Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

search engine redirect,and other weird stuff. [Solved]

Started by hdz , Jun 14 2017 07:04 AM

rootkits search engine redirect

This topic is locked

#1
hdz

Posted 14 June 2017 - 07:04 AM

Member

Member
20 posts

Hi, I have been experiencing pretty werid things,for example the search engine keeps changing to myluckysite and sometimes I find some random apps shortcuts,and the internet is sometimes very slow on the pc only,i also find unknown apps on task manager like pc cleanplus and T0Yz&0qCVp.exe.the only browser I have installed right now is Microsoft edge and internet explorer. so anyway I scanned it with malwarebyte anti rootkit, and it found like 2000+ threats and the tool keeps lagging after reaching 2000 or more,anyway I scanned with farbar and here are the results:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-06-2017
Ran by hdz (administrator) on HDZZ (14-06-2017 16:22:38)
Running from C:\Users\hdz\Downloads
Loaded Profiles: hdz & (Available Profiles: defaultuser0 & hdz)
Platform: Microsoft Windows 10 Pro Version 1703 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x86__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1706.1602.0_x86__8wekyb3d8bbwe\Calculator.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17042.14211.0_x86__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Windows\System32\osk.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\RunOnce: [{CD684B81-E58F-4E32-973A-E38672C8E786}] => cmd.exe /C start /D "C:\Users\hdz\AppData\Local\Temp\{CD684B81-E58F-4E32-973A-E38672C8E786}" /B {F1BF1DA8-91B9-4E7E-8603-BCCD358C406C}.exe -accepteula -accepteulaksn -postboot <===== ATTENTION
HKU\S-1-5-21-2863771085-710865549-2862127350-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [515072 2017-03-18] (Microsoft Corporation)
HKLM\...\Providers\quvbwdhx: C:\Program Files\Jujalyclartion Launcher\local32spl.dll
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\hdz\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\hdz\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\hdz\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Users\hdz\AppData\Local\Temp\Rar$EXa0.501\IDMShellExt.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll [2016-10-25] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ultra Hal Assistant 6 Startup.lnk [2017-05-20]
ShortcutTarget: Ultra Hal Assistant 6 Startup.lnk -> C:\Program Files\Zabaware\Ultra Hal Assistant 6\HalAsst.exe (Zabaware)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Zabaware Reader Startup.lnk [2017-05-20]
ShortcutTarget: Zabaware Reader Startup.lnk -> C:\Program Files\Zabaware\Reader 2\ZabaReader.exe (Zabaware, Inc.)
InternetURL: C:\Users\hdz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\conros.com.url -> URL: C:\Users\hdz\AppData\Roaming\csjtl.exe
GroupPolicy: Restriction ? <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 1.1.1.2 185.116.116.155 8.8.8.8 192.168.1.1
Tcpip\..\Interfaces\{5c6ffd9f-dc25-4c04-8ce6-25725dc808f3}: [DhcpNameServer] 1.1.1.2 185.116.116.155 8.8.8.8 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=1495617312&z=7c5b68a31f77ad5e60213b0g3z1t7wfqagfm8cdg4g&from=che0812&uid=ST9320325AS_6VDE8D5H
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&ts=1495617312&z=7c5b68a31f77ad5e60213b0g3z1t7wfqagfm8cdg4g&from=che0812&uid=ST9320325AS_6VDE8D5H&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1495617312&z=7c5b68a31f77ad5e60213b0g3z1t7wfqagfm8cdg4g&from=che0812&uid=ST9320325AS_6VDE8D5H
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1495617312&z=7c5b68a31f77ad5e60213b0g3z1t7wfqagfm8cdg4g&from=che0812&uid=ST9320325AS_6VDE8D5H&q={searchTerms}
HKU\S-1-5-21-2863771085-710865549-2862127350-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1495617312&z=7c5b68a31f77ad5e60213b0g3z1t7wfqagfm8cdg4g&from=che0812&uid=ST9320325AS_6VDE8D5H
HKU\S-1-5-21-2863771085-710865549-2862127350-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_savemygame_17_11_dopc&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dlb%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1Qzuzy0C0ByBtD0D0AyDyByCyDzz0A0C0DyDtN0D0Tzu0StCzytDtAtN1L2XzutAtFtByCtFtBtFyDtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyCzyyBtCzytCzyyCtGtB0AyBtBtGtBtB0CzytGyE0B0EtCtGtDyB0AyDyByEzz0BtDtDyEtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0C0B0FtBzz0FyEtGyByE0ByCtGyEzyyE0CtGzz0C0A0FtGzy0DyBtC0CtB0A0A0E0ByDtD2QtN0A0LzuyE%26cr%3D1091661411%26a%3Dwny_savemygame_17_11_dopc%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro
HKU\S-1-5-21-2863771085-710865549-2862127350-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1495617312&z=7c5b68a31f77ad5e60213b0g3z1t7wfqagfm8cdg4g&from=che0812&uid=ST9320325AS_6VDE8D5H
HKU\S-1-5-21-2863771085-710865549-2862127350-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_savemygame_17_11_dopc&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dlb%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1Qzuzy0C0ByBtD0D0AyDyByCyDzz0A0C0DyDtN0D0Tzu0StCzytDtAtN1L2XzutAtFtByCtFtBtFyDtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyCzyyBtCzytCzyyCtGtB0AyBtBtGtBtB0CzytGyE0B0EtCtGtDyB0AyDyByEzz0BtDtDyEtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0C0B0FtBzz0FyEtGyByE0ByCtGyEzyyE0CtGzz0C0A0FtGzy0DyBtC0CtB0A0A0E0ByDtD2QtN0A0LzuyE%26cr%3D1091661411%26a%3Dwny_savemygame_17_11_dopc%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro
SearchScopes: HKU\S-1-5-21-2863771085-710865549-2862127350-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_savemygame_17_11_dopc&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dlb%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1Qzuzy0C0ByBtD0D0AyDyByCyDzz0A0C0DyDtN0D0Tzu0StCzytDtAtN1L2XzutAtFtByCtFtBtFyDtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyCzyyBtCzytCzyyCtGtB0AyBtBtGtBtB0CzytGyE0B0EtCtGtDyB0AyDyByEzz0BtDtDyEtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0C0B0FtBzz0FyEtGyByE0ByCtGyEzyyE0CtGzz0C0A0FtGzy0DyBtC0CtB0A0A0E0ByDtD2QtN0A0LzuyE%26cr%3D1091661411%26a%3Dwny_savemygame_17_11_dopc%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2863771085-710865549-2862127350-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_savemygame_17_11_dopc&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dlb%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1Qzuzy0C0ByBtD0D0AyDyByCyDzz0A0C0DyDtN0D0Tzu0StCzytDtAtN1L2XzutAtFtByCtFtBtFyDtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyCzyyBtCzytCzyyCtGtB0AyBtBtGtBtB0CzytGyE0B0EtCtGtDyB0AyDyByEzz0BtDtDyEtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0C0B0FtBzz0FyEtGyByE0ByCtGyEzyyE0CtGzz0C0A0FtGzy0DyBtC0CtB0A0A0E0ByDtD2QtN0A0LzuyE%26cr%3D1091661411%26a%3Dwny_savemygame_17_11_dopc%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2863771085-710865549-2862127350-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_savemygame_17_11_dopc&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dlb%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1Qzuzy0C0ByBtD0D0AyDyByCyDzz0A0C0DyDtN0D0Tzu0StCzytDtAtN1L2XzutAtFtByCtFtBtFyDtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyCzyyBtCzytCzyyCtGtB0AyBtBtGtBtB0CzytGyE0B0EtCtGtDyB0AyDyByEzz0BtDtDyEtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0C0B0FtBzz0FyEtGyByE0ByCtGyEzyyE0CtGzz0C0A0FtGzy0DyBtC0CtB0A0A0E0ByDtD2QtN0A0LzuyE%26cr%3D1091661411%26a%3Dwny_savemygame_17_11_dopc%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2863771085-710865549-2862127350-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_savemygame_17_11_dopc&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dlb%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1Qzuzy0C0ByBtD0D0AyDyByCyDzz0A0C0DyDtN0D0Tzu0StCzytDtAtN1L2XzutAtFtByCtFtBtFyDtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyCzyyBtCzytCzyyCtGtB0AyBtBtGtBtB0CzytGyE0B0EtCtGtDyB0AyDyByEzz0BtDtDyEtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0C0B0FtBzz0FyEtGyByE0ByCtGyEzyyE0CtGzz0C0A0FtGzy0DyBtC0CtB0A0A0E0ByDtD2QtN0A0LzuyE%26cr%3D1091661411%26a%3Dwny_savemygame_17_11_dopc%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Users\hdz\AppData\Local\Temp\Rar$EXa0.501\IDMIECC.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-03-19] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-19] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-2863771085-710865549-2862127350-1001 -> hxxp://www.ourluckysites.com/?type=hp&ts=1495617312&z=7c5b68a31f77ad5e60213b0g3z1t7wfqagfm8cdg4g&from=che0812&uid=ST9320325AS_6VDE8D5H
Edge Extension: (No Name) -> IDMIntegrationModule_5B7ACC0AB2EB44E3AC0E4A451EA0DB8E => C:\Program Files\Internet Download Manager [2017-06-14]

FireFox:
========
FF DefaultProfile: 7y3wvght.default
FF ProfilePath: C:\Users\hdz\AppData\Roaming\Mozilla\Firefox\Profiles\7y3wvght.default [2017-04-27]
FF Homepage: Mozilla\Firefox\Profiles\7y3wvght.default -> user_pref("browser.startup.homepage", "hxxps://www.malwarebytes.org/restorebrowser/
FF NetworkProxy: Mozilla\Firefox\Profiles\7y3wvght.default -> type",
FF ProfilePath: C:\Users\hdz\AppData\Roaming\Firefox\Firefox\Profiles\7y3wvght.default [2017-05-27]
FF SearchPlugin: C:\Users\hdz\AppData\Roaming\Firefox\Firefox\Profiles\7y3wvght.default\searchplugins\startsearch.xml [2017-05-27]
FF HKU\S-1-5-21-2863771085-710865549-2862127350-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\hdz\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\hdz\AppData\Roaming\IDM\idmmzcc5 [2017-06-14] [not signed]
FF HKU\S-1-5-21-2863771085-710865549-2862127350-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\hdz\AppData\Local\Temp\Rar$EXa0.501\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Users\hdz\AppData\Local\Temp\Rar$EXa0.501\idmmzcc2.xpi [2017-01-26]
FF HKU\S-1-5-21-2863771085-710865549-2862127350-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\hdz\AppData\Roaming\IDM\idmmzcc5
FF HKU\S-1-5-21-2863771085-710865549-2862127350-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\hdz\AppData\Local\Temp\Rar$EXa0.501\idmmzcc2.xpi
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-19] (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-03-27] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2863771085-710865549-2862127350-1001: @nsroblox.roblox.com/launcher -> C:\Users\hdz\AppData\Local\Roblox\Versions\version-88b966c853f84435\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2863771085-710865549-2862127350-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\hdz\AppData\Local\Roblox\Versions\version-88b966c853f84435\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2863771085-710865549-2862127350-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @nsroblox.roblox.com/launcher -> C:\Users\hdz\AppData\Local\Roblox\Versions\version-88b966c853f84435\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2863771085-710865549-2862127350-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @nsroblox.roblox.com/launcher64 -> C:\Users\hdz\AppData\Local\Roblox\Versions\version-88b966c853f84435\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Users\hdz\AppData\Local\Temp\Rar$EXa0.501\IDMGCExt.crx [2017-04-26]
StartMenuInternet: Google Chrome - Chrome.exe
HKU\S-1-5-21-2863771085-710865549-2862127350-1001\...\StartMenuInternet\ChromeHTML: -> C:\Program Files\Bangtony\Application\chrome.exe <==== ATTENTION
HKU\S-1-5-21-2863771085-710865549-2862127350-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartMenuInternet\ChromeHTML: -> C:\Program Files\Bangtony\Application\chrome.exe <==== ATTENTION

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [771672 2017-03-14] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
S3 cphs; C:\WINDOWS\system32\IntelCpHeciSvc.exe [300120 2017-03-10] (Intel Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe [263936 2015-07-03] (Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2545848 2017-03-18] (Microsoft Corporation)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-03] (DEVGURU Co., LTD.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [227504 2016-04-28] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [265352 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [82488 2017-03-18] (Microsoft Corporation)
R2 WinSAPSvc; C:\Users\hdz\AppData\Roaming\WinSAPSvc\WinSAP.dll [1887232 2017-05-17] () [File not signed] <==== ATTENTION

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U0 55221049; C:\WINDOWS\System32\drivers\42713748.sys [262936 2017-06-14] (Kaspersky Lab, Yury Parshin)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [109184 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [59904 2017-03-22] ()
R3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [94936 2017-06-14] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [170200 2017-06-14] (Malwarebytes)
R3 RSPCIESTOR; C:\WINDOWS\system32\DRIVERS\RtsPStor.sys [256616 2012-03-29] (Realtek Semiconductor Corp.)
S3 rt640x86; C:\WINDOWS\System32\drivers\rt640x86.sys [504832 2017-03-18] (Realtek )
R3 rtwlane_13; C:\WINDOWS\System32\drivers\rtwlane_13.sys [3182592 2017-03-18] (Realtek Semiconductor Corporation )
R1 SCDEmu; C:\WINDOWS\system32\Drivers\SCDEmu.sys [124304 2017-02-02] (Power Software Ltd)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [44216 2016-04-28] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [147072 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\WINDOWS\system32\DRIVERS\ssudserd.sys [147072 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [23040 2016-04-21] (The OpenVPN Project)
S3 taphss6; C:\WINDOWS\System32\drivers\taphss6.sys [36944 2017-05-16] (Anchorfree Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [37464 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [243104 2017-03-18] (Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [119952 2016-07-15] (MBB)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [96672 2017-03-18] (Microsoft Corporation)
R3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [160256 2017-03-18] (Microsoft Corporation)
S3 MBAMFarflt; \??\C:\WINDOWS\system32\drivers\farflt.sys [X]
S3 MBAMWebProtection; \??\C:\WINDOWS\system32\drivers\mwac.sys [X]
U2 snare; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-14 16:22 - 2017-06-14 16:23 - 00020307 _____ C:\Users\hdz\Downloads\FRST.txt
2017-06-14 14:47 - 2017-06-14 14:47 - 00262936 _____ (Kaspersky Lab, Yury Parshin) C:\WINDOWS\system32\Drivers\42713748.sys
2017-06-14 14:44 - 2017-06-14 14:44 - 00262936 ____N (Kaspersky Lab, Yury Parshin) C:\WINDOWS\system32\Drivers\61251314.sys
2017-06-14 13:49 - 2017-06-14 13:50 - 00028860 _____ C:\Users\hdz\Downloads\Addition.txt
2017-06-14 13:46 - 2017-06-14 13:47 - 01777152 _____ (Farbar) C:\Users\hdz\Downloads\FRST.exe
2017-06-14 05:07 - 2017-06-14 16:22 - 00000000 ____D C:\FRST
2017-06-14 03:57 - 2017-06-14 14:48 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-06-14 03:57 - 2017-06-14 14:48 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-06-14 03:57 - 2017-06-14 03:57 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-06-14 03:54 - 2017-06-14 14:48 - 00094936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-06-14 03:54 - 2017-06-14 14:35 - 00000000 ____D C:\Users\hdz\Desktop\mbar
2017-06-14 03:51 - 2017-06-14 03:51 - 00001145 _____ C:\Users\hdz\Desktop\Internet Download Manager.lnk
2017-06-14 03:49 - 2017-06-14 03:51 - 00000000 ____D C:\Users\hdz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2017-06-14 03:49 - 2017-06-14 03:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2017-06-14 03:48 - 2017-06-14 03:54 - 16563352 _____ (Malwarebytes Corp.) C:\Users\hdz\Downloads\mbar-1.09.3.1001.exe
2017-06-14 03:46 - 2017-06-14 03:51 - 00930816 _____ C:\Users\hdz\AppData\Local\test_db_cara.db
2017-06-14 03:46 - 2017-06-14 03:46 - 00140800 _____ C:\Users\hdz\AppData\Local\installer.dat
2017-06-14 03:46 - 2017-06-14 03:46 - 00011568 _____ C:\Users\hdz\AppData\Local\InstallationConfiguration.xml
2017-06-14 03:45 - 2017-06-14 03:51 - 07160560 _____ (Tonec Inc.) C:\Users\hdz\Downloads\idman628build7.exe
2017-06-14 03:43 - 2017-06-14 15:10 - 00000000 ____D C:\Users\hdz\AppData\Roaming\IDM
2017-06-14 03:43 - 2017-06-14 03:53 - 00000000 ____D C:\Users\hdz\AppData\Roaming\DMCache
2017-06-14 03:43 - 2017-06-14 03:43 - 00000000 ____D C:\ProgramData\IDM
2017-06-14 03:40 - 2017-06-14 03:40 - 00117760 _____ C:\WINDOWS\Manager.exe
2017-06-13 23:30 - 2017-06-03 12:36 - 01150784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-06-13 23:30 - 2017-06-03 12:33 - 00095640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-13 23:30 - 2017-06-03 12:25 - 00177056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2017-06-13 23:30 - 2017-06-03 12:24 - 00249016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-06-13 23:30 - 2017-06-03 12:20 - 02086304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-06-13 23:30 - 2017-06-03 12:11 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-06-13 23:30 - 2017-06-03 12:09 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-06-13 23:30 - 2017-06-03 12:08 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-13 23:30 - 2017-06-03 12:07 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-06-13 23:30 - 2017-06-03 12:07 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-06-13 23:30 - 2017-06-03 12:06 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-06-13 23:30 - 2017-06-03 12:04 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-06-13 23:30 - 2017-06-03 12:03 - 19336192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-13 23:30 - 2017-06-03 12:03 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-06-13 23:30 - 2017-06-03 12:00 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-06-13 23:30 - 2017-06-03 11:59 - 02672128 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-13 23:30 - 2017-06-03 11:57 - 00797184 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-13 23:30 - 2017-06-03 11:56 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-06-13 23:30 - 2017-06-03 11:55 - 03656192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-13 23:30 - 2017-06-03 11:55 - 02132480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-13 23:30 - 2017-06-03 11:55 - 00791552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-06-13 23:30 - 2017-06-03 11:54 - 01831936 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-06-13 23:30 - 2017-05-20 12:00 - 00233376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-06-13 23:30 - 2017-05-20 11:50 - 00155040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-06-13 23:30 - 2017-05-20 11:47 - 01474800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-06-13 23:30 - 2017-05-20 11:46 - 00754080 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-06-13 23:30 - 2017-05-20 11:46 - 00534424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-06-13 23:30 - 2017-05-20 11:46 - 00122272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2017-06-13 23:30 - 2017-05-20 11:45 - 00480160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-06-13 23:30 - 2017-05-20 11:45 - 00259352 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-06-13 23:30 - 2017-05-20 11:43 - 01529384 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-06-13 23:30 - 2017-05-20 11:29 - 00786944 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthSSO.dll
2017-06-13 23:30 - 2017-05-20 11:27 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rootmdm.sys
2017-06-13 23:30 - 2017-05-20 11:26 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2017-06-13 23:30 - 2017-05-20 11:26 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmptrap.exe
2017-06-13 23:30 - 2017-05-20 11:25 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2017-06-13 23:30 - 2017-05-20 11:25 - 00113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSaveExt.dll
2017-06-13 23:30 - 2017-05-20 11:20 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-06-13 23:30 - 2017-05-20 11:20 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-06-13 23:30 - 2017-05-20 11:20 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-06-13 23:30 - 2017-05-20 11:17 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-06-13 23:29 - 2017-06-03 12:59 - 01427656 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-06-13 23:29 - 2017-06-03 12:59 - 00626528 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-06-13 23:29 - 2017-06-03 12:59 - 00311200 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-13 23:29 - 2017-06-03 12:37 - 00098208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-13 23:29 - 2017-06-03 12:36 - 05862304 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-13 23:29 - 2017-06-03 12:35 - 02259768 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-13 23:29 - 2017-06-03 12:33 - 00698384 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-06-13 23:29 - 2017-06-03 12:28 - 02022816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-13 23:29 - 2017-06-03 12:26 - 00777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-06-13 23:29 - 2017-06-03 12:23 - 20373920 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-13 23:29 - 2017-06-03 12:23 - 06760024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-06-13 23:29 - 2017-06-03 12:21 - 01516448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems32.dll
2017-06-13 23:29 - 2017-06-03 12:21 - 01294752 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-06-13 23:29 - 2017-06-03 12:21 - 01157536 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-06-13 23:29 - 2017-06-03 12:21 - 00957856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-06-13 23:29 - 2017-06-03 12:21 - 00649632 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-06-13 23:29 - 2017-06-03 12:21 - 00631712 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-06-13 23:29 - 2017-06-03 12:21 - 00592800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-06-13 23:29 - 2017-06-03 12:21 - 00497056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-06-13 23:29 - 2017-06-03 12:21 - 00492448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-06-13 23:29 - 2017-06-03 12:21 - 00288672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-06-13 23:29 - 2017-06-03 12:11 - 02958848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-06-13 23:29 - 2017-06-03 12:11 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-06-13 23:29 - 2017-06-03 12:11 - 00038912 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-13 23:29 - 2017-06-03 12:10 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-06-13 23:29 - 2017-06-03 12:07 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-06-13 23:29 - 2017-06-03 12:05 - 20506624 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-06-13 23:29 - 2017-06-03 12:05 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-06-13 23:29 - 2017-06-03 12:05 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\devicengccredprov.dll
2017-06-13 23:29 - 2017-06-03 11:59 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-06-13 23:29 - 2017-06-03 11:58 - 05961216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-13 23:29 - 2017-06-03 11:57 - 11870720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-13 23:29 - 2017-06-03 11:57 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-06-13 23:29 - 2017-06-03 11:55 - 02369536 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-06-13 23:29 - 2017-06-03 11:55 - 01844224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-13 23:29 - 2017-06-03 11:55 - 01585664 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-06-13 23:29 - 2017-06-03 11:55 - 01560064 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-13 23:29 - 2017-06-03 11:55 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-06-13 23:29 - 2017-06-03 11:55 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-13 23:29 - 2017-06-03 11:55 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-13 23:29 - 2017-06-03 11:55 - 00622592 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-13 23:29 - 2017-06-03 11:54 - 02341376 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-13 23:29 - 2017-06-03 11:54 - 02298368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-06-13 23:29 - 2017-06-03 11:53 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-06-13 23:29 - 2017-06-03 11:52 - 01331200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-06-13 23:29 - 2017-06-03 11:50 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\pwcreator.exe
2017-06-13 23:29 - 2017-05-20 12:13 - 01333136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-06-13 23:29 - 2017-05-20 11:55 - 00606960 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-06-13 23:29 - 2017-05-20 11:48 - 04469832 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-06-13 23:29 - 2017-05-20 11:48 - 00297576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-06-13 23:29 - 2017-05-20 11:47 - 00755616 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-06-13 23:29 - 2017-05-20 11:47 - 00582560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-06-13 23:29 - 2017-05-20 11:46 - 05821496 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-06-13 23:29 - 2017-05-20 11:46 - 01266544 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-06-13 23:29 - 2017-05-20 11:46 - 00173472 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-06-13 23:29 - 2017-05-20 11:45 - 00349600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-06-13 23:29 - 2017-05-20 11:44 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-06-13 23:29 - 2017-05-20 11:44 - 00296352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2017-06-13 23:29 - 2017-05-20 11:43 - 05802968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-06-13 23:29 - 2017-05-20 11:43 - 04672848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-06-13 23:29 - 2017-05-20 11:43 - 02424016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-06-13 23:29 - 2017-05-20 11:43 - 01455592 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2017-06-13 23:29 - 2017-05-20 11:43 - 01120864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-06-13 23:29 - 2017-05-20 11:43 - 00354400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-06-13 23:29 - 2017-05-20 11:29 - 13840384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-06-13 23:29 - 2017-05-20 11:29 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-06-13 23:29 - 2017-05-20 11:29 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2017-06-13 23:29 - 2017-05-20 11:29 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-06-13 23:29 - 2017-05-20 11:27 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-06-13 23:29 - 2017-05-20 11:27 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2017-06-13 23:29 - 2017-05-20 11:26 - 00059904 _____ C:\WINDOWS\system32\xboxgipsynthetic.dll
2017-06-13 23:29 - 2017-05-20 11:26 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-06-13 23:29 - 2017-05-20 11:24 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-06-13 23:29 - 2017-05-20 11:24 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll
2017-06-13 23:29 - 2017-05-20 11:23 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-06-13 23:29 - 2017-05-20 11:22 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2017-06-13 23:29 - 2017-05-20 11:22 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll
2017-06-13 23:29 - 2017-05-20 11:22 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-06-13 23:29 - 2017-05-20 11:22 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
2017-06-13 23:29 - 2017-05-20 11:22 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-06-13 23:29 - 2017-05-20 11:21 - 01984000 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2017-06-13 23:29 - 2017-05-20 11:21 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-06-13 23:29 - 2017-05-20 11:21 - 00454144 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll
2017-06-13 23:29 - 2017-05-20 11:21 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2017-06-13 23:29 - 2017-05-20 11:21 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-06-13 23:29 - 2017-05-20 11:21 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\system32\embeddedmodesvc.dll
2017-06-13 23:29 - 2017-05-20 11:20 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-06-13 23:29 - 2017-05-20 11:19 - 05719040 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-06-13 23:29 - 2017-05-20 11:19 - 01208320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-06-13 23:29 - 2017-05-20 11:19 - 00872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-06-13 23:29 - 2017-05-20 11:19 - 00868352 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2017-06-13 23:29 - 2017-05-20 11:19 - 00768000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2017-06-13 23:29 - 2017-05-20 11:19 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-06-13 23:29 - 2017-05-20 11:19 - 00617472 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-06-13 23:29 - 2017-05-20 11:18 - 00532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-06-13 23:29 - 2017-05-20 11:18 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-06-13 23:29 - 2017-05-20 11:17 - 01513984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-06-13 23:29 - 2017-05-20 11:17 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-06-13 23:29 - 2017-05-20 11:17 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2017-06-13 23:29 - 2017-05-20 11:17 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-06-13 23:29 - 2017-05-20 11:16 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-06-13 23:29 - 2017-05-20 11:16 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-06-13 23:29 - 2017-05-20 11:16 - 02588160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-06-13 23:29 - 2017-05-20 11:16 - 01918464 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-06-13 23:29 - 2017-05-20 11:16 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-06-13 23:29 - 2017-05-20 11:15 - 02088960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2017-06-13 23:29 - 2017-05-20 11:15 - 01830400 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-06-13 23:29 - 2017-05-20 11:14 - 04417024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-06-13 23:29 - 2017-05-20 11:14 - 04056576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-06-13 23:29 - 2017-05-20 11:14 - 03097088 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-06-13 23:29 - 2017-05-20 11:14 - 02679296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-06-13 23:29 - 2017-05-20 11:14 - 02211328 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-06-13 23:29 - 2017-05-20 11:14 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-06-13 23:29 - 2017-05-20 11:12 - 01127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-06-13 23:29 - 2017-05-20 11:12 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-06-13 23:29 - 2017-05-20 11:12 - 00485888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2017-06-13 23:29 - 2017-05-20 11:11 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2017-06-13 23:29 - 2017-05-20 11:10 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
2017-06-13 23:29 - 2017-05-20 11:10 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2017-06-13 23:29 - 2017-05-20 11:10 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\olepro32.dll
2017-06-13 23:29 - 2017-05-20 11:08 - 01926656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-06-13 23:28 - 2017-06-03 12:26 - 00266640 _____ (Microsoft Corporation) C:\WINDOWS\system32\capauthz.dll
2017-06-13 23:28 - 2017-06-03 12:23 - 00573856 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2017-06-13 23:28 - 2017-06-03 12:22 - 00296352 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-06-13 23:28 - 2017-06-03 12:06 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCredentialDeployment.exe
2017-06-13 23:28 - 2017-06-03 12:04 - 00661504 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-06-13 23:28 - 2017-06-03 12:03 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-06-13 23:28 - 2017-06-03 11:57 - 06535168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-06-13 23:28 - 2017-06-03 11:46 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\bfsvc.exe
2017-06-13 23:28 - 2017-05-20 11:50 - 00095648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2017-06-13 23:28 - 2017-05-20 11:44 - 00181664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-06-13 23:28 - 2017-05-20 11:25 - 00826368 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSMDesktopProvider.dll
2017-06-13 23:28 - 2017-05-20 11:19 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2017-06-13 23:28 - 2017-05-20 11:18 - 01450496 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-06-13 23:28 - 2017-05-20 11:17 - 00952832 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-06-13 23:28 - 2017-05-20 11:11 - 01536512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-06-13 23:28 - 2017-05-20 11:08 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2017-06-13 23:28 - 2017-05-20 11:08 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-06-13 16:06 - 2017-06-13 16:06 - 00000000 ____D C:\Users\hdz\AppData\Local\Tempzxpsignb95b26cbbdabd6d0
2017-06-13 16:05 - 2017-06-13 16:05 - 00000000 ____D C:\Users\hdz\AppData\Local\Tempzxpsign32e5c841e14004e9
2017-06-13 16:04 - 2017-06-13 16:04 - 00000000 ____D C:\Users\hdz\AppData\Local\Tempzxpsignb82a00df1cc18094
2017-06-13 16:04 - 2017-06-13 16:04 - 00000000 ____D C:\Users\hdz\AppData\Local\Tempzxpsignb49989e325fafca8
2017-06-12 20:58 - 2017-06-12 20:58 - 00220088 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\3514285E.sys
2017-06-11 23:45 - 2017-06-11 23:46 - 06822011 _____ C:\Users\hdz\Downloads\elHr6kT.psd
2017-06-11 23:09 - 2017-06-11 23:09 - 00000000 ____D C:\Users\hdz\AppData\Local\Tempzxpsignecc01b49f37620c9
2017-06-11 23:09 - 2017-06-11 23:09 - 00000000 ____D C:\Users\hdz\AppData\Local\Tempzxpsign666cb7fd8d76bd12
2017-06-11 23:08 - 2017-06-11 23:08 - 00000000 ____D C:\Users\hdz\AppData\Local\Tempzxpsignca2aa90fc001b739
2017-06-11 23:08 - 2017-06-11 23:08 - 00000000 ____D C:\Users\hdz\AppData\Local\Tempzxpsign98b572b3fdded430
2017-06-11 22:48 - 2017-06-11 22:48 - 00220088 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\67512E63.sys
2017-06-11 22:46 - 2017-06-11 22:46 - 00220088 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\412B2CB4.sys
2017-06-11 00:17 - 2017-06-11 00:17 - 00000000 ____D C:\Users\hdz\AppData\Local\Tempzxpsigna44f5c779841c38b
2017-06-10 23:37 - 2017-06-10 23:37 - 00000000 ____D C:\Users\hdz\AppData\Local\Tempzxpsignffb5da1284933d00
2017-06-10 23:36 - 2017-06-10 23:36 - 00000000 ____D C:\Users\hdz\AppData\Local\Tempzxpsign0273518d30a8a8aa
2017-06-10 23:35 - 2017-06-10 23:35 - 00000000 ____D C:\Users\hdz\AppData\Roaming\PDAppFlex
2017-06-10 23:35 - 2017-06-10 23:35 - 00000000 ____D C:\Users\hdz\AppData\Local\Tempzxpsign70c1da302d0b2e7a
2017-06-10 23:34 - 2017-06-10 23:34 - 00000000 ____D C:\Users\hdz\AppData\LocalLow\Adobe
2017-06-10 23:34 - 2017-06-10 23:34 - 00000000 ____D C:\Users\hdz\AppData\Local\Tempzxpsign8081e4cbd932f88d
2017-06-10 23:34 - 2017-06-10 23:34 - 00000000 ____D C:\Users\hdz\AppData\Local\Tempzxpsign274bbc7ba4daff82
2017-06-09 04:50 - 2017-06-09 04:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017
2017-06-05 21:46 - 2017-06-05 21:46 - 00000000 ____D C:\Users\hdz\AppData\Local\CrashRpt
2017-06-05 21:10 - 2017-06-14 04:49 - 00000000 ____D C:\Users\hdz\AppData\Local\Discord
2017-06-01 14:19 - 2017-06-14 14:35 - 00000000 ____D C:\Users\hdz\AppData\Local\glory
2017-06-01 12:29 - 2017-06-01 12:29 - 00000000 ____D C:\Users\Public\Documents\chrome
2017-05-31 02:13 - 2017-06-08 07:00 - 00000000 ____D C:\Users\hdz\AppData\Roaming\BetterDiscord
2017-05-29 09:10 - 2017-05-29 09:10 - 00000798 _____ C:\Users\Public\Desktop\SpaceEngine 0.980.lnk
2017-05-29 09:10 - 2017-05-29 09:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpaceEngine
2017-05-29 09:04 - 2017-05-29 09:11 - 00000000 ____D C:\SpaceEngine
2017-05-29 07:18 - 2017-06-11 20:26 - 00000433 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2017-05-29 07:05 - 2017-05-29 07:05 - 00040968 _____ (Connectify) C:\WINDOWS\system32\Drivers\cfywlan2.sys
2017-05-27 17:17 - 2017-05-27 17:17 - 00000000 ____D C:\Users\hdz\AppData\Local\Bangtony
2017-05-27 14:19 - 2017-06-02 11:09 - 00000000 ____D C:\Program Files\Kjoght
2017-05-27 11:38 - 2017-05-27 11:38 - 00000000 ____D C:\Users\hdz\AppData\Local\Tempzxpsignd96ffe0377102dfc
2017-05-27 11:38 - 2017-05-27 11:38 - 00000000 ____D C:\Users\hdz\AppData\Local\Tempzxpsignbc44c02073dc5851
2017-05-27 11:26 - 2016-12-22 13:34 - 00000000 ____D C:\Users\hdz\Desktop\Adobe Photoshop CC 2017 Full Version
2017-05-27 11:19 - 2017-05-27 11:19 - 00000000 ____D C:\Users\hdz\AppData\Local\Tempzxpsigne68c3bc3ac572a98
2017-05-27 11:19 - 2017-05-27 11:19 - 00000000 ____D C:\Users\hdz\AppData\Local\Tempzxpsign71ecdf7b161d640c
2017-05-27 11:19 - 2017-05-27 11:19 - 00000000 ____D C:\Users\hdz\AppData\Local\Tempzxpsign2cce897bda95e1ef
2017-05-27 10:46 - 2017-05-27 10:46 - 00001329 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2017 (32 Bit).lnk
2017-05-27 09:16 - 2017-05-29 11:46 - 00000000 ___RD C:\Users\hdz\Creative Cloud Files
2017-05-27 09:16 - 2017-05-29 11:46 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-05-27 09:09 - 2017-05-27 09:09 - 00001268 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2017-05-27 09:09 - 2017-05-27 09:09 - 00001256 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2017-05-27 09:06 - 2017-05-27 09:16 - 00000000 ____D C:\Program Files\Adobe
2017-05-27 08:23 - 2017-05-27 08:23 - 03468653 _____ C:\Users\hdz\Downloads\Adobe Photoshop CC 2017.rar
2017-05-26 14:33 - 2017-05-26 14:33 - 00000000 ____D C:\Program Files\UNP
2017-05-25 21:24 - 2017-06-08 22:27 - 00004520 _____ C:\Users\hdz\Downloads\Untitled spreadsheet (1).xlsx
2017-05-25 11:54 - 2017-05-27 14:20 - 00000000 ____D C:\Users\hdz\AppData\Local\background_fault
2017-05-24 20:17 - 2017-05-24 20:17 - 00004520 _____ C:\Users\hdz\Downloads\Untitled spreadsheet.xlsx
2017-05-24 14:22 - 2017-05-27 17:18 - 00002027 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-05-24 14:22 - 2017-05-27 17:17 - 00002189 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-24 14:22 - 2017-05-24 14:22 - 00000000 ____D C:\Users\hdz\AppData\Local\Setleaf
2017-05-23 15:03 - 2017-05-29 08:35 - 00000000 ____D C:\Users\hdz\AppData\LocalLow\uTorrent
2017-05-22 13:28 - 2017-06-02 18:33 - 00000000 ____D C:\Users\hdz\AppData\Roaming\WinSAPSvc
2017-05-21 22:23 - 2017-05-21 22:23 - 00002180 _____ C:\Users\hdz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Universe Sandbox - Shortcut.lnk
2017-05-20 19:43 - 2017-05-29 20:34 - 00000000 ____D C:\WINDOWS\system32\apigidsys
2017-05-20 19:43 - 2017-05-20 19:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultra Hal Assistant
2017-05-20 19:43 - 2017-05-20 19:43 - 00000000 ____D C:\WINDOWS\msagent
2017-05-20 19:29 - 2017-05-20 19:43 - 00000000 ____D C:\Program Files\Zabaware
2017-05-20 19:29 - 2017-05-20 19:29 - 00001224 _____ C:\Users\Public\Desktop\Get More Voices.lnk
2017-05-20 19:29 - 2017-05-20 19:29 - 00001179 _____ C:\Users\Public\Desktop\Zabaware Reader.lnk
2017-05-20 19:29 - 2017-05-20 19:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zabaware Reader
2017-05-19 22:47 - 2017-05-19 23:11 - 00034259 _____ C:\Users\hdz\Downloads\18372038_2011156645778792_7320203209736192000_n.mp4.crdownload
2017-05-19 09:47 - 2017-05-19 09:47 - 00000000 ___HD C:\$SysReset
2017-05-17 13:03 - 2017-05-24 14:14 - 00000000 _____ C:\WINDOWS\system32\1111
2017-05-16 15:36 - 2017-05-16 15:36 - 00036944 _____ (Anchorfree Inc.) C:\WINDOWS\system32\Drivers\taphss6.sys
2017-05-16 15:18 - 2017-05-16 15:18 - 00000000 ____D C:\Users\hdz\AppData\Local\Footjane

Edited by hdz, 14 June 2017 - 08:05 AM.

#2
hdz

Posted 14 June 2017 - 07:06 AM

Member

Topic Starter
Member
20 posts

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-14 16:22 - 2017-03-18 21:23 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-06-14 15:08 - 2017-05-11 19:02 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-06-14 14:39 - 2017-03-11 18:59 - 00000000 ____D C:\Program Files\Google
2017-06-14 14:37 - 2017-05-11 19:25 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-14 14:37 - 2017-03-18 21:23 - 00000000 ____D C:\WINDOWS\TAPI
2017-06-14 14:36 - 2017-03-18 09:02 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-06-14 14:35 - 2017-05-08 15:47 - 00000000 ____D C:\ProgramData\BIT
2017-06-14 13:50 - 2017-03-18 21:21 - 00000000 ____D C:\WINDOWS\INF
2017-06-14 13:07 - 2017-03-18 21:23 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-06-14 13:06 - 2017-05-11 19:05 - 00000000 ____D C:\Users\hdz
2017-06-14 12:10 - 2017-04-27 14:38 - 00000046 _____ C:\Users\Public\Documents\temp.dat
2017-06-14 12:08 - 2017-03-30 17:31 - 00000000 ____D C:\Program Files\Internet Download Manager
2017-06-14 04:46 - 2017-04-06 19:32 - 00000000 ____D C:\Users\hdz\AppData\Roaming\vlc
2017-06-14 04:12 - 2017-03-12 11:27 - 00000000 ____D C:\Program Files\DriverToolkit
2017-06-14 04:10 - 2017-03-11 18:53 - 00000000 ____D C:\Users\hdz\Downloads\Compressed
2017-06-14 03:32 - 2017-04-26 21:49 - 00000000 ____D C:\Program Files\Microsoft Visual Studio
2017-06-14 03:32 - 2017-03-18 23:23 - 00000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2017-06-14 03:04 - 2017-03-18 21:23 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-06-14 02:00 - 2017-04-04 17:31 - 00000000 ____D C:\Users\hdz\AppData\Local\Adobe
2017-06-14 01:28 - 2017-03-12 00:47 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-14 01:23 - 2017-05-11 19:01 - 00218200 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-14 01:21 - 2017-03-18 21:23 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-06-14 01:21 - 2017-03-18 21:23 - 00000000 ___RD C:\Program Files\Windows Defender
2017-06-14 01:21 - 2017-03-18 21:23 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-06-14 01:21 - 2017-03-18 21:23 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-06-14 01:21 - 2017-03-18 21:23 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-14 01:21 - 2017-03-18 21:23 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-06-14 01:21 - 2017-03-18 21:23 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-06-13 23:47 - 2017-03-18 21:23 - 00000000 ____D C:\WINDOWS\rescache
2017-06-13 23:37 - 2017-03-14 15:37 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-13 23:34 - 2017-03-18 21:14 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-13 23:34 - 2017-03-14 15:37 - 130903960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-13 19:05 - 2017-03-18 21:23 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-13 15:55 - 2017-03-11 18:53 - 00000000 ____D C:\Users\hdz\Downloads\Video
2017-06-12 21:01 - 2017-05-12 05:49 - 00000000 ____D C:\Program Files\MSBuild
2017-06-12 21:01 - 2017-03-18 21:23 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-06-12 20:59 - 2017-04-26 21:50 - 00000000 ____D C:\Users\hdz\AppData\Roaming\Visual Studio Setup
2017-06-12 18:13 - 2017-03-12 00:46 - 00000000 ____D C:\Users\hdz\AppData\Local\ConnectedDevicesPlatform
2017-06-12 03:07 - 2017-03-11 18:59 - 00000000 ____D C:\Users\hdz\AppData\Local\Google
2017-06-11 20:05 - 2017-04-09 21:24 - 00000000 ____D C:\Users\hdz\Desktop\rufus_files
2017-06-11 20:02 - 2017-05-11 19:22 - 00005592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-11 03:01 - 2017-03-11 23:14 - 00000000 ____D C:\Users\hdz\Desktop\photoshop
2017-06-09 02:42 - 2017-04-27 21:05 - 00000000 ____D C:\Users\hdz\AppData\Roaming\discord
2017-06-05 21:10 - 2017-04-27 21:05 - 00000000 ____D C:\Users\hdz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2017-06-05 21:10 - 2017-04-27 21:04 - 00000000 ____D C:\Users\hdz\AppData\Local\SquirrelTemp
2017-06-03 09:32 - 2017-03-18 21:25 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2017-06-03 09:32 - 2017-03-18 21:25 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2017-05-31 14:07 - 2017-03-26 22:13 - 00000000 ____D C:\ProgramData\Package Cache
2017-05-29 23:15 - 2017-04-04 17:56 - 00000000 ____D C:\Program Files\Common Files\Adobe
2017-05-29 09:05 - 2017-04-16 19:33 - 00000000 ____D C:\Users\hdz\AppData\Roaming\uTorrent
2017-05-29 08:38 - 2017-03-18 21:23 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-05-29 08:33 - 2017-04-27 14:38 - 00000000 _____ C:\Users\Public\Documents\report.dat
2017-05-27 17:19 - 2017-04-22 00:11 - 00000000 ____D C:\Users\hdz\AppData\LocalLow\Mozilla
2017-05-27 11:19 - 2017-03-12 00:47 - 00000000 ____D C:\Users\hdz\AppData\Roaming\Adobe
2017-05-27 11:18 - 2017-04-04 18:02 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-05-27 10:46 - 2017-04-04 18:02 - 00000000 ____D C:\Users\hdz\Documents\Adobe
2017-05-27 09:43 - 2017-04-04 17:31 - 00000000 ____D C:\ProgramData\Adobe
2017-05-27 08:30 - 2017-03-12 00:49 - 00000000 ___RD C:\Users\hdz\OneDrive
2017-05-25 22:43 - 2017-04-15 01:14 - 00000000 ____D C:\Users\hdz\Documents\Universe Sandbox ²
2017-05-25 11:53 - 2017-04-21 12:25 - 00000000 ____D C:\Users\hdz\AppData\Local\SNARE
2017-05-21 22:23 - 2017-04-22 17:47 - 00001880 _____ C:\Users\hdz\Desktop\Universe Sandbox - Shortcut.lnk
2017-05-20 19:43 - 2017-03-18 21:23 - 00000000 ____D C:\WINDOWS\Help
2017-05-17 21:46 - 2017-04-14 09:53 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2017-05-17 15:44 - 2017-03-18 21:23 - 00000000 ____D C:\WINDOWS\ModemLogs

==================== Files in the root of some directories =======

2017-04-13 20:26 - 2017-04-13 20:26 - 0000068 ___SH () C:\Users\hdz\AppData\Roaming\.Identifier
2017-04-16 16:52 - 2017-04-17 15:08 - 0000038 _____ () C:\Users\hdz\AppData\Roaming\.txt
2017-04-17 13:39 - 2017-04-17 13:39 - 0479232 _____ () C:\Users\hdz\AppData\Roaming\0VWnk.exe
2017-04-15 16:44 - 2017-04-15 16:44 - 0986624 _____ (Adobe Systems Incorporated) C:\Users\hdz\AppData\Roaming\3aX6z.exe
2017-04-21 08:28 - 2017-04-21 08:28 - 0790902 _____ () C:\Users\hdz\AppData\Roaming\AuPBk.exe
2017-04-16 16:52 - 2017-04-16 16:52 - 0479232 _____ () C:\Users\hdz\AppData\Roaming\CMFSm.exe
2017-04-16 16:52 - 2017-04-16 16:52 - 0003584 _____ () C:\Users\hdz\AppData\Roaming\csjtl.exe
2017-04-19 14:54 - 2016-05-25 11:56 - 0088720 _____ (Microsoft Corporation) C:\Users\hdz\AppData\Roaming\Feivism.exe
2017-04-16 17:15 - 2017-04-16 17:15 - 0479232 _____ () C:\Users\hdz\AppData\Roaming\HeRR7.exe
2017-04-15 14:08 - 2017-04-15 14:08 - 0986624 _____ (Adobe Systems Incorporated) C:\Users\hdz\AppData\Roaming\HJ0jP.exe
2017-04-14 18:45 - 2017-04-14 18:45 - 0986624 _____ (Adobe Systems Incorporated) C:\Users\hdz\AppData\Roaming\LXgkR.exe
2017-04-16 17:16 - 2017-04-16 17:16 - 0479232 _____ () C:\Users\hdz\AppData\Roaming\N1Exm.exe
2017-04-13 18:40 - 2017-04-13 18:40 - 0986624 _____ (Adobe Systems Incorporated) C:\Users\hdz\AppData\Roaming\PSVI5.exe
2017-04-12 12:14 - 2017-04-12 12:14 - 0245264 _____ () C:\Users\hdz\AppData\Roaming\sound_el.dat
2017-04-12 12:14 - 2017-04-12 12:14 - 0047120 _____ () C:\Users\hdz\AppData\Roaming\sound_ftp.dat
2017-04-12 12:14 - 2017-04-12 12:14 - 0936976 _____ () C:\Users\hdz\AppData\Roaming\sound_ge.dat
2017-04-12 12:14 - 2017-04-12 12:14 - 0253456 _____ () C:\Users\hdz\AppData\Roaming\sound_sf.dat
2017-04-14 09:49 - 2017-04-14 09:49 - 0986624 _____ (Adobe Systems Incorporated) C:\Users\hdz\AppData\Roaming\TJIK8.exe
2017-04-21 20:03 - 2017-04-13 18:40 - 0986624 _____ (Adobe Systems Incorporated) C:\Users\hdz\AppData\Roaming\trz6F0.tmp
2017-04-14 21:02 - 2017-04-14 21:02 - 0986624 _____ (Adobe Systems Incorporated) C:\Users\hdz\AppData\Roaming\UqBiJ.exe
2017-04-21 08:29 - 2017-04-21 08:29 - 0542630 _____ () C:\Users\hdz\AppData\Roaming\wntFr.exe
2017-04-17 11:27 - 2017-04-17 11:27 - 0479232 _____ () C:\Users\hdz\AppData\Roaming\xHnPy.exe
2017-04-04 18:03 - 2017-04-04 18:29 - 318912029 _____ () C:\Users\hdz\AppData\Local\ACCCx3_9_5_353.zip.aamdownload
2017-04-04 18:03 - 2017-04-04 18:29 - 0003560 _____ () C:\Users\hdz\AppData\Local\ACCCx3_9_5_353.zip.aamdownload.aamd
2017-05-02 23:19 - 2017-05-02 23:20 - 325407814 _____ () C:\Users\hdz\AppData\Local\ACCCx4_0_1_188.zip.aamdownload
2017-05-02 23:19 - 2017-05-02 23:19 - 0003630 _____ () C:\Users\hdz\AppData\Local\ACCCx4_0_1_188.zip.aamdownload.aamd
2017-04-18 14:34 - 2017-04-18 17:28 - 0939372 _____ () C:\Users\hdz\AppData\Local\ConfData.txt
2017-06-14 03:46 - 2017-06-14 03:46 - 0011568 _____ () C:\Users\hdz\AppData\Local\InstallationConfiguration.xml
2017-06-14 03:46 - 2017-06-14 03:46 - 0140800 _____ () C:\Users\hdz\AppData\Local\installer.dat
2017-04-18 14:34 - 2017-04-18 17:28 - 0000942 _____ () C:\Users\hdz\AppData\Local\PickerHost.exe.config
2017-04-13 22:07 - 2017-04-13 22:07 - 0000600 _____ () C:\Users\hdz\AppData\Local\PUTTY.RND
2017-06-14 03:46 - 2017-06-14 03:51 - 0930816 _____ () C:\Users\hdz\AppData\Local\test_db_cara.db
2017-04-18 14:34 - 2017-04-18 17:28 - 0009216 _____ () C:\Users\hdz\AppData\Local\TskCr.dll
2017-04-18 14:34 - 2017-04-18 17:28 - 0001729 _____ () C:\Users\hdz\AppData\Local\x
2017-04-18 14:34 - 2017-04-18 17:28 - 0001679 _____ () C:\Users\hdz\AppData\Local\XML.txt
2017-04-02 17:27 - 2017-04-02 17:27 - 0004941 _____ () C:\ProgramData\czchsjpj.srw
2017-04-02 17:27 - 2017-04-02 17:27 - 0000016 _____ () C:\ProgramData\mntemp

Some files in TEMP:
====================
2017-06-14 03:36 - 2017-06-14 03:40 - 2492622 _____ (Easeware                                                    ) C:\Users\hdz\AppData\Local\Temp\B9BE.tmp.exe
2017-06-14 03:35 - 2017-06-14 03:35 - 0097280 _____ () C:\Users\hdz\AppData\Local\Temp\DriverEasySetup.exe
2017-06-14 03:32 - 2017-06-14 03:32 - 0279744 _____ () C:\Users\hdz\AppData\Local\Temp\msclean.exe
2017-06-14 03:32 - 2017-06-14 03:32 - 0494146 _____ (                                                            ) C:\Users\hdz\AppData\Local\Temp\Setup.exe
2017-06-14 03:35 - 2017-06-14 03:38 - 4696577 _____ (                                                            ) C:\Users\hdz\AppData\Local\Temp\Yeadesktop.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-06-09 20:02

==================== End of FRST.txt ============================

Edited by hdz, 14 June 2017 - 07:29 AM.

#3
hdz

Posted 14 June 2017 - 07:08 AM

Member

Topic Starter
Member
20 posts

here is the addition txt

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-06-2017
Ran by hdz (14-06-2017 16:24:23)
Running from C:\Users\hdz\Downloads
Microsoft Windows 10 Pro Version 1703 (X86) (2017-05-11 16:47:21)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2863771085-710865549-2862127350-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2863771085-710865549-2862127350-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-2863771085-710865549-2862127350-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-2863771085-710865549-2862127350-501 - Limited - Disabled)
hdz (S-1-5-21-2863771085-710865549-2862127350-1001 - Administrator - Enabled) => C:\Users\hdz

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2863771085-710865549-2862127350-1001\...\uTorrent) (Version: 3.5.0.43804 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-2863771085-710865549-2862127350-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\uTorrent) (Version: 3.5.0.43804 - BitTorrent Inc.)
Adobe Creative Cloud (HKLM\...\Adobe Creative Cloud) (Version: 4.0.1.188 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (32 Bit) (HKLM\...\PHSP_18_1_1_32) (Version: 18.1.1 - Adobe Systems Incorporated)
Cheat Engine 6.6 (HKLM\...\Cheat Engine 6.6_is1) (Version: - Cheat Engine)
Internet Download Manager (HKLM\...\Internet Download Manager) (Version: - Tonec Inc.)
Java 8 Update 121 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Jordy Downloader (Version: 1.1.2.1 - Jordysoft) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40649 (HKLM\...\{35b83883-40fa-423c-ae73-2aff7e1ea820}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM\...\{729A3000-BC8A-3B74-BA5D-5068FE12D70C}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.31119 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 2.0 (HKLM\...\{245F6C7A-0C22-4DE0-8202-2AAA620A1D3A}) (Version: 2.0.11128.1 - Microsoft Corporation)
Minecraft (HKLM\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Movavi Video Editor 12 (HKLM\...\Movavi Video Editor 12) (Version: 12.3.1 - Movavi)
pccleanplus (HKLM\...\pccleanplus) (Version: 5.5 - pccleanplus) <==== ATTENTION
PowerISO (HKLM\...\PowerISO) (Version: 6.8 - Power Software Ltd)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7548 - Realtek Semiconductor Corp.)
ROBLOX Player for hdz (HKU\S-1-5-21-2863771085-710865549-2862127350-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
ROBLOX Player for hdz (HKU\S-1-5-21-2863771085-710865549-2862127350-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.51.0 - SAMSUNG Electronics Co., Ltd.)
Skype™ 7.33 (HKLM\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
SpaceEngine version 0.9.8.0 (HKLM\...\{6E7A40FA-86CE-4844-A7DC-F8769F21A62F}_is1) (Version: 0.9.8.0 - SpaceEngine)
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.98 - Synaptics Incorporated)
Ultra Hal Assistant 6.2 (HKLM\...\Ultra Hal Assistant62) (Version: 6.2 - Zabaware, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows 10 Update and Privacy Settings (HKLM\...\{8BE893D4-107C-4867-9B71-A3CF2C917C0E}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
WinRAR 5.40 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Zabaware TTS Reader 2.0 (HKLM\...\Zabaware TTS Reader) (Version: 2.0 - Zabaware, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2863771085-710865549-2862127350-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-2C5CEE022E0A}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-2863771085-710865549-2862127350-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{76D50904-6780-4c8b-8986-1A7EE0B1716D}\InprocServer32 -> C:\Users\hdz\AppData\Local\Roblox\Versions\version-88b966c853f84435\RobloxProxy.dll (ROBLOX Corporation)
CustomCLSID: HKU\S-1-5-21-2863771085-710865549-2862127350-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\hdz\AppData\Local\Roblox\Versions\version-88b966c853f84435\RobloxProxy64.dll (ROBLOX Corporation)
CustomCLSID: HKU\S-1-5-21-2863771085-710865549-2862127350-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
CustomCLSID: HKU\S-1-5-21-2863771085-710865549-2862127350-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-2C5CEE022E0A}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-2863771085-710865549-2862127350-1001_Classes\CLSID\{76D50904-6780-4c8b-8986-1A7EE0B1716D}\InprocServer32 -> C:\Users\hdz\AppData\Local\Roblox\Versions\version-88b966c853f84435\RobloxProxy.dll (ROBLOX Corporation)
CustomCLSID: HKU\S-1-5-21-2863771085-710865549-2862127350-1001_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\hdz\AppData\Local\Roblox\Versions\version-88b966c853f84435\RobloxProxy64.dll (ROBLOX Corporation)
CustomCLSID: HKU\S-1-5-21-2863771085-710865549-2862127350-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {85E31489-0164-4A37-A9E2-4D7FD4669659} - System32\Tasks\GooGle\Chrome Updater => C:\Users\hdz\AppData\Local\PickerHost.exe
Task: {E94851CB-75FA-4158-947A-DB85C3854670} - System32\Tasks\Microsoft\Windows\Multimedia\Manager => C:\Windows\Manager.exe [2017-06-14] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\hdz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.ourluckysites.com/?type=sc&ts=1495617312&z=7c5b68a31f77ad5e60213b0g3z1t7wfqagfm8cdg4g&from=che0812&uid=ST9320325AS_6VDE8D5H

==================== Loaded Modules (Whitelisted) ==============

2017-05-22 13:28 - 2017-05-17 16:05 - 01887232 _____ () c:\users\hdz\appdata\roaming\winsapsvc\winsap.dll
2017-03-18 21:19 - 2017-03-18 21:19 - 00116824 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2016-10-25 09:57 - 2016-10-25 09:57 - 00407216 _____ () C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll
2017-03-18 21:19 - 2017-03-18 23:23 - 01456128 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-06-08 05:57 - 2017-06-08 05:57 - 00064512 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x86__kzf8qxf38zg5c\SkypeHost.exe
2017-06-08 05:57 - 2017-06-08 05:57 - 00168960 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x86__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-06-08 05:57 - 2017-06-08 05:57 - 31174144 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x86__kzf8qxf38zg5c\SkyWrap.dll
2017-06-08 05:57 - 2017-06-08 05:57 - 01716736 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x86__kzf8qxf38zg5c\skypert.dll
2017-05-09 14:03 - 2017-05-09 14:05 - 00020992 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-05-09 14:03 - 2017-05-09 14:05 - 21736448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x86__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-05-09 14:03 - 2017-05-09 14:05 - 00350208 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x86__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll
2017-05-09 14:03 - 2017-05-09 14:05 - 01783808 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x86__8wekyb3d8bbwe\MediaEngine.dll
2017-05-09 14:03 - 2017-05-09 14:05 - 02389928 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x86__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-05-09 14:03 - 2017-05-09 14:05 - 00037376 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x86__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2017-03-12 00:44 - 2017-03-15 12:11 - 00541696 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x86__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2017-05-09 14:03 - 2017-05-09 14:05 - 00397824 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x86__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-05-09 14:03 - 2017-05-09 14:05 - 00654848 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x86__8wekyb3d8bbwe\Microsoft.Sharing.dll
2017-06-13 19:01 - 2017-06-13 19:02 - 03337216 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1706.1602.0_x86__8wekyb3d8bbwe\Calculator.exe
2017-06-13 19:01 - 2017-06-13 19:02 - 02849192 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1706.1602.0_x86__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-06-01 11:09 - 2017-06-01 11:10 - 14406656 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17042.14211.0_x86__8wekyb3d8bbwe\Video.UI.exe
2017-06-01 11:09 - 2017-06-01 11:10 - 06382080 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17042.14211.0_x86__8wekyb3d8bbwe\EntCommon.dll
2017-05-26 09:36 - 2017-05-26 09:37 - 02581928 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17042.14211.0_x86__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\55221049.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\55221049.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2863771085-710865549-2862127350-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2863771085-710865549-2862127350-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\hdz\Desktop\photoshop\PHOTO\eclipse.jpg
HKU\S-1-5-21-2863771085-710865549-2862127350-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\hdz\Desktop\photoshop\PHOTO\eclipse.jpg
DNS Servers: 1.1.1.2 - 185.116.116.155
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "Ultra Hal Assistant 6 Startup.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Zabaware Reader Startup.lnk"
HKLM\...\StartupApproved\Run: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run: => "PWRISOVM.EXE"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
HKU\S-1-5-21-2863771085-710865549-2862127350-1001\...\StartupApproved\StartupFolder: => "conros.com.url"
HKU\S-1-5-21-2863771085-710865549-2862127350-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2863771085-710865549-2862127350-1001\...\StartupApproved\Run: => "IDMan"
HKU\S-1-5-21-2863771085-710865549-2862127350-1001\...\StartupApproved\Run: => "sound"
HKU\S-1-5-21-2863771085-710865549-2862127350-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-2863771085-710865549-2862127350-1001\...\StartupApproved\Run: => "background_fault"
HKU\S-1-5-21-2863771085-710865549-2862127350-1001\...\StartupApproved\Run: => "CyberGhost"
HKU\S-1-5-21-2863771085-710865549-2862127350-1001\...\StartupApproved\Run: => "T0Yz&0qCVp.exe"
HKU\S-1-5-21-2863771085-710865549-2862127350-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\StartupFolder: => "conros.com.url"
HKU\S-1-5-21-2863771085-710865549-2862127350-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2863771085-710865549-2862127350-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "IDMan"
HKU\S-1-5-21-2863771085-710865549-2862127350-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "sound"
HKU\S-1-5-21-2863771085-710865549-2862127350-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-2863771085-710865549-2862127350-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "background_fault"
HKU\S-1-5-21-2863771085-710865549-2862127350-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "CyberGhost"
HKU\S-1-5-21-2863771085-710865549-2862127350-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "T0Yz&0qCVp.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{65280637-97C4-4B6F-A555-825E6C807E18}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{FF6389C3-9559-475A-8581-C46C2BB6A7C0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{5B655122-6696-44FA-9377-2ACCDABF16D5}] => (Allow) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{4DFE3245-F248-42DD-A9EC-A10900CF04F4}] => (Allow) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{D3ECA73E-ECD1-48C3-8BA5-1440CAB4C64F}] => (Allow) C:\Program Files\Strogino CS Portal\Garrys Mod\Gmod_Updater.exe
FirewallRules: [{BCFD8E35-E412-4EBA-9047-069D5BAC9C7E}] => (Allow) C:\Program Files\Strogino CS Portal\Garrys Mod\Gmod_Updater.exe
FirewallRules: [{E89DF5C2-7304-4E5F-863E-441EEA23A4B9}] => (Allow) C:\Program Files\Strogino CS Portal\Garrys Mod\Gmod_Updater.exe
FirewallRules: [{188DAE07-B5D7-4400-B725-F5D817ECE735}] => (Allow) C:\Program Files\Strogino CS Portal\Garrys Mod\Gmod_Updater.exe
FirewallRules: [UDP Query User{CC2805F9-160A-4674-83AF-F7E0736E46D5}C:\program files\strogino cs portal\garrys mod\bin\tools\steamcmd.exe] => (Allow) C:\program files\strogino cs portal\garrys mod\bin\tools\steamcmd.exe
FirewallRules: [TCP Query User{F7AB2D44-05F6-43BF-985E-DBE1DD61A4C3}C:\program files\strogino cs portal\garrys mod\bin\tools\steamcmd.exe] => (Allow) C:\program files\strogino cs portal\garrys mod\bin\tools\steamcmd.exe
FirewallRules: [{7FF95AB1-04A0-4176-9BA8-6E30E6AC26F5}] => (Allow) C:\Users\hdz\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{71D28F9F-D301-45B8-9893-21423CFF0ABA}] => (Allow) C:\Users\hdz\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5D16050D-679C-4D03-A629-1517A60A4BFC}] => (Allow) C:\Users\hdz\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{320E1928-E6C3-46AA-BC6C-0DC7738A5019}] => (Allow) C:\Users\hdz\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EFD36CE3-7F10-4F8A-A969-1D454DE6721E}] => (Allow) C:\Users\hdz\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2708F05D-4FD8-4967-98C4-8C7689C96EA4}] => (Allow) C:\Users\hdz\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{420EC8CD-FC59-4F34-BC01-3E7AAC4DD9DC}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{975B1335-B3D3-4A31-9848-C529DAF7DC3F}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{A68C5EB2-C656-4574-99C1-814D5DBA5CD5}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{B99B5FFA-9DBC-4F71-A3B1-1F29C126A6D9}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{CEEF108B-7106-43E7-883D-E8096A1DD5F7}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{0B5CEA1E-7A0D-44DC-ADD3-E5AE22D12EBD}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{3D1B35A5-08F3-465D-A40D-BD4120123D5F}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [UDP Query User{EEF784C6-BB99-4B1F-9278-DFC05B01D04C}C:\program files\cain\cain.exe] => (Allow) C:\program files\cain\cain.exe
FirewallRules: [TCP Query User{301E427E-0834-40D5-B1EB-FB66E80E1696}C:\program files\cain\cain.exe] => (Allow) C:\program files\cain\cain.exe
FirewallRules: [TCP Query User{6511B552-7BA6-46EB-8203-39ED2F26FE78}C:\program files\strogino cs portal\garrys mod\hl2.exe] => (Allow) C:\program files\strogino cs portal\garrys mod\hl2.exe
FirewallRules: [UDP Query User{03ADD589-3662-4090-852C-6FE977B2E58E}C:\program files\strogino cs portal\garrys mod\hl2.exe] => (Allow) C:\program files\strogino cs portal\garrys mod\hl2.exe
FirewallRules: [{DBC690F0-7AC9-4B74-AAEB-28BFD3A40484}] => (Allow) C:\Program Files\Firefox\Firefox.exe
FirewallRules: [{C886648A-1AB0-4D88-A85D-130BC91575F4}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{05DC9B09-8EEE-4EB9-8027-A15A10034BE5}] => (Allow) C:\Program Files\Connectify\ConnectifyNetServices.exe
FirewallRules: [{A58E50CD-CBA3-4079-AF11-BE91F69AB9A8}] => (Allow) C:\Program Files\Connectify\ConnectifyNetServices.exe
FirewallRules: [{EDA8CEC3-12CD-44D1-8A58-5CF7E7B39660}] => (Allow) C:\Program Files\Connectify\ConnectifyNetServices.exe
FirewallRules: [{B283C420-FC97-4C55-8C74-F04A986F5F2A}] => (Allow) C:\Program Files\Connectify\ConnectifyNetServices.exe
FirewallRules: [{FC138E42-F27C-488F-A12E-AD23C250DFEC}] => (Allow) C:\Program Files\Connectify\ConnectifyNetServices.exe
FirewallRules: [{F2843EFA-82D4-4229-A12E-7D788B3B235B}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{DE2FE1CA-5815-457C-8CC6-B821F12BE5CD}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{EF96AB6A-A11E-4011-B9A0-6F9939B49D58}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{26803D13-E0BB-4D50-BC79-1D2D9B2F1264}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{6F351112-3BF9-4D54-8830-AB48248595ED}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{71429924-5D64-4018-B73B-179232F66453}] => (Allow) %systemroot%\system32\alg.exe

==================== Restore Points =========================

27-05-2017 17:17:48 Removed AlphaGo
05-06-2017 20:06:54 Scheduled Checkpoint
07-06-2017 17:52:47 Removed AlphaGo
13-06-2017 23:30:30 Windows Update
13-06-2017 23:31:35 Windows Update

==================== Faulty Device Manager Devices =============

Name: Realtek PCIe FE Family Controller
Description: Realtek PCIe FE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: rt640x86
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (06/14/2017 03:19:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbar.exe version 1.9.3.1001 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1e34

Start Time: 01d2e504121a7d3e

Termination Time: 2823

Application Path: C:\Users\hdz\Desktop\mbar\mbar.exe

Report Id: 65b9c1fe-407b-4656-9b61-9f39df4440cf

Faulting package full name:

Faulting package-relative application ID:

Error: (06/14/2017 03:00:34 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HDZZ)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/14/2017 02:54:22 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HDZZ)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/14/2017 01:46:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbar.exe version 1.9.3.1001 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1250

Start Time: 01d2e4f696e7cb63

Termination Time: 60000

Application Path: C:\Users\hdz\Desktop\mbar\mbar.exe

Report Id: 287b5db6-a58d-4979-9904-b125763f6faf

Faulting package full name:

Faulting package-relative application ID:

Error: (06/14/2017 01:45:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbar.exe, version: 1.9.3.1001, time stamp: 0x55ca7a8b
Faulting module name: RPCRT4.dll, version: 10.0.15063.0, time stamp: 0x700d84df
Exception code: 0xc0020043
Fault offset: 0x0005f102
Faulting process id: 0x1250
Faulting application start time: 0x01d2e4f696e7cb63
Faulting application path: C:\Users\hdz\Desktop\mbar\mbar.exe
Faulting module path: C:\WINDOWS\System32\RPCRT4.dll
Report Id: eceaccfd-681d-4066-840e-ac2912f5f9f5
Faulting package full name:
Faulting package-relative application ID:

Error: (06/14/2017 01:19:15 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HDZZ)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/14/2017 01:01:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbar.exe version 1.9.3.1001 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1644

Start Time: 01d2e4ee9d7aadff

Termination Time: 2851

Application Path: C:\Users\hdz\Desktop\mbar\mbar.exe

Report Id: 87685114-c62a-4ce1-b00c-958ec9ce4fc2

Faulting package full name:

Faulting package-relative application ID:

Error: (06/14/2017 12:34:03 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HDZZ)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/14/2017 04:38:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbar.exe, version: 1.9.3.1001, time stamp: 0x55ca7a8b
Faulting module name: RPCRT4.dll, version: 10.0.15063.0, time stamp: 0x700d84df
Exception code: 0xc0020043
Fault offset: 0x0005f102
Faulting process id: 0x1508
Faulting application start time: 0x01d2e4a8c83c2645
Faulting application path: C:\Users\hdz\Desktop\mbar\mbar.exe
Faulting module path: C:\WINDOWS\System32\RPCRT4.dll
Report Id: 8efcc6e9-7a52-4300-bb95-2a519c7ba045
Faulting package full name:
Faulting package-relative application ID:

Error: (06/14/2017 04:27:35 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Common Files\Adobe\OOBE\PDApp\DECore\DE6\resources\libraries\Adobe_Helperx64.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

System errors:
=============
Error: (06/14/2017 03:18:59 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (06/14/2017 02:54:22 PM) (Source: DCOM) (EventID: 10010) (User: HDZZ)
Description: The server Microsoft.Windows.Photos_17.425.10010.0_x86__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca did not register with DCOM within the required timeout.

Error: (06/14/2017 02:37:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error:
The request is not supported.

Error: (06/14/2017 02:36:07 PM) (Source: DCOM) (EventID: 10010) (User: HDZZ)
Description: The server {0002DF02-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Error: (06/14/2017 01:25:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The glory service terminated unexpectedly. It has done this 1 time(s).

Error: (06/14/2017 01:25:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CSHMDR service terminated unexpectedly. It has done this 1 time(s).

Error: (06/14/2017 01:09:59 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Microsoft Cache Services service terminated with the following error:
The specified module could not be found.

Error: (06/14/2017 01:09:59 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Applications Services service terminated with the following error:
The specified module could not be found.

Error: (06/14/2017 01:09:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
The system cannot find the file specified.

==================== Memory info ===========================

Processor: Intel® Celeron® CPU B800 @ 1.50GHz
Percentage of memory in use: 81%
Total physical RAM: 1893.86 MB
Available physical RAM: 354.81 MB
Total Virtual: 4917.86 MB
Available Virtual: 3148.98 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:258.33 GB) (Free:206.14 GB) NTFS
Drive e: () (Removable) (Total:7.44 GB) (Free:4.46 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: E9B0A126)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=258.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=508 MB) - (Type=27)
Partition 4: (Not Active) - (Size=39.1 GB) - (Type=05)

========================================================
Disk: 1 (Size: 7.4 GB) (Disk ID: 00410562)
Partition 1: (Active) - (Size=7.4 GB) - (Type=0C)

==================== End of Addition.txt ============================

Edited by hdz, 14 June 2017 - 07:30 AM.

#4
Valinorum

Posted 14 June 2017 - 12:32 PM

GeekU Guardian Bot

GeekU Moderator
3,330 posts

Hi,

Let's shorten the log first.

Step #1 Scan with Zemana Anti-malware
Download and install Zemana anti-malware from here.
- Double-click to run the software;
- Click on the gear-icon on the top right portion to navigate to Settings. Click on Scan > put a tick on Create System Restore
- Click the home icon on top left and click on Scan
- After scan finishes click on the report tab on the top right corner;
- Choose the latest report by clicking on it and click on Open Report afterward.
- Copy and Paste the contents of the report in your next reply.

Post a fresh set of FRST scan logs after the fix.

#5
hdz

Posted 14 June 2017 - 02:11 PM

Member

Topic Starter
Member
20 posts

actually I think I fixed the problem completely, I scanned with zemana and with hitman pro, and removed all the threats that were found,then I scanned with malwarebyte anti rootkit and it says nothing found,everything seems good now,but just to make sure, heres a new favar scan:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-06-2017
Ran by hdz (administrator) on HDZZ (14-06-2017 23:07:21)
Running from C:\Users\hdz\Downloads
Loaded Profiles: hdz (Available Profiles: defaultuser0 & hdz)
Platform: Microsoft Windows 10 Pro Version 1703 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x86__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11703.1001.45.0_x86__8wekyb3d8bbwe\WinStore.App.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1706.1602.0_x86__8wekyb3d8bbwe\Calculator.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17042.14211.0_x86__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Windows\System32\osk.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ZAM] => C:\Program Files\Zemana AntiMalware\ZAM.exe [15510672 2017-06-12] (Copyright 2017.)
HKLM\...\Providers\quvbwdhx: C:\Program Files\Jujalyclartion Launcher\local32spl.dll
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\hdz\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\hdz\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\hdz\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Users\hdz\AppData\Local\Temp\Rar$EXa0.501\IDMShellExt.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll [2016-10-25] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ultra Hal Assistant 6 Startup.lnk [2017-05-20]
ShortcutTarget: Ultra Hal Assistant 6 Startup.lnk -> C:\Program Files\Zabaware\Ultra Hal Assistant 6\HalAsst.exe (Zabaware)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Zabaware Reader Startup.lnk [2017-05-20]
ShortcutTarget: Zabaware Reader Startup.lnk -> C:\Program Files\Zabaware\Reader 2\ZabaReader.exe (Zabaware, Inc.)
InternetURL: C:\Users\hdz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\conros.com.url -> URL: C:\Users\hdz\AppData\Roaming\csjtl.exe
BootExecute: autocheck autochk * bootdelete
GroupPolicy: Restriction ? <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-2863771085-710865549-2862127350-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-03-19] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-19] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-2863771085-710865549-2862127350-1001 -> hxxp://www.google.com

FireFox:
========
FF DefaultProfile: 7y3wvght.default
FF ProfilePath: C:\Users\hdz\AppData\Roaming\Mozilla\Firefox\Profiles\7y3wvght.default [2017-06-14]
FF Homepage: Mozilla\Firefox\Profiles\7y3wvght.default -> user_pref("browser.startup.homepage", "hxxps://www.malwarebytes.org/restorebrowser/
FF NetworkProxy: Mozilla\Firefox\Profiles\7y3wvght.default -> type",
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-19] (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-03-27] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2863771085-710865549-2862127350-1001: @nsroblox.roblox.com/launcher -> C:\Users\hdz\AppData\Local\Roblox\Versions\version-88b966c853f84435\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2863771085-710865549-2862127350-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\hdz\AppData\Local\Roblox\Versions\version-88b966c853f84435\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)

Chrome:
=======
StartMenuInternet: Google Chrome - Chrome.exe
HKU\S-1-5-21-2863771085-710865549-2862127350-1001\...\StartMenuInternet\ChromeHTML: -> C:\Program Files\Bangtony\Application\chrome.exe <==== ATTENTION

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdobeUpdateService; C:\Program Files\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [771672 2017-03-14] (Adobe Systems Incorporated)
S2 AGSService; C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
S3 cphs; C:\WINDOWS\system32\IntelCpHeciSvc.exe [300120 2017-03-10] (Intel Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3398608 2017-05-09] (Malwarebytes)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe [263936 2015-07-03] (Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2545848 2017-03-18] (Microsoft Corporation)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-03] (DEVGURU Co., LTD.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [227504 2016-04-28] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [265352 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [82488 2017-03-18] (Microsoft Corporation)
S2 ZAMSvc; C:\Program Files\Zemana AntiMalware\ZAM.exe [15510672 2017-06-12] (Copyright 2017.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [109184 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [59936 2017-05-25] ()
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [47552 2017-06-14] ()
R3 RSPCIESTOR; C:\WINDOWS\system32\DRIVERS\RtsPStor.sys [256616 2012-03-29] (Realtek Semiconductor Corp.)
S3 rt640x86; C:\WINDOWS\System32\drivers\rt640x86.sys [504832 2017-03-18] (Realtek )
R3 rtwlane_13; C:\WINDOWS\System32\drivers\rtwlane_13.sys [3182592 2017-03-18] (Realtek Semiconductor Corporation )
R1 SCDEmu; C:\WINDOWS\system32\Drivers\SCDEmu.sys [124304 2017-02-02] (Power Software Ltd)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [44216 2016-04-28] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [147072 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\WINDOWS\system32\DRIVERS\ssudserd.sys [147072 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [23040 2016-04-21] (The OpenVPN Project)
S3 taphss6; C:\WINDOWS\System32\drivers\taphss6.sys [36944 2017-05-16] (Anchorfree Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [37464 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [243104 2017-03-18] (Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [119952 2016-07-15] (MBB)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [96672 2017-03-18] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [160256 2017-03-18] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam32.sys [181496 2017-06-14] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard32.sys [181496 2017-06-14] (Zemana Ltd.)
S3 MBAMFarflt; \??\C:\WINDOWS\system32\drivers\farflt.sys [X]
S3 MBAMWebProtection; \??\C:\WINDOWS\system32\drivers\mwac.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-14 18:08 - 2017-06-14 18:09 - 00288676 _____ C:\WINDOWS\Minidump\061417-34718-01.dmp
2017-06-14 18:08 - 2017-06-14 18:08 - 333759958 _____ C:\WINDOWS\MEMORY.DMP
2017-06-14 18:08 - 2017-06-14 18:08 - 00000000 ____D C:\WINDOWS\Minidump
2017-06-14 18:05 - 2017-06-14 18:05 - 00002093 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-06-14 18:05 - 2017-06-14 18:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-06-14 18:04 - 2017-06-14 18:04 - 00011186 _____ C:\WINDOWS\system32\.crusader
2017-06-14 17:41 - 2017-06-14 18:01 - 64232976 _____ (Malwarebytes ) C:\Users\hdz\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.141-1.0.2092 (1).exe
2017-06-14 17:35 - 2017-06-14 18:08 - 00047552 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2017-06-14 17:35 - 2017-06-14 17:35 - 00001962 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2017-06-14 17:35 - 2017-06-14 17:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2017-06-14 17:35 - 2017-06-14 17:35 - 00000000 ____D C:\Program Files\HitmanPro
2017-06-14 17:34 - 2017-06-14 18:04 - 00000000 ____D C:\ProgramData\HitmanPro
2017-06-14 17:33 - 2017-06-14 23:07 - 00140123 _____ C:\WINDOWS\ZAM.krnl.trace
2017-06-14 17:33 - 2017-06-14 23:07 - 00119705 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-06-14 17:33 - 2017-06-14 17:33 - 00181496 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard32.sys
2017-06-14 17:33 - 2017-06-14 17:33 - 00181496 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam32.sys
2017-06-14 17:32 - 2017-06-14 17:33 - 00000000 ____D C:\Program Files\Zemana AntiMalware
2017-06-14 17:32 - 2017-06-14 17:32 - 00001957 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-06-14 17:32 - 2017-06-14 17:32 - 00000000 ____D C:\Users\hdz\AppData\Local\Zemana
2017-06-14 17:32 - 2017-06-14 17:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-06-14 17:31 - 2017-06-14 17:32 - 06589552 _____ (Zemana Ltd. ) C:\Users\hdz\Downloads\Zemana.AntiMalware.Setup.exe
2017-06-14 17:30 - 2017-06-14 17:34 - 11007936 _____ (SurfRight B.V.) C:\Users\hdz\Downloads\hitmanpro.exe
2017-06-14 17:25 - 2017-06-14 17:40 - 19994864 _____ (Malwarebytes ) C:\Users\hdz\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.141-1.0.2092.exe.q7k52pr.partial
2017-06-14 17:23 - 2017-06-14 17:23 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\hdz\Downloads\rkill.exe
2017-06-14 17:18 - 2017-06-14 17:18 - 00000000 ____D C:\TDSSKiller_Quarantine
2017-06-14 16:22 - 2017-06-14 23:08 - 00011723 _____ C:\Users\hdz\Downloads\FRST.txt
2017-06-14 14:30 - 2017-06-14 14:31 - 04922400 _____ (AO Kaspersky Lab) C:\Users\hdz\Desktop\tdsskiller.exe
2017-06-14 13:46 - 2017-06-14 13:47 - 01777152 _____ (Farbar) C:\Users\hdz\Downloads\FRST.exe
2017-06-14 05:07 - 2017-06-14 23:07 - 00000000 ____D C:\FRST
2017-06-14 03:57 - 2017-06-14 21:22 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-06-14 03:57 - 2017-06-14 20:45 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-06-14 03:57 - 2017-06-14 18:05 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-06-14 03:54 - 2017-06-14 21:22 - 00000000 ____D C:\Users\hdz\Desktop\mbar
2017-06-14 03:54 - 2017-06-14 20:45 - 00094936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-06-14 03:48 - 2017-06-14 03:54 - 16563352 _____ (Malwarebytes Corp.) C:\Users\hdz\Downloads\mbar-1.09.3.1001.exe
2017-06-14 03:46 - 2017-06-14 03:51 - 00930816 _____ C:\Users\hdz\AppData\Local\test_db_cara.db
2017-06-14 03:45 - 2017-06-14 03:51 - 07160560 _____ (Tonec Inc.) C:\Users\hdz\Downloads\idman628build7.exe
2017-06-14 03:43 - 2017-06-14 18:06 - 00000000 ____D C:\Users\hdz\AppData\Roaming\DMCache
2017-06-14 03:43 - 2017-06-14 03:43 - 00000000 ____D C:\ProgramData\IDM
2017-06-13 23:30 - 2017-06-03 12:36 - 01150784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-06-13 23:30 - 2017-06-03 12:33 - 00095640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-13 23:30 - 2017-06-03 12:25 - 00177056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2017-06-13 23:30 - 2017-06-03 12:24 - 00249016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-06-13 23:30 - 2017-06-03 12:20 - 02086304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-06-13 23:30 - 2017-06-03 12:11 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-06-13 23:30 - 2017-06-03 12:09 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-06-13 23:30 - 2017-06-03 12:08 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-13 23:30 - 2017-06-03 12:07 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-06-13 23:30 - 2017-06-03 12:07 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-06-13 23:30 - 2017-06-03 12:06 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-06-13 23:30 - 2017-06-03 12:04 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-06-13 23:30 - 2017-06-03 12:03 - 19336192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-13 23:30 - 2017-06-03 12:03 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-06-13 23:30 - 2017-06-03 12:00 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-06-13 23:30 - 2017-06-03 11:59 - 02672128 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-13 23:30 - 2017-06-03 11:57 - 00797184 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-13 23:30 - 2017-06-03 11:56 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-06-13 23:30 - 2017-06-03 11:55 - 03656192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-13 23:30 - 2017-06-03 11:55 - 02132480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-13 23:30 - 2017-06-03 11:55 - 00791552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-06-13 23:30 - 2017-06-03 11:54 - 01831936 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-06-13 23:30 - 2017-05-20 12:00 - 00233376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-06-13 23:30 - 2017-05-20 11:50 - 00155040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-06-13 23:30 - 2017-05-20 11:47 - 01474800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-06-13 23:30 - 2017-05-20 11:46 - 00754080 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-06-13 23:30 - 2017-05-20 11:46 - 00534424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-06-13 23:30 - 2017-05-20 11:46 - 00122272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2017-06-13 23:30 - 2017-05-20 11:45 - 00480160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-06-13 23:30 - 2017-05-20 11:45 - 00259352 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-06-13 23:30 - 2017-05-20 11:43 - 01529384 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-06-13 23:30 - 2017-05-20 11:29 - 00786944 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthSSO.dll
2017-06-13 23:30 - 2017-05-20 11:27 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rootmdm.sys
2017-06-13 23:30 - 2017-05-20 11:26 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2017-06-13 23:30 - 2017-05-20 11:26 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmptrap.exe
2017-06-13 23:30 - 2017-05-20 11:25 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2017-06-13 23:30 - 2017-05-20 11:25 - 00113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSaveExt.dll
2017-06-13 23:30 - 2017-05-20 11:20 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-06-13 23:30 - 2017-05-20 11:20 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-06-13 23:30 - 2017-05-20 11:20 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-06-13 23:30 - 2017-05-20 11:17 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-06-13 23:29 - 2017-06-03 12:59 - 01427656 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-06-13 23:29 - 2017-06-03 12:59 - 00626528 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-06-13 23:29 - 2017-06-03 12:59 - 00311200 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-13 23:29 - 2017-06-03 12:37 - 00098208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-13 23:29 - 2017-06-03 12:36 - 05862304 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-13 23:29 - 2017-06-03 12:35 - 02259768 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-13 23:29 - 2017-06-03 12:33 - 00698384 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-06-13 23:29 - 2017-06-03 12:28 - 02022816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-13 23:29 - 2017-06-03 12:26 - 00777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-06-13 23:29 - 2017-06-03 12:23 - 20373920 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-13 23:29 - 2017-06-03 12:23 - 06760024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-06-13 23:29 - 2017-06-03 12:21 - 01516448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems32.dll
2017-06-13 23:29 - 2017-06-03 12:21 - 01294752 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-06-13 23:29 - 2017-06-03 12:21 - 01157536 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-06-13 23:29 - 2017-06-03 12:21 - 00957856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-06-13 23:29 - 2017-06-03 12:21 - 00649632 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-06-13 23:29 - 2017-06-03 12:21 - 00631712 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-06-13 23:29 - 2017-06-03 12:21 - 00592800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-06-13 23:29 - 2017-06-03 12:21 - 00497056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-06-13 23:29 - 2017-06-03 12:21 - 00492448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-06-13 23:29 - 2017-06-03 12:21 - 00288672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-06-13 23:29 - 2017-06-03 12:11 - 02958848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-06-13 23:29 - 2017-06-03 12:11 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-06-13 23:29 - 2017-06-03 12:11 - 00038912 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-13 23:29 - 2017-06-03 12:10 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-06-13 23:29 - 2017-06-03 12:07 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-06-13 23:29 - 2017-06-03 12:05 - 20506624 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-06-13 23:29 - 2017-06-03 12:05 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-06-13 23:29 - 2017-06-03 12:05 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\devicengccredprov.dll
2017-06-13 23:29 - 2017-06-03 11:59 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-06-13 23:29 - 2017-06-03 11:58 - 05961216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-13 23:29 - 2017-06-03 11:57 - 11870720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-13 23:29 - 2017-06-03 11:57 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-06-13 23:29 - 2017-06-03 11:55 - 02369536 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-06-13 23:29 - 2017-06-03 11:55 - 01844224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-13 23:29 - 2017-06-03 11:55 - 01585664 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-06-13 23:29 - 2017-06-03 11:55 - 01560064 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-13 23:29 - 2017-06-03 11:55 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-06-13 23:29 - 2017-06-03 11:55 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-13 23:29 - 2017-06-03 11:55 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-13 23:29 - 2017-06-03 11:55 - 00622592 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-13 23:29 - 2017-06-03 11:54 - 02341376 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-13 23:29 - 2017-06-03 11:54 - 02298368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-06-13 23:29 - 2017-06-03 11:53 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-06-13 23:29 - 2017-06-03 11:52 - 01331200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-06-13 23:29 - 2017-06-03 11:50 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\pwcreator.exe
2017-06-13 23:29 - 2017-05-20 12:13 - 01333136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-06-13 23:29 - 2017-05-20 11:55 - 00606960 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-06-13 23:29 - 2017-05-20 11:48 - 04469832 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-06-13 23:29 - 2017-05-20 11:48 - 00297576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-06-13 23:29 - 2017-05-20 11:47 - 00755616 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-06-13 23:29 - 2017-05-20 11:47 - 00582560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-06-13 23:29 - 2017-05-20 11:46 - 05821496 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-06-13 23:29 - 2017-05-20 11:46 - 01266544 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-06-13 23:29 - 2017-05-20 11:46 - 00173472 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-06-13 23:29 - 2017-05-20 11:45 - 00349600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-06-13 23:29 - 2017-05-20 11:44 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-06-13 23:29 - 2017-05-20 11:44 - 00296352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2017-06-13 23:29 - 2017-05-20 11:43 - 05802968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-06-13 23:29 - 2017-05-20 11:43 - 04672848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-06-13 23:29 - 2017-05-20 11:43 - 02424016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-06-13 23:29 - 2017-05-20 11:43 - 01455592 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2017-06-13 23:29 - 2017-05-20 11:43 - 01120864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-06-13 23:29 - 2017-05-20 11:43 - 00354400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-06-13 23:29 - 2017-05-20 11:29 - 13840384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-06-13 23:29 - 2017-05-20 11:29 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-06-13 23:29 - 2017-05-20 11:29 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2017-06-13 23:29 - 2017-05-20 11:29 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-06-13 23:29 - 2017-05-20 11:27 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-06-13 23:29 - 2017-05-20 11:27 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2017-06-13 23:29 - 2017-05-20 11:26 - 00059904 _____ C:\WINDOWS\system32\xboxgipsynthetic.dll
2017-06-13 23:29 - 2017-05-20 11:26 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-06-13 23:29 - 2017-05-20 11:24 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-06-13 23:29 - 2017-05-20 11:24 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll
2017-06-13 23:29 - 2017-05-20 11:23 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-06-13 23:29 - 2017-05-20 11:22 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2017-06-13 23:29 - 2017-05-20 11:22 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll
2017-06-13 23:29 - 2017-05-20 11:22 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-06-13 23:29 - 2017-05-20 11:22 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
2017-06-13 23:29 - 2017-05-20 11:22 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-06-13 23:29 - 2017-05-20 11:21 - 01984000 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2017-06-13 23:29 - 2017-05-20 11:21 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-06-13 23:29 - 2017-05-20 11:21 - 00454144 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll
2017-06-13 23:29 - 2017-05-20 11:21 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2017-06-13 23:29 - 2017-05-20 11:21 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-06-13 23:29 - 2017-05-20 11:21 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\system32\embeddedmodesvc.dll
2017-06-13 23:29 - 2017-05-20 11:20 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-06-13 23:29 - 2017-05-20 11:19 - 05719040 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-06-13 23:29 - 2017-05-20 11:19 - 01208320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-06-13 23:29 - 2017-05-20 11:19 - 00872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-06-13 23:29 - 2017-05-20 11:19 - 00868352 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2017-06-13 23:29 - 2017-05-20 11:19 - 00768000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2017-06-13 23:29 - 2017-05-20 11:19 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-06-13 23:29 - 2017-05-20 11:19 - 00617472 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-06-13 23:29 - 2017-05-20 11:18 - 00532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-06-13 23:29 - 2017-05-20 11:18 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-06-13 23:29 - 2017-05-20 11:17 - 01513984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-06-13 23:29 - 2017-05-20 11:17 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-06-13 23:29 - 2017-05-20 11:17 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2017-06-13 23:29 - 2017-05-20 11:17 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-06-13 23:29 - 2017-05-20 11:16 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-06-13 23:29 - 2017-05-20 11:16 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-06-13 23:29 - 2017-05-20 11:16 - 02588160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-06-13 23:29 - 2017-05-20 11:16 - 01918464 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-06-13 23:29 - 2017-05-20 11:16 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-06-13 23:29 - 2017-05-20 11:15 - 02088960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2017-06-13 23:29 - 2017-05-20 11:15 - 01830400 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-06-13 23:29 - 2017-05-20 11:14 - 04417024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-06-13 23:29 - 2017-05-20 11:14 - 04056576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-06-13 23:29 - 2017-05-20 11:14 - 03097088 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-06-13 23:29 - 2017-05-20 11:14 - 02679296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-06-13 23:29 - 2017-05-20 11:14 - 02211328 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-06-13 23:29 - 2017-05-20 11:14 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-06-13 23:29 - 2017-05-20 11:12 - 01127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-06-13 23:29 - 2017-05-20 11:12 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-06-13 23:29 - 2017-05-20 11:12 - 00485888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2017-06-13 23:29 - 2017-05-20 11:11 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2017-06-13 23:29 - 2017-05-20 11:10 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
2017-06-13 23:29 - 2017-05-20 11:10 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2017-06-13 23:29 - 2017-05-20 11:10 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\olepro32.dll
2017-06-13 23:29 - 2017-05-20 11:08 - 01926656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-06-13 23:28 - 2017-06-03 12:26 - 00266640 _____ (Microsoft Corporation) C:\WINDOWS\system32\capauthz.dll
2017-06-13 23:28 - 2017-06-03 12:23 - 00573856 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2017-06-13 23:28 - 2017-06-03 12:22 - 00296352 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-06-13 23:28 - 2017-06-03 12:06 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCredentialDeployment.exe
2017-06-13 23:28 - 2017-06-03 12:04 - 00661504 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-06-13 23:28 - 2017-06-03 12:03 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-06-13 23:28 - 2017-06-03 11:57 - 06535168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-06-13 23:28 - 2017-06-03 11:46 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\bfsvc.exe
2017-06-13 23:28 - 2017-05-20 11:50 - 00095648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2017-06-13 23:28 - 2017-05-20 11:44 - 00181664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-06-13 23:28 - 2017-05-20 11:25 - 00826368 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSMDesktopProvider.dll
2017-06-13 23:28 - 2017-05-20 11:19 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2017-06-13 23:28 - 2017-05-20 11:18 - 01450496 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-06-13 23:28 - 2017-05-20 11:17 - 00952832 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-06-13 23:28 - 2017-05-20 11:11 - 01536512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-06-13 23:28 - 2017-05-20 11:08 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2017-06-13 23:28 - 2017-05-20 11:08 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-06-13 16:06 - 2017-06-13 16:06 - 00000000 ____D C:\Users\hdz\AppData\Local\Tempzxpsignb95b26cbbdabd6d0
2017-06-13 16:05 - 2017-06-13 16:05 - 00000000 ____D C:\Users\hdz\AppData\Local\Tempzxpsign32e5c841e14004e9
2017-06-13 16:04 - 2017-06-13 16:04 - 00000000 ____D C:\Users\hdz\AppData\Local\Tempzxpsignb82a00df1cc18094
2017-06-13 16:04 - 2017-06-13 16:04 - 00000000 ____D C:\Users\hdz\AppData\Local\Tempzxpsignb49989e325fafca8
2017-06-12 20:58 - 2017-06-12 20:58 - 00220088 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\3514285E.sys
2017-06-11 23:45 - 2017-06-11 23:46 - 06822011 _____ C:\Users\hdz\Downloads\elHr6kT.psd
2017-06-11 23:09 - 2017-06-11 23:09 - 00000000 ____D C:\Users\hdz\AppData\Local\Tempzxpsignecc01b49f37620c9
2017-06-11 23:09 - 2017-06-11 23:09 - 00000000 ____D C:\Users\hdz\AppData\Local\Tempzxpsign666cb7fd8d76bd12
2017-06-11 23:08 - 2017-06-11 23:08 - 00000000 ____D C:\Users\hdz\AppData\Local\Tempzxpsignca2aa90fc001b739
2017-06-11 23:08 - 2017-06-11 23:08 - 00000000 ____D C:\Users\hdz\AppData\Local\Tempzxpsign98b572b3fdded430
2017-06-11 22:48 - 2017-06-11 22:48 - 00220088 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\67512E63.sys
2017-06-11 22:46 - 2017-06-11 22:46 - 00220088 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\412B2CB4.sys
2017-06-11 00:17 - 2017-06-11 00:17 - 00000000 ____D C:\Users\hdz\AppData\Local\Tempzxpsigna44f5c779841c38b
2017-06-10 23:37 - 2017-06-10 23:37 - 00000000 ____D C:\Users\hdz\AppData\Local\Tempzxpsignffb5da1284933d00
2017-06-10 23:36 - 2017-06-10 23:36 - 00000000 ____D C:\Users\hdz\AppData\Local\Tempzxpsign0273518d30a8a8aa
2017-06-10 23:35 - 2017-06-10 23:35 - 00000000 ____D C:\Users\hdz\AppData\Roaming\PDAppFlex
2017-06-10 23:35 - 2017-06-10 23:35 - 00000000 ____D C:\Users\hdz\AppData\Local\Tempzxpsign70c1da302d0b2e7a
2017-06-10 23:34 - 2017-06-10 23:34 - 00000000 ____D C:\Users\hdz\AppData\LocalLow\Adobe
2017-06-10 23:34 - 2017-06-10 23:34 - 00000000 ____D C:\Users\hdz\AppData\Local\Tempzxpsign8081e4cbd932f88d
2017-06-10 23:34 - 2017-06-10 23:34 - 00000000 ____D C:\Users\hdz\AppData\Local\Tempzxpsign274bbc7ba4daff82
2017-06-09 04:50 - 2017-06-09 04:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017
2017-06-05 21:46 - 2017-06-05 21:46 - 00000000 ____D C:\Users\hdz\AppData\Local\CrashRpt
2017-06-05 21:10 - 2017-06-14 04:49 - 00000000 ____D C:\Users\hdz\AppData\Local\Discord
2017-06-01 14:19 - 2017-06-14 14:35 - 00000000 ____D C:\Users\hdz\AppData\Local\glory
2017-06-01 12:29 - 2017-06-01 12:29 - 00000000 ____D C:\Users\Public\Documents\chrome
2017-05-31 02:13 - 2017-06-08 07:00 - 00000000 ____D C:\Users\hdz\AppData\Roaming\BetterDiscord
2017-05-29 09:10 - 2017-05-29 09:10 - 00000798 _____ C:\Users\Public\Desktop\SpaceEngine 0.980.lnk
2017-05-29 09:10 - 2017-05-29 09:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpaceEngine
2017-05-29 09:04 - 2017-05-29 09:11 - 00000000 ____D C:\SpaceEngine
2017-05-29 07:18 - 2017-06-11 20:26 - 00000433 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2017-05-29 07:05 - 2017-05-29 07:05 - 00040968 _____ (Connectify) C:\WINDOWS\system32\Drivers\cfywlan2.sys
2017-05-27 14:19 - 2017-06-02 11:09 - 00000000 ____D C:\Program Files\Kjoght
2017-05-27 11:38 - 2017-05-27 11:38 - 00000000 ____D C:\Users\hdz\AppData\Local\Tempzxpsignd96ffe0377102dfc
2017-05-27 11:38 - 2017-05-27 11:38 - 00000000 ____D C:\Users\hdz\AppData\Local\Tempzxpsignbc44c02073dc5851
2017-05-27 11:26 - 2016-12-22 13:34 - 00000000 ____D C:\Users\hdz\Desktop\Adobe Photoshop CC 2017 Full Version
2017-05-27 11:19 - 2017-05-27 11:19 - 00000000 ____D C:\Users\hdz\AppData\Local\Tempzxpsigne68c3bc3ac572a98
2017-05-27 11:19 - 2017-05-27 11:19 - 00000000 ____D C:\Users\hdz\AppData\Local\Tempzxpsign71ecdf7b161d640c
2017-05-27 11:19 - 2017-05-27 11:19 - 00000000 ____D C:\Users\hdz\AppData\Local\Tempzxpsign2cce897bda95e1ef
2017-05-27 10:46 - 2017-05-27 10:46 - 00001329 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2017 (32 Bit).lnk
2017-05-27 09:16 - 2017-05-29 11:46 - 00000000 ___RD C:\Users\hdz\Creative Cloud Files
2017-05-27 09:16 - 2017-05-29 11:46 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-05-27 09:09 - 2017-05-27 09:09 - 00001268 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2017-05-27 09:09 - 2017-05-27 09:09 - 00001256 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2017-05-27 09:06 - 2017-05-27 09:16 - 00000000 ____D C:\Program Files\Adobe
2017-05-27 08:23 - 2017-05-27 08:23 - 03468653 _____ C:\Users\hdz\Downloads\Adobe Photoshop CC 2017.rar
2017-05-26 14:33 - 2017-05-26 14:33 - 00000000 ____D C:\Program Files\UNP
2017-05-25 21:24 - 2017-06-08 22:27 - 00004520 _____ C:\Users\hdz\Downloads\Untitled spreadsheet (1).xlsx
2017-05-24 20:17 - 2017-05-24 20:17 - 00004520 _____ C:\Users\hdz\Downloads\Untitled spreadsheet.xlsx
2017-05-24 14:22 - 2017-06-14 17:50 - 00000236 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-24 14:22 - 2017-05-27 17:18 - 00002027 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-05-23 15:03 - 2017-05-29 08:35 - 00000000 ____D C:\Users\hdz\AppData\LocalLow\uTorrent
2017-05-21 22:23 - 2017-05-21 22:23 - 00002180 _____ C:\Users\hdz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Universe Sandbox - Shortcut.lnk
2017-05-20 19:43 - 2017-05-29 20:34 - 00000000 ____D C:\WINDOWS\system32\apigidsys
2017-05-20 19:43 - 2017-05-20 19:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultra Hal Assistant
2017-05-20 19:43 - 2017-05-20 19:43 - 00000000 ____D C:\WINDOWS\msagent
2017-05-20 19:29 - 2017-05-20 19:43 - 00000000 ____D C:\Program Files\Zabaware
2017-05-20 19:29 - 2017-05-20 19:29 - 00001224 _____ C:\Users\Public\Desktop\Get More Voices.lnk
2017-05-20 19:29 - 2017-05-20 19:29 - 00001179 _____ C:\Users\Public\Desktop\Zabaware Reader.lnk
2017-05-20 19:29 - 2017-05-20 19:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zabaware Reader
2017-05-19 22:47 - 2017-05-19 23:11 - 00034259 _____ C:\Users\hdz\Downloads\18372038_2011156645778792_7320203209736192000_n.mp4.crdownload
2017-05-19 09:47 - 2017-05-19 09:47 - 00000000 ___HD C:\$SysReset
2017-05-17 13:03 - 2017-05-24 14:14 - 00000000 _____ C:\WINDOWS\system32\1111
2017-05-16 15:36 - 2017-05-16 15:36 - 00036944 _____ (Anchorfree Inc.) C:\WINDOWS\system32\Drivers\taphss6.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-14 21:34 - 2017-05-11 19:02 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-06-14 20:38 - 2017-05-11 19:25 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-14 20:38 - 2017-05-11 19:05 - 00000000 ____D C:\Users\hdz
2017-06-14 18:41 - 2017-05-11 19:06 - 00000000 ____D C:\Users\defaultuser0
2017-06-14 18:41 - 2017-03-18 09:02 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-06-14 18:09 - 2017-03-18 21:21 - 00000000 ____D C:\WINDOWS\INF
2017-06-14 17:14 - 2017-03-18 21:23 - 00000000 ____D C:\WINDOWS\TAPI
2017-06-14 16:39 - 2017-03-18 21:23 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-14 16:39 - 2017-03-18 21:23 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-06-14 14:39 - 2017-03-11 18:59 - 00000000 ____D C:\Program Files\Google
2017-06-14 13:07 - 2017-03-18 21:23 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-06-14 12:10 - 2017-04-27 14:38 - 00000046 _____ C:\Users\Public\Documents\temp.dat
2017-06-14 12:08 - 2017-03-30 17:31 - 00000000 ____D C:\Program Files\Internet Download Manager
2017-06-14 04:46 - 2017-04-06 19:32 - 00000000 ____D C:\Users\hdz\AppData\Roaming\vlc
2017-06-14 04:12 - 2017-03-12 11:27 - 00000000 ____D C:\Program Files\DriverToolkit
2017-06-14 04:10 - 2017-03-11 18:53 - 00000000 ____D C:\Users\hdz\Downloads\Compressed
2017-06-14 03:32 - 2017-04-26 21:49 - 00000000 ____D C:\Program Files\Microsoft Visual Studio
2017-06-14 03:32 - 2017-03-18 23:23 - 00000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2017-06-14 03:04 - 2017-03-18 21:23 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-06-14 02:00 - 2017-04-04 17:31 - 00000000 ____D C:\Users\hdz\AppData\Local\Adobe
2017-06-14 01:28 - 2017-03-12 00:47 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-14 01:23 - 2017-05-11 19:01 - 00218200 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-14 01:21 - 2017-03-18 21:23 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-06-14 01:21 - 2017-03-18 21:23 - 00000000 ___RD C:\Program Files\Windows Defender
2017-06-14 01:21 - 2017-03-18 21:23 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-06-14 01:21 - 2017-03-18 21:23 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-06-14 01:21 - 2017-03-18 21:23 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-14 01:21 - 2017-03-18 21:23 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-06-14 01:21 - 2017-03-18 21:23 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-06-13 23:47 - 2017-03-18 21:23 - 00000000 ____D C:\WINDOWS\rescache
2017-06-13 23:37 - 2017-03-14 15:37 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-13 23:34 - 2017-03-18 21:14 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-13 23:34 - 2017-03-14 15:37 - 130903960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-13 15:55 - 2017-03-11 18:53 - 00000000 ____D C:\Users\hdz\Downloads\Video
2017-06-12 21:01 - 2017-05-12 05:49 - 00000000 ____D C:\Program Files\MSBuild
2017-06-12 21:01 - 2017-03-18 21:23 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-06-12 20:59 - 2017-04-26 21:50 - 00000000 ____D C:\Users\hdz\AppData\Roaming\Visual Studio Setup
2017-06-12 18:13 - 2017-03-12 00:46 - 00000000 ____D C:\Users\hdz\AppData\Local\ConnectedDevicesPlatform
2017-06-12 03:07 - 2017-03-11 18:59 - 00000000 ____D C:\Users\hdz\AppData\Local\Google
2017-06-11 20:05 - 2017-04-09 21:24 - 00000000 ____D C:\Users\hdz\Desktop\rufus_files
2017-06-11 20:02 - 2017-05-11 19:22 - 00005592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-11 03:01 - 2017-03-11 23:14 - 00000000 ____D C:\Users\hdz\Desktop\photoshop
2017-06-09 02:42 - 2017-04-27 21:05 - 00000000 ____D C:\Users\hdz\AppData\Roaming\discord
2017-06-05 21:10 - 2017-04-27 21:05 - 00000000 ____D C:\Users\hdz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2017-06-05 21:10 - 2017-04-27 21:04 - 00000000 ____D C:\Users\hdz\AppData\Local\SquirrelTemp
2017-06-03 09:32 - 2017-03-18 21:25 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2017-06-03 09:32 - 2017-03-18 21:25 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2017-05-31 14:07 - 2017-03-26 22:13 - 00000000 ____D C:\ProgramData\Package Cache
2017-05-29 23:15 - 2017-04-04 17:56 - 00000000 ____D C:\Program Files\Common Files\Adobe
2017-05-29 09:05 - 2017-04-16 19:33 - 00000000 ____D C:\Users\hdz\AppData\Roaming\uTorrent
2017-05-29 08:38 - 2017-03-18 21:23 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-05-29 08:33 - 2017-04-27 14:38 - 00000000 _____ C:\Users\Public\Documents\report.dat
2017-05-27 17:19 - 2017-04-22 00:11 - 00000000 ____D C:\Users\hdz\AppData\LocalLow\Mozilla
2017-05-27 11:19 - 2017-03-12 00:47 - 00000000 ____D C:\Users\hdz\AppData\Roaming\Adobe
2017-05-27 11:18 - 2017-04-04 18:02 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-05-27 10:46 - 2017-04-04 18:02 - 00000000 ____D C:\Users\hdz\Documents\Adobe
2017-05-27 09:43 - 2017-04-04 17:31 - 00000000 ____D C:\ProgramData\Adobe
2017-05-27 08:30 - 2017-03-12 00:49 - 00000000 ___RD C:\Users\hdz\OneDrive
2017-05-25 22:43 - 2017-04-15 01:14 - 00000000 ____D C:\Users\hdz\Documents\Universe Sandbox ²
2017-05-25 11:58 - 2017-04-28 18:29 - 00059936 _____ C:\WINDOWS\system32\Drivers\mbae.sys
2017-05-21 22:23 - 2017-04-22 17:47 - 00001880 _____ C:\Users\hdz\Desktop\Universe Sandbox - Shortcut.lnk
2017-05-20 19:43 - 2017-03-18 21:23 - 00000000 ____D C:\WINDOWS\Help
2017-05-17 21:46 - 2017-04-14 09:53 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2017-05-17 15:44 - 2017-03-18 21:23 - 00000000 ____D C:\WINDOWS\ModemLogs

==================== Files in the root of some directories =======

Some files in TEMP:
====================
2017-06-14 03:36 - 2017-06-14 03:40 - 2492622 _____ (Easeware ) C:\Users\hdz\AppData\Local\Temp\B9BE.tmp.exe
2017-06-14 03:32 - 2017-06-14 03:32 - 0279744 _____ () C:\Users\hdz\AppData\Local\Temp\msclean.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

LastRegBack: 2017-06-09 20:02

==================== End of FRST.txt ============================

#6
hdz

Posted 14 June 2017 - 02:12 PM

Member

Topic Starter
Member
20 posts

here is the addition txt

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-06-2017
Ran by hdz (14-06-2017 23:08:36)
Running from C:\Users\hdz\Downloads
Microsoft Windows 10 Pro Version 1703 (X86) (2017-05-11 16:47:21)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2863771085-710865549-2862127350-1001\...\uTorrent) (Version: 3.5.0.43804 - BitTorrent Inc.)
Adobe Creative Cloud (HKLM\...\Adobe Creative Cloud) (Version: 4.0.1.188 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (32 Bit) (HKLM\...\PHSP_18_1_1_32) (Version: 18.1.1 - Adobe Systems Incorporated)
Cheat Engine 6.6 (HKLM\...\Cheat Engine 6.6_is1) (Version: - Cheat Engine)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.20.286 - SurfRight B.V.)
Java 8 Update 121 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Jordy Downloader (Version: 1.1.2.1 - Jordysoft) Hidden
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40649 (HKLM\...\{35b83883-40fa-423c-ae73-2aff7e1ea820}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM\...\{729A3000-BC8A-3B74-BA5D-5068FE12D70C}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.31119 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 2.0 (HKLM\...\{245F6C7A-0C22-4DE0-8202-2AAA620A1D3A}) (Version: 2.0.11128.1 - Microsoft Corporation)
Minecraft (HKLM\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Movavi Video Editor 12 (HKLM\...\Movavi Video Editor 12) (Version: 12.3.1 - Movavi)
PowerISO (HKLM\...\PowerISO) (Version: 6.8 - Power Software Ltd)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7548 - Realtek Semiconductor Corp.)
ROBLOX Player for hdz (HKU\S-1-5-21-2863771085-710865549-2862127350-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.51.0 - SAMSUNG Electronics Co., Ltd.)
Skype™ 7.33 (HKLM\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
SpaceEngine version 0.9.8.0 (HKLM\...\{6E7A40FA-86CE-4844-A7DC-F8769F21A62F}_is1) (Version: 0.9.8.0 - SpaceEngine)
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.98 - Synaptics Incorporated)
Ultra Hal Assistant 6.2 (HKLM\...\Ultra Hal Assistant62) (Version: 6.2 - Zabaware, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows 10 Update and Privacy Settings (HKLM\...\{8BE893D4-107C-4867-9B71-A3CF2C917C0E}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
WinRAR 5.40 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Zabaware TTS Reader 2.0 (HKLM\...\Zabaware TTS Reader) (Version: 2.0 - Zabaware, Inc.)
Zemana AntiMalware (HKLM\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.73.0.2 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2863771085-710865549-2862127350-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-2C5CEE022E0A}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-2863771085-710865549-2862127350-1001_Classes\CLSID\{76D50904-6780-4c8b-8986-1A7EE0B1716D}\InprocServer32 -> C:\Users\hdz\AppData\Local\Roblox\Versions\version-88b966c853f84435\RobloxProxy.dll (ROBLOX Corporation)
CustomCLSID: HKU\S-1-5-21-2863771085-710865549-2862127350-1001_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\hdz\AppData\Local\Roblox\Versions\version-88b966c853f84435\RobloxProxy64.dll (ROBLOX Corporation)
CustomCLSID: HKU\S-1-5-21-2863771085-710865549-2862127350-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {85E31489-0164-4A37-A9E2-4D7FD4669659} - System32\Tasks\GooGle\Chrome Updater => C:\Users\hdz\AppData\Local\PickerHost.exe
Task: {E94851CB-75FA-4158-947A-DB85C3854670} - \Microsoft\Windows\Multimedia\Manager -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-03-18 21:19 - 2017-03-18 21:19 - 00116824 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2016-10-25 09:57 - 2016-10-25 09:57 - 00407216 _____ () C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll
2017-03-18 21:19 - 2017-03-18 23:23 - 01456128 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-06-08 05:57 - 2017-06-08 05:57 - 00064512 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x86__kzf8qxf38zg5c\SkypeHost.exe
2017-06-08 05:57 - 2017-06-08 05:57 - 00168960 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x86__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-06-08 05:57 - 2017-06-08 05:57 - 31174144 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x86__kzf8qxf38zg5c\SkyWrap.dll
2017-06-08 05:57 - 2017-06-08 05:57 - 01716736 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x86__kzf8qxf38zg5c\skypert.dll
2017-05-08 15:30 - 2017-05-08 15:31 - 06556160 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11703.1001.45.0_x86__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2017-05-08 15:30 - 2017-05-08 15:31 - 01670144 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11703.1001.45.0_x86__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2017-05-08 15:30 - 2017-05-08 15:31 - 00620032 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11703.1001.45.0_x86__8wekyb3d8bbwe\WinStore.Vui.dll
2017-05-09 14:03 - 2017-05-09 14:05 - 00020992 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-05-09 14:03 - 2017-05-09 14:05 - 21736448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x86__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-05-09 14:03 - 2017-05-09 14:05 - 00350208 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x86__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll
2017-05-09 14:03 - 2017-05-09 14:05 - 01783808 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x86__8wekyb3d8bbwe\MediaEngine.dll
2017-05-09 14:03 - 2017-05-09 14:05 - 02389928 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x86__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-05-09 14:03 - 2017-05-09 14:05 - 00037376 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x86__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2017-03-12 00:44 - 2017-03-15 12:11 - 00541696 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x86__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2017-05-09 14:03 - 2017-05-09 14:05 - 00397824 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x86__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-05-09 14:03 - 2017-05-09 14:05 - 00654848 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x86__8wekyb3d8bbwe\Microsoft.Sharing.dll
2017-06-13 19:01 - 2017-06-13 19:02 - 03337216 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1706.1602.0_x86__8wekyb3d8bbwe\Calculator.exe
2017-06-13 19:01 - 2017-06-13 19:02 - 02849192 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1706.1602.0_x86__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-06-01 11:09 - 2017-06-01 11:10 - 14406656 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17042.14211.0_x86__8wekyb3d8bbwe\Video.UI.exe
2017-06-01 11:09 - 2017-06-01 11:10 - 06382080 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17042.14211.0_x86__8wekyb3d8bbwe\EntCommon.dll
2017-05-26 09:36 - 2017-05-26 09:37 - 02581928 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17042.14211.0_x86__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\55221049.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\55221049.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2863771085-710865549-2862127350-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\hdz\Desktop\photoshop\PHOTO\eclipse.jpg
DNS Servers: 1.1.1.2 - 185.116.116.155
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

27-05-2017 17:17:48 Removed AlphaGo
05-06-2017 20:06:54 Scheduled Checkpoint
07-06-2017 17:52:47 Removed AlphaGo
13-06-2017 23:30:30 Windows Update
13-06-2017 23:31:35 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/14/2017 09:36:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HDZZ)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/14/2017 08:04:16 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: HDZZ)
Description: Package Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe+MicrosoftEdge was terminated because it took too long to suspend.

Error: (06/14/2017 05:54:11 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Common Files\Adobe\OOBE\PDApp\DECore\DE6\resources\libraries\Adobe_Helperx64.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/14/2017 05:54:11 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Common Files\Adobe\OOBE\PDApp\DECore\DE5\resources\libraries\Adobe_Helperx64.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/14/2017 05:49:23 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Common Files\Adobe\OOBE\PDApp\DECore\DE6\resources\libraries\Adobe_Helperx64.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/14/2017 05:49:23 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Common Files\Adobe\OOBE\PDApp\DECore\DE5\resources\libraries\Adobe_Helperx64.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/14/2017 03:19:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbar.exe version 1.9.3.1001 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1e34

Start Time: 01d2e504121a7d3e

Termination Time: 2823

Application Path: C:\Users\hdz\Desktop\mbar\mbar.exe

Report Id: 65b9c1fe-407b-4656-9b61-9f39df4440cf

Faulting package full name:

Faulting package-relative application ID:

Process ID: 1250

Start Time: 01d2e4f696e7cb63

Termination Time: 60000

Application Path: C:\Users\hdz\Desktop\mbar\mbar.exe

Report Id: 287b5db6-a58d-4979-9904-b125763f6faf

Faulting package full name:

Faulting package-relative application ID:

System errors:
=============
Error: (06/14/2017 09:36:43 PM) (Source: DCOM) (EventID: 10010) (User: HDZZ)
Description: The server Microsoft.Windows.Photos_17.425.10010.0_x86__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca did not register with DCOM within the required timeout.

Error: (06/14/2017 08:40:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AdobeUpdateService service terminated unexpectedly. It has done this 1 time(s).

Error: (06/14/2017 08:39:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Genuine Software Integrity Service service terminated unexpectedly. It has done this 1 time(s).

Error: (06/14/2017 08:38:18 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (06/14/2017 08:38:15 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (06/14/2017 08:38:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error:
The request is not supported.

Error: (06/14/2017 08:38:13 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:02:35 PM on ‎6/‎14/‎2017 was unexpected.

Error: (06/14/2017 06:42:37 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (06/14/2017 06:42:35 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (06/14/2017 06:42:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error:
The request is not supported.

==================== Memory info ===========================

Processor: Intel® Celeron® CPU B800 @ 1.50GHz
Percentage of memory in use: 63%
Total physical RAM: 1893.86 MB
Available physical RAM: 699.18 MB
Total Virtual: 4917.86 MB
Available Virtual: 3505.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:258.33 GB) (Free:206.21 GB) NTFS

==================== MBR & Partition Table ==================

==================== End of Addition.txt ============================

#7
hdz

Posted 14 June 2017 - 02:13 PM

Member

Topic Starter
Member
20 posts

is everything okay now? thank you for helping btw.

btw I just noticed something in the scheduled tasks in the addition txt, about the chrome updater thing,again I unstalled chrome few days ago because I was finding fake shortcuts and stuff,note again that I don't have any browser other than Microsoft edge and internet explorer.hope this help.

Edited by hdz, 14 June 2017 - 02:24 PM.

#8
Valinorum

Posted 14 June 2017 - 02:32 PM

GeekU Guardian Bot

GeekU Moderator
3,330 posts

Post the Zemana report too.

#9
hdz

Posted 14 June 2017 - 02:45 PM

Member

Topic Starter
Member
20 posts

here Is the new zemana report for the scan that I just did:

Zemana AntiMalware 2.73.189.2 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2017/6/14
Operating System       : Windows 10 32-bit
Processor              : 2X Intel® Celeron® CPU B800 @ 1.50GHz
BIOS Mode              : Legacy
CUID                   : 12786C4E26EDF66396ACCD
Scan Type              : System Scan
Duration               : 12m 21s
Scanned Objects        : 66572
Detected Objects       : 4
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Enabled
Detect All Extensions : Disabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

Fake Chrome Shortcut
Status             : Scanned
Object             : %allusersprofile%\microsoft\windows\start menu\programs\google chrome.lnk
MD5                : 2247A1A5C1136997138F5603AFAF90B9
Publisher          : -
Size               : 236
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Fake Chrome Shortcut
                File - %allusersprofile%\microsoft\windows\start menu\programs\google chrome.lnk

Fake Chrome Shortcut
Status             : Scanned
Object             : %appdata%\microsoft\internet explorer\quick launch\user pinned\implicitappshortcuts\c817102e70cc3c\google chrome.lnk
MD5                : 2247A1A5C1136997138F5603AFAF90B9
Publisher          : -
Size               : 236
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Fake Chrome Shortcut
                File - %appdata%\microsoft\internet explorer\quick launch\user pinned\implicitappshortcuts\c817102e70cc3c\google chrome.lnk

Fake Chrome Shortcut
Status             : Scanned
Object             : %appdata%\microsoft\internet explorer\quick launch\user pinned\implicitappshortcuts\7eacadfa43776aec\google chrome.lnk
MD5                : 2247A1A5C1136997138F5603AFAF90B9
Publisher          : -
Size               : 236
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Fake Chrome Shortcut
                File - %appdata%\microsoft\internet explorer\quick launch\user pinned\implicitappshortcuts\7eacadfa43776aec\google chrome.lnk

Fake Chrome Shortcut
Status             : Scanned
Object             : %appdata%\microsoft\internet explorer\quick launch\google chrome.lnk
MD5                : 2247A1A5C1136997138F5603AFAF90B9
Publisher          : -
Size               : 236
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Fake Chrome Shortcut
                File - %appdata%\microsoft\internet explorer\quick launch\google chrome.lnk

Cleaning Result
-------------------------------------------------------
Cleaned               : 4
Reported as safe      : 0
Failed                : 0

#10
hdz

Posted 14 June 2017 - 06:21 PM

Member

Topic Starter
Member
20 posts

well I'm still not sure what to do,are the logs clean now?

#11
Valinorum

Posted 15 June 2017 - 12:58 AM

GeekU Guardian Bot

GeekU Moderator
3,330 posts

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

Enable your Windows Defender or get yourself equiped with a new anti-virus software as they are your first line of defense.

I unstalled chrome few days ago because I was finding fake shortcuts and stuff,note again that I don't have any browser other than Microsoft edge and internet explorer.hope this help.

I will remove the files left behind by your previous browsers.

Do you know the following file(s):

C:\program files\cain\cain.exe

Step #2 P2P Warning
**IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
- µTorrent
I shall provide you with a few reference links, please read them up to know the risks of having a P2P program.
- P2P File-Sharing: Evaluate the Risks
- ITSC: Risks in Peer-to-peer File Sharing
Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P file-sharing as a major conduit to spread their wares.

My recommendation is that you uninstall the programs listed above. If you choose not to remove them, please do not use them until this computer is clean.

Step #3 Uninstall Programs
I want you to uninstall the following program(s) listed below due to poor reputation we receive about them. To uninstall a program, go to Start > Control Panel > Uninstall a program or Start > Control Panel > Programs and Features. Wait for the list to fill up and double-click on the items I have listed below and follow the on-screen instruction to remove/uninstall them.
- Cheat Engine 6.6

Step #4 Fix with FRST
Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.

Open Notepad.exe. Do not use any other text editor software;

Copy and Paste the contents inside the code-box to your Notepad --

Start
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
Zip: C:\Users\hdz\AppData\Local\PickerHost.exe;C:\Program Files\Jujalyclartion Launcher;C:\Users\hdz\AppData\Roaming\csjtl.exe;C:\Program Files\Bangtony\Application\chrome.exe
Jordy Downloader (Version: 1.1.2.1 - Jordysoft) Hidden
CustomCLSID: HKU\S-1-5-21-2863771085-710865549-2862127350-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-2C5CEE022E0A}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
Task: {85E31489-0164-4A37-A9E2-4D7FD4669659} - System32\Tasks\GooGle\Chrome Updater => C:\Users\hdz\AppData\Local\PickerHost.exe
Task: {E94851CB-75FA-4158-947A-DB85C3854670} - \Microsoft\Windows\Multimedia\Manager -> No File <==== ATTENTION
HKU\S-1-5-21-2863771085-710865549-2862127350-1001\...\StartupApproved\Run: => "T0Yz&0qCVp.exe"
C:\Program Files\Google\Chrome\
C:\Program Files\Mozilla Firefox\
C:\Program Files\Firefox\
C:\Users\hdz\AppData\Roaming\Mozilla\
C:\Program Files\Bangtony\Application\chrome.exe
C:\Users\hdz\AppData\LocalLow\Mozilla
2017-05-24 14:22 - 2017-06-14 17:50 - 00000236 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-24 14:22 - 2017-05-27 17:18 - 00002027 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
HKLM\...\Providers\quvbwdhx: C:\Program Files\Jujalyclartion Launcher\local32spl.dll
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\hdz\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\hdz\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\hdz\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
InternetURL: C:\Users\hdz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\conros.com.url -> URL: C:\Users\hdz\AppData\Roaming\csjtl.exe
GroupPolicy: Restriction ? <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-2863771085-710865549-2862127350-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
2017-05-29 07:18 - 2017-06-11 20:26 - 00000433 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2017-05-17 13:03 - 2017-05-24 14:14 - 00000000 _____ C:\WINDOWS\system32\1111
File: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe
File: C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1706.1602.0_x86__8wekyb3d8bbwe\Calculator.exe
File: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17042.14211.0_x86__8wekyb3d8bbwe\Video.UI.exe
Folder: C:\Program Files\Kjoght
Hosts:
End

Click on File > Save as...
- Inside the File Name box type fixlist.txt;
- From the Save as type drop down list, choose All Files
Save the file to your Desktop;
Re-run FRST.exe and click Fix;
- Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
After the completion, a log will be produced;
Copy and Paste the contents of the log in your next reply.

A zip file will also be created in your Desktop as Date_Time.zip. Please upload the file here. In the Topic link, give the link to this thread. In your comment, write: Uploaded sample for Valinorum.

Required Log(s):
- FRST Fixlog
- Uploaded sample

Regards,
Valinorum

#12
hdz

Posted 15 June 2017 - 04:49 AM

Member

Topic Starter
Member
20 posts

Step 1: I will download a new antivirus software because window defender antivirus just wouldn't turn on.

no I don't know anything about C:\program files\cain\cain.exe

Step 2+3: I uninstalled utorrent and cheatengine.

Step 4: farbar fix logs:

Fix result of Farbar Recovery Scan Tool (x86) Version: 15-06-2017
Ran by hdz (15-06-2017 13:24:54) Run:1
Running from C:\Users\hdz\Desktop
Loaded Profiles: hdz (Available Profiles: defaultuser0 & hdz)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
Zip: C:\Users\hdz\AppData\Local\PickerHost.exe;C:\Program Files\Jujalyclartion Launcher;C:\Users\hdz\AppData\Roaming\csjtl.exe;C:\Program Files\Bangtony\Application\chrome.exe
Jordy Downloader (Version: 1.1.2.1 - Jordysoft) Hidden
CustomCLSID: HKU\S-1-5-21-2863771085-710865549-2862127350-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-2C5CEE022E0A}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
Task: {85E31489-0164-4A37-A9E2-4D7FD4669659} - System32\Tasks\GooGle\Chrome Updater => C:\Users\hdz\AppData\Local\PickerHost.exe
Task: {E94851CB-75FA-4158-947A-DB85C3854670} - \Microsoft\Windows\Multimedia\Manager -> No File <==== ATTENTION
HKU\S-1-5-21-2863771085-710865549-2862127350-1001\...\StartupApproved\Run: => "T0Yz&0qCVp.exe"
C:\Program Files\Google\Chrome\
C:\Program Files\Mozilla Firefox\
C:\Program Files\Firefox\
C:\Users\hdz\AppData\Roaming\Mozilla\
C:\Program Files\Bangtony\Application\chrome.exe
C:\Users\hdz\AppData\LocalLow\Mozilla
2017-05-24 14:22 - 2017-06-14 17:50 - 00000236 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-24 14:22 - 2017-05-27 17:18 - 00002027 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
HKLM\...\Providers\quvbwdhx: C:\Program Files\Jujalyclartion Launcher\local32spl.dll
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\hdz\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\hdz\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\hdz\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
InternetURL: C:\Users\hdz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\conros.com.url -> URL: C:\Users\hdz\AppData\Roaming\csjtl.exe
GroupPolicy: Restriction ? <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-2863771085-710865549-2862127350-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
2017-05-29 07:18 - 2017-06-11 20:26 - 00000433 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2017-05-17 13:03 - 2017-05-24 14:14 - 00000000 _____ C:\WINDOWS\system32\1111
File: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe
File: C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1706.1602.0_x86__8wekyb3d8bbwe\Calculator.exe
File: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17042.14211.0_x86__8wekyb3d8bbwe\Video.UI.exe
Folder: C:\Program Files\Kjoght
Hosts:
End
*****************

Restore point was successfully created.
Processes closed successfully.
================== Zip: ===================
"C:\Users\hdz\AppData\Local\PickerHost.exe" -> not found
"C:\Program Files\Jujalyclartion Launcher" -> not found
"C:\Users\hdz\AppData\Roaming\csjtl.exe" -> not found
"C:\Program Files\Bangtony\Application\chrome.exe" -> not found
=========== Zip: End ===========
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{de5c0faf-d96f-49fc-abc1-08feadfd6403}\\SystemComponent => value removed successfully.
HKU\S-1-5-21-2863771085-710865549-2862127350-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-2C5CEE022E0A} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{85E31489-0164-4A37-A9E2-4D7FD4669659} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{85E31489-0164-4A37-A9E2-4D7FD4669659} => key removed successfully.
C:\Windows\System32\Tasks\GooGle\Chrome Updater => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GooGle\Chrome Updater => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E94851CB-75FA-4158-947A-DB85C3854670} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E94851CB-75FA-4158-947A-DB85C3854670} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Multimedia\Manager => key removed successfully.
HKU\S-1-5-21-2863771085-710865549-2862127350-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\T0Yz&0qCVp.exe => value removed successfully.
HKU\S-1-5-21-2863771085-710865549-2862127350-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\T0Yz&0qCVp.exe => value not found.
C:\Program Files\Google\Chrome => moved successfully
"C:\Program Files\Mozilla Firefox" => not found.
"C:\Program Files\Firefox" => not found.
C:\Users\hdz\AppData\Roaming\Mozilla => moved successfully
"C:\Program Files\Bangtony\Application\chrome.exe" => not found.
C:\Users\hdz\AppData\LocalLow\Mozilla => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => moved successfully
HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\quvbwdhx => key removed successfully.
HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\\order quvbwdhx => not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => invalid subkey removed.
HKLM\Software\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => invalid subkey removed.
HKLM\Software\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => invalid subkey removed.
HKLM\Software\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key removed successfully.
C:\Users\hdz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\conros.com.url => moved successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Google => key removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-2863771085-710865549-2862127350-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully.
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
C:\WINDOWS\system32\Drivers\etc\hosts.ics => moved successfully
C:\WINDOWS\system32\1111 => moved successfully

========================= File: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe ========================

"C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe" => not found.
====== End of File: ======

========================= File: C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1706.1602.0_x86__8wekyb3d8bbwe\Calculator.exe ========================

File not signed
MD5: 5A4E645863343F0D2F0971DD204E7635
Creation and modification date: 2017-06-13 19:01 - 2017-06-13 19:02
Size: 3337216
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:

====== End of File: ======

========================= File: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17042.14211.0_x86__8wekyb3d8bbwe\Video.UI.exe ========================

File not signed
MD5: E55A8BAADBB972718AF205A6308D1DBA
Creation and modification date: 2017-06-01 11:09 - 2017-06-01 11:10
Size: 14406656
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:

====== End of File: ======

========================= Folder: C:\Program Files\Kjoght ========================

2017-05-27 14:19 - 2017-05-28 00:31 - 0000000 ____D () C:\Program Files\Kjoght\_ALLOWDEL_1968f0a
2017-05-27 14:20 - 2017-05-27 14:20 - 0000000 _____ () C:\Program Files\Kjoght\_ALLOWDEL_1968f0a\33

====== End of Folder: ======

Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 9723904 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 21466483 B
Java, Flash, Steam htmlcache => 16704681 B
Windows/system/drivers => 5476999 B
Edge => 277378707 B
Chrome => 0 B
Firefox => 15548698 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
LocalService => 3306 B
NetworkService => 4046976 B
defaultuser0 => 7168 B
hdz => 795438009 B

RecycleBin => 0 B
EmptyTemp: => 1.1 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 13:28:25 ====

About the zip file; I uploaded it just like you told me.

Thanks again for helping.

#13
Valinorum

Posted 15 June 2017 - 05:49 AM

GeekU Guardian Bot

GeekU Moderator
3,330 posts

Give me a fresh FRST scan log, please.

#14
hdz

Posted 15 June 2017 - 06:08 AM

Member

Topic Starter
Member
20 posts

New scan results:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-06-2017
Ran by hdz (administrator) on HDZZ (15-06-2017 15:02:29)
Running from C:\Users\hdz\Desktop
Loaded Profiles: hdz (Available Profiles: defaultuser0 & hdz)
Platform: Microsoft Windows 10 Pro Version 1703 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ZAM] => C:\Program Files\Zemana AntiMalware\ZAM.exe [15510672 2017-06-12] (Copyright 2017.)
HKU\S-1-5-21-2863771085-710865549-2862127350-1001\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [4015216 2017-06-08] (Tonec Inc.)
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll [2016-10-25] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ultra Hal Assistant 6 Startup.lnk [2017-05-20]
ShortcutTarget: Ultra Hal Assistant 6 Startup.lnk -> C:\Program Files\Zabaware\Ultra Hal Assistant 6\HalAsst.exe (Zabaware)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Zabaware Reader Startup.lnk [2017-05-20]
ShortcutTarget: Zabaware Reader Startup.lnk -> C:\Program Files\Zabaware\Reader 2\ZabaReader.exe (Zabaware, Inc.)
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 1.1.1.2 185.116.116.155 8.8.8.8 192.168.1.1
Tcpip\..\Interfaces\{5c6ffd9f-dc25-4c04-8ce6-25725dc808f3}: [DhcpNameServer] 1.1.1.2 185.116.116.155 8.8.8.8 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2017-06-07] (Internet Download Manager, Tonec Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-03-19] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-19] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-2863771085-710865549-2862127350-1001 -> hxxp://www.google.com

FireFox:
========
FF HKU\S-1-5-21-2863771085-710865549-2862127350-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\hdz\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\hdz\AppData\Roaming\IDM\idmmzcc5 [2017-06-15] [not signed]
FF HKU\S-1-5-21-2863771085-710865549-2862127350-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2017-01-26]
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-19] (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-03-27] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2863771085-710865549-2862127350-1001: @nsroblox.roblox.com/launcher -> C:\Users\hdz\AppData\Local\Roblox\Versions\version-88b966c853f84435\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2863771085-710865549-2862127350-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\hdz\AppData\Local\Roblox\Versions\version-88b966c853f84435\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2017-06-08]
StartMenuInternet: Google Chrome - Chrome.exe
HKU\S-1-5-21-2863771085-710865549-2862127350-1001\...\StartMenuInternet\ChromeHTML: -> C:\Program Files\Bangtony\Application\chrome.exe <==== ATTENTION

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdobeUpdateService; C:\Program Files\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [771672 2017-03-14] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
S3 cphs; C:\WINDOWS\system32\IntelCpHeciSvc.exe [300120 2017-03-10] (Intel Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3398608 2017-05-09] (Malwarebytes)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe [263936 2015-07-03] (Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2545848 2017-03-18] (Microsoft Corporation)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-03] (DEVGURU Co., LTD.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [227504 2016-04-28] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [265352 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [82488 2017-03-18] (Microsoft Corporation)
S2 ZAMSvc; C:\Program Files\Zemana AntiMalware\ZAM.exe [15510672 2017-06-12] (Copyright 2017.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [109184 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [59936 2017-05-25] ()
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [47552 2017-06-14] ()
R0 mbamchameleon; C:\WINDOWS\System32\drivers\mbamchameleon.sys [94936 2017-06-14] (Malwarebytes)
R3 RSPCIESTOR; C:\WINDOWS\system32\DRIVERS\RtsPStor.sys [256616 2012-03-29] (Realtek Semiconductor Corp.)
S3 rt640x86; C:\WINDOWS\System32\drivers\rt640x86.sys [504832 2017-03-18] (Realtek )
R3 rtwlane_13; C:\WINDOWS\System32\drivers\rtwlane_13.sys [3182592 2017-03-18] (Realtek Semiconductor Corporation )
R1 SCDEmu; C:\WINDOWS\system32\Drivers\SCDEmu.sys [124304 2017-02-02] (Power Software Ltd)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [44216 2016-04-28] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [147072 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\WINDOWS\system32\DRIVERS\ssudserd.sys [147072 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [23040 2016-04-21] (The OpenVPN Project)
S3 taphss6; C:\WINDOWS\System32\drivers\taphss6.sys [36944 2017-05-16] (Anchorfree Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [37464 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [243104 2017-03-18] (Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [119952 2016-07-15] (MBB)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [96672 2017-03-18] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [160256 2017-03-18] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam32.sys [181496 2017-06-14] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard32.sys [181496 2017-06-14] (Zemana Ltd.)
S3 MBAMFarflt; \??\C:\WINDOWS\system32\drivers\farflt.sys [X]
S3 MBAMWebProtection; \??\C:\WINDOWS\system32\drivers\mwac.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-15 15:02 - 2017-06-15 15:03 - 00010815 _____ C:\Users\hdz\Desktop\FRST.txt
2017-06-15 14:56 - 2017-06-15 14:57 - 00000000 ____D C:\Users\hdz\AppData\Roaming\IDM
2017-06-15 14:55 - 2017-06-15 14:55 - 00001048 _____ C:\Users\hdz\Desktop\Internet Download Manager.lnk
2017-06-15 14:55 - 2017-06-15 14:55 - 00000000 ____D C:\Users\hdz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2017-06-15 14:55 - 2017-06-15 14:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2017-06-15 14:54 - 2017-06-15 14:54 - 00489996 _____ C:\Users\hdz\Downloads\IDM Universal _.rar
2017-06-15 13:25 - 2017-06-15 13:25 - 00000022 _____ C:\Users\hdz\Desktop\15.06.2017_13.25.59.zip
2017-06-15 13:24 - 2017-06-15 13:28 - 00009533 _____ C:\Users\hdz\Desktop\Fixlog.txt
2017-06-14 18:08 - 2017-06-15 00:03 - 00000000 ____D C:\WINDOWS\Minidump
2017-06-14 18:08 - 2017-06-14 18:09 - 00288676 _____ C:\WINDOWS\Minidump\061417-34718-01.dmp
2017-06-14 18:08 - 2017-06-14 18:08 - 333759958 _____ C:\WINDOWS\MEMORY.DMP
2017-06-14 18:05 - 2017-06-14 18:05 - 00002093 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-06-14 18:05 - 2017-06-14 18:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-06-14 18:04 - 2017-06-14 18:04 - 00011186 _____ C:\WINDOWS\system32\.crusader
2017-06-14 17:41 - 2017-06-14 18:01 - 64232976 _____ (Malwarebytes ) C:\Users\hdz\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.141-1.0.2092 (1).exe
2017-06-14 17:35 - 2017-06-14 23:54 - 00047552 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2017-06-14 17:35 - 2017-06-14 17:35 - 00001962 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2017-06-14 17:35 - 2017-06-14 17:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2017-06-14 17:35 - 2017-06-14 17:35 - 00000000 ____D C:\Program Files\HitmanPro
2017-06-14 17:34 - 2017-06-14 18:04 - 00000000 ____D C:\ProgramData\HitmanPro
2017-06-14 17:33 - 2017-06-15 15:02 - 00060093 _____ C:\WINDOWS\ZAM.krnl.trace
2017-06-14 17:33 - 2017-06-15 15:02 - 00036271 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-06-14 17:33 - 2017-06-14 17:33 - 00181496 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard32.sys
2017-06-14 17:33 - 2017-06-14 17:33 - 00181496 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam32.sys
2017-06-14 17:32 - 2017-06-14 17:33 - 00000000 ____D C:\Program Files\Zemana AntiMalware
2017-06-14 17:32 - 2017-06-14 17:32 - 00001957 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-06-14 17:32 - 2017-06-14 17:32 - 00000000 ____D C:\Users\hdz\AppData\Local\Zemana
2017-06-14 17:32 - 2017-06-14 17:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-06-14 17:30 - 2017-06-14 17:34 - 11007936 _____ (SurfRight B.V.) C:\Users\hdz\Downloads\hitmanpro.exe
2017-06-14 17:23 - 2017-06-14 17:23 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\hdz\Downloads\rkill.exe
2017-06-14 17:18 - 2017-06-14 17:18 - 00000000 ____D C:\TDSSKiller_Quarantine
2017-06-14 14:30 - 2017-06-14 14:31 - 04922400 _____ (AO Kaspersky Lab) C:\Users\hdz\Desktop\tdsskiller.exe
2017-06-14 13:46 - 2017-06-15 13:24 - 01777152 _____ (Farbar) C:\Users\hdz\Desktop\FRST.exe
2017-06-14 05:07 - 2017-06-15 15:02 - 00000000 ____D C:\FRST
2017-06-14 03:57 - 2017-06-15 14:08 - 00220576 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-06-14 03:57 - 2017-06-15 00:54 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-06-14 03:57 - 2017-06-14 18:05 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-06-14 03:54 - 2017-06-15 00:54 - 00000000 ____D C:\Users\hdz\Desktop\mbar
2017-06-14 03:54 - 2017-06-14 23:54 - 00094936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-06-14 03:46 - 2017-06-14 03:51 - 00930816 _____ C:\Users\hdz\AppData\Local\test_db_cara.db
2017-06-14 03:43 - 2017-06-15 14:57 - 00000000 ____D C:\Users\hdz\AppData\Roaming\DMCache
2017-06-14 03:43 - 2017-06-14 03:43 - 00000000 ____D C:\ProgramData\IDM
2017-06-13 23:30 - 2017-06-03 12:36 - 01150784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-06-13 23:30 - 2017-06-03 12:33 - 00095640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-13 23:30 - 2017-06-03 12:25 - 00177056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2017-06-13 23:30 - 2017-06-03 12:24 - 00249016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-06-13 23:30 - 2017-06-03 12:20 - 02086304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-06-13 23:30 - 2017-06-03 12:11 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-06-13 23:30 - 2017-06-03 12:09 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-06-13 23:30 - 2017-06-03 12:08 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-13 23:30 - 2017-06-03 12:07 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-06-13 23:30 - 2017-06-03 12:07 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-06-13 23:30 - 2017-06-03 12:06 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-06-13 23:30 - 2017-06-03 12:04 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-06-13 23:30 - 2017-06-03 12:03 - 19336192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-13 23:30 - 2017-06-03 12:03 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-06-13 23:30 - 2017-06-03 12:00 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-06-13 23:30 - 2017-06-03 11:59 - 02672128 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-13 23:30 - 2017-06-03 11:57 - 00797184 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-13 23:30 - 2017-06-03 11:56 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-06-13 23:30 - 2017-06-03 11:55 - 03656192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-13 23:30 - 2017-06-03 11:55 - 02132480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-13 23:30 - 2017-06-03 11:55 - 00791552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-06-13 23:30 - 2017-06-03 11:54 - 01831936 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-06-13 23:30 - 2017-05-20 12:00 - 00233376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-06-13 23:30 - 2017-05-20 11:50 - 00155040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-06-13 23:30 - 2017-05-20 11:47 - 01474800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-06-13 23:30 - 2017-05-20 11:46 - 00754080 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-06-13 23:30 - 2017-05-20 11:46 - 00534424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-06-13 23:30 - 2017-05-20 11:46 - 00122272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2017-06-13 23:30 - 2017-05-20 11:45 - 00480160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-06-13 23:30 - 2017-05-20 11:45 - 00259352 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-06-13 23:30 - 2017-05-20 11:43 - 01529384 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-06-13 23:30 - 2017-05-20 11:29 - 00786944 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthSSO.dll
2017-06-13 23:30 - 2017-05-20 11:27 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rootmdm.sys
2017-06-13 23:30 - 2017-05-20 11:26 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2017-06-13 23:30 - 2017-05-20 11:26 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmptrap.exe
2017-06-13 23:30 - 2017-05-20 11:25 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2017-06-13 23:30 - 2017-05-20 11:25 - 00113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSaveExt.dll
2017-06-13 23:30 - 2017-05-20 11:20 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-06-13 23:30 - 2017-05-20 11:20 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-06-13 23:30 - 2017-05-20 11:20 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-06-13 23:30 - 2017-05-20 11:17 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-06-13 23:29 - 2017-06-03 12:59 - 01427656 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-06-13 23:29 - 2017-06-03 12:59 - 00626528 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-06-13 23:29 - 2017-06-03 12:59 - 00311200 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-13 23:29 - 2017-06-03 12:37 - 00098208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-13 23:29 - 2017-06-03 12:36 - 05862304 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-13 23:29 - 2017-06-03 12:35 - 02259768 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-13 23:29 - 2017-06-03 12:33 - 00698384 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-06-13 23:29 - 2017-06-03 12:28 - 02022816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-13 23:29 - 2017-06-03 12:26 - 00777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-06-13 23:29 - 2017-06-03 12:23 - 20373920 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-13 23:29 - 2017-06-03 12:23 - 06760024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-06-13 23:29 - 2017-06-03 12:21 - 01516448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems32.dll
2017-06-13 23:29 - 2017-06-03 12:21 - 01294752 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-06-13 23:29 - 2017-06-03 12:21 - 01157536 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-06-13 23:29 - 2017-06-03 12:21 - 00957856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-06-13 23:29 - 2017-06-03 12:21 - 00649632 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-06-13 23:29 - 2017-06-03 12:21 - 00631712 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-06-13 23:29 - 2017-06-03 12:21 - 00592800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-06-13 23:29 - 2017-06-03 12:21 - 00497056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-06-13 23:29 - 2017-06-03 12:21 - 00492448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-06-13 23:29 - 2017-06-03 12:21 - 00288672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-06-13 23:29 - 2017-06-03 12:11 - 02958848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-06-13 23:29 - 2017-06-03 12:11 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-06-13 23:29 - 2017-06-03 12:11 - 00038912 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-13 23:29 - 2017-06-03 12:10 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-06-13 23:29 - 2017-06-03 12:07 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-06-13 23:29 - 2017-06-03 12:05 - 20506624 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-06-13 23:29 - 2017-06-03 12:05 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-06-13 23:29 - 2017-06-03 12:05 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\devicengccredprov.dll
2017-06-13 23:29 - 2017-06-03 11:59 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-06-13 23:29 - 2017-06-03 11:58 - 05961216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-13 23:29 - 2017-06-03 11:57 - 11870720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-13 23:29 - 2017-06-03 11:57 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-06-13 23:29 - 2017-06-03 11:55 - 02369536 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-06-13 23:29 - 2017-06-03 11:55 - 01844224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-13 23:29 - 2017-06-03 11:55 - 01585664 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-06-13 23:29 - 2017-06-03 11:55 - 01560064 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-13 23:29 - 2017-06-03 11:55 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-06-13 23:29 - 2017-06-03 11:55 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-13 23:29 - 2017-06-03 11:55 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-13 23:29 - 2017-06-03 11:55 - 00622592 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-13 23:29 - 2017-06-03 11:54 - 02341376 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-13 23:29 - 2017-06-03 11:54 - 02298368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-06-13 23:29 - 2017-06-03 11:53 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-06-13 23:29 - 2017-06-03 11:52 - 01331200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-06-13 23:29 - 2017-06-03 11:50 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\pwcreator.exe
2017-06-13 23:29 - 2017-05-20 12:13 - 01333136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-06-13 23:29 - 2017-05-20 11:55 - 00606960 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-06-13 23:29 - 2017-05-20 11:48 - 04469832 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-06-13 23:29 - 2017-05-20 11:48 - 00297576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-06-13 23:29 - 2017-05-20 11:47 - 00755616 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-06-13 23:29 - 2017-05-20 11:47 - 00582560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-06-13 23:29 - 2017-05-20 11:46 - 05821496 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-06-13 23:29 - 2017-05-20 11:46 - 01266544 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-06-13 23:29 - 2017-05-20 11:46 - 00173472 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-06-13 23:29 - 2017-05-20 11:45 - 00349600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-06-13 23:29 - 2017-05-20 11:44 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-06-13 23:29 - 2017-05-20 11:44 - 00296352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2017-06-13 23:29 - 2017-05-20 11:43 - 05802968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-06-13 23:29 - 2017-05-20 11:43 - 04672848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-06-13 23:29 - 2017-05-20 11:43 - 02424016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-06-13 23:29 - 2017-05-20 11:43 - 01455592 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2017-06-13 23:29 - 2017-05-20 11:43 - 01120864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-06-13 23:29 - 2017-05-20 11:43 - 00354400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-06-13 23:29 - 2017-05-20 11:29 - 13840384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-06-13 23:29 - 2017-05-20 11:29 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-06-13 23:29 - 2017-05-20 11:29 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2017-06-13 23:29 - 2017-05-20 11:29 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-06-13 23:29 - 2017-05-20 11:27 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-06-13 23:29 - 2017-05-20 11:27 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2017-06-13 23:29 - 2017-05-20 11:26 - 00059904 _____ C:\WINDOWS\system32\xboxgipsynthetic.dll
2017-06-13 23:29 - 2017-05-20 11:26 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-06-13 23:29 - 2017-05-20 11:24 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-06-13 23:29 - 2017-05-20 11:24 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll
2017-06-13 23:29 - 2017-05-20 11:23 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-06-13 23:29 - 2017-05-20 11:22 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2017-06-13 23:29 - 2017-05-20 11:22 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll
2017-06-13 23:29 - 2017-05-20 11:22 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-06-13 23:29 - 2017-05-20 11:22 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
2017-06-13 23:29 - 2017-05-20 11:22 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-06-13 23:29 - 2017-05-20 11:21 - 01984000 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2017-06-13 23:29 - 2017-05-20 11:21 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-06-13 23:29 - 2017-05-20 11:21 - 00454144 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll
2017-06-13 23:29 - 2017-05-20 11:21 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2017-06-13 23:29 - 2017-05-20 11:21 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-06-13 23:29 - 2017-05-20 11:21 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\system32\embeddedmodesvc.dll
2017-06-13 23:29 - 2017-05-20 11:20 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-06-13 23:29 - 2017-05-20 11:19 - 05719040 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-06-13 23:29 - 2017-05-20 11:19 - 01208320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-06-13 23:29 - 2017-05-20 11:19 - 00872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-06-13 23:29 - 2017-05-20 11:19 - 00868352 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2017-06-13 23:29 - 2017-05-20 11:19 - 00768000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2017-06-13 23:29 - 2017-05-20 11:19 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-06-13 23:29 - 2017-05-20 11:19 - 00617472 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-06-13 23:29 - 2017-05-20 11:18 - 00532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-06-13 23:29 - 2017-05-20 11:18 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-06-13 23:29 - 2017-05-20 11:17 - 01513984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-06-13 23:29 - 2017-05-20 11:17 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-06-13 23:29 - 2017-05-20 11:17 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2017-06-13 23:29 - 2017-05-20 11:17 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-06-13 23:29 - 2017-05-20 11:16 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-06-13 23:29 - 2017-05-20 11:16 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-06-13 23:29 - 2017-05-20 11:16 - 02588160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-06-13 23:29 - 2017-05-20 11:16 - 01918464 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-06-13 23:29 - 2017-05-20 11:16 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-06-13 23:29 - 2017-05-20 11:15 - 02088960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2017-06-13 23:29 - 2017-05-20 11:15 - 01830400 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-06-13 23:29 - 2017-05-20 11:14 - 04417024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-06-13 23:29 - 2017-05-20 11:14 - 04056576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-06-13 23:29 - 2017-05-20 11:14 - 03097088 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-06-13 23:29 - 2017-05-20 11:14 - 02679296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-06-13 23:29 - 2017-05-20 11:14 - 02211328 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-06-13 23:29 - 2017-05-20 11:14 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-06-13 23:29 - 2017-05-20 11:12 - 01127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-06-13 23:29 - 2017-05-20 11:12 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-06-13 23:29 - 2017-05-20 11:12 - 00485888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2017-06-13 23:29 - 2017-05-20 11:11 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2017-06-13 23:29 - 2017-05-20 11:10 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
2017-06-13 23:29 - 2017-05-20 11:10 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2017-06-13 23:29 - 2017-05-20 11:10 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\olepro32.dll
2017-06-13 23:29 - 2017-05-20 11:08 - 01926656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-06-13 23:28 - 2017-06-03 12:26 - 00266640 _____ (Microsoft Corporation) C:\WINDOWS\system32\capauthz.dll
2017-06-13 23:28 - 2017-06-03 12:23 - 00573856 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2017-06-13 23:28 - 2017-06-03 12:22 - 00296352 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-06-13 23:28 - 2017-06-03 12:06 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCredentialDeployment.exe
2017-06-13 23:28 - 2017-06-03 12:04 - 00661504 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-06-13 23:28 - 2017-06-03 12:03 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-06-13 23:28 - 2017-06-03 11:57 - 06535168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-06-13 23:28 - 2017-06-03 11:46 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\bfsvc.exe
2017-06-13 23:28 - 2017-05-20 11:50 - 00095648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2017-06-13 23:28 - 2017-05-20 11:44 - 00181664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-06-13 23:28 - 2017-05-20 11:25 - 00826368 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSMDesktopProvider.dll
2017-06-13 23:28 - 2017-05-20 11:19 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2017-06-13 23:28 - 2017-05-20 11:18 - 01450496 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-06-13 23:28 - 2017-05-20 11:17 - 00952832 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-06-13 23:28 - 2017-05-20 11:11 - 01536512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-06-13 23:28 - 2017-05-20 11:08 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2017-06-13 23:28 - 2017-05-20 11:08 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-06-13 16:06 - 2017-06-13 16:06 - 00000000 ____D C:\Users\hdz\AppData\Local\Tempzxpsignb95b26cbbdabd6d0
2017-06-13 16:05 - 2017-06-13 16:05 - 00000000 ____D C:\Users\hdz\AppData\Local\Tempzxpsign32e5c841e14004e9
2017-06-13 16:04 - 2017-06-13 16:04 - 00000000 ____D C:\Users\hdz\AppData\Local\Tempzxpsignb82a00df1cc18094
2017-06-13 16:04 - 2017-06-13 16:04 - 00000000 ____D C:\Users\hdz\AppData\Local\Tempzxpsignb49989e325fafca8
2017-06-12 20:58 - 2017-06-12 20:58 - 00220088 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\3514285E.sys
2017-06-11 23:45 - 2017-06-11 23:46 - 06822011 _____ C:\Users\hdz\Downloads\elHr6kT.psd
2017-06-11 23:09 - 2017-06-11 23:09 - 00000000 ____D C:\Users\hdz\AppData\Local\Tempzxpsignecc01b49f37620c9
2017-06-11 23:09 - 2017-06-11 23:09 - 00000000 ____D C:\Users\hdz\AppData\Local\Tempzxpsign666cb7fd8d76bd12
2017-06-11 23:08 - 2017-06-11 23:08 - 00000000 ____D C:\Users\hdz\AppData\Local\Tempzxpsignca2aa90fc001b739
2017-06-11 23:08 - 2017-06-11 23:08 - 00000000 ____D C:\Users\hdz\AppData\Local\Tempzxpsign98b572b3fdded430
2017-06-11 22:48 - 2017-06-11 22:48 - 00220088 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\67512E63.sys
2017-06-11 22:46 - 2017-06-11 22:46 - 00220088 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\412B2CB4.sys
2017-06-11 00:17 - 2017-06-11 00:17 - 00000000 ____D C:\Users\hdz\AppData\Local\Tempzxpsigna44f5c779841c38b
2017-06-10 23:37 - 2017-06-10 23:37 - 00000000 ____D C:\Users\hdz\AppData\Local\Tempzxpsignffb5da1284933d00
2017-06-10 23:36 - 2017-06-10 23:36 - 00000000 ____D C:\Users\hdz\AppData\Local\Tempzxpsign0273518d30a8a8aa
2017-06-10 23:35 - 2017-06-10 23:35 - 00000000 ____D C:\Users\hdz\AppData\Roaming\PDAppFlex
2017-06-10 23:35 - 2017-06-10 23:35 - 00000000 ____D C:\Users\hdz\AppData\Local\Tempzxpsign70c1da302d0b2e7a
2017-06-10 23:34 - 2017-06-10 23:34 - 00000000 ____D C:\Users\hdz\AppData\LocalLow\Adobe
2017-06-10 23:34 - 2017-06-10 23:34 - 00000000 ____D C:\Users\hdz\AppData\Local\Tempzxpsign8081e4cbd932f88d
2017-06-10 23:34 - 2017-06-10 23:34 - 00000000 ____D C:\Users\hdz\AppData\Local\Tempzxpsign274bbc7ba4daff82
2017-06-09 04:50 - 2017-06-09 04:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017
2017-06-08 19:59 - 2017-06-08 19:15 - 00148104 _____ (Tonec Inc.) C:\WINDOWS\system32\Drivers\idmwfp.sys
2017-06-05 21:46 - 2017-06-05 21:46 - 00000000 ____D C:\Users\hdz\AppData\Local\CrashRpt
2017-06-05 21:10 - 2017-06-14 04:49 - 00000000 ____D C:\Users\hdz\AppData\Local\Discord
2017-06-01 14:19 - 2017-06-14 14:35 - 00000000 ____D C:\Users\hdz\AppData\Local\glory
2017-06-01 12:29 - 2017-06-01 12:29 - 00000000 ____D C:\Users\Public\Documents\chrome
2017-05-31 02:13 - 2017-06-08 07:00 - 00000000 ____D C:\Users\hdz\AppData\Roaming\BetterDiscord
2017-05-29 09:10 - 2017-05-29 09:10 - 00000798 _____ C:\Users\Public\Desktop\SpaceEngine 0.980.lnk
2017-05-29 09:10 - 2017-05-29 09:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpaceEngine
2017-05-29 09:04 - 2017-05-29 09:11 - 00000000 ____D C:\SpaceEngine
2017-05-29 07:05 - 2017-05-29 07:05 - 00040968 _____ (Connectify) C:\WINDOWS\system32\Drivers\cfywlan2.sys
2017-05-27 14:19 - 2017-06-02 11:09 - 00000000 ____D C:\Program Files\Kjoght
2017-05-27 11:38 - 2017-05-27 11:38 - 00000000 ____D C:\Users\hdz\AppData\Local\Tempzxpsignd96ffe0377102dfc
2017-05-27 11:38 - 2017-05-27 11:38 - 00000000 ____D C:\Users\hdz\AppData\Local\Tempzxpsignbc44c02073dc5851
2017-05-27 11:26 - 2016-12-22 13:34 - 00000000 ____D C:\Users\hdz\Desktop\Adobe Photoshop CC 2017 Full Version
2017-05-27 11:19 - 2017-05-27 11:19 - 00000000 ____D C:\Users\hdz\AppData\Local\Tempzxpsigne68c3bc3ac572a98
2017-05-27 11:19 - 2017-05-27 11:19 - 00000000 ____D C:\Users\hdz\AppData\Local\Tempzxpsign71ecdf7b161d640c
2017-05-27 11:19 - 2017-05-27 11:19 - 00000000 ____D C:\Users\hdz\AppData\Local\Tempzxpsign2cce897bda95e1ef
2017-05-27 10:46 - 2017-05-27 10:46 - 00001329 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2017 (32 Bit).lnk
2017-05-27 09:16 - 2017-05-29 11:46 - 00000000 ___RD C:\Users\hdz\Creative Cloud Files
2017-05-27 09:16 - 2017-05-29 11:46 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-05-27 09:09 - 2017-05-27 09:09 - 00001268 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2017-05-27 09:09 - 2017-05-27 09:09 - 00001256 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2017-05-27 09:06 - 2017-05-27 09:16 - 00000000 ____D C:\Program Files\Adobe
2017-05-27 08:23 - 2017-05-27 08:23 - 03468653 _____ C:\Users\hdz\Downloads\Adobe Photoshop CC 2017.rar
2017-05-26 14:33 - 2017-05-26 14:33 - 00000000 ____D C:\Program Files\UNP
2017-05-25 21:24 - 2017-06-08 22:27 - 00004520 _____ C:\Users\hdz\Downloads\Untitled spreadsheet (1).xlsx
2017-05-24 20:17 - 2017-05-24 20:17 - 00004520 _____ C:\Users\hdz\Downloads\Untitled spreadsheet.xlsx
2017-05-23 15:03 - 2017-05-29 08:35 - 00000000 ____D C:\Users\hdz\AppData\LocalLow\uTorrent
2017-05-21 22:23 - 2017-05-21 22:23 - 00002180 _____ C:\Users\hdz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Universe Sandbox - Shortcut.lnk
2017-05-20 19:43 - 2017-05-29 20:34 - 00000000 ____D C:\WINDOWS\system32\apigidsys
2017-05-20 19:43 - 2017-05-20 19:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultra Hal Assistant
2017-05-20 19:43 - 2017-05-20 19:43 - 00000000 ____D C:\WINDOWS\msagent
2017-05-20 19:29 - 2017-05-20 19:43 - 00000000 ____D C:\Program Files\Zabaware
2017-05-20 19:29 - 2017-05-20 19:29 - 00001179 _____ C:\Users\Public\Desktop\Zabaware Reader.lnk
2017-05-20 19:29 - 2017-05-20 19:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zabaware Reader
2017-05-19 22:47 - 2017-05-19 23:11 - 00034259 _____ C:\Users\hdz\Downloads\18372038_2011156645778792_7320203209736192000_n.mp4.crdownload
2017-05-19 09:47 - 2017-05-19 09:47 - 00000000 ___HD C:\$SysReset
2017-05-16 15:36 - 2017-05-16 15:36 - 00036944 _____ (Anchorfree Inc.) C:\WINDOWS\system32\Drivers\taphss6.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-15 15:00 - 2017-03-11 18:53 - 00000000 ____D C:\Users\hdz\Downloads\Compressed
2017-06-15 14:56 - 2017-03-30 17:31 - 00000000 ____D C:\Program Files\Internet Download Manager
2017-06-15 13:29 - 2017-05-11 19:25 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-15 13:29 - 2017-05-11 19:05 - 00000000 ____D C:\Users\hdz
2017-06-15 13:28 - 2017-03-19 01:48 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-06-15 13:28 - 2017-03-18 09:02 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-06-15 13:26 - 2017-03-11 18:59 - 00000000 ____D C:\Program Files\Google
2017-06-15 13:26 - 2016-07-16 11:29 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-06-15 13:02 - 2017-03-18 21:23 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-15 13:02 - 2017-03-18 21:23 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-06-15 02:16 - 2017-05-11 19:02 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-06-15 00:03 - 2017-03-12 00:35 - 00159758 ____N C:\WINDOWS\Minidump\061517-29046-01.dmp
2017-06-14 18:41 - 2017-05-11 19:06 - 00000000 ____D C:\Users\defaultuser0
2017-06-14 18:09 - 2017-03-18 21:21 - 00000000 ____D C:\WINDOWS\INF
2017-06-14 17:14 - 2017-03-18 21:23 - 00000000 ____D C:\WINDOWS\TAPI
2017-06-14 13:07 - 2017-03-18 21:23 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-06-14 12:10 - 2017-04-27 14:38 - 00000046 _____ C:\Users\Public\Documents\temp.dat
2017-06-14 04:46 - 2017-04-06 19:32 - 00000000 ____D C:\Users\hdz\AppData\Roaming\vlc
2017-06-14 04:12 - 2017-03-12 11:27 - 00000000 ____D C:\Program Files\DriverToolkit
2017-06-14 03:32 - 2017-04-26 21:49 - 00000000 ____D C:\Program Files\Microsoft Visual Studio
2017-06-14 03:32 - 2017-03-18 23:23 - 00000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2017-06-14 03:04 - 2017-03-18 21:23 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-06-14 02:00 - 2017-04-04 17:31 - 00000000 ____D C:\Users\hdz\AppData\Local\Adobe
2017-06-14 01:28 - 2017-03-12 00:47 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-14 01:23 - 2017-05-11 19:01 - 00218200 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-14 01:21 - 2017-03-18 21:23 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-06-14 01:21 - 2017-03-18 21:23 - 00000000 ___RD C:\Program Files\Windows Defender
2017-06-14 01:21 - 2017-03-18 21:23 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-06-14 01:21 - 2017-03-18 21:23 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-06-14 01:21 - 2017-03-18 21:23 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-14 01:21 - 2017-03-18 21:23 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-06-14 01:21 - 2017-03-18 21:23 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-06-13 23:47 - 2017-03-18 21:23 - 00000000 ____D C:\WINDOWS\rescache
2017-06-13 23:37 - 2017-03-14 15:37 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-13 23:34 - 2017-03-18 21:14 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-13 23:34 - 2017-03-14 15:37 - 130903960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-13 15:55 - 2017-03-11 18:53 - 00000000 ____D C:\Users\hdz\Downloads\Video
2017-06-12 21:01 - 2017-05-12 05:49 - 00000000 ____D C:\Program Files\MSBuild
2017-06-12 21:01 - 2017-03-18 21:23 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-06-12 20:59 - 2017-04-26 21:50 - 00000000 ____D C:\Users\hdz\AppData\Roaming\Visual Studio Setup
2017-06-12 18:13 - 2017-03-12 00:46 - 00000000 ____D C:\Users\hdz\AppData\Local\ConnectedDevicesPlatform
2017-06-12 03:07 - 2017-03-11 18:59 - 00000000 ____D C:\Users\hdz\AppData\Local\Google
2017-06-11 20:05 - 2017-04-09 21:24 - 00000000 ____D C:\Users\hdz\Desktop\rufus_files
2017-06-11 20:02 - 2017-05-11 19:22 - 00005592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-11 03:01 - 2017-03-11 23:14 - 00000000 ____D C:\Users\hdz\Desktop\photoshop
2017-06-09 02:42 - 2017-04-27 21:05 - 00000000 ____D C:\Users\hdz\AppData\Roaming\discord
2017-06-05 21:10 - 2017-04-27 21:05 - 00000000 ____D C:\Users\hdz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2017-06-05 21:10 - 2017-04-27 21:04 - 00000000 ____D C:\Users\hdz\AppData\Local\SquirrelTemp
2017-06-03 09:32 - 2017-03-18 21:25 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2017-06-03 09:32 - 2017-03-18 21:25 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2017-05-31 14:07 - 2017-03-26 22:13 - 00000000 ____D C:\ProgramData\Package Cache
2017-05-29 23:15 - 2017-04-04 17:56 - 00000000 ____D C:\Program Files\Common Files\Adobe
2017-05-29 08:38 - 2017-03-18 21:23 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-05-29 08:33 - 2017-04-27 14:38 - 00000000 _____ C:\Users\Public\Documents\report.dat
2017-05-27 11:19 - 2017-03-12 00:47 - 00000000 ____D C:\Users\hdz\AppData\Roaming\Adobe
2017-05-27 11:18 - 2017-04-04 18:02 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-05-27 10:46 - 2017-04-04 18:02 - 00000000 ____D C:\Users\hdz\Documents\Adobe
2017-05-27 09:43 - 2017-04-04 17:31 - 00000000 ____D C:\ProgramData\Adobe
2017-05-27 08:30 - 2017-03-12 00:49 - 00000000 ___RD C:\Users\hdz\OneDrive
2017-05-25 22:43 - 2017-04-15 01:14 - 00000000 ____D C:\Users\hdz\Documents\Universe Sandbox ²
2017-05-25 11:58 - 2017-04-28 18:29 - 00059936 _____ C:\WINDOWS\system32\Drivers\mbae.sys
2017-05-21 22:23 - 2017-04-22 17:47 - 00001880 _____ C:\Users\hdz\Desktop\Universe Sandbox - Shortcut.lnk
2017-05-20 19:43 - 2017-03-18 21:23 - 00000000 ____D C:\WINDOWS\Help
2017-05-17 21:46 - 2017-04-14 09:53 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2017-05-17 15:44 - 2017-03-18 21:23 - 00000000 ____D C:\WINDOWS\ModemLogs

==================== Files in the root of some directories =======

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

LastRegBack: 2017-06-09 20:02

==================== End of FRST.txt ============================

#15
hdz

Posted 15 June 2017 - 06:09 AM

Member

Topic Starter
Member
20 posts

addition txt:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-06-2017
Ran by hdz (15-06-2017 15:03:53)
Running from C:\Users\hdz\Desktop
Microsoft Windows 10 Pro Version 1703 (X86) (2017-05-11 16:47:21)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Creative Cloud (HKLM\...\Adobe Creative Cloud) (Version: 4.0.1.188 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (32 Bit) (HKLM\...\PHSP_18_1_1_32) (Version: 18.1.1 - Adobe Systems Incorporated)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.20.286 - SurfRight B.V.)
Internet Download Manager (HKLM\...\Internet Download Manager) (Version: - Tonec Inc.)
Java 8 Update 121 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Jordy Downloader (HKLM\...\{de5c0faf-d96f-49fc-abc1-08feadfd6403}) (Version: 1.1.2.1 - Jordysoft)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40649 (HKLM\...\{35b83883-40fa-423c-ae73-2aff7e1ea820}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM\...\{729A3000-BC8A-3B74-BA5D-5068FE12D70C}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.31119 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 2.0 (HKLM\...\{245F6C7A-0C22-4DE0-8202-2AAA620A1D3A}) (Version: 2.0.11128.1 - Microsoft Corporation)
Minecraft (HKLM\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
PowerISO (HKLM\...\PowerISO) (Version: 6.8 - Power Software Ltd)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7548 - Realtek Semiconductor Corp.)
ROBLOX Player for hdz (HKU\S-1-5-21-2863771085-710865549-2862127350-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.51.0 - SAMSUNG Electronics Co., Ltd.)
Skype™ 7.33 (HKLM\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
SpaceEngine version 0.9.8.0 (HKLM\...\{6E7A40FA-86CE-4844-A7DC-F8769F21A62F}_is1) (Version: 0.9.8.0 - SpaceEngine)
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.98 - Synaptics Incorporated)
Ultra Hal Assistant 6.2 (HKLM\...\Ultra Hal Assistant62) (Version: 6.2 - Zabaware, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows 10 Update and Privacy Settings (HKLM\...\{8BE893D4-107C-4867-9B71-A3CF2C917C0E}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
WinRAR 5.40 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Zabaware TTS Reader 2.0 (HKLM\...\Zabaware TTS Reader) (Version: 2.0 - Zabaware, Inc.)
Zemana AntiMalware (HKLM\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.73.0.2 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2863771085-710865549-2862127350-1001_Classes\CLSID\{76D50904-6780-4c8b-8986-1A7EE0B1716D}\InprocServer32 -> C:\Users\hdz\AppData\Local\Roblox\Versions\version-88b966c853f84435\RobloxProxy.dll (ROBLOX Corporation)
CustomCLSID: HKU\S-1-5-21-2863771085-710865549-2862127350-1001_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\hdz\AppData\Local\Roblox\Versions\version-88b966c853f84435\RobloxProxy64.dll (ROBLOX Corporation)
CustomCLSID: HKU\S-1-5-21-2863771085-710865549-2862127350-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)