\AppData\Local\AdAwareUpdater
2018-04-15 19:02 - 2018-04-15 19:02 - 002630064 _____ C:\Users\ameyb_000\Downloads\Adaware_Installer.exe
2018-04-15 15:08 - 2018-04-15 15:08 - 000000000 ____D C:\Users\ameyb_000\AppData\Local\NetBoxLogs
2018-04-15 13:35 - 2018-04-15 13:36 - 069329823 _____ C:\Users\ameyb_000\Downloads\mstoolkit265stable.zip
2018-04-15 12:59 - 2018-04-15 12:59 - 000000000 __RHD C:\MSOCache
2018-04-10 20:17 - 2018-04-03 16:37 - 000835064 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-04-10 20:17 - 2018-04-03 16:37 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-04-10 17:23 - 2018-03-30 09:34 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-04-10 17:23 - 2018-03-30 02:18 - 001092008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-04-10 17:23 - 2018-03-30 02:14 - 000423320 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-04-10 17:23 - 2018-03-30 02:12 - 000599448 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-04-10 17:23 - 2018-03-30 02:10 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-04-10 17:23 - 2018-03-30 02:08 - 002513920 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-04-10 17:23 - 2018-03-30 02:08 - 001568160 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-04-10 17:23 - 2018-03-30 02:08 - 001415296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-04-10 17:23 - 2018-03-30 02:08 - 000137112 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-04-10 17:23 - 2018-03-30 02:07 - 000300448 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-04-10 17:23 - 2018-03-30 02:07 - 000069528 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-04-10 17:23 - 2018-03-30 02:06 - 000166304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2018-04-10 17:23 - 2018-03-30 02:05 - 001206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-04-10 17:23 - 2018-03-30 02:05 - 001056152 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-04-10 17:23 - 2018-03-30 02:05 - 000748448 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-04-10 17:23 - 2018-03-30 02:05 - 000066720 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll
2018-04-10 17:23 - 2018-03-30 02:05 - 000015632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumdll.dll
2018-04-10 17:23 - 2018-03-30 02:04 - 002002336 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-04-10 17:23 - 2018-03-30 02:04 - 000608160 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-04-10 17:23 - 2018-03-30 02:04 - 000035224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-04-10 17:23 - 2018-03-30 02:03 - 001277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-04-10 17:23 - 2018-03-30 02:03 - 000664992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-04-10 17:23 - 2018-03-30 02:03 - 000508272 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2018-04-10 17:23 - 2018-03-30 02:03 - 000479920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-04-10 17:23 - 2018-03-30 02:03 - 000460704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-04-10 17:23 - 2018-03-30 02:03 - 000319864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-04-10 17:23 - 2018-03-30 02:03 - 000292384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2018-04-10 17:23 - 2018-03-30 02:03 - 000272288 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-04-10 17:23 - 2018-03-30 02:03 - 000077216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-04-10 17:23 - 2018-03-30 02:03 - 000059808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bam.sys
2018-04-10 17:23 - 2018-03-30 02:03 - 000022400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2018-04-10 17:23 - 2018-03-30 02:01 - 008600480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-04-10 17:23 - 2018-03-30 02:01 - 001209760 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-04-10 17:23 - 2018-03-30 02:01 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2018-04-10 17:23 - 2018-03-30 02:01 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-04-10 17:23 - 2018-03-30 02:01 - 000471968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-04-10 17:23 - 2018-03-30 02:00 - 002395040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-04-10 17:23 - 2018-03-30 01:59 - 000398744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2018-04-10 17:23 - 2018-03-30 01:59 - 000082840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-04-10 17:23 - 2018-03-30 01:58 - 000898216 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-04-10 17:23 - 2018-03-30 01:58 - 000129432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2018-04-10 17:23 - 2018-03-30 01:57 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-04-10 17:23 - 2018-03-30 01:57 - 000540064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-04-10 17:23 - 2018-03-30 01:57 - 000109976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-04-10 17:23 - 2018-03-30 01:57 - 000081304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2018-04-10 17:23 - 2018-03-30 01:55 - 000367344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2018-04-10 17:23 - 2018-03-30 01:55 - 000062880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fsdepends.sys
2018-04-10 17:23 - 2018-03-30 01:54 - 002574240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-04-10 17:23 - 2018-03-30 01:54 - 000749984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-04-10 17:23 - 2018-03-30 01:54 - 000461728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2018-04-10 17:23 - 2018-03-30 01:54 - 000408992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-04-10 17:23 - 2018-03-30 01:53 - 007676304 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-04-10 17:23 - 2018-03-30 01:53 - 002710736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-04-10 17:23 - 2018-03-30 01:53 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-04-10 17:23 - 2018-03-30 01:53 - 000549552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2018-04-10 17:23 - 2018-03-30 01:53 - 000246176 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-04-10 17:23 - 2018-03-30 01:53 - 000163744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2018-04-10 17:23 - 2018-03-30 01:52 - 021351632 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-04-10 17:23 - 2018-03-30 01:52 - 002457504 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2018-04-10 17:23 - 2018-03-30 01:52 - 000727456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-04-10 17:23 - 2018-03-30 01:52 - 000677280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-04-10 17:23 - 2018-03-30 01:52 - 000428960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-04-10 17:23 - 2018-03-30 01:51 - 000902928 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-04-10 17:23 - 2018-03-30 01:51 - 000147872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-04-10 17:23 - 2018-03-30 01:50 - 001336344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-04-10 17:23 - 2018-03-30 01:50 - 000057760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbios.sys
2018-04-10 17:23 - 2018-03-30 01:48 - 001101728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-04-10 17:23 - 2018-03-30 01:48 - 000614304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2018-04-10 17:23 - 2018-03-30 01:28 - 001929712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-04-10 17:23 - 2018-03-30 01:28 - 000777912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-04-10 17:23 - 2018-03-30 01:27 - 000481464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2018-04-10 17:23 - 2018-03-30 01:24 - 000212896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-04-10 17:23 - 2018-03-30 01:23 - 000566664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-04-10 17:23 - 2018-03-30 01:19 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-04-10 17:23 - 2018-03-30 01:16 - 000289824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2018-04-10 17:23 - 2018-03-30 01:13 - 002193176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-04-10 17:23 - 2018-03-30 01:13 - 000450936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2018-04-10 17:23 - 2018-03-30 01:10 - 000704080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-04-10 17:23 - 2018-03-30 01:09 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-04-10 17:23 - 2018-03-30 01:07 - 001003160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-04-10 17:23 - 2018-03-30 00:55 - 025253888 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-04-10 17:23 - 2018-03-30 00:46 - 018925056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-04-10 17:23 - 2018-03-30 00:46 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-04-10 17:23 - 2018-03-30 00:46 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2018-04-10 17:23 - 2018-03-30 00:45 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-04-10 17:23 - 2018-03-30 00:45 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2018-04-10 17:23 - 2018-03-30 00:43 - 019355136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-04-10 17:23 - 2018-03-30 00:43 - 006576128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-04-10 17:23 - 2018-03-30 00:43 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-04-10 17:23 - 2018-03-30 00:43 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\virtdisk.dll
2018-04-10 17:23 - 2018-03-30 00:42 - 000397824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2018-04-10 17:23 - 2018-03-30 00:42 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2018-04-10 17:23 - 2018-03-30 00:42 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2018-04-10 17:23 - 2018-03-30 00:42 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2018-04-10 17:23 - 2018-03-30 00:41 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-04-10 17:23 - 2018-03-30 00:41 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2018-04-10 17:23 - 2018-03-30 00:41 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-04-10 17:23 - 2018-03-30 00:41 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-04-10 17:23 - 2018-03-30 00:41 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2018-04-10 17:23 - 2018-03-30 00:40 - 011924992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-04-10 17:23 - 2018-03-30 00:40 - 000344064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-04-10 17:23 - 2018-03-30 00:40 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2018-04-10 17:23 - 2018-03-30 00:39 - 001485312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2018-04-10 17:23 - 2018-03-30 00:39 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-04-10 17:23 - 2018-03-30 00:38 - 006032384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-04-10 17:23 - 2018-03-30 00:38 - 000966656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2018-04-10 17:23 - 2018-03-30 00:38 - 000956928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2018-04-10 17:23 - 2018-03-30 00:38 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-04-10 17:23 - 2018-03-30 00:38 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-04-10 17:23 - 2018-03-30 00:38 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-04-10 17:23 - 2018-03-30 00:38 - 000235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2018-04-10 17:23 - 2018-03-30 00:37 - 003677184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-04-10 17:23 - 2018-03-30 00:37 - 001298944 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-04-10 17:23 - 2018-03-30 00:36 - 003664384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-04-10 17:23 - 2018-03-30 00:36 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-04-10 17:23 - 2018-03-30 00:36 - 002014720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-04-10 17:23 - 2018-03-30 00:36 - 001560064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-04-10 17:23 - 2018-03-30 00:36 - 001474560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-04-10 17:23 - 2018-03-30 00:36 - 000897024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-04-10 17:23 - 2018-03-30 00:36 - 000825856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-04-10 17:23 - 2018-03-30 00:36 - 000098304 _____ C:\WINDOWS\system32\runexehelper.exe
2018-04-10 17:23 - 2018-03-30 00:35 - 000858112 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-04-10 17:23 - 2018-03-30 00:35 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-04-10 17:23 - 2018-03-30 00:35 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-04-10 17:23 - 2018-03-30 00:35 - 000400384 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-04-10 17:23 - 2018-03-30 00:35 - 000249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-04-10 17:23 - 2018-03-30 00:35 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\convertvhd.exe
2018-04-10 17:23 - 2018-03-30 00:35 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2018-04-10 17:23 - 2018-03-30 00:35 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2018-04-10 17:23 - 2018-03-30 00:35 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2018-04-10 17:23 - 2018-03-30 00:33 - 008031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-04-10 17:23 - 2018-03-30 00:33 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2018-04-10 17:23 - 2018-03-30 00:33 - 000055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\virtdisk.dll
2018-04-10 17:23 - 2018-03-30 00:33 - 000017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmApplicationHealthMonitorProxy.dll
2018-04-10 17:23 - 2018-03-30 00:32 - 023674880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-04-10 17:23 - 2018-03-30 00:32 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-04-10 17:23 - 2018-03-30 00:32 - 000212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2018-04-10 17:23 - 2018-03-30 00:32 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-04-10 17:23 - 2018-03-30 00:32 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-04-10 17:23 - 2018-03-30 00:32 - 000186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2018-04-10 17:23 - 2018-03-30 00:32 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2018-04-10 17:23 - 2018-03-30 00:32 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2018-04-10 17:23 - 2018-03-30 00:32 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-04-10 17:23 - 2018-03-30 00:31 - 000795136 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalAuth.dll
2018-04-10 17:23 - 2018-03-30 00:31 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-04-10 17:23 - 2018-03-30 00:31 - 000416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2018-04-10 17:23 - 2018-03-30 00:31 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-04-10 17:23 - 2018-03-30 00:31 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2018-04-10 17:23 - 2018-03-30 00:31 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2018-04-10 17:23 - 2018-03-30 00:31 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2018-04-10 17:23 - 2018-03-30 00:30 - 012833280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-04-10 17:23 - 2018-03-30 00:30 - 001498112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-04-10 17:23 - 2018-03-30 00:30 - 000748032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2018-04-10 17:23 - 2018-03-30 00:30 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2018-04-10 17:23 - 2018-03-30 00:30 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcncsvc.dll
2018-04-10 17:23 - 2018-03-30 00:30 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-04-10 17:23 - 2018-03-30 00:30 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-04-10 17:23 - 2018-03-30 00:30 - 000369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\APHostService.dll
2018-04-10 17:23 - 2018-03-30 00:30 - 000276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2018-04-10 17:23 - 2018-03-30 00:30 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2018-04-10 17:23 - 2018-03-30 00:30 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2018-04-10 17:23 - 2018-03-30 00:29 - 001495552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-04-10 17:23 - 2018-03-30 00:29 - 000791552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-04-10 17:23 - 2018-03-30 00:29 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-04-10 17:23 - 2018-03-30 00:29 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2018-04-10 17:23 - 2018-03-30 00:29 - 000555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2018-04-10 17:23 - 2018-03-30 00:29 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2018-04-10 17:23 - 2018-03-30 00:29 - 000436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-04-10 17:23 - 2018-03-30 00:29 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
2018-04-10 17:23 - 2018-03-30 00:29 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2018-04-10 17:23 - 2018-03-30 00:29 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-04-10 17:23 - 2018-03-30 00:28 - 003121664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2018-04-10 17:23 - 2018-03-30 00:28 - 001245184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2018-04-10 17:23 - 2018-03-30 00:28 - 000970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2018-04-10 17:23 - 2018-03-30 00:28 - 000951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2018-04-10 17:23 - 2018-03-30 00:28 - 000815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-04-10 17:23 - 2018-03-30 00:28 - 000757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-04-10 17:23 - 2018-03-30 00:28 - 000721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-04-10 17:23 - 2018-03-30 00:28 - 000624128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2018-04-10 17:23 - 2018-03-30 00:28 - 000595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-04-10 17:23 - 2018-03-30 00:28 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2018-04-10 17:23 - 2018-03-30 00:28 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2018-04-10 17:23 - 2018-03-30 00:27 - 008104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-04-10 17:23 - 2018-03-30 00:27 - 003170816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-04-10 17:23 - 2018-03-30 00:27 - 001657856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2018-04-10 17:23 - 2018-03-30 00:27 - 001097728 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2018-04-10 17:23 - 2018-03-30 00:27 - 001002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-04-10 17:23 - 2018-03-30 00:27 - 000985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-04-10 17:23 - 2018-03-30 00:27 - 000813568 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-04-10 17:23 - 2018-03-30 00:27 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2018-04-10 17:23 - 2018-03-30 00:27 - 000258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2018-04-10 17:23 - 2018-03-30 00:26 - 004747776 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-04-10 17:23 - 2018-03-30 00:26 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-04-10 17:23 - 2018-03-30 00:26 - 002209280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-04-10 17:23 - 2018-03-30 00:26 - 002086400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-04-10 17:23 - 2018-03-30 00:26 - 001816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-04-10 17:23 - 2018-03-30 00:26 - 001573376 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2018-04-10 17:23 - 2018-03-30 00:26 - 001343488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2018-04-10 17:23 - 2018-03-30 00:26 - 000716288 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-04-10 17:23 - 2018-03-30 00:25 - 002628608 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-04-10 17:23 - 2018-03-30 00:25 - 002528256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-04-10 17:23 - 2018-03-30 00:25 - 002083840 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-04-10 17:23 - 2018-03-30 00:25 - 001822720 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-04-10 17:23 - 2018-03-30 00:25 - 001597952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-04-10 17:23 - 2018-03-30 00:25 - 001548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-04-10 17:23 - 2018-03-30 00:25 - 001424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-04-10 17:23 - 2018-03-30 00:25 - 001055744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-04-10 17:23 - 2018-03-30 00:25 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-04-10 17:23 - 2018-03-30 00:25 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-04-10 17:23 - 2018-03-30 00:25 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-04-10 17:23 - 2018-03-30 00:24 - 000925184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-04-10 17:23 - 2018-03-30 00:24 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-04-10 17:23 - 2018-03-30 00:23 - 000963584 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-04-10 17:23 - 2018-03-30 00:23 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-04-10 17:23 - 2018-03-30 00:23 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll
2018-04-10 17:23 - 2018-03-30 00:21 - 002511360 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2018-04-10 17:23 - 2018-03-30 00:21 - 001160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2018-04-10 17:23 - 2018-03-30 00:20 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys
2018-04-10 17:23 - 2018-03-13 04:03 - 005907288 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-04-10 17:23 - 2018-03-13 04:03 - 000779960 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-04-10 17:23 - 2018-03-13 04:03 - 000739696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2018-04-10 17:23 - 2018-03-13 04:03 - 000382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-04-10 17:23 - 2018-03-13 04:03 - 000279960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-04-10 17:23 - 2018-03-13 04:02 - 001954048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-04-10 17:23 - 2018-03-13 03:59 - 000535968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2018-04-10 17:23 - 2018-03-13 03:58 - 000377760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-04-10 17:23 - 2018-03-13 03:58 - 000170904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-04-10 17:23 - 2018-03-13 03:55 - 000979352 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2018-04-10 17:23 - 2018-03-13 03:54 - 000555936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-04-10 17:23 - 2018-03-13 03:53 - 001054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-04-10 17:23 - 2018-03-13 03:53 - 000113568 _____ (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll
2018-04-10 17:23 - 2018-03-13 03:52 - 007384576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-04-10 17:23 - 2018-03-13 03:51 - 002773408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-04-10 17:23 - 2018-03-13 03:50 - 000617312 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-04-10 17:23 - 2018-03-13 02:40 - 000121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-04-10 17:23 - 2018-03-13 02:36 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2018-04-10 17:23 - 2018-03-13 02:35 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2018-04-10 17:23 - 2018-03-13 02:33 - 007544832 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-04-10 17:23 - 2018-03-13 02:33 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2018-04-10 17:23 - 2018-03-13 02:32 - 005195776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-04-10 17:23 - 2018-03-13 02:32 - 000286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2018-04-10 17:23 - 2018-03-13 02:29 - 003211776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2018-04-10 17:23 - 2018-03-13 02:28 - 002857984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-04-10 17:23 - 2018-03-13 02:28 - 001967104 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2018-04-10 17:23 - 2018-03-13 02:28 - 001157632 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2018-04-10 17:23 - 2018-03-13 02:28 - 000939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2018-04-10 17:23 - 2018-03-13 02:28 - 000508928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2018-04-10 17:23 - 2018-03-13 02:27 - 003125760 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-04-10 17:23 - 2018-03-13 02:27 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingMonitor.dll
2018-04-10 17:23 - 2018-03-13 02:23 - 001556992 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2018-04-10 17:23 - 2018-03-13 02:23 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2018-04-10 17:23 - 2018-03-13 02:23 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2018-04-10 17:23 - 2018-03-13 02:22 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-04-10 17:23 - 2018-03-13 02:19 - 001615712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-04-10 17:23 - 2018-03-13 02:15 - 000597160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2018-04-10 17:23 - 2018-03-13 02:08 - 000747416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2018-04-10 17:23 - 2018-03-13 02:04 - 006481096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-04-10 17:23 - 2018-03-13 02:04 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-04-10 17:23 - 2018-03-13 01:43 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-04-10 17:23 - 2018-03-13 01:39 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2018-04-10 17:23 - 2018-03-13 01:38 - 006466560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-04-10 17:23 - 2018-03-13 01:37 - 003181568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-04-10 17:23 - 2018-03-13 01:37 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2018-04-10 17:23 - 2018-03-13 01:33 - 002464768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-04-10 17:23 - 2018-03-13 01:31 - 000862208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2018-04-10 17:23 - 2018-03-13 01:31 - 000402432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2018-04-10 17:23 - 2018-03-13 01:30 - 002349568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2018-04-10 17:23 - 2018-03-13 01:27 - 000190464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2018-04-10 17:23 - 2018-03-13 01:27 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2018-04-10 17:22 - 2018-03-30 02:12 - 000270208 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2018-04-10 17:22 - 2018-03-30 02:12 - 000075168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpci.sys
2018-04-10 17:22 - 2018-03-30 02:06 - 000053152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pcw.sys
2018-04-10 17:22 - 2018-03-30 02:05 - 000191824 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2018-04-10 17:22 - 2018-03-30 02:05 - 000073120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-04-10 17:22 - 2018-03-30 02:05 - 000059808 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvhostsvc.dll
2018-04-10 17:22 - 2018-03-30 02:05 - 000035744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SDFHost.dll
2018-04-10 17:22 - 2018-03-30 02:05 - 000022800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumbase.dll
2018-04-10 17:22 - 2018-03-30 02:05 - 000022208 _____ (Microsoft Corporation) C:\WINDOWS\system32\IumSdk.dll
2018-04-10 17:22 - 2018-03-30 02:05 - 000020888 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2018-04-10 17:22 - 2018-03-30 02:03 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
2018-04-10 17:22 - 2018-03-30 02:03 - 000139680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2018-04-10 17:22 - 2018-03-30 02:02 - 000128416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2018-04-10 17:22 - 2018-03-30 02:01 - 000034208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fs_rec.sys
2018-04-10 17:22 - 2018-03-30 02:00 - 000103320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2018-04-10 17:22 - 2018-03-30 02:00 - 000094104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\disk.sys
2018-04-10 17:22 - 2018-03-30 01:58 - 000039328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storvsc.sys
2018-04-10 17:22 - 2018-03-30 01:57 - 000711944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-04-10 17:22 - 2018-03-30 01:57 - 000121248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2018-04-10 17:22 - 2018-03-30 01:57 - 000031640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhv.sys
2018-04-10 17:22 - 2018-03-30 01:56 - 000018680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshhyperv.dll
2018-04-10 17:22 - 2018-03-30 01:53 - 000094080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwapi.dll
2018-04-10 17:22 - 2018-03-30 01:52 - 000282528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdyboost.sys
2018-04-10 17:22 - 2018-03-30 01:52 - 000247480 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoncli.dll
2018-04-10 17:22 - 2018-03-30 01:52 - 000192416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2018-04-10 17:22 - 2018-03-30 01:52 - 000054688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vdrvroot.sys
2018-04-10 17:22 - 2018-03-30 01:52 - 000047512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmstorfl.sys
2018-04-10 17:22 - 2018-03-30 01:52 - 000028520 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmbuspipe.dll
2018-04-10 17:22 - 2018-03-30 01:51 - 000125568 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2018-04-10 17:22 - 2018-03-30 01:51 - 000123800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mup.sys
2018-04-10 17:22 - 2018-03-30 01:51 - 000071208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WindowsTrustedRT.sys
2018-04-10 17:22 - 2018-03-30 01:49 - 000204184 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2018-04-10 17:22 - 2018-03-30 01:48 - 000586800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp110_win.dll
2018-04-10 17:22 - 2018-03-30 01:18 - 000016600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshhyperv.dll
2018-04-10 17:22 - 2018-03-30 01:13 - 000073896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wwapi.dll
2018-04-10 17:22 - 2018-03-30 01:12 - 000186520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\logoncli.dll
2018-04-10 17:22 - 2018-03-30 01:10 - 000099240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2018-04-10 17:22 - 2018-03-30 01:06 - 000180632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2018-04-10 17:22 - 2018-03-30 01:04 - 000417368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp110_win.dll
2018-04-10 17:22 - 2018-03-30 00:46 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2018-04-10 17:22 - 2018-03-30 00:45 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2018-04-10 17:22 - 2018-03-30 00:44 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll
2018-04-10 17:22 - 2018-03-30 00:44 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2018-04-10 17:22 - 2018-03-30 00:44 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-04-10 17:22 - 2018-03-30 00:43 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\url.dll
2018-04-10 17:22 - 2018-03-30 00:43 - 000152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iexpress.exe
2018-04-10 17:22 - 2018-03-30 00:43 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wextract.exe
2018-04-10 17:22 - 2018-03-30 00:43 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IEAdvpack.dll
2018-04-10 17:22 - 2018-03-30 00:43 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-04-10 17:22 - 2018-03-30 00:43 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2018-04-10 17:22 - 2018-03-30 00:43 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2018-04-10 17:22 - 2018-03-30 00:43 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2018-04-10 17:22 - 2018-03-30 00:43 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2018-04-10 17:22 - 2018-03-30 00:43 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2018-04-10 17:22 - 2018-03-30 00:43 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2018-04-10 17:22 - 2018-03-30 00:43 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pngfilt.dll
2018-04-10 17:22 - 2018-03-30 00:43 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsnmp32.dll
2018-04-10 17:22 - 2018-03-30 00:43 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2018-04-10 17:22 - 2018-03-30 00:43 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2018-04-10 17:22 - 2018-03-30 00:43 - 000013824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedssync.exe
2018-04-10 17:22 - 2018-03-30 00:43 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshta.exe
2018-04-10 17:22 - 2018-03-30 00:43 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2018-04-10 17:22 - 2018-03-30 00:42 - 000253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp
2018-04-10 17:22 - 2018-03-30 00:42 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2018-04-10 17:22 - 2018-03-30 00:42 - 000099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2018-04-10 17:22 - 2018-03-30 00:42 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inseng.dll
2018-04-10 17:22 - 2018-03-30 00:42 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imgutil.dll
2018-04-10 17:22 - 2018-03-30 00:42 - 000027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licmgr10.dll
2018-04-10 17:22 - 2018-03-30 00:41 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2018-04-10 17:22 - 2018-03-30 00:41 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2018-04-10 17:22 - 2018-03-30 00:41 - 000126464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\occache.dll
2018-04-10 17:22 - 2018-03-30 00:40 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2018-04-10 17:22 - 2018-03-30 00:40 - 000314880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2018-04-10 17:22 - 2018-03-30 00:40 - 000257536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2018-04-10 17:22 - 2018-03-30 00:40 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\keyiso.dll
2018-04-10 17:22 - 2018-03-30 00:40 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedsbs.dll
2018-04-10 17:22 - 2018-03-30 00:39 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2018-04-10 17:22 - 2018-03-30 00:36 - 000276992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2018-04-10 17:22 - 2018-03-30 00:35 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2018-04-10 17:22 - 2018-03-30 00:35 - 000371200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskcomp.dll
2018-04-10 17:22 - 2018-03-30 00:35 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2018-04-10 17:22 - 2018-03-30 00:35 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2018-04-10 17:22 - 2018-03-30 00:35 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhvr.sys
2018-04-10 17:22 - 2018-03-30 00:34 - 000339456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SessEnv.dll
2018-04-10 17:22 - 2018-03-30 00:33 - 000707584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2018-04-10 17:22 - 2018-03-30 00:33 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2018-04-10 17:22 - 2018-03-30 00:33 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2018-04-10 17:22 - 2018-03-30 00:33 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\irda.sys
2018-04-10 17:22 - 2018-03-30 00:33 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2018-04-10 17:22 - 2018-03-30 00:33 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2018-04-10 17:22 - 2018-03-30 00:33 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2018-04-10 17:22 - 2018-03-30 00:33 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2018-04-10 17:22 - 2018-03-30 00:33 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storqosflt.sys
2018-04-10 17:22 - 2018-03-30 00:33 - 000072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\IcsEntitlementHost.exe
2018-04-10 17:22 - 2018-03-30 00:33 - 000065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2018-04-10 17:22 - 2018-03-30 00:33 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenanceClient.dll
2018-04-10 17:22 - 2018-03-30 00:33 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2018-04-10 17:22 - 2018-03-30 00:33 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmictimeprovider.dll
2018-04-10 17:22 - 2018-03-30 00:33 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dmvsc.sys
2018-04-10 17:22 - 2018-03-30 00:33 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-04-10 17:22 - 2018-03-30 00:33 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnEapPeerProxy.dll
2018-04-10 17:22 - 2018-03-30 00:33 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnEapAuthProxy.dll
2018-04-10 17:22 - 2018-03-30 00:33 - 000028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\HyperVideo.sys
2018-04-10 17:22 - 2018-03-30 00:33 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\VMBusHID.sys
2018-04-10 17:22 - 2018-03-30 00:33 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysntfy.dll
2018-04-10 17:22 - 2018-03-30 00:33 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidtel.exe
2018-04-10 17:22 - 2018-03-30 00:33 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\nrpsrv.dll
2018-04-10 17:22 - 2018-03-30 00:33 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasacd.sys
2018-04-10 17:22 - 2018-03-30 00:33 - 000016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hyperkbd.sys
2018-04-10 17:22 - 2018-03-30 00:33 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmgencounter.sys
2018-04-10 17:22 - 2018-03-30 00:33 - 000012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2018-04-10 17:22 - 2018-03-30 00:33 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmgid.sys
2018-04-10 17:22 - 2018-03-30 00:33 - 000009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vms3cap.sys
2018-04-10 17:22 - 2018-03-30 00:33 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-04-10 17:22 - 2018-03-30 00:32 - 000198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2018-04-10 17:22 - 2018-03-30 00:32 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iexpress.exe
2018-04-10 17:22 - 2018-03-30 00:32 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2018-04-10 17:22 - 2018-03-30 00:32 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wextract.exe
2018-04-10 17:22 - 2018-03-30 00:32 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-04-10 17:22 - 2018-03-30 00:32 - 000125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2018-04-10 17:22 - 2018-03-30 00:32 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2018-04-10 17:22 - 2018-03-30 00:32 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\efslsaext.dll
2018-04-10 17:22 - 2018-03-30 00:32 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2018-04-10 17:22 - 2018-03-30 00:32 - 000065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndisuio.sys
2018-04-10 17:22 - 2018-03-30 00:32 - 000065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\lltdio.sys
2018-04-10 17:22 - 2018-03-30 00:32 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Synth3dVsc.sys
2018-04-10 17:22 - 2018-03-30 00:32 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsnmp32.dll
2018-04-10 17:22 - 2018-03-30 00:32 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll
2018-04-10 17:22 - 2018-03-30 00:32 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\efssvc.dll
2018-04-10 17:22 - 2018-03-30 00:32 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerSvc.dll
2018-04-10 17:22 - 2018-03-30 00:32 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdPnp.dll
2018-04-10 17:22 - 2018-03-30 00:32 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2018-04-10 17:22 - 2018-03-30 00:32 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2018-04-10 17:22 - 2018-03-30 00:32 - 000032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2018-04-10 17:22 - 2018-03-30 00:32 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmiprop.dll
2018-04-10 17:22 - 2018-03-30 00:32 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWNet.dll
2018-04-10 17:22 - 2018-03-30 00:32 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfhost.exe
2018-04-10 17:22 - 2018-03-30 00:32 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
2018-04-10 17:22 - 2018-03-30 00:32 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe
2018-04-10 17:22 - 2018-03-30 00:32 - 000008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\gpuenergydrv.sys
2018-04-10 17:22 - 2018-03-30 00:31 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2018-04-10 17:22 - 2018-03-30 00:31 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp
2018-04-10 17:22 - 2018-03-30 00:31 - 000286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsvc.dll
2018-04-10 17:22 - 2018-03-30 00:31 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll
2018-04-10 17:22 - 2018-03-30 00:31 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WPTaskScheduler.dll
2018-04-10 17:22 - 2018-03-30 00:31 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2018-04-10 17:22 - 2018-03-30 00:31 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2018-04-10 17:22 - 2018-03-30 00:31 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2018-04-10 17:22 - 2018-03-30 00:31 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEAdvpack.dll
2018-04-10 17:22 - 2018-03-30 00:31 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2018-04-10 17:22 - 2018-03-30 00:31 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2018-04-10 17:22 - 2018-03-30 00:31 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\keyiso.dll
2018-04-10 17:22 - 2018-03-30 00:31 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2018-04-10 17:22 - 2018-03-30 00:31 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2018-04-10 17:22 - 2018-03-30 00:31 - 000055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll
2018-04-10 17:22 - 2018-03-30 00:31 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\nsisvc.dll
2018-04-10 17:22 - 2018-03-30 00:30 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmrdvcore.dll
2018-04-10 17:22 - 2018-03-30 00:30 - 000309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsvcext.dll
2018-04-10 17:22 - 2018-03-30 00:30 - 000284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2018-04-10 17:22 - 2018-03-30 00:30 - 000262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrokerLib.dll
2018-04-10 17:22 - 2018-03-30 00:30 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2018-04-10 17:22 - 2018-03-30 00:30 - 000188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2018-04-10 17:22 - 2018-03-30 00:29 - 000723968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
2018-04-10 17:22 - 2018-03-30 00:29 - 000379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2018-04-10 17:22 - 2018-03-30 00:29 - 000298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2018-04-10 17:22 - 2018-03-30 00:29 - 000253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3svc.dll
2018-04-10 17:22 - 2018-03-30 00:28 - 000984064 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2018-04-10 17:22 - 2018-03-30 00:28 - 000820224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2018-04-10 17:22 - 2018-03-30 00:28 - 000147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2018-04-10 17:22 - 2018-03-30 00:27 - 000947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2018-04-10 17:22 - 2018-03-30 00:27 - 000889856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2018-04-10 17:22 - 2018-03-30 00:27 - 000332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2018-04-10 17:22 - 2018-03-30 00:27 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ssdpsrv.dll
2018-04-10 17:22 - 2018-03-30 00:26 - 000765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2018-04-10 17:22 - 2018-03-30 00:25 - 000841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2018-04-10 17:22 - 2018-03-30 00:25 - 000374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2018-04-10 17:22 - 2018-03-30 00:25 - 000276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2018-04-10 17:22 - 2018-03-30 00:25 - 000270848 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2018-04-10 17:22 - 2018-03-30 00:23 - 000387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SessEnv.dll
2018-04-10 17:22 - 2018-03-30 00:23 - 000246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2018-04-10 17:22 - 2018-03-30 00:23 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys
2018-04-10 17:22 - 2018-03-30 00:22 - 000826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
2018-04-10 17:22 - 2018-03-30 00:22 - 000027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpbus.sys
2018-04-10 17:22 - 2018-03-30 00:22 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\beep.sys
2018-04-10 17:22 - 2018-03-30 00:20 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2018-04-10 17:22 - 2018-03-30 00:20 - 000199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys
2018-04-10 17:22 - 2018-03-30 00:20 - 000180736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk8.sys
2018-04-10 17:22 - 2018-03-30 00:20 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdppm.sys
2018-04-10 17:22 - 2018-03-30 00:20 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys
2018-04-10 17:22 - 2018-03-30 00:20 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2018-04-10 17:22 - 2018-03-30 00:20 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdPnp.dll
2018-04-10 17:22 - 2018-03-30 00:20 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msfs.sys
2018-04-10 17:22 - 2018-03-30 00:20 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmiprop.dll
2018-04-10 17:22 - 2018-03-30 00:20 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWNet.dll
2018-04-10 17:22 - 2018-03-30 00:20 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\null.sys
2018-04-10 17:22 - 2018-03-28 16:54 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2018-04-10 17:22 - 2018-03-13 03:58 - 000441248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2018-04-10 17:22 - 2018-03-13 03:55 - 001778360 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2018-04-10 17:22 - 2018-03-13 03:55 - 000417440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2018-04-10 17:22 - 2018-03-13 03:55 - 000334240 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2018-04-10 17:22 - 2018-03-13 03:54 - 000128928 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2018-04-10 17:22 - 2018-03-13 03:53 - 000774560 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2018-04-10 17:22 - 2018-03-13 03:53 - 000143264 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2018-04-10 17:22 - 2018-03-13 03:53 - 000091152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
2018-04-10 17:22 - 2018-03-13 03:52 - 000172112 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2018-04-10 17:22 - 2018-03-13 03:52 - 000127136 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2018-04-10 17:22 - 2018-03-13 02:41 - 003995136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2018-04-10 17:22 - 2018-03-13 02:40 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2018-04-10 17:22 - 2018-03-13 02:38 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2018-04-10 17:22 - 2018-03-13 02:38 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2018-04-10 17:22 - 2018-03-13 02:38 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2018-04-10 17:22 - 2018-03-13 02:37 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetDriverInstall.dll
2018-04-10 17:22 - 2018-03-13 02:37 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2018-04-10 17:22 - 2018-03-13 02:37 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelineprxy.dll
2018-04-10 17:22 - 2018-03-13 02:36 - 000297984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfksproxy.dll
2018-04-10 17:22 - 2018-03-13 02:35 - 000758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2018-04-10 17:22 - 2018-03-13 02:35 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2018-04-10 17:22 - 2018-03-13 02:35 - 000245248 _____ (Microsoft Corporation) C:\WINDOWS\system32\icm32.dll
2018-04-10 17:22 - 2018-03-13 02:35 - 000240128 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsAuth.dll
2018-04-10 17:22 - 2018-03-13 02:35 - 000219648 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsCfg.dll
2018-04-10 17:22 - 2018-03-13 02:35 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlgpclnt.dll
2018-04-10 17:22 - 2018-03-13 02:34 - 008727552 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2018-04-10 17:22 - 2018-03-13 02:34 - 000309248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2018-04-10 17:22 - 2018-03-13 02:34 - 000222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsExt.dll
2018-04-10 17:22 - 2018-03-13 02:34 - 000153600 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2018-04-10 17:22 - 2018-03-13 02:34 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2018-04-10 17:22 - 2018-03-13 02:33 - 001574912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2018-04-10 17:22 - 2018-03-13 02:33 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2018-04-10 17:22 - 2018-03-13 02:33 - 000278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2018-04-10 17:22 - 2018-03-13 02:33 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2018-04-10 17:22 - 2018-03-13 02:33 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpmon.dll
2018-04-10 17:22 - 2018-03-13 02:32 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2018-04-10 17:22 - 2018-03-13 02:32 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2018-04-10 17:22 - 2018-03-13 02:32 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2018-04-10 17:22 - 2018-03-13 02:32 - 000200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2018-04-10 17:22 - 2018-03-13 02:31 - 002849792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2018-04-10 17:22 - 2018-03-13 02:31 - 001263104 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2018-04-10 17:22 - 2018-03-13 02:31 - 001173504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2018-04-10 17:22 - 2018-03-13 02:31 - 000596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mscms.dll
2018-04-10 17:22 - 2018-03-13 02:31 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2018-04-10 17:22 - 2018-03-13 02:30 - 007145472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2018-04-10 17:22 - 2018-03-13 02:30 - 003400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2018-04-10 17:22 - 2018-03-13 02:30 - 000893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2018-04-10 17:22 - 2018-03-13 02:30 - 000863744 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2018-04-10 17:22 - 2018-03-13 02:30 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2018-04-10 17:22 - 2018-03-13 02:30 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2018-04-10 17:22 - 2018-03-13 02:28 - 003160576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2018-04-10 17:22 - 2018-03-13 02:28 - 000886272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2018-04-10 17:22 - 2018-03-13 02:28 - 000837120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2018-04-10 17:22 - 2018-03-13 02:27 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2018-04-10 17:22 - 2018-03-13 02:26 - 001737728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-04-10 17:22 - 2018-03-13 02:26 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2018-04-10 17:22 - 2018-03-13 02:25 - 001346560 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2018-04-10 17:22 - 2018-03-13 02:25 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2018-04-10 17:22 - 2018-03-13 02:24 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2018-04-10 17:22 - 2018-03-13 02:24 - 000389120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll
2018-04-10 17:22 - 2018-03-13 02:24 - 000205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\sensrsvc.dll
2018-04-10 17:22 - 2018-03-13 02:22 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2018-04-10 17:22 - 2018-03-13 02:22 - 000513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll
2018-04-10 17:22 - 2018-03-13 02:22 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\racpldlg.dll
2018-04-10 17:22 - 2018-03-13 02:19 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-04-10 17:22 - 2018-03-13 02:19 - 000311200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2018-04-10 17:22 - 2018-03-13 02:08 - 001555784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2018-04-10 17:22 - 2018-03-13 02:07 - 000115104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2018-04-10 17:22 - 2018-03-13 02:06 - 000564640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2018-04-10 17:22 - 2018-03-13 02:04 - 000140592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
2018-04-10 17:22 - 2018-03-13 01:44 - 003490816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2018-04-10 17:22 - 2018-03-13 01:44 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2018-04-10 17:22 - 2018-03-13 01:40 - 006118400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2018-04-10 17:22 - 2018-03-13 01:40 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\compstui.dll
2018-04-10 17:22 - 2018-03-13 01:40 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfksproxy.dll
2018-04-10 17:22 - 2018-03-13 01:39 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\icm32.dll
2018-04-10 17:22 - 2018-03-13 01:39 - 000180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2018-04-10 17:22 - 2018-03-13 01:39 - 000164352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TtlsCfg.dll
2018-04-10 17:22 - 2018-03-13 01:38 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlgpclnt.dll
2018-04-10 17:22 - 2018-03-13 01:37 - 000981504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2018-04-10 17:22 - 2018-03-13 01:37 - 000537088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscms.dll
2018-04-10 17:22 - 2018-03-13 01:37 - 000381440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2018-04-10 17:22 - 2018-03-13 01:37 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2018-04-10 17:22 - 2018-03-13 01:37 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingMonitor.dll
2018-04-10 17:22 - 2018-03-13 01:37 - 000091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2018-04-10 17:22 - 2018-03-13 01:36 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2018-04-10 17:22 - 2018-03-13 01:36 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2018-04-10 17:22 - 2018-03-13 01:36 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2018-04-10 17:22 - 2018-03-13 01:35 - 006204416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2018-04-10 17:22 - 2018-03-13 01:34 - 002409984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2018-04-10 17:22 - 2018-03-13 01:34 - 000706048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2018-04-10 17:22 - 2018-03-13 01:33 - 000981504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2018-04-10 17:22 - 2018-03-13 01:32 - 002577408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2018-04-10 17:22 - 2018-03-13 01:32 - 001948672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2018-04-10 17:22 - 2018-03-13 01:31 - 001348608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-04-10 17:22 - 2018-03-13 01:31 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2018-04-10 17:22 - 2018-03-13 01:30 - 000464384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2018-04-10 17:22 - 2018-03-13 01:28 - 000328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll
2018-04-10 17:22 - 2018-03-13 01:26 - 000483328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll
2018-04-10 17:22 - 2017-11-26 10:32 - 000184984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2018-04-10 17:22 - 2017-11-26 08:12 - 000123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-20 10:13 - 2016-11-21 12:45 - 000000000 ____D C:\Users\ameyb_000\AppData\LocalLow\Mozilla
2018-04-20 09:47 - 2017-12-08 09:12 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-04-20 07:01 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-04-20 06:56 - 2017-12-08 09:31 - 001425316 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-04-20 06:51 - 2015-11-07 11:35 - 000000000 ___RD C:\Users\ameyb_000\Google Drive
2018-04-20 06:50 - 2017-12-08 09:18 - 000000000 ____D C:\Users\UpdatusUser
2018-04-20 06:50 - 2015-08-23 15:26 - 000000000 __SHD C:\Users\ameyb_000\IntelGraphicsProfiles
2018-04-20 06:50 - 2013-12-02 11:29 - 000000000 ____D C:\Program Files (x86)\Glary Utilities 4
2018-04-20 06:49 - 2013-11-18 13:43 - 000000452 _____ C:\Users\ameyb_000\AppData\Roaming\sp_data.sys
2018-04-20 06:48 - 2017-12-08 09:18 - 000000000 ____D C:\Users\ameyb_000
2018-04-20 06:47 - 2017-12-08 09:41 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-04-19 16:26 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-04-19 16:16 - 2017-12-08 09:12 - 000563912 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-04-19 16:14 - 2015-08-23 15:25 - 000000008 __RSH C:\ProgramData\ntuser.pol
2018-04-18 11:15 - 2017-09-29 05:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-04-18 10:36 - 2012-07-26 02:26 - 000000199 _____ C:\WINDOWS\win.ini
2018-04-18 09:58 - 2015-09-17 17:15 - 000000000 ____D C:\Users\ameyb_000\AppData\LocalLow\Temp
2018-04-18 09:34 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2018-04-18 09:34 - 2013-08-22 12:36 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2018-04-17 15:37 - 2017-10-13 17:32 - 136971704 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-04-17 15:37 - 2013-11-18 21:25 - 136971704 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-04-17 06:09 - 2017-09-29 10:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-04-17 06:09 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-04-16 19:15 - 2017-12-06 19:33 - 000000000 ____D C:\Program Files (x86)\MSBuild
2018-04-16 19:15 - 2015-10-30 06:07 - 000000000 ____D C:\WINDOWS\ShellNew
2018-04-16 19:14 - 2017-09-29 10:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-04-16 19:08 - 2014-02-24 16:01 - 000000000 ____D C:\Users\ameyb_000\Downloads\MicroSoft Office 2007 With Key -THADOGG
2018-04-16 18:33 - 2013-11-29 15:32 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-04-16 16:27 - 2013-11-21 23:38 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-04-15 21:44 - 2017-09-29 10:44 - 000000000 ____D C:\WINDOWS\INF
2018-04-15 18:51 - 2013-11-29 20:00 - 000000000 ____D C:\Users\ameyb_000\Desktop\System Security
2018-04-15 16:11 - 2013-11-18 13:40 - 000000000 ____D C:\Users\ameyb_000\AppData\Local\ASUS
2018-04-15 16:11 - 2012-09-30 23:58 - 000000000 ____D C:\ProgramData\P4G
2018-04-15 15:58 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\registration
2018-04-15 15:53 - 2017-09-29 05:45 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-04-15 14:56 - 2014-12-29 22:32 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2018-04-15 14:44 - 2017-09-29 05:45 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2018-04-12 17:57 - 2018-02-28 10:39 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-04-12 12:22 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\rescache
2018-04-10 20:18 - 2015-09-16 10:20 - 000000000 ___RD C:\Users\ameyb_000\3D Objects
2018-04-10 20:18 - 2013-11-18 10:05 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-04-10 20:16 - 2017-06-14 09:42 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox old
2018-04-10 20:16 - 2016-11-25 15:36 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2018-04-10 20:14 - 2017-09-29 10:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-04-10 20:14 - 2017-09-29 10:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-04-10 20:14 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-04-10 20:14 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-04-10 17:37 - 2013-11-18 21:25 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-04-10 17:34 - 2017-09-29 10:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-04-10 17:25 - 2017-12-06 19:46 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2018-04-10 13:32 - 2018-03-13 18:32 - 000004574 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-04-10 13:32 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-04-10 13:32 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-04-07 18:36 - 2018-03-04 13:12 - 000000000 ____D C:\Users\ameyb_000\Documents\Riley
2018-04-07 18:05 - 2014-03-01 18:42 - 000001471 _____ C:\Users\ameyb_000\Desktop\Roblox Player.lnk
2018-04-07 18:05 - 2014-03-01 18:41 - 000000000 ____D C:\Users\ameyb_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2018-03-24 14:29 - 2013-11-25 02:06 - 000000000 ____D C:\Program Files (x86)\Google
2018-03-24 14:28 - 2017-09-19 08:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2018-03-24 14:27 - 2018-02-06 21:27 - 000000000 ____D C:\Program Files\Google
2018-03-21 08:40 - 2017-12-08 09:41 - 000003362 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3443199759-2312325277-567934048-1002
2018-03-21 08:40 - 2015-08-23 14:34 - 000002413 _____ C:\Users\ameyb_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-03-21 08:40 - 2015-08-23 14:34 - 000000000 ___RD C:\Users\ameyb_000\OneDrive

==================== Files in the root of some directories =======

2014-05-30 10:16 - 2014-05-30 10:17 - 014936064 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2013-11-29 12:29 - 2013-11-29 12:29 - 000000021 _____ () C:\Users\ameyb_000\AppData\Roaming\my_intel.sys
2013-11-18 13:43 - 2018-04-20 06:49 - 000000452 _____ () C:\Users\ameyb_000\AppData\Roaming\sp_data.sys
2013-12-19 09:52 - 2014-02-22 01:57 - 000000145 _____ () C:\Users\ameyb_000\AppData\Roaming\WB.CFG
2016-04-09 13:46 - 2016-04-09 13:46 - 000006211 _____ () C:\Users\ameyb_000\AppData\Local\recently-used.xbel

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-04-19 16:58

==================== End of FRST.txt ============================

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19.04.2018
Ran by ameyb_000 (20-04-2018 10:32:03)
Running from C:\Users\ameyb_000\Desktop
Windows 10 Home Version 1709 16299.309 (X64) (2017-12-08 12:42:56)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3443199759-2312325277-567934048-500 - Administrator - Disabled)
ameyb_000 (S-1-5-21-3443199759-2312325277-567934048-1002 - Administrator - Enabled) => C:\Users\ameyb_000
DefaultAccount (S-1-5-21-3443199759-2312325277-567934048-503 - Limited - Disabled)
Guest (S-1-5-21-3443199759-2312325277-567934048-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3443199759-2312325277-567934048-1016 - Limited - Enabled)
UpdatusUser (S-1-5-21-3443199759-2312325277-567934048-1001 - Limited - Enabled) => C:\Users\UpdatusUser
WDAGUtilityAccount (S-1-5-21-3443199759-2312325277-567934048-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

123 Free Solitaire v10.3 (HKLM-x32\...\123 Free Solitaire_is1) (Version:  - TreeCardGames)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.113 - Adobe Systems Incorporated)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.5 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.8 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0004 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.6 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.9.120 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.) Hidden
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.309 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0022 - ASUS)
BabasChess (HKLM-x32\...\{93CF9FA6-2A5E-4F8E-923E-F7D8741CB312}) (Version: 3.9.12275 - RRaf)
Backup and Sync from Google (HKLM\...\{4B7277C7-9CEE-45FC-B36B-19AD28281B9C}) (Version: 3.40.8921.5350 - Google, Inc.)
BitTorrent (HKU\S-1-5-21-3443199759-2312325277-567934048-1002\...\BitTorrent) (Version: 7.9.2.35704 - BitTorrent Inc.)
DesignPro 5.4 Limited Edition (HKLM-x32\...\{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}) (Version: 5.2.1201 - Avery Dennison) Hidden
DesignPro 5.4 Limited Edition (HKLM-x32\...\InstallShield_{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}) (Version: 5.2.1201 - Avery Dennison)
DisplayLink Core Software (HKLM\...\{F3B9FCD6-4E63-40B6-A38F-A38644E70629}) (Version: 7.9.1589.0 - DisplayLink Corp.)
DisplayLink Graphics (HKLM\...\{4DCC733A-453C-40E6-84D3-EF3959B3CCA8}) (Version: 7.5.52889.0 - DisplayLink Corp.)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
ExpressCache (HKLM\...\{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}) (Version: 1.0.86 - Diskeeper Corporation)
EZCast (HKLM-x32\...\{74CECDD9-4B8E-4AE3-9571-8070A17F3C34}) (Version: 1.1.0.130 - Actions-Micro)
FxFoto by Triscape (HKLM-x32\...\FxFoto) (Version:  - )
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Glary Utilities 4.1 (HKLM-x32\...\Glary Utilities 4) (Version: 4.1.0.61 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Earth Pro (HKLM\...\{D9EF644E-2FAE-493B-8180-5617CC774C4F}) (Version: 7.3.1.4507 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.0.30.81 - Hewlett-Packard Company)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 6.0.5.1080 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Jewel Quest (remove only) (HKLM-x32\...\Jewel Quest) (Version:  - )
Kobo (HKLM-x32\...\Kobo) (Version: 3.19.3665 - Rakuten Kobo Inc.)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
LEGO Digital Designer (HKLM-x32\...\New LEGO Digital Designer) (Version:  - LEGO A/S)
Macrium Reflect Free Edition (HKLM\...\{0B4A0234-4C18-45E3-BF42-29F838C53460}) (Version: 6.3.1852 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.3 - Paramount Software (UK) Ltd.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-3443199759-2312325277-567934048-1002\...\OneDriveSetup.exe) (Version: 18.025.0204.0009 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 59.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.2 (x64 en-US)) (Version: 59.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 59.0.2.6656 - Mozilla)
Mozilla Thunderbird 52.7.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.7.0 (x86 en-US)) (Version: 52.7.0 - Mozilla)
NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Personal Ancestral File 5 (HKLM-x32\...\{D94A8E22-DF2B-4107-9E51-608A60A7671D}) (Version:  - )
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6699 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.27023 - Realtek Semiconductor Corp.)
Roblox Player for ameyb_000 (HKU\S-1-5-21-3443199759-2312325277-567934048-1002\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - Roblox Corporation)
ROBLOX Studio for ameyb_000 (HKU\S-1-5-21-3443199759-2312325277-567934048-1002\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.38 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.38.101 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
TOSHIBA USB Display Drivers (HKLM\...\{5E348DA7-632A-49DD-ADFA-32D696E05F5D}) (Version: 7.0.43577.0 - TOSHIBA Corporation)
Triscape FxFoto (HKLM-x32\...\TriscapeFxFoto) (Version:  - )
Unity Web Player (HKU\S-1-5-21-3443199759-2312325277-567934048-1002\...\UnityWebPlayer) (Version: 5.3.8f2 - Unity Technologies ApS)
WD SmartWare (HKLM\...\{6F482C75-174D-42EB-A2CF-B00A1F354F7B}) (Version: 1.4.1.1 - Western Digital)
Windows Driver Package - ASUS (ATP) Mouse  (10/29/2012 1.0.0.148) (HKLM\...\C01F56FBD9B141017E63E2A1A141E59934D4DC67) (Version: 10/29/2012 1.0.0.148 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wizard101 (HKU\S-1-5-21-3443199759-2312325277-567934048-1002\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\MICROS~1\Office14\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\MICROS~1\Office14\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\MICROS~1\Office14\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\MICROS~1\Office14\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\MICROS~1\Office14\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\MICROS~1\Office14\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\MICROS~1\Office14\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\MICROS~1\Office14\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\MICROS~1\Office14\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\MICROS~1\Office14\GROOVEEX.DLL -> No File
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 4\x64\ContextHandler.dll [2013-12-02] (Glarysoft Ltd)
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-06-10] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2012-06-10] (Alexander Roshal)
ContextMenuHandlers1-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\Program Files\MICROS~1\Office14\GROOVEEX.DLL -> No File
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 4\x64\ContextHandler.dll [2013-12-02] (Glarysoft Ltd)
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd)
ContextMenuHandlers3: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2325} => C:\WINDOWS\system32\mscoree.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll -> No File
ContextMenuHandlers3: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\Program Files\MICROS~1\Office14\GROOVEEX.DLL -> No File
ContextMenuHandlers4: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\Program Files\MICROS~1\Office14\GROOVEEX.DLL -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-08-01] (NVIDIA Corporation)
ContextMenuHandlers5: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\Program Files\MICROS~1\Office14\GROOVEEX.DLL -> No File
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 4\x64\ContextHandler.dll [2013-12-02] (Glarysoft Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-06-10] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2012-06-10] (Alexander Roshal)
ContextMenuHandlers6-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\Program Files\MICROS~1\Office14\GROOVEEX.DLL -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01985CF5-37E6-4A15-9FD9-26F5CCE8532D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17613.18039-0\MpCmdRun.exe [2018-04-12] (Microsoft Corporation)
Task: {0B481C1E-9043-4C62-AC1D-A7A821CA034F} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2012-09-27] ()
Task: {17DC023B-685A-4612-A2FC-2ED042FD6A8D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {1DA26EEB-E28B-47D1-83D0-6F3CADAE0419} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.)
Task: {261C962C-C46D-4D6A-9143-B6A911FF28C5} - System32\Tasks\{D09C0F8F-DFF1-42DA-B96A-D1411D3FE709} => C:\WINDOWS\system32\pcalua.exe -a E:\AUTORun.exe -d E:\
Task: {28366634-C99B-41A1-A237-A5A86029B1BF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17613.18039-0\MpCmdRun.exe [2018-04-12] (Microsoft Corporation)
Task: {2A12A894-2894-4D52-80DE-0C8B06FAA5C3} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3F918020-4EC3-46DA-9532-97C99EF1AA2B} - System32\Tasks\{F06C416E-DD6B-4831-9D42-5C015C2BF542} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\ameyb_000\Downloads\Displaylink_7.2.47873.0.exe -d C:\Users\ameyb_000\Downloads
Task: {4BCA6658-3650-41AC-BCB0-15AAA4D9ED29} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {4EF56B7B-1EF7-4BE2-A54B-4BFFD91D510C} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-07-25] (ASUSTeK Computer Inc.)
Task: {5187EDEB-AD82-4DD2-99CF-CF69A7EBDAC2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {5BA232EE-D0B4-4D6D-915A-4DC1FCDB256A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {753889F4-956F-4C52-93AA-B4621BE9BED2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {772A6DF1-82CE-45A9-B15A-D83DD1163B96} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_140_Plugin.exe [2018-04-10] (Adobe Systems Incorporated)
Task: {7B925BB0-BFF7-4CDD-830B-A28C4427C3F4} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {832019C3-1150-44E2-A92F-B4C360A13FF0} - System32\Tasks\GlaryInitialize 4 => C:\Program Files (x86)\Glary Utilities 4\Initialize.exe [2013-12-02] (Glarysoft Ltd)
Task: {8A4C72F0-7E3A-4B30-B327-97DCBEF4C006} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {8B131463-EADC-4D5A-A1DF-46CC6296990B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {9091FC87-6441-486D-AC52-13AB530732CF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17613.18039-0\MpCmdRun.exe [2018-04-12] (Microsoft Corporation)
Task: {95545E6F-10F9-48C5-8750-BDE846B481F9} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {9586679B-262E-4173-8ED0-B526A3A3AB85} - no filepath
Task: {98AD792F-48FC-4E9D-BF41-6B713E928C70} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe
Task: {C4BADFE4-DBBC-440E-A83D-E4E629ED7508} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17613.18039-0\MpCmdRun.exe [2018-04-12] (Microsoft Corporation)
Task: {D33F288D-9793-4C68-836C-F396B6D48487} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {E0721EF7-4140-45EE-935B-0F9BEB60CCDD} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {E527964A-34C6-4486-94BE-CD0985E4F950} - System32\Tasks\TechUtilities => C:\Program Files\TechUtilities\TechUtilities.exe
Task: {E9870908-D044-4878-9877-0C03DF52C9AE} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-04-10] (Adobe Systems Incorporated)
Task: {EC552D4D-B838-4139-B729-DB321214C71F} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {F714B5B2-0841-4DF7-959B-41085FBB89A7} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {FA9D2411-8FE3-4DDE-9B43-2E67CFC72C46} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {FAA95BE5-9E29-4059-A76A-6BE447472F11} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {FACBB943-B2AB-48F0-8296-929105D7FE4E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {FCA26EBC-F0D6-4CD5-AFBA-584920E71E9C} - \{E2E96305-CAA0-44D8-933E-A5E86CE8BE45} -> No File <==== ATTENTION
Task: {FF41D0A2-2694-4E54-ADF7-66370F34D12C} - System32\Tasks\Trigger KMS Activation => C:\Program Files\KMSnano\TriggerKMS.exe [2013-01-26] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GlaryInitialize 4.job => C:\Program Files (x86)\Glary Utilities 4\Initialize.exe
Task: C:\WINDOWS\Tasks\TechUtilities.job => C:\Program Files\TechUtilities\TechUtilities.exe-t C:\Program Files\TechUtilities\TechUtilities.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-09-29 10:41 - 2017-09-29 10:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-06-19 08:59 - 2016-08-01 09:54 - 000133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-09-08 11:45 - 2010-09-08 11:45 - 001034752 _____ () C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe
2012-09-07 01:41 - 2012-07-30 08:26 - 000029056 _____ () C:\WINDOWS\system32\DptfParticipantProcessorService.exe
2012-09-07 01:41 - 2012-07-30 08:27 - 000030592 _____ () C:\WINDOWS\system32\DptfPolicyConfigTDPService.exe
2012-08-24 21:26 - 2012-08-24 21:26 - 000031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2018-03-14 11:13 - 2018-02-21 21:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-03-14 11:13 - 2018-02-21 21:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-03-15 11:31 - 2018-03-15 11:31 - 046139776 _____ () C:\Program Files\Google\Drive\googledrivesync.exe
2018-04-20 06:49 - 2018-04-20 06:49 - 000113152 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI32082\_ctypes.pyd
2018-04-20 06:49 - 2018-04-20 06:49 - 000080896 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI32082\bz2.pyd
2018-04-20 06:49 - 2018-04-20 06:49 - 001585152 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI32082\_hashlib.pyd
2018-04-20 06:49 - 2018-04-20 06:49 - 000128512 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI32082\win32api.pyd
2018-04-20 06:49 - 2018-04-20 06:49 - 000137728 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI32082\pywintypes27.dll
2018-04-20 06:49 - 2018-04-20 06:49 - 000548864 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI32082\pythoncom27.dll
2018-04-20 06:49 - 2018-04-20 06:49 - 000689664 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI32082\unicodedata.pyd
2018-04-20 06:49 - 2018-04-20 06:49 - 000438784 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI32082\win32com.shell.shell.pyd
2018-04-20 06:49 - 2018-04-20 06:49 - 001489408 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI32082\wx._core_.pyd
2018-04-20 06:49 - 2018-04-20 06:49 - 001007104 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI32082\wx._gdi_.pyd
2018-04-20 06:49 - 2018-04-20 06:49 - 001039872 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI32082\wx._windows_.pyd
2018-04-20 06:49 - 2018-04-20 06:49 - 001325056 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI32082\wx._controls_.pyd
2018-04-20 06:49 - 2018-04-20 06:49 - 000916992 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI32082\wx._misc_.pyd
2018-04-20 06:49 - 2018-04-20 06:49 - 001084416 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI32082\pysqlite2._sqlite.pyd
2018-04-20 06:49 - 2018-04-20 06:49 - 000149504 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI32082\win32file.pyd
2018-04-20 06:49 - 2018-04-20 06:49 - 000136192 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI32082\win32security.pyd
2018-04-20 06:49 - 2018-04-20 06:49 - 000007680 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI32082\hashobjs_ext.pyd
2018-04-20 06:49 - 2018-04-20 06:49 - 000020992 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI32082\thumbnails_ext.pyd
2018-04-20 06:49 - 2018-04-20 06:49 - 000118784 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI32082\usb_ext.pyd
2018-04-20 06:49 - 2018-04-20 06:49 - 000047616 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI32082\_socket.pyd
2018-04-20 06:49 - 2018-04-20 06:49 - 002224128 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI32082\_ssl.pyd
2018-04-20 06:49 - 2018-04-20 06:49 - 000014848 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI32082\common.time34.pyd
2018-04-20 06:49 - 2018-04-20 06:49 - 000023040 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI32082\win32event.pyd
2018-04-20 06:49 - 2018-04-20 06:49 - 000033280 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI32082\windows.conditional.pyd
2018-04-20 06:49 - 2018-04-20 06:49 - 000019968 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI32082\windows.winwrap.pyd
2018-04-20 06:49 - 2018-04-20 06:49 - 000107520 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI32082\windows.volumes.pyd
2018-04-20 06:49 - 2018-04-20 06:49 - 000223232 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI32082\win32gui.pyd
2018-04-20 06:49 - 2018-04-20 06:49 - 000173568 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI32082\_elementtree.pyd
2018-04-20 06:49 - 2018-04-20 06:49 - 000169472 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI32082\pyexpat.pyd
2018-04-20 06:49 - 2018-04-20 06:49 - 000048128 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI32082\win32inet.pyd
2018-04-20 06:49 - 2018-04-20 06:49 - 000103424 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI32082\wx._html2.pyd
2018-04-20 06:49 - 2018-04-20 06:49 - 000046080 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI32082\_psutil_windows.pyd
2018-04-20 06:49 - 2018-04-20 06:49 - 000633240 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI32082\windows._cacheinvalidation.pyd
2018-04-20 06:49 - 2018-04-20 06:49 - 005408256 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI32082\cello.pyd
2018-04-20 06:49 - 2018-04-20 06:49 - 000010752 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI32082\select.pyd
2018-04-20 06:49 - 2018-04-20 06:49 - 000011776 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI32082\win32crypt.pyd
2018-04-20 06:49 - 2018-04-20 06:49 - 000301568 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI32082\PIL._imaging.pyd
2018-04-20 06:49 - 2018-04-20 06:49 - 000032256 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI32082\_multiprocessing.pyd
2018-04-20 06:49 - 2018-04-20 06:49 - 000026112 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI32082\_yappi.pyd
2018-04-20 06:49 - 2018-04-20 06:49 - 000044032 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI32082\win32process.pyd
2018-04-20 06:49 - 2018-04-20 06:49 - 000027648 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI32082\win32pipe.pyd
2018-04-20 06:49 - 2018-04-20 06:49 - 000029696 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI32082\win32pdh.pyd
2018-04-20 06:49 - 2018-04-20 06:49 - 000038400 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI32082\windows.connectivity.pyd
2018-04-20 06:49 - 2018-04-20 06:49 - 000071168 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI32082\windows.device_monitor.pyd
2018-04-20 06:49 - 2018-04-20 06:49 - 000020480 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI32082\win32profile.pyd
2018-04-20 06:49 - 2018-04-20 06:49 - 000026624 _____ () C:\Users\ameyb_000\AppData\Local\Temp\_MEI32082\win32ts.pyd
2010-03-05 11:24 - 2010-03-05 11:24 - 000886272 _____ () C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\System.Data.SQLite.dll
2012-08-24 21:17 - 2012-08-24 21:17 - 000009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2013-12-02 04:13 - 2013-12-02 04:13 - 000080160 _____ () C:\Program Files (x86)\Glary Utilities 4\zlib1.dll
2012-09-30 23:52 - 2012-06-25 14:41 - 001198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 10:25 - 2018-04-18 09:34 - 000000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3443199759-2312325277-567934048-1001\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-3443199759-2312325277-567934048-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\ameyb_000\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img_1334.jpg
DNS Servers: 192.168.2.1 - 142.166.166.166
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "Install LastPass IE RunOnce.lnk"
HKLM\...\StartupApproved\Run32: => "ASUSWebStorage"
HKU\S-1-5-21-3443199759-2312325277-567934048-1002\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3443199759-2312325277-567934048-1002\...\StartupApproved\Run: => "BitTorrent"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C40E5101-C4F2-450D-B73C-DBA7D6B422DC}] => (Allow) C:\Program Files\KMSnano\qemu-system-i386.exe
FirewallRules: [{7069693A-F631-4C7B-9900-0C5A79CB8001}] => (Allow) C:\Program Files\KMSnano\qemu-system-i386.exe
FirewallRules: [{5361889E-2A05-4D64-8CFB-183C680DC916}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{DBAD6586-C803-48DD-BEC5-313A3E832948}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{A80F2471-42A9-431D-A81D-818AC41F7403}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DD3D2A4F-ADA9-4043-AE35-0D01424BE559}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6FD36A5B-8BE1-4E06-A65D-214132E2AF88}] => (Allow) C:\Users\ameyb_000\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{A1E999EE-1240-4169-BBFD-E1137CF60DDE}] => (Allow) C:\Users\ameyb_000\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [UDP Query User{6ED5ED49-2C80-403C-A75E-D3F25EA25009}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{0C7F1B2E-906C-4910-8184-AF52736F309B}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{F7E77262-790F-4D12-B01D-025B4E77EA52}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{B6B266AD-7070-4310-9D98-7BF81BBE672F}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{EF5E1F7C-86E5-4597-849D-BC3849D3943A}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{D42FCDAC-CD18-4D37-93D4-DDDEACDC2BE2}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{79555305-46E7-4AD5-AC2C-9237256C36EB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{BE1E4C1A-254E-43C1-AF97-DEE4F70E3D06}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{E127B593-FEAC-4C81-B1A0-0A1645F3F946}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{48A7319B-7BC0-4D1F-AC47-F0F5544F2550}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{45E50134-83B6-4757-8B74-E2638E2A65CD}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{26978919-6578-4188-AFB7-06DA69B28FF3}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{7E92A692-380C-49F6-9A0E-7FEEE2B3E21D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{71DD080D-934E-4D26-AE12-2496E8C3B715}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{750E6135-118E-4BF2-9D6B-63D2B15B97C6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

19-04-2018 17:07:02 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/20/2018 10:11:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SystemSettings.exe, version: 10.0.16299.15, time stamp: 0x7640753d
Faulting module name: msxml6.dll, version: 6.30.16299.98, time stamp: 0x7339c6c8
Exception code: 0xc0000005
Fault offset: 0x000000000008c3e0
Faulting process id: 0x5e4
Faulting application start time: 0x01d3d88f2fad6da3
Faulting application path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Faulting module path: C:\Windows\System32\msxml6.dll
Report Id: f62e4796-5b78-4d6c-a435-d9df55618054
Faulting package full name: windows.immersivecontrolpanel_10.0.1.1000_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel

Error: (04/19/2018 04:29:33 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (04/19/2018 04:22:14 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is 12450. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (04/18/2018 11:01:43 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000424,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,000000096A7FEDE0.72).  hr = 0x80070005, Access is denied.
.

Error: (04/18/2018 11:01:43 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001e8,(null),0,REG_BINARY,000000F4F17FD7B0.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {6c13bf49-4a91-493b-9ca6-531140fe20f8}

Error: (04/18/2018 11:01:43 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000268,(null),0,REG_BINARY,00000045A717D900.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {7a2e8062-f381-484a-a10f-91279f8c8870}

Error: (04/18/2018 11:01:43 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001e4,SYSTEM\CurrentControlSet\Services\VSS\Diag\COM+ REGDB Writer,0,REG_BINARY,000000096A17EFA0.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
   Writer Name: COM+ REGDB Writer
   Writer Instance ID: {5e2ee678-61f9-41a8-87f3-0bffaf4f136a}

Error: (04/18/2018 11:01:43 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001e8,(null),0,REG_BINARY,000000F4F17FD7B0.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {6c13bf49-4a91-493b-9ca6-531140fe20f8}


System errors:
=============
Error: (04/20/2018 07:05:39 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/20/2018 07:03:21 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/20/2018 07:02:06 AM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {0823B6F8-F499-4D5E-B885-EA9CB4F43B24}. The error:
"216"
Happened while starting this command:
C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.16299.251_none_16dd4c82321e5ccc\TiWorker.exe -Embedding

Error: (04/20/2018 07:02:05 AM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {0823B6F8-F499-4D5E-B885-EA9CB4F43B24}. The error:
"216"
Happened while starting this command:
C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.16299.251_none_16dd4c82321e5ccc\TiWorker.exe -Embedding

Error: (04/20/2018 07:02:04 AM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {0823B6F8-F499-4D5E-B885-EA9CB4F43B24}. The error:
"216"
Happened while starting this command:
C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.16299.251_none_16dd4c82321e5ccc\TiWorker.exe -Embedding

Error: (04/20/2018 07:02:03 AM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {0823B6F8-F499-4D5E-B885-EA9CB4F43B24}. The error:
"216"
Happened while starting this command:
C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.16299.251_none_16dd4c82321e5ccc\TiWorker.exe -Embedding

Error: (04/20/2018 07:02:02 AM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {0823B6F8-F499-4D5E-B885-EA9CB4F43B24}. The error:
"216"
Happened while starting this command:
C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.16299.251_none_16dd4c82321e5ccc\TiWorker.exe -Embedding

Error: (04/20/2018 07:02:00 AM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {0823B6F8-F499-4D5E-B885-EA9CB4F43B24}. The error:
"216"
Happened while starting this command:
C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.16299.251_none_16dd4c82321e5ccc\TiWorker.exe -Embedding


Windows Defender:
===================================
Date: 2018-04-16 12:49:00.217
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Dynamer!ac&threatid=2147684005&enterprise=0
Name: Trojan:Win32/Dynamer!ac
ID: 2147684005
Severity: Severe
Category: Trojan
Path: containerfile:_C:\System Volume Information\SystemRestore\FRStaging\Users\ameyb_000\AppData\Local\FileSystemDriver\FileSystemDriver.exe;file:_C:\System Volume Information\SystemRestore\FRStaging\Users\ameyb_000\AppData\Local\FileSystemDriver\FileSystemDriver.exe->[lowcase_mzpe]
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.265.737.0, AS: 1.265.737.0, NIS: 1.265.737.0
Engine Version: AM: 1.1.14700.5, NIS: 1.1.14700.5

Date: 2018-04-16 12:43:10.697
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/Xeelyak&threatid=238322&enterprise=0
Name: BrowserModifier:Win32/Xeelyak
ID: 238322
Severity: High
Category: Browser Modifier
Path: containerfile:_D:\stick\Virus Recovery\gusetup.exe;file:_D:\stick\Virus Recovery\gusetup.exe->(inno#000000)
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: User
Process Name: Unknown
Signature Version: AV: 1.265.737.0, AS: 1.265.737.0, NIS: 1.265.737.0
Engine Version: AM: 1.1.14700.5, NIS: 1.1.14700.5

Date: 2018-04-16 12:43:10.696
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Ditertag.B&threatid=2147722999&enterprise=0
Name: Trojan:Win32/Ditertag.B
ID: 2147722999
Severity: Severe
Category: Trojan
Path: file:_C:\System Volume Information\SystemRestore\FRStaging\Windows\Microsoft\svchost.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: User
Process Name: Unknown
Signature Version: AV: 1.265.737.0, AS: 1.265.737.0, NIS: 1.265.737.0
Engine Version: AM: 1.1.14700.5, NIS: 1.1.14700.5

Date: 2018-04-16 12:43:10.677
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Dynamer!ac&threatid=2147684005&enterprise=0
Name: Trojan:Win32/Dynamer!ac
ID: 2147684005
Severity: Severe
Category: Trojan
Path: containerfile:_C:\System Volume Information\SystemRestore\FRStaging\Users\ameyb_000\AppData\Local\FileSystemDriver\FileSystemDriver.exe;file:_C:\System Volume Information\SystemRestore\FRStaging\Users\ameyb_000\AppData\Local\FileSystemDriver\FileSystemDriver.exe->[lowcase_mzpe]
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: User
Process Name: Unknown
Signature Version: AV: 1.265.737.0, AS: 1.265.737.0, NIS: 1.265.737.0
Engine Version: AM: 1.1.14700.5, NIS: 1.1.14700.5

Date: 2018-04-16 07:33:24.741
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Ditertag.B&threatid=2147722999&enterprise=0
Name: Trojan:Win32/Ditertag.B
ID: 2147722999
Severity: Severe
Category: Trojan
Path: file:_C:\Windows\Microsoft\svchost.exe;process:_pid:3716,ProcessStart:131683474018364698;service:_SvcHost Service Host
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.265.737.0, AS: 1.265.737.0, NIS: 1.265.737.0
Engine Version: AM: 1.1.14700.5, NIS: 1.1.14700.5

Date: 2018-04-19 16:16:34.563
Description:
Windows Defender Antivirus has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: Current
Error Code: 0x80070003
Error description: The system cannot find the path specified.
Signature version: 0.0.0.0;0.0.0.0
Engine version: 0.0.0.0

Date: 2018-04-18 10:22:33.784
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.265.759.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14700.5
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2018-04-16 14:49:52.973
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.265.759.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14700.5
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2018-04-16 12:06:07.536
Description:
Windows Defender Antivirus has encountered an error trying to upload a suspicious file for further analysis.
Filename: C:\Windows\Temp\94825a54-18a3-428c-b7f1-48b388ae4954\tmp00000135\tmp00003c2a
Sha256:
Current Signature Version: AV: 1.265.737.0, AS: 1.265.737.0
Current Engine Version: 1.1.14700.5
Error code: 0x80508016

Date: 2018-04-16 07:35:25.329
Description:
Windows Defender Antivirus has encountered a critical error when taking action on malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Ditertag.B&threatid=2147722999&enterprise=0
Name: Trojan:Win32/Ditertag.B
ID: 2147722999
Severity: Severe
Category: Trojan
Path: file:_C:\Windows\Microsoft\svchost.exe;process:_pid:3716,ProcessStart:131683474018364698;service:_SvcHost Service Host
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Action: Remove
Action Status:  To finish removing malware and other potentially unwanted software, restart the device.
Error Code: 0x80070005
Error description: Access is denied.
Signature Version: AV: 1.265.737.0, AS: 1.265.737.0, NIS: 1.265.737.0
Engine Version: AM: 1.1.14700.5, NIS: 1.1.14700.5

CodeIntegrity:
===================================

Date: 2018-04-16 18:34:29.652
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz
Percentage of memory in use: 52%
Total physical RAM: 6029.67 MB
Available physical RAM: 2848.41 MB
Total Virtual: 6413.67 MB
Available Virtual: 3218.73 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:249.11 GB) (Free:157.9 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (DATA) (Fixed) (Total:398.18 GB) (Free:391.94 GB) NTFS
Drive g: (My Book) (Fixed) (Total:1862.98 GB) (Free:1449.13 GB) NTFS

\\?\Volume{4c37d2ae-6acf-455e-83d1-675c8876cd87}\ () (Fixed) (Total:30 GB) (Free:29.82 GB) NTFS
\\?\Volume{68664a3f-38d7-4fb5-8f2d-8fa2b9bb7209}\ (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.25 GB) FAT32
\\?\Volume{a6548009-af32-4cfc-bc76-17d676f7749c}\ (Recovery) (Fixed) (Total:0.59 GB) (Free:0.21 GB) NTFS
\\?\Volume{477b0333-44bd-41a2-9e2b-30a4dc843492}\ () (Fixed) (Total:0.34 GB) (Free:0.31 GB) NTFS
\\?\Volume{521eee93-109a-467a-80e6-57af0417d5eb}\ (Restore) (Fixed) (Total:20 GB) (Free:8.59 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 4F359092)

Partition: GPT.

========================================================
Disk: 1 (Size: 22.4 GB) (Disk ID: 19FE62D5)

Partition: GPT.

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 00064002)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Link to post
Share on other sites

For the start menu do the following:

Type taskbar settings into the cortana search function, select OK.

In the settings window flick swich to ON under "Replace Command prompt with PowerShell etc etc" If that setting is already on just leave that way...

Next,

Select Windows Key and X Key together, from the xmenu select "Powershell (admin)"

At the powershell prompt type of copy paste the following, hit enter afterthe command:

Get-AppXPackage | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}

Reboot, check the start menu, is that now OK.

Next,

For Windows Defender i`ve attached fixwd.zip unzip that file to your Desktop so you have fixwd.bat (do not save anywhere else)

Righr click on fixwd.bat and select run as administrator.. When that completes reboot your system and check if Defender opens ok...

Thanks,

Kevin...

 

fixwd.zip

Link to post
Share on other sites

Thanks for the update, continue with the following:

Download Portable Windows Repair (all in one) from one of the following:

www.tweaking.com/files/setups/tweaking.com_windows_repair_aio.zip

http://www.majorgeeks.com/mg/getmirror/tweaking_com_windows_repair_portable,1.html

https://www.bleepingcomputer.com/download/windows-repair-all-in-one/

Unzip the contents into a newly created folder on your desktop.

Boot your system to Safe mode, instructions here: https://support.microsoft.com/en-gb/help/12376/windows-10-start-your-pc-in-safe-mode

Open the Tweaking.com folder, run the tool by right click on Repair_Windows (icon with red briefcase) select "Run as Administrator"

From the main GUI do the following:

Select Tab 5 to make Registry backup, use the recommended option...

user posted image

When complete select "Repairs" tab, from there select "Open Repairs" tab..

From that window select the default option and checkmarck "Select All" box. When ready select "Start Repairs" tab....

user posted image

When complete re-boot your system to Normal mode, see if there is any improvement...

Logs are saved to the Tweaking.com folder on your Desktop, the one to post is _Windows_Repair_Log.txt
 
Thank you,
 
Kevin
Link to post
Share on other sites

Hi Kevin,

Here is the log - Start, Action Centre and Windows Defender still not working.

Tweaking.com - Windows Repair 2018 (v4.0.17)
--------------------------------------------------------------------------------

System Variables
--------------------------------------------------------------------------------
Running In Windows Safe Mode: True
OS: Windows 10 Home
OS Architecture: 64-bit
OS Version: 10.0.16299.309
OS Service Pack:
Computer Name: MAIN
Windows Drive: C:\
Windows Path: C:\WINDOWS
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\ameyb_000
Current Profile SID: S-1-5-21-3443199759-2312325277-567934048-1002
Current Profile Classes: S-1-5-21-3443199759-2312325277-567934048-1002_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\WINDOWS\ServiceProfiles
Local Settings AppData: C:\Users\ameyb_000\AppData\Local
--------------------------------------------------------------------------------

System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:11:17

Process Count: 39
Commit Total: 898.90 MB
Commit Limit: 6.26 GB
Commit Peak: 1.26 GB
Handle Count: 13219
Kernel Total: 310.75 MB
Kernel Paged: 234.08 MB
Kernel Non Paged: 76.68 MB
System Cache: 1.05 GB
Thread Count: 476
--------------------------------------------------------------------------------

Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 5.89 GB
Memory Used: 1.02 GB(17.295%)
Memory Avail.: 4.87 GB
--------------------------------------------------------------------------------

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 5.89 GB
Memory Used: 856.96 MB(14.2125%)
Memory Avail.: 5.05 GB
--------------------------------------------------------------------------------

Starting Repairs...
   Started at (2018-04-21 10:57:19 AM)

Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 181
 
01 - Reset Registry Permissions
   Restore Windows 7/8/10 Default Registry Permissions
   Start (2018-04-21 10:57:22 AM)


Decompressing & Updating Windows Permission File C:\Users\ameyb_000\Desktop\tweaking\files\permissions\10\hku.7z
Done,  0.42 seconds.


Decompressing & Updating Windows Permission File C:\Users\ameyb_000\Desktop\tweaking\files\permissions\10\hklm.7z
Done,  7.31 seconds.

   Running Repair Under System Account
   Done (2018-04-21 10:58:53 AM)

02 - Reset File Permissions
   Restore Windows 7/8/10 Default File Permissions
   Start (2018-04-21 10:58:53 AM)


Decompressing & Updating Windows Permission File C:\Users\ameyb_000\Desktop\tweaking\files\permissions\10\default.7z
Done,  0.15 seconds.


Decompressing & Updating Windows Permission File C:\Users\ameyb_000\Desktop\tweaking\files\permissions\10\profile.7z
Done,  0.23 seconds.


Decompressing & Updating Windows Permission File C:\Users\ameyb_000\Desktop\tweaking\files\permissions\10\program_files.7z
Done,  0.46 seconds.


Decompressing & Updating Windows Permission File C:\Users\ameyb_000\Desktop\tweaking\files\permissions\10\program_files_x86.7z
Done,  0.16 seconds.


Decompressing & Updating Windows Permission File C:\Users\ameyb_000\Desktop\tweaking\files\permissions\10\programdata.7z
Done,  0.19 seconds.


Decompressing & Updating Windows Permission File C:\Users\ameyb_000\Desktop\tweaking\files\permissions\10\windows.7z
Done,  3.14 seconds.

   Running Repair Under System Account
   Done (2018-04-21 11:17:39 AM)

03 - Reset Service Permissions
   Start (2018-04-21 11:17:39 AM)

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2018-04-21 11:18:01 AM)

04 - Register System Files
   Start (2018-04-21 11:18:01 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2018-04-21 11:19:14 AM)

05 - Repair WMI
   Start (2018-04-21 11:19:14 AM)

   Starting Security Center So We Can Export The Security Info.

   Exporting Antivirus Info...
   Windows Defender Exported.

   Exporting AntiSpyware Info...
   Windows Defender Exported.

   Exporting 3rd Party Firewall Info...
   No Firewall Products Reported.

   Running Repair Under Current User Account
   Done (2018-04-21 11:22:04 AM)

06 - Repair Windows Firewall
   Start (2018-04-21 11:22:04 AM)

Decompressing & Updating Windows Permission File C:\Users\ameyb_000\Desktop\tweaking\files\permissions\10\services.7z
Done,  0.2 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2018-04-21 11:22:24 AM)

07 - Repair Internet Explorer
   Start (2018-04-21 11:22:24 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2018-04-21 11:22:55 AM)

08 - Repair MDAC/MS Jet
   Start (2018-04-21 11:22:55 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2018-04-21 11:23:08 AM)

09 - Repair Hosts File
   Start (2018-04-21 11:23:08 AM)
   Running Repair Under System Account
   Done (2018-04-21 11:23:10 AM)

10 - Remove Policies Set By Infections
   Start (2018-04-21 11:23:10 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2018-04-21 11:23:14 AM)

11 - Repair Start Menu Icons Removed By Infections
   Start (2018-04-21 11:23:14 AM)
   Running Repair Under System Account
   Done (2018-04-21 11:23:15 AM)

12 - Repair Icons
   Start (2018-04-21 11:23:15 AM)
   Running Repair Under Current User Account
   Done (2018-04-21 11:25:14 AM)

13 - Repair Network
   Start (2018-04-21 11:25:14 AM)

Decompressing & Updating Windows Permission File C:\Users\ameyb_000\Desktop\tweaking\files\permissions\10\services.7z
Done,  0.39 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2018-04-21 11:25:27 AM)

14 - Remove Temp Files
   Start (2018-04-21 11:25:27 AM)
   Running Repair Under System Account
   Done (2018-04-21 11:25:30 AM)

15 - Repair Proxy Settings
   Start (2018-04-21 11:25:30 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2018-04-21 11:25:32 AM)

16 - Repair Windows Updates
   Start (2018-04-21 11:25:32 AM)

Decompressing & Updating Windows Permission File C:\Users\ameyb_000\Desktop\tweaking\files\permissions\10\services.7z
Done,  0.19 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
   Done (2018-04-21 11:26:13 AM)

17 - Repair CD/DVD Missing/Not Working
   Start (2018-04-21 11:26:14 AM)
   iTunes or GEARAspiWDM.sys not found, not applying UpperFilters iTunes Reg Key
   Done (2018-04-21 11:26:14 AM)

18 - Repair Volume Shadow Copy Service
   Start (2018-04-21 11:26:14 AM)

Decompressing & Updating Windows Permission File C:\Users\ameyb_000\Desktop\tweaking\files\permissions\10\services.7z
Done,  0.2 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2018-04-21 11:26:57 AM)

19 - Repair Windows Sidebar/Gadgets
   Start (2018-04-21 11:26:57 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2018-04-21 11:26:59 AM)

20 - Repair MSI (Windows Installer)
   Start (2018-04-21 11:26:59 AM)

Decompressing & Updating Windows Permission File C:\Users\ameyb_000\Desktop\tweaking\files\permissions\10\services.7z
Done,  0.2 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2018-04-21 11:27:11 AM)

21 - Repair Windows Snipping Tool
   Start (2018-04-21 11:27:11 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2018-04-21 11:27:13 AM)

22.01 - Repair bat Association
   Start (2018-04-21 11:27:13 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2018-04-21 11:27:15 AM)

22.02 - Repair cmd Association
   Start (2018-04-21 11:27:15 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2018-04-21 11:27:18 AM)

22.03 - Repair com Association
   Start (2018-04-21 11:27:18 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2018-04-21 11:27:20 AM)

22.04 - Repair Directory Association
   Start (2018-04-21 11:27:20 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2018-04-21 11:27:22 AM)

22.05 - Repair Drive Association
   Start (2018-04-21 11:27:22 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2018-04-21 11:27:24 AM)

22.06 - Repair exe Association
   Start (2018-04-21 11:27:24 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2018-04-21 11:27:26 AM)

22.07 - Repair Folder Association
   Start (2018-04-21 11:27:26 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2018-04-21 11:27:29 AM)

22.08 - Repair inf Association
   Start (2018-04-21 11:27:29 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2018-04-21 11:27:31 AM)

22.09 - Repair lnk (Shortcuts) Association
   Start (2018-04-21 11:27:31 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2018-04-21 11:27:33 AM)

22.10 - Repair msc Association
   Start (2018-04-21 11:27:33 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2018-04-21 11:27:35 AM)

22.11 - Repair reg Association
   Start (2018-04-21 11:27:35 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2018-04-21 11:27:37 AM)

22.12 - Repair scr Association
   Start (2018-04-21 11:27:37 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2018-04-21 11:27:39 AM)

23 - Repair Windows Safe Mode
   Start (2018-04-21 11:27:40 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2018-04-21 11:27:42 AM)

24 - Repair Print Spooler
   Start (2018-04-21 11:27:42 AM)

Decompressing & Updating Windows Permission File C:\Users\ameyb_000\Desktop\tweaking\files\permissions\10\services.7z
Done,  0.2 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2018-04-21 11:27:48 AM)

25 - Restore Important Windows Services
   Skipping Repair.
   This repair is currently being updated to support the Windows 10 Fall Update

26 - Set Windows Services To Default Startup
   Skipping Repair.
   This repair is currently being updated to support the Windows 10 Fall Update

27.01 - Repair Windows 8/10 App Store
   Skipping Repair.
   This repair is currently disabled for this version of Windows due to the constant changes to the app store.

28 - Repair Windows 8/10 Component Store
   Start (2018-04-21 11:27:49 AM)
   Running Repair Under Current User Account
   Done (2018-04-21 11:28:16 AM)

29 - Restore Windows 8/10 COM+ Unmarshalers
   Start (2018-04-21 11:28:16 AM)
   Running Repair Under System Account
[X] -----Job Complete-----         Items Done: 1      
   Done (2018-04-21 11:28:19 AM)

30 - Repair Windows 'New' Submenu
   Start (2018-04-21 11:28:19 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2018-04-21 11:28:21 AM)

31 - Restore UAC (User Account Control) Settings
   Start (2018-04-21 11:28:21 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (2018-04-21 11:28:23 AM)

32 - Repair Performance Counters
   Start (2018-04-21 11:28:23 AM)
   Running Repair Under Current User Account
   Done (2018-04-21 11:28:26 AM)

Cleaning up empty logs...

All Selected Repairs Done.
   Done at (2018-04-21 11:28:26 AM)
   Total Repair Time: 00:31:09


...YOU MUST RESTART YOUR SYSTEM...

 

Link to post
Share on other sites

I half expected that result, obviously your system has suffered registry damage from the infection... Probably the best way forward is to run a system "Refresh" that is reinstalling windows without losing any files, data, etc. Any software that you have installed yourself from outside the app store will be lost and require reinstalling..

Full instructions here: https://www.tenforums.com/tutorials/4090-refresh-windows-10-a.html

Let me know the outcome...

Thanks,

Kevin...

Link to post
Share on other sites

Hi Kevin,

I too was resigned, for several days now, to the fact that I would have to re-install Windows. I was hesitant to do this initially because I had never faced this before. I have now done the refresh option, saving my data, and am slowly working my way through re-configuring my preferences and re-installing the apps that we used over the years. A bit of a slow process but at least I now have control of my system. Thanks for your help and patience!

 

Link to post
Share on other sites

When you have your system set up and all software etc reinstalled you may want to create a custom recovery drive, that is a better option than Refresh or Reset when you know important software will need to be reinstalled, also possibly important drivers will have to found..

A custom recovery drive will make a system refresh or reset much easier for you. Full instructions at the following link:

https://www.tenforums.com/tutorials/11769-create-provisioning-package-windows-10-a.html

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image
Link to post
Share on other sites