Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware making removing Comodo 10 Firewall impossible in Windows 10 [S

Started by tl79 , Jul 23 2017 05:30 AM

  • This topic is locked This topic is locked

#16
tl79
Posted 24 July 2017 - 02:21 PM

tl79

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 186 posts

Here's fixlog.txt:

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 23-07-2017
Ran by tl (24-07-2017 15:16:55) Run:3
Running from C:\Users\tl\Desktop
Loaded Profiles: tl (Available Profiles: tl & DefaultAppPool)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805}] => "C:\ProgramData\cis813E.exe" --PostUninstall {15198508-521A-4D69-8E5B-B94A6CCFF805}
HKLM\...\Run: [CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}] => C:\ProgramData\cisBCE7.exe [4016320 2017-05-04] (COMODO)
2017-07-23 15:45 - 2017-05-04 07:07 - 04016320 _____ (COMODO) C:\ProgramData\cisBCE7.exe
2017-07-23 15:38 - 2013-10-23 18:23 - 00000000 ____D C:\ProgramData\COMODO
2017-07-23 15:38 - 2013-10-23 18:22 - 00000000 ____D C:\Program Files\ComodoTask: {2A9E9F35-93C6-47C3-BB50-D083FA3E09BB} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {4508ECCF-DA32-4A16-B8BA-2B9BABAB18D4} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
Task: {51567018-1CFD-44E0-A199-F417AA47746B} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
Task: {56E5AA42-7263-4D6A-8F77-979185BD5536} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
AlternateDataStreams: C:\WINDOWS\avastSS.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\splwow64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\ucrtbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActionCenterCPL.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActivationManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\adsmsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aitstatic.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppCapture.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\athcfg20.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\athcfg20res.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\athcfg20resU.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\athcfg20U.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\athihvs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\athihvui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\audiodg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AudioSrvPolicyManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AuthExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\autoplay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BackgroundMediaPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcdedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bdesvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bdeui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bdeunlock.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BitLockerDeviceEncryption.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\biwinrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bootux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BRCOM13A.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BrDctF2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BrDctF2L.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BrDctF2S.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BRLM03A.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BRLMW03A.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BROSNMP.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BRTCPCON.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BthRadioMedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdpreference.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdpusersvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\chartv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ClipboardServer.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\cmifw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cmintegrator.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cngkeyhelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\comctl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\comdlg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ConfigureExpandedStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\credprovs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\credprovslegacy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cryptngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CX32FP19.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d10warp.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\d3d8.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\d3d9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DataExchange.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DataSenseHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceReactivation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dialserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\discan.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dns-sd.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\DolbyDecMFT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\drvstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dsregcmd.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EAMProgressHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EditBufferTestHook.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EditionUpgradeHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EditionUpgradeManagerObj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EDPCleanup.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\efsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\energy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ErrorDetailsUpdate.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\esent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\esentutl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\facecredentialprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ffbroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FrameServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FSClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveapibase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fvecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fvenotify.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GlobCollationHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hpf3l02t.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hpzids01.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\HttpsDataSource.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InputLocaleManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iscsiwmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\JpMapControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LockScreenContent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lpremove.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\manage-bde.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapControlCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapsBtSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MDMAppInstaller.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\mdmregistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfaudiocnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfksproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfreadwrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfsensorgroup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\microsoft-windows-system-events.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\migisol.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\moshostcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MosStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mprapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mprdim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSAC3ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSCOMCTL.OCX:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mshtmlmedia.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msvproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ncsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nettrace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkDesktopSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkUXBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NfcRadioMedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NgcCtnr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NgcCtnrGidsHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nlasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nltest.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NMAA.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NPSM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NSSearch.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntshrui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\offreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pcasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\powercfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\profsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provops.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ProvSysprep.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PsmServiceExtHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pwrshplugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RdpGroupPolicyExtension.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\ReAgentc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RemoteNaturalLanguage.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\ReportingCSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RjvMDMConfig.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RMapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RTWorkQ.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Sens.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SensorService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SessEnv.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\smphost.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\SndVolSSO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppsvc.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\sppwinob.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\stobject.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\StorSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\systemcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\taskbarcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TpmTasks.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinui.pcshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UCI32A41.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIAnimation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIAutomationCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usbmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VEStoreEventHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vmrdvcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VPNv2CSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wcapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wcapiU.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wc_storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\weretw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wevtsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wgapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wincorlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Energy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Vpn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.StateRepository.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wininetlui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wkssvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlancfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpdxm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpeffects.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WordBreakers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpcRefreshTask.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpcTok.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpnprv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscinterop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsecedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wu.upgrade.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WWanAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xolehlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\zipfldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\acpi.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\afd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ahcache.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bowser.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\capimg.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\CHDRT32.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\cmimcext.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\crashdmp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fastfat.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fvevol.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hidclass.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\iorate.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\kbdhid.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbam.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbamchameleon.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\MegaSas2i.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\modem.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxdav.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mwac.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tpm.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wcifs.sys:$CmdTcID [64]
AlternateDataStreams: C:\ProgramData\Temp:0B4227B4 [124]
AlternateDataStreams: C:\ProgramData\Temp:397D67BA [402]
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]
AlternateDataStreams: C:\ProgramData\Temp:6495C51F [322]
AlternateDataStreams: C:\ProgramData\Temp:70E897B5 [224]
AlternateDataStreams: C:\ProgramData\Temp:A02025CE [442]
AlternateDataStreams: C:\ProgramData\Temp:F7B65412 [116]
AlternateDataStreams: C:\Users\tl\Downloads\#1.tiff:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\15-16 Hillcrest School Psychologist.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\2016 0216 0950 (v3) Shawano School District Salary Com...pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\2016 Essential Health - Website version.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\2016-17 Teacher Calendar - Approved 011816.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\Attachments_201663.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\audiocheck.net_binaural_knocking.wav:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\BACK TO SCHOOL REMINDERS AND INFORMATION.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\belina b  2015.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\boilers.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\Budget 2016 June.ods:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\cellcom agreement 4150_001.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\christy m speaker.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\Color0017.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\Color0018.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\Delta Dental Enrollment Form.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\Delta Dental Your Dental Benefits.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\EE syllabus 15-16.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\ehe_v2(endoscope program).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\tl\Downloads\ehe_v2(endoscope program).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\ELA & READING AT MIDDLE SCHOOL.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\ELA Reading at SCMS (1).docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\ELA Reading at SCMS.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\Elliott acrobat 2016.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\Ess Health Coverage Termination Amendment.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\f8326055-3b7f-4a1e-82b8-c5363f31bd82.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\FINAL - Essential Health 2015.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\flow chart health ins 2015.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\FY15-Per-Pupil-Aid-District-Estimates.xlsx:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\God Problems.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\Hattie 5242016.mp4:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\Hattie climbing wall 2016.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\Hattie in 1 2016.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\Hawk Way Messenger 11-6-15.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\HAWKWAY MESSENGER 08-28-15.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\Heat Wave- Marilyn Monroe.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\HS-MS Instructional Coach (Jessie Hanssen).doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\HSA Introduction Presentation employee (3).ppt:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\HSAbanks.xlsx:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\HSAdepositauthform (1).doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\HSAdepositauthform.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\HSApayrolldeduct form (1).docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\HSApayrolldeduct form.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\Humor.jpeg:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\Intermediate Teacher OB 072915.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\Intermediate Teachers OB.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\invoice.xls:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\ioware-w32-x86-402 (2).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\tl\Downloads\ioware-w32-x86-402 (2).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\lionguardactivities (1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\lionguardactivities (2).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\lionguardactivities.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\listofduties at shawano sd district office.xlsx:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\Living In The U.S.A.-Steve Miller Band-1968.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\LSX300-4DM_ENG.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\LSX300-4PM_CUSALZK_OM_MFL38574948.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\MediaCreationTool.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\tl\Downloads\MediaCreationTool.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\MicrosoftFixit50123.msi:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\Middle School Evaluation List.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\Miles as Jack Benny 2016.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\Miles helped put muffins away.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\Money-Smart-Guides-Budget.xlsx:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\NewYankeeinSantasService-p9ro4dc.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\Office 365-1.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\Office 365-2.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\PD Day Agenda 11.18.16.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\Physical Form 2016 (1).doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\Physical Form 2016.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\PR-1810.DOC:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\Preventive Care (1).docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\Preventive Care.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\PS509_EAP_Flyer (2).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\Reset_Reregister_Windows_Update_Components.bat:$CmdTcID [64]
AlternateDataStreams: C:\Users\tl\Downloads\Reset_Reregister_Windows_Update_Components.bat:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\Reset_Windows_Update_History.bat:$CmdTcID [64]
AlternateDataStreams: C:\Users\tl\Downloads\Reset_Windows_Update_History.bat:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\SCMS Class Interruptions Survey Results 11.15.16.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\SCMS Curr2015-20-- REDO Science Budget-3.xlsx:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\SCMS Final Survey Results 11.14.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\SCMS Nov PD Day.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\Setup.X86.en-us_O365ProPlusRetail_3ad0055e-6063-4779-92b7-716a4bf7473d_TX_PR_.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\tl\Downloads\Setup.X86.en-us_O365ProPlusRetail_3ad0055e-6063-4779-92b7-716a4bf7473d_TX_PR_.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\Shawano SBC Ess Qual 072016.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\Shawano School District Registration Flyer.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\Soft-Cell---Tainted-Love---Where-Did-Our-Love-Go-(Maxi-Version).flac:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\Special Education SCMS.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\Squeeze---Tempted--.flac:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\Staff Newsletter (1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\Staff Newsletter.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\Theater.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\theater1.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\TheHawkWay 1609.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\tier 2 2015 b.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\tier 2 2015a.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\utilitydriver_tew-424ubv3(cd3.13) (1).zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\WEA DRUG FORM.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\WEA Group Health Benefit Summary.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\WEA Group Vision Benefit Summary.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\WEA Health & Vision application.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\WEA Shawano SBC Ess Qual 072016.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\WEAIntro Ltr - Shawano - 080615 (SS).doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\WEAlongtermcarewebinar.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\tl\Downloads\weaprivacy.pdf:$CmdZnID [26]
 
Emptytemp:
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805} => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82} => value removed successfully.
C:\ProgramData\cisBCE7.exe => moved successfully
C:\ProgramData\COMODO => moved successfully
"C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4508ECCF-DA32-4A16-B8BA-2B9BABAB18D4} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4508ECCF-DA32-4A16-B8BA-2B9BABAB18D4} => key removed successfully.
C:\Windows\System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{51567018-1CFD-44E0-A199-F417AA47746B} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{51567018-1CFD-44E0-A199-F417AA47746B} => key removed successfully.
C:\Windows\System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{56E5AA42-7263-4D6A-8F77-979185BD5536} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56E5AA42-7263-4D6A-8F77-979185BD5536} => key removed successfully.
C:\Windows\System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => key removed successfully.
C:\WINDOWS\avastSS.scr => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\splwow64.exe => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\ucrtbase.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\ActionCenterCPL.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\ActivationManager.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\adsmsext.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\aitstatic.exe => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\AppCapture.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\athcfg20.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\athcfg20res.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\athcfg20resU.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\athcfg20U.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\athihvs.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\athihvui.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\audiodg.exe => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\AudioSrvPolicyManager.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\AuthExt.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\autoplay.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\BackgroundMediaPolicy.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\bcdedit.exe => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\bcrypt.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\bdesvc.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\bdeui.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\bdeunlock.exe => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\BitLockerDeviceEncryption.exe => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\biwinrt.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\bootux.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\BRCOM13A.DLL => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\BrDctF2.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\BrDctF2L.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\BrDctF2S.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\BRLM03A.DLL => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\BRLMW03A.DLL => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\BROSNMP.DLL => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\BRTCPCON.DLL => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\BthRadioMedia.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\cdd.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\cdpreference.exe => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\cdpsvc.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\cdpusersvc.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\chartv.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\ClipboardServer.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\cmifw.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\cmintegrator.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\cngkeyhelper.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\comctl32.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\comdlg32.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\ConfigureExpandedStorage.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\CPFilters.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\credprovs.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\credprovslegacy.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\cryptngc.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\CX32FP19.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\d3d10warp.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\d3d8.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\d3d9.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\DataExchange.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\DataSenseHandlers.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\devenum.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\DeviceReactivation.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\dialserver.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\discan.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\dns-sd.exe => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\DolbyDecMFT.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\drvstore.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\dsregcmd.exe => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\dwmapi.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\EAMProgressHandler.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\EditBufferTestHook.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\EditionUpgradeHelper.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\EditionUpgradeManagerObj.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\EDPCleanup.exe => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\efsext.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\energy.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\ErrorDetailsUpdate.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\esent.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\esentutl.exe => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\facecredentialprovider.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\ffbroker.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\FrameServer.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\FSClient.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\fveapi.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\fveapibase.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\fvecpl.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\fvenotify.exe => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\fveui.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\GlobCollationHost.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\hpf3l02t.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\hpzids01.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\HttpsDataSource.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\icsvc.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\InputLocaleManager.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\iscsiwmi.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\JpMapControl.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\LockScreenContent.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\lpremove.exe => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\manage-bde.exe => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\MapControlCore.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\MapsBtSvc.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\MDMAppInstaller.exe => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\mdmregistration.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\mfaudiocnv.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\mfksproxy.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\mfreadwrite.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\mfsensorgroup.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\microsoft-windows-system-events.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\migisol.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\moshostcore.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\MosStorage.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\mprapi.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\mprdim.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\MSAC3ENC.DLL => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\MSCOMCTL.OCX => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\mshtmlmedia.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\MSVidCtl.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\msvproc.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\ncsi.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\nettrace.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\NetworkCollectionAgent.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\NetworkDesktopSettings.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\NetworkUXBroker.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\NfcRadioMedia.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\NgcCtnr.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\NgcCtnrGidsHandler.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\nlasvc.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\nltest.exe => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\NMAA.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\NPSM.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\NSSearch.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\ntshrui.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\offreg.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\pcasvc.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\pdh.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\powercfg.exe => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\profsvc.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\provops.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\ProvSysprep.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\PsmServiceExtHost.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\pwrshplugin.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\rasapi32.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\RdpGroupPolicyExtension.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\ReAgentc.exe => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\RemoteNaturalLanguage.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\ReportingCSP.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\RjvMDMConfig.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\RMapi.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\RTWorkQ.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\Sens.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\SensorService.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\SessEnv.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\smphost.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\SndVolSSO.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\sppcext.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\sppnp.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\sppsvc.exe => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\sppwinob.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\sspicli.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\stobject.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\StorSvc.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\systemcpl.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\taskbarcpl.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\tdh.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\TpmTasks.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\TSpkg.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\twinui.pcshell.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\UCI32A41.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\UIAnimation.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\UIAutomationCore.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\usbmon.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\user32.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\VEStoreEventHandlers.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\vmrdvcore.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\VPNv2CSP.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\wcapi.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\wcapiU.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\wc_storage.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\webio.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\weretw.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\wevtsvc.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\wgapi.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\wincorlib.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\Windows.Energy.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\Windows.Networking.Vpn.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\Windows.StateRepository.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\wininetlui.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\winsrv.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\wkssvc.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\wlancfg.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\wmpdxm.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\wmpeffects.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\wmpshell.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\WordBreakers.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\WpcRefreshTask.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\WpcTok.exe => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\wpnprv.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\wpx.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\ws2_32.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\wscinterop.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\wscsvc.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\wsecedit.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\WSManHTTPConfig.exe => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\wu.upgrade.ps.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\WWanAPI.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\xolehlp.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\zipfldr.dll => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\Drivers\acpi.sys => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\Drivers\afd.sys => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\Drivers\ahcache.sys => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\Drivers\bowser.sys => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\Drivers\capimg.sys => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\Drivers\CHDRT32.sys => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\Drivers\cmimcext.sys => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\Drivers\crashdmp.sys => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\Drivers\fastfat.sys => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\Drivers\fvevol.sys => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\Drivers\hidclass.sys => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\Drivers\iorate.sys => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\Drivers\kbdhid.sys => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\Drivers\mbam.sys => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\Drivers\mbamchameleon.sys => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\Drivers\MegaSas2i.sys => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\Drivers\modem.sys => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\Drivers\mrxdav.sys => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\Drivers\mwac.sys => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\Drivers\tpm.sys => ":$CmdTcID" ADS removed successfully..
C:\WINDOWS\system32\Drivers\wcifs.sys => ":$CmdTcID" ADS removed successfully..
C:\ProgramData\Temp => ":0B4227B4" ADS removed successfully..
C:\ProgramData\Temp => ":397D67BA" ADS removed successfully..
C:\ProgramData\Temp => ":5C321E34" ADS removed successfully..
C:\ProgramData\Temp => ":6495C51F" ADS removed successfully..
C:\ProgramData\Temp => ":70E897B5" ADS removed successfully..
C:\ProgramData\Temp => ":A02025CE" ADS removed successfully..
C:\ProgramData\Temp => ":F7B65412" ADS removed successfully..
C:\Users\tl\Downloads\#1.tiff => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\15-16 Hillcrest School Psychologist.doc => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\2016 0216 0950 (v3) Shawano School District Salary Com...pdf => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\2016 Essential Health - Website version.pdf => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\2016-17 Teacher Calendar - Approved 011816.pdf => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\Attachments_201663.zip => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\audiocheck.net_binaural_knocking.wav => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\BACK TO SCHOOL REMINDERS AND INFORMATION.pdf => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\belina b  2015.doc => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\boilers.jpg => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\Budget 2016 June.ods => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\cellcom agreement 4150_001.pdf => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\christy m speaker.jpg => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\Color0017.pdf => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\Color0018.pdf => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\Delta Dental Enrollment Form.pdf => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\Delta Dental Your Dental Benefits.pdf => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\EE syllabus 15-16.docx => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\ehe_v2(endoscope program).exe => ":$CmdTcID" ADS removed successfully..
C:\Users\tl\Downloads\ehe_v2(endoscope program).exe => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\ELA & READING AT MIDDLE SCHOOL.docx => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\ELA Reading at SCMS (1).docx => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\ELA Reading at SCMS.docx => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\Elliott acrobat 2016.jpg => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\Ess Health Coverage Termination Amendment.pdf => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\f8326055-3b7f-4a1e-82b8-c5363f31bd82.pdf => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\FINAL - Essential Health 2015.pdf => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\flow chart health ins 2015.pdf => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\FY15-Per-Pupil-Aid-District-Estimates.xlsx => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\God Problems.pdf => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\Hattie 5242016.mp4 => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\Hattie climbing wall 2016.jpg => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\Hattie in 1 2016.jpg => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\Hawk Way Messenger 11-6-15.docx => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\HAWKWAY MESSENGER 08-28-15.docx => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\Heat Wave- Marilyn Monroe.mp3 => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\HS-MS Instructional Coach (Jessie Hanssen).doc => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\HSA Introduction Presentation employee (3).ppt => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\HSAbanks.xlsx => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\HSAdepositauthform (1).doc => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\HSAdepositauthform.doc => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\HSApayrolldeduct form (1).docx => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\HSApayrolldeduct form.docx => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\Humor.jpeg => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\Intermediate Teacher OB 072915.doc => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\Intermediate Teachers OB.doc => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\invoice.xls => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\ioware-w32-x86-402 (2).exe => ":$CmdTcID" ADS removed successfully..
C:\Users\tl\Downloads\ioware-w32-x86-402 (2).exe => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\lionguardactivities (1).pdf => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\lionguardactivities (2).pdf => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\lionguardactivities.pdf => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\listofduties at shawano sd district office.xlsx => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\Living In The U.S.A.-Steve Miller Band-1968.mp3 => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\LSX300-4DM_ENG.pdf => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\LSX300-4PM_CUSALZK_OM_MFL38574948.pdf => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\MediaCreationTool.exe => ":$CmdTcID" ADS removed successfully..
C:\Users\tl\Downloads\MediaCreationTool.exe => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\MicrosoftFixit50123.msi => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\Middle School Evaluation List.pdf => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\Miles as Jack Benny 2016.jpg => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\Miles helped put muffins away.jpg => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\Money-Smart-Guides-Budget.xlsx => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\NewYankeeinSantasService-p9ro4dc.zip => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\Office 365-1.docx => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\Office 365-2.docx => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\PD Day Agenda 11.18.16.docx => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\Physical Form 2016 (1).doc => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\Physical Form 2016.doc => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\PR-1810.DOC => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\Preventive Care (1).docx => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\Preventive Care.docx => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\PS509_EAP_Flyer (2).pdf => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\Reset_Reregister_Windows_Update_Components.bat => ":$CmdTcID" ADS removed successfully..
C:\Users\tl\Downloads\Reset_Reregister_Windows_Update_Components.bat => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\Reset_Windows_Update_History.bat => ":$CmdTcID" ADS removed successfully..
C:\Users\tl\Downloads\Reset_Windows_Update_History.bat => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\SCMS Class Interruptions Survey Results 11.15.16.docx => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\SCMS Curr2015-20-- REDO Science Budget-3.xlsx => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\SCMS Final Survey Results 11.14.pdf => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\SCMS Nov PD Day.pdf => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\Setup.X86.en-us_O365ProPlusRetail_3ad0055e-6063-4779-92b7-716a4bf7473d_TX_PR_.exe => ":$CmdTcID" ADS removed successfully..
C:\Users\tl\Downloads\Setup.X86.en-us_O365ProPlusRetail_3ad0055e-6063-4779-92b7-716a4bf7473d_TX_PR_.exe => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\Shawano SBC Ess Qual 072016.pdf => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\Shawano School District Registration Flyer.pdf => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\Soft-Cell---Tainted-Love---Where-Did-Our-Love-Go-(Maxi-Version).flac => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\Special Education SCMS.doc => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\Squeeze---Tempted--.flac => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\Staff Newsletter (1).pdf => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\Staff Newsletter.pdf => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\Theater.jpg => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\theater1.jpg => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\TheHawkWay 1609.pdf => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\tier 2 2015 b.jpg => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\tier 2 2015a.jpg => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\utilitydriver_tew-424ubv3(cd3.13) (1).zip => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\WEA DRUG FORM.pdf => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\WEA Group Health Benefit Summary.pdf => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\WEA Group Vision Benefit Summary.pdf => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\WEA Health & Vision application.pdf => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\WEA Shawano SBC Ess Qual 072016.pdf => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\WEAIntro Ltr - Shawano - 080615 (SS).doc => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\WEAlongtermcarewebinar.docx => ":$CmdZnID" ADS removed successfully..
C:\Users\tl\Downloads\weaprivacy.pdf => ":$CmdZnID" ADS removed successfully..
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10192799 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 527037 B
Edge => 9746 B
Chrome => 31643684 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
LocalService => 5852 B
NetworkService => 1900 B
tl => 7927491 B
DefaultAppPool => 0 B
 
RecycleBin => 6807527 B
EmptyTemp: => 54.5 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 15:17:55 ====

  • 0

Advertisements

#17
tl79
Posted 24 July 2017 - 02:33 PM

tl79

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 186 posts

Here is JRT.txt:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Home x86 
Ran by tl (Administrator) on Mon 07/24/2017 at 15:28:27.24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 15 
 
Failed to delete: C:\Users\tl\AppData\Roaming\alawarentertainment (Folder) 
Successfully deleted: C:\Program Files\mozilla firefox\defaults\pref\itms.js (File) 
Successfully deleted: C:\ProgramData\1461286502.4764.bin (File) 
Successfully deleted: C:\ProgramData\1461286502.4948.bin (File) 
Successfully deleted: C:\ProgramData\1461286502.5884.bin (File) 
Successfully deleted: C:\ProgramData\alawarwrapper (Folder) 
Successfully deleted: C:\ProgramData\freerip (Folder) 
Successfully deleted: C:\ProgramData\Start Menu\Programs\coupons (Folder) 
Successfully deleted: C:\ProgramData\trymedia (Folder) 
Successfully deleted: C:\users\Public\Documents\alawarwrapper (Folder) 
Successfully deleted: C:\Users\tl\AppData\Roaming\iwin (Folder) 
Successfully deleted: C:\WINDOWS\freecorder (Folder) 
Successfully deleted: C:\WINDOWS\System32\Tasks\WiseUninsDetecter.job (Task)
Successfully deleted: C:\Program Files\coupons (Folder) 
Successfully deleted: C:\Program Files\freerip (Folder) 
 
 
 
Registry: 2 
 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL (Registry Value) 
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 07/24/2017 at 15:36:00.87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • 0

#18
tl79
Posted 24 July 2017 - 02:39 PM

tl79

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 186 posts

Here's results from ADWCleaner:

 

# AdwCleaner 7.0.0.0 - Logfile created on Mon Jul 24 20:42:23 2017
# Updated on 2017/17/07 by Malwarebytes 
# Database: 07-24-2017.1
# Running on Windows 10 Home (X86)
# Mode: scan
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
PUP.Optional.Legacy, C:\Users\tl\AppData\Local\VirtualStore\Program Files\Free Video Converter
PUP.Optional.Legacy, C:\Users\tl\AppData\LocalLow\HPAppData
PUP.Optional.Legacy, C:\Users\All Users\Documents\iWin
PUP.Optional.Legacy, C:\Users\Public\Documents\iWin
PUP.Optional.Legacy, C:\Users\tl\AppData\Roaming\Yahoo!\Companion
PUP.Optional.BTmagnat, C:\Program Files\Uninstaller
 
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-3386764216-2145708176-1762138646-1000\Software\APN PIP
PUP.Optional.Legacy, [Key] - HKCU\Software\APN PIP
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-3386764216-2145708176-1762138646-1000\Software\Ask&Record
PUP.Optional.Legacy, [Key] - HKCU\Software\Ask&Record
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-3386764216-2145708176-1762138646-1000\Software\YahooPartnerToolbar
PUP.Optional.Legacy, [Key] - HKCU\Software\YahooPartnerToolbar
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Yahoo\Companion
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-3386764216-2145708176-1762138646-1000\Software\Yahoo\Companion
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-3386764216-2145708176-1762138646-1000\Software\AppDataLow\Software\Yahoo\Companion
PUP.Optional.Legacy, [Key] - HKCU\Software\Yahoo\Companion
PUP.Optional.Legacy, [Key] - HKCU\Software\AppDataLow\Software\Yahoo\Companion
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-3386764216-2145708176-1762138646-1000\Software\Yahoo\YFriendsBar
PUP.Optional.Legacy, [Key] - HKCU\Software\Yahoo\YFriendsBar
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
PUP.Optional.ConsumerInput, [Key] - HKU\S-1-5-21-3386764216-2145708176-1762138646-1000\Software\AppDataLow\Software\CompeteInc
PUP.Optional.ConsumerInput, [Key] - HKCU\Software\AppDataLow\Software\CompeteInc
PUP.Optional.Conduit, [Key] - HKLM\SOFTWARE\Conduit
PUP.Optional.Conduit, [Key] - HKU\S-1-5-21-3386764216-2145708176-1762138646-1000\Software\Conduit
PUP.Optional.Conduit, [Key] - HKCU\Software\Conduit
PUP.Optional.TenorShare, [Key] - HKLM\SOFTWARE\WISECLEANER
Adware.TryMedia, [Key] - HKLM\SOFTWARE\Trymedia Systems
PUP.Optional.CrossRider, [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow | *.crossrider.com
PUP.Optional.AuslogicsDriverUpdater, [Key] - HKU\.DEFAULT\Software\Auslogics
PUP.Optional.AuslogicsDriverUpdater, [Key] - HKU\S-1-5-21-3386764216-2145708176-1762138646-1000\Software\Auslogics
PUP.Optional.AuslogicsDriverUpdater, [Key] - HKU\S-1-5-18\Software\Auslogics
PUP.Optional.AuslogicsDriverUpdater, [Key] - HKCU\Software\Auslogics
PUP.Optional.BrowseFox.A, [Key] - HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
SearchProvider found: AOL - aol.com
SearchProvider found: Ask - ask.com
 
/!\ Please Reset the Chrome Synchronization before cleaning the Chrome Preferences: https://support.google.com/chrome/answer/3097271 
 
 
*************************
 
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########

  • 0

#19
Jr0x
Posted 25 July 2017 - 06:52 AM

Jr0x

    Malware removal team

  • Malware Removal
  • 1,830 posts
Let's try this and see how it goes.

Norton Removal Tool
  • Download Nortons Removal Tool and save the file to the Windows Desktop.
  • On your Windows desktop, double click on the Norton Removal icon to open it.
  • Follow the provided instructions.
  • Restart your machine.
FRST.gifFix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste.
  • Save it on the desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
 

Start
CloseProcesses:
C:\Users\tl\AppData\Roaming\alawarentertainment

Emptytemp:
End
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.

Note: Your machine will reboot after the fix.


adwcleaner_new.png Fix with AdwCleaner

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the scan to finish.
  • Everything left checked will be deleted.
  • Now click the Cleaning button.
  • Once done it will ask to reboot, allow this.
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C*].txt
FRST.gif Re-Scan with Farbar's Recovery Scan Tool (FRST)
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File).
  • Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • Because you selected the Addition.txt check box this log will be created as well. Please also paste that along with the FRST.txt into your reply.

  • 0

#20
tl79
Posted 25 July 2017 - 08:23 AM

tl79

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 186 posts

I ran the Norton removal tool.

 

Here's fixlog.txt:

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 23-07-2017
Ran by tl (25-07-2017 09:19:45) Run:5
Running from C:\Users\tl\Desktop
Loaded Profiles: tl (Available Profiles: tl & DefaultAppPool)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
 
Start
CloseProcesses:
C:\Users\tl\AppData\Roaming\alawarentertainment
 
Emptytemp:
End
*****************
 
Processes closed successfully.
"C:\Users\tl\AppData\Roaming\alawarentertainment" => not found.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6350400 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 5977654 B
Edge => 0 B
Chrome => 10260785 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
LocalService => 0 B
NetworkService => 0 B
tl => 23137 B
DefaultAppPool => 0 B
 
RecycleBin => 0 B
EmptyTemp: => 21.6 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 09:19:59 ====
 
Running Adwcleaner next, then will post results.

  • 0

#21
tl79
Posted 25 July 2017 - 08:30 AM

tl79

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 186 posts

Here's Adware Cleaner results:

 

# AdwCleaner 7.0.0.0 - Logfile created on Tue Jul 25 14:31:31 2017
# Updated on 2017/17/07 by Malwarebytes 
# Running on Windows 10 Home (X86)
# Mode: clean
 
***** [ Services ] *****
 
No malicious services deleted.
 
***** [ Folders ] *****
 
Deleted: C:\Users\tl\AppData\Local\VirtualStore\Program Files\Free Video Converter
Deleted: C:\Users\tl\AppData\LocalLow\HPAppData
Deleted: C:\Users\All Users\Documents\iWin
Deleted: C:\Users\Public\Documents\iWin
Deleted: C:\Users\tl\AppData\Roaming\Yahoo!\Companion
Deleted: C:\Program Files\Uninstaller
 
 
***** [ Files ] *****
 
No malicious files deleted.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks deleted.
 
***** [ Registry ] *****
 
Deleted: [Key] - HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Deleted: [Key] - HKU\S-1-5-21-3386764216-2145708176-1762138646-1000\Software\APN PIP
Deleted: [Key] - HKCU\Software\APN PIP
Deleted: [Key] - HKU\S-1-5-21-3386764216-2145708176-1762138646-1000\Software\Ask&Record
Deleted: [Key] - HKCU\Software\Ask&Record
Deleted: [Key] - HKU\S-1-5-21-3386764216-2145708176-1762138646-1000\Software\YahooPartnerToolbar
Deleted: [Key] - HKCU\Software\YahooPartnerToolbar
Deleted: [Key] - HKLM\SOFTWARE\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-3386764216-2145708176-1762138646-1000\Software\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-3386764216-2145708176-1762138646-1000\Software\AppDataLow\Software\Yahoo\Companion
Deleted: [Key] - HKCU\Software\Yahoo\Companion
Deleted: [Key] - HKCU\Software\AppDataLow\Software\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-3386764216-2145708176-1762138646-1000\Software\Yahoo\YFriendsBar
Deleted: [Key] - HKCU\Software\Yahoo\YFriendsBar
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Deleted: [Key] - HKU\S-1-5-21-3386764216-2145708176-1762138646-1000\Software\AppDataLow\Software\CompeteInc
Deleted: [Key] - HKCU\Software\AppDataLow\Software\CompeteInc
Deleted: [Key] - HKLM\SOFTWARE\Conduit
Deleted: [Key] - HKU\S-1-5-21-3386764216-2145708176-1762138646-1000\Software\Conduit
Deleted: [Key] - HKCU\Software\Conduit
Deleted: [Key] - HKLM\SOFTWARE\WISECLEANER
Deleted: [Key] - HKLM\SOFTWARE\Trymedia Systems
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow|*.crossrider.com
Deleted: [Key] - HKU\.DEFAULT\Software\Auslogics
Deleted: [Key] - HKU\S-1-5-21-3386764216-2145708176-1762138646-1000\Software\Auslogics
Deleted: [Key] - HKU\S-1-5-18\Software\Auslogics
Deleted: [Key] - HKCU\Software\Auslogics
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries deleted.
 
***** [ Chromium (and derivatives) ] *****
 
SearchProvider deleted: AOL - aol.com
SearchProvider deleted: Ask - ask.com
 
 
*************************
 
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
 
 
 
*************************
 
C:/AdwCleaner/AdwCleaner[S0].txt - [5337 B] - [2017/7/24 20:42:23]
C:/AdwCleaner/AdwCleaner[S1].txt - [5405 B] - [2017/7/25 14:30:27]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

  • 0

#22
tl79
Posted 25 July 2017 - 08:40 AM

tl79

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 186 posts

Here's FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-07-2017
Ran by tl (administrator) on TL-PC (25-07-2017 09:35:44)
Running from C:\Users\tl\Desktop
Loaded Profiles: tl (Available Profiles: tl & DefaultAppPool)
Platform: Microsoft Windows 10 Home Version 1607 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware2\SASCORE.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\SMINST\BLService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\backgroundTaskHost.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x86__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\backgroundTaskHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
() C:\Users\tl\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(HP Inc.) C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\System32\wermgr.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-17] (Synaptics, Inc.)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [320056 2009-06-24] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213832 2017-06-28] (AVAST Software)
HKLM\...\Run: [WirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [499768 2015-12-17] (Hewlett-Packard)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [483840 2017-04-27] (Microsoft Corporation)
HKLM Group Policy restriction on software: *.ppt*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <==== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.js <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.js <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.js <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: ** <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <==== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.bat <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.wav*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.bat <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.js <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <==== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.wma*.js <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.divx*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.xls*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <==== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.jse <==== ATTENTION
HKLM Group Policy restriction on software: *.7z*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <==== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.jse <==== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.cmd <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.js <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <==== ATTENTION
HKLM Group Policy restriction on software: *.txt*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.rar*.js <==== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <==== ATTENTION
HKLM Group Policy restriction on software: *.docx*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.png*.bat <==== ATTENTION
HKLM Group Policy restriction on software: *.doc*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.bat <==== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <==== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <==== ATTENTION
HKU\S-1-5-21-3386764216-2145708176-1762138646-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe
HKU\S-1-5-21-3386764216-2145708176-1762138646-1000\...\Run: [Amazon Music] => C:\Users\tl\AppData\Local\Amazon Music\Amazon Music Helper.exe [5908968 2016-06-16] ()
HKU\S-1-5-21-3386764216-2145708176-1762138646-1000\...\Run: [Spotify Web Helper] => C:\Users\tl\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2346096 2015-12-15] (Spotify Ltd)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1407912 2016-11-05] (Garmin Ltd. or its subsidiaries)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.3.254
Tcpip\..\Interfaces\{08f46703-a7d7-478d-a637-b3b69c52cebc}: [DhcpNameServer] 192.168.3.254
Tcpip\..\Interfaces\{db60f60b-7d9d-4241-a0a4-2035e0e87a23}: [DhcpNameServer] 192.168.3.254
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKU\S-1-5-21-3386764216-2145708176-1762138646-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
SearchScopes: HKLM -> {A23B6865-91F4-4D89-B386-7D1A3EFEF156} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2017-06-13] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-03-14] (Microsoft Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)
 
Edge: 
======
Edge HomeButtonPage: HKU\S-1-5-21-3386764216-2145708176-1762138646-1000 -> hxxp://www.bing.com/
 
FireFox:
========
FF DefaultProfile: 547ieb4p.Default User
FF ProfilePath: C:\Users\tl\AppData\Roaming\Mozilla\Firefox\Profiles\547ieb4p.Default User [2017-07-23]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\547ieb4p.Default User -> Yahoo!
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\547ieb4p.Default User -> Yahoo!
FF Homepage: Mozilla\Firefox\Profiles\547ieb4p.Default User -> hxxps://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-10-12] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1211151.dll [2014-04-15] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2010-12-08] (DivX, LLC)
FF Plugin: @divx.com/DivX OVS Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2010-11-19] (DivX, LLC.)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-02-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3386764216-2145708176-1762138646-1000: @citrixonline.com/appdetectorplugin -> C:\Users\tl\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-04-30] (Citrix Online)
FF Plugin HKU\S-1-5-21-3386764216-2145708176-1762138646-1000: @tools.google.com/Google Update;version=3 -> C:\Users\tl\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-3386764216-2145708176-1762138646-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\amazon mp3 downloader\npAmazonMP3DownloaderPlugin10171.dll [2012-07-24] (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012-06-28] (Nullsoft, Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo
CHR DefaultSuggestURL: Default -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Profile: C:\Users\tl\AppData\Local\Google\Chrome\User Data\Default [2017-07-25]
CHR Extension: (Google Docs) - C:\Users\tl\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\tl\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\tl\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\tl\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Google Play Music) - C:\Users\tl\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2017-07-23]
CHR Extension: (Google Docs Offline) - C:\Users\tl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-16]
CHR Extension: (Weather) - C:\Users\tl\AppData\Local\Google\Chrome\User Data\Default\Extensions\iolcbmjhmpdheggkocibajddahbeiglb [2017-06-11]
CHR Extension: (Pandora) - C:\Users\tl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhcmkbmicfjhooghpepbibhoneeamgdi [2016-05-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\tl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Gmail) - C:\Users\tl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
CHR Extension: (Chrome Media Router) - C:\Users\tl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-23]
CHR Profile: C:\Users\tl\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-07-23]
CHR Profile: C:\Users\tl\AppData\Local\Google\Chrome\User Data\System Profile [2017-07-23]
CHR HKLM\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [2010-12-08]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [2010-12-08]
 
Opera: 
=======
OPR StartupUrls: "hxxp://www.google.com/"
OPR Session Restore: -> is enabled.
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware2\SASCORE.EXE [143776 2017-02-16] (SUPERAntiSpyware.com)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5815840 2017-06-28] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263312 2017-06-28] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [2043120 2017-03-14] (Microsoft Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321896 2017-07-06] (HP Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-06-09] (Hewlett-Packard Company) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [365952 2008-10-06] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [271488 2017-04-27] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [84920 2017-04-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdriverx.sys [266976 2017-06-28] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidshx.sys [157384 2017-06-28] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswblogx.sys [276704 2017-06-28] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbunivx.sys [50352 2017-06-28] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [42824 2017-06-28] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [39752 2017-06-28] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [123928 2017-07-22] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [99536 2017-06-28] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [70840 2017-06-28] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [774288 2017-06-28] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [496976 2017-06-28] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [147688 2017-06-28] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [296312 2017-07-01] (AVAST Software)
R3 athr; C:\WINDOWS\System32\drivers\athwn.sys [3228672 2016-07-16] (Qualcomm Atheros Communications, Inc.)
S3 DigiartyVirtualCDBus; C:\WINDOWS\System32\drivers\DigiartyVirtualCDBus.sys [163616 2011-10-28] (Digiarty Software, Inc.)
R0 hotcore3; C:\WINDOWS\System32\DRIVERS\hotcore3.sys [40560 2010-04-21] (Paragon Software Group)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [62976 2016-07-16] ()
R3 rt640x86; C:\WINDOWS\System32\drivers\rt640x86.sys [494080 2016-07-16] (Realtek                                            )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware2\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware2\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2010-06-09] (Samsung Electronics) [File not signed]
R1 UimBus; C:\WINDOWS\System32\drivers\UimBus.sys [34392 2010-04-21] (Windows ® 2000 DDK provider)
R1 Uim_IM; C:\WINDOWS\System32\Drivers\Uim_IM.sys [385544 2010-04-21] (Paragon)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [37912 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [244576 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [100192 2016-07-16] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-25 09:35 - 2017-07-25 09:35 - 00043350 _____ C:\Users\tl\Desktop\FRST.txt
2017-07-25 09:33 - 2017-07-25 09:33 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-07-25 09:29 - 2017-07-25 09:29 - 00000000 ___HD C:\$WINDOWS.~BT
2017-07-25 09:19 - 2017-07-25 09:19 - 00001197 _____ C:\Users\tl\Desktop\Fixlog.txt
2017-07-25 08:58 - 2017-07-25 08:58 - 00900296 _____ C:\Users\tl\Desktop\Norton_Removal_Tool.exe
2017-07-24 15:40 - 2017-07-25 09:31 - 00000000 ____D C:\AdwCleaner
2017-07-24 15:39 - 2017-07-24 15:40 - 08162248 _____ (Malwarebytes) C:\Users\tl\Desktop\adwcleaner_7.0.0.0.exe
2017-07-24 15:27 - 2017-07-24 15:28 - 01790024 _____ (Malwarebytes) C:\Users\tl\Desktop\JRT.exe
2017-07-23 14:26 - 2017-07-23 14:26 - 01778176 _____ (Farbar) C:\Users\tl\Desktop\FRST.exe
2017-07-23 14:04 - 2017-07-23 14:04 - 00000000 ___HD C:\$AV_ASW
2017-07-23 13:38 - 2017-07-23 13:38 - 00001264 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2017-07-23 13:38 - 2017-07-23 13:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2017-07-23 13:38 - 2017-07-23 13:38 - 00000000 ____D C:\Program Files\VS Revo Group
2017-07-23 13:37 - 2017-07-23 13:38 - 07178424 _____ (VS Revo Group ) C:\Users\tl\Downloads\revosetup.exe
2017-07-23 06:15 - 2017-07-25 09:35 - 00000000 ____D C:\FRST
2017-07-23 05:56 - 2017-07-23 17:20 - 00000000 ____D C:\Users\tl\AppData\Roaming\Wise Uninstaller
2017-07-23 05:56 - 2017-07-23 05:56 - 00001323 _____ C:\Users\Public\Desktop\Wise Program Uninstaller.lnk
2017-07-23 05:56 - 2017-07-23 05:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Program Uninstaller
2017-07-23 05:56 - 2017-07-23 05:56 - 00000000 ____D C:\Program Files\Wise
2017-07-23 05:55 - 2017-07-23 05:56 - 02707224 _____ (WiseCleaner.com ) C:\Users\tl\Downloads\WPUninstallerSetup.exe
2017-07-23 05:14 - 2017-07-23 05:14 - 00000000 ___SD C:\WINDOWS\UpdateAssistantV2
2017-07-22 23:40 - 2017-07-07 03:02 - 00092000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2017-07-22 23:40 - 2017-07-07 02:54 - 00094560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-07-22 23:40 - 2017-07-07 02:46 - 00781152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-07-22 23:40 - 2017-07-07 02:34 - 01964384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-07-22 23:40 - 2017-06-21 02:51 - 00067424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2017-07-22 23:40 - 2017-06-21 02:27 - 01431232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-07-22 23:40 - 2017-06-21 02:27 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-07-22 23:40 - 2017-06-21 02:26 - 00108896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2017-07-22 23:40 - 2017-06-21 02:25 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2017-07-22 23:40 - 2017-06-21 02:22 - 00361104 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll
2017-07-22 23:40 - 2017-06-21 02:22 - 00080224 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-07-22 23:40 - 2017-06-21 02:21 - 06665440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-07-22 23:40 - 2017-06-21 02:21 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-07-22 23:40 - 2017-06-21 02:00 - 00519168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2017-07-22 23:40 - 2017-06-21 01:59 - 00177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2017-07-22 23:40 - 2017-06-21 01:58 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvisioningHandlers.dll
2017-07-22 23:40 - 2017-06-21 01:56 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.XboxLive.Storage.dll
2017-07-22 23:40 - 2017-06-21 01:56 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2017-07-22 23:40 - 2017-06-21 01:56 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-07-22 23:40 - 2017-06-21 01:55 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-07-22 23:40 - 2017-06-21 01:55 - 00265728 _____ C:\WINDOWS\system32\Windows.Perception.Stub.dll
2017-07-22 23:40 - 2017-06-21 01:54 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-07-22 23:40 - 2017-06-21 01:54 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-07-22 23:40 - 2017-06-21 01:53 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\WwaApi.dll
2017-07-22 23:40 - 2017-06-21 01:53 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-07-22 23:40 - 2017-06-21 01:52 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioCredProv.dll
2017-07-22 23:40 - 2017-06-21 01:51 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Ocr.dll
2017-07-22 23:40 - 2017-06-21 01:51 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2017-07-22 23:40 - 2017-06-21 01:50 - 00857600 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2017-07-22 23:40 - 2017-06-21 01:50 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2017-07-22 23:40 - 2017-06-21 01:50 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-07-22 23:40 - 2017-06-21 01:49 - 00295936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll
2017-07-22 23:40 - 2017-06-21 01:49 - 00242688 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2017-07-22 23:40 - 2017-06-21 01:47 - 00153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2017-07-22 23:40 - 2017-06-21 01:46 - 01323008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2017-07-22 23:40 - 2017-06-21 01:46 - 01137152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2017-07-22 23:40 - 2017-06-21 01:46 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTMediaFrame.dll
2017-07-22 23:40 - 2017-06-21 01:45 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2017-07-22 23:40 - 2017-06-21 01:44 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-07-22 23:40 - 2017-06-21 01:42 - 00470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2017-07-22 23:40 - 2017-06-21 01:41 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-07-22 23:40 - 2017-06-21 01:41 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2017-07-22 23:40 - 2017-06-21 01:40 - 02641920 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-07-22 23:40 - 2017-06-21 01:40 - 01842688 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2017-07-22 23:40 - 2017-06-21 01:38 - 03520512 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2017-07-22 23:40 - 2017-06-21 01:37 - 07468544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-07-22 23:40 - 2017-06-21 01:36 - 01988096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-07-22 23:40 - 2017-06-21 01:36 - 01488384 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-07-22 23:40 - 2017-06-21 01:35 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Perception.dll
2017-07-22 23:40 - 2017-06-21 01:35 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2017-07-22 23:40 - 2017-06-21 01:34 - 03596800 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-07-22 23:40 - 2017-06-21 01:34 - 00773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-07-22 23:40 - 2017-06-21 01:34 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-07-22 23:40 - 2017-06-21 01:33 - 01889792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-07-22 23:40 - 2017-06-21 01:32 - 00612352 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2017-07-22 23:40 - 2017-06-21 01:31 - 03106304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2017-07-22 23:40 - 2017-06-21 01:30 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\tlscsp.dll
2017-07-22 23:40 - 2017-06-20 23:20 - 00448576 _____ C:\WINDOWS\system32\ApnDatabase.xml
2017-07-22 23:40 - 2017-06-03 05:22 - 00231776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-07-22 23:40 - 2017-06-03 04:58 - 00154976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-07-22 23:40 - 2017-06-03 04:54 - 00290656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-07-22 23:40 - 2017-06-03 04:33 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-07-22 23:40 - 2017-06-03 04:32 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-07-22 23:40 - 2017-06-03 04:31 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
2017-07-22 23:40 - 2017-04-27 19:45 - 00545120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-07-22 23:40 - 2017-04-27 19:13 - 01243136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.FaceAnalysis.dll
2017-07-22 23:40 - 2017-04-27 19:13 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-07-22 23:40 - 2017-04-27 19:11 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebcamUi.dll
2017-07-22 23:40 - 2017-04-27 19:08 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2017-07-22 23:40 - 2017-04-27 19:04 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-07-22 23:40 - 2017-04-27 19:04 - 00344576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-07-22 23:40 - 2017-04-27 18:59 - 00758784 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2017-07-22 23:40 - 2017-04-27 18:57 - 01700864 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-07-22 23:40 - 2017-04-27 18:57 - 00719872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_sr.dll
2017-07-22 23:40 - 2017-04-27 18:55 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2017-07-22 23:40 - 2017-04-27 18:54 - 02747904 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-07-22 23:40 - 2017-04-27 18:52 - 00846848 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2017-07-22 23:40 - 2017-04-27 18:50 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-07-22 23:40 - 2017-03-28 00:58 - 00240992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-07-22 23:40 - 2017-03-28 00:40 - 00046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicDisplay.sys
2017-07-22 23:40 - 2017-03-28 00:39 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpRelayTransport.dll
2017-07-22 23:40 - 2017-03-28 00:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\RADCUI.dll
2017-07-22 23:40 - 2017-03-04 02:41 - 00078176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys
2017-07-22 23:40 - 2017-03-04 02:04 - 01362512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2017-07-22 23:40 - 2017-03-04 01:59 - 00869728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-07-22 23:40 - 2017-03-04 01:52 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2017-07-22 23:40 - 2017-03-04 01:45 - 00117280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2017-07-22 23:40 - 2017-03-04 01:29 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssitlb.dll
2017-07-22 23:40 - 2017-03-04 01:28 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2017-07-22 23:40 - 2017-03-04 01:27 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSaveExt.dll
2017-07-22 23:40 - 2017-03-04 01:26 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2017-07-22 23:40 - 2017-03-04 01:26 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.UI.GameBar.dll
2017-07-22 23:40 - 2017-03-04 01:25 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2017-07-22 23:40 - 2017-03-04 01:23 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2017-07-22 23:40 - 2017-03-04 01:22 - 06534656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2017-07-22 23:40 - 2017-03-04 01:22 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\cemapi.dll
2017-07-22 23:40 - 2017-03-04 01:22 - 00183296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2017-07-22 23:40 - 2017-03-04 01:21 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2017-07-22 23:40 - 2017-03-04 01:20 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll
2017-07-22 23:40 - 2017-03-04 01:20 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2017-07-22 23:40 - 2017-03-04 01:19 - 00714752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2017-07-22 23:40 - 2017-03-04 01:19 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSave.dll
2017-07-22 23:40 - 2017-03-04 01:19 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2017-07-22 23:40 - 2017-03-04 01:18 - 01231360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcnwiz.dll
2017-07-22 23:40 - 2017-03-04 01:18 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2017-07-22 23:40 - 2017-03-04 01:18 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2017-07-22 23:40 - 2017-03-04 01:18 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2017-07-22 23:40 - 2017-03-04 01:18 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2017-07-22 23:40 - 2017-03-04 01:17 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll
2017-07-22 23:40 - 2017-03-04 01:16 - 00968704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2017-07-22 23:40 - 2017-03-04 01:16 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
2017-07-22 23:40 - 2017-03-04 01:13 - 01104896 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2017-07-22 23:40 - 2017-03-04 01:13 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2017-07-22 23:40 - 2017-03-04 01:09 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityCommon.dll
2017-07-22 23:40 - 2017-03-04 01:01 - 01293312 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2017-07-22 23:40 - 2017-03-04 01:01 - 01154560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Pimstore.dll
2017-07-22 23:40 - 2017-03-04 01:00 - 00850944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2017-07-22 23:40 - 2017-03-04 00:59 - 01252352 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2017-07-22 23:40 - 2017-03-04 00:57 - 00449024 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-07-22 23:40 - 2016-12-20 23:47 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-07-22 23:40 - 2016-12-20 23:45 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-07-22 23:40 - 2016-12-20 23:44 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-07-22 23:40 - 2016-12-20 23:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2017-07-22 23:40 - 2016-12-14 00:04 - 00261984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-07-22 23:40 - 2016-12-13 23:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-07-22 23:40 - 2016-12-13 23:36 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-07-22 23:39 - 2017-07-07 02:55 - 00343392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-07-22 23:39 - 2017-07-07 02:40 - 20967840 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-07-22 23:39 - 2017-07-07 02:33 - 00043944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-07-22 23:39 - 2017-07-07 02:20 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\l2gpstore.dll
2017-07-22 23:39 - 2017-07-07 02:19 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-07-22 23:39 - 2017-07-07 02:19 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapprovp.dll
2017-07-22 23:39 - 2017-07-07 02:18 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-07-22 23:39 - 2017-07-07 02:18 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\onex.dll
2017-07-22 23:39 - 2017-07-07 02:17 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\raschap.dll
2017-07-22 23:39 - 2017-07-07 02:16 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpipreg.sys
2017-07-22 23:39 - 2017-07-07 02:14 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-07-22 23:39 - 2017-07-07 02:14 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-07-22 23:39 - 2017-07-07 02:09 - 00506368 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-07-22 23:39 - 2017-07-07 02:06 - 18364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-07-22 23:39 - 2017-07-07 02:06 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-07-22 23:39 - 2017-07-07 02:05 - 19414528 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-07-22 23:39 - 2017-07-07 01:56 - 06035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-07-22 23:39 - 2017-07-07 01:55 - 03664896 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-07-22 23:39 - 2017-06-21 03:18 - 00685440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-07-22 23:39 - 2017-06-21 02:43 - 01725136 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-07-22 23:39 - 2017-06-21 02:42 - 00601712 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-07-22 23:39 - 2017-06-21 02:37 - 00798512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2017-07-22 23:39 - 2017-06-21 02:29 - 05722320 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-07-22 23:39 - 2017-06-21 02:21 - 04023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-07-22 23:39 - 2017-06-21 02:21 - 01845512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-07-22 23:39 - 2017-06-21 02:21 - 01277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-07-22 23:39 - 2017-06-21 02:21 - 00952416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-07-22 23:39 - 2017-06-21 02:21 - 00374448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2017-07-22 23:39 - 2017-06-21 02:20 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-07-22 23:39 - 2017-06-21 02:20 - 00981888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-07-22 23:39 - 2017-06-21 02:20 - 00312472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2017-07-22 23:39 - 2017-06-21 02:08 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-07-22 23:39 - 2017-06-21 02:00 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\RpcEpMap.dll
2017-07-22 23:39 - 2017-06-21 01:58 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll
2017-07-22 23:39 - 2017-06-21 01:53 - 00518656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-07-22 23:39 - 2017-06-21 01:53 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs3D.dll
2017-07-22 23:39 - 2017-06-21 01:53 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2017-07-22 23:39 - 2017-06-21 01:52 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2017-07-22 23:39 - 2017-06-21 01:50 - 00238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-07-22 23:39 - 2017-06-21 01:48 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2017-07-22 23:39 - 2017-06-21 01:46 - 04615168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-07-22 23:39 - 2017-06-21 01:46 - 01077760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll
2017-07-22 23:39 - 2017-06-21 01:43 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-07-22 23:39 - 2017-06-21 01:42 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-07-22 23:39 - 2017-06-21 01:40 - 00895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2017-07-22 23:39 - 2017-06-21 01:38 - 01221120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2017-07-22 23:39 - 2017-06-21 01:37 - 06109696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-07-22 23:39 - 2017-06-21 01:34 - 01997824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2017-07-22 23:39 - 2017-06-21 01:34 - 00654336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2017-07-22 23:39 - 2017-06-21 01:32 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2017-07-22 23:39 - 2017-06-21 01:30 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wksprt.exe
2017-07-22 23:39 - 2017-06-03 05:03 - 00950112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-07-22 23:39 - 2017-06-03 04:52 - 00607072 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2017-07-22 23:39 - 2017-06-03 04:52 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2017-07-22 23:39 - 2017-06-03 04:23 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-07-22 23:39 - 2017-06-03 04:22 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcorehc.dll
2017-07-22 23:39 - 2017-06-03 04:16 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-07-22 23:39 - 2017-06-03 04:05 - 00183296 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2017-07-22 23:39 - 2017-06-03 04:04 - 00941568 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-07-22 23:39 - 2017-05-25 01:56 - 00034144 _____ (Microsoft Corporation) C:\WINDOWS\system32\OOBEUpdater.exe
2017-07-22 23:39 - 2017-04-27 19:40 - 01202936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-07-22 23:39 - 2017-04-27 19:20 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2017-07-22 23:39 - 2017-04-27 19:14 - 00445952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2017-07-22 23:39 - 2017-04-27 19:10 - 00518656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaservc.dll
2017-07-22 23:39 - 2017-04-27 19:09 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-07-22 23:39 - 2017-04-27 19:00 - 12349440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-07-22 23:39 - 2017-04-27 18:57 - 01136128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-07-22 23:39 - 2017-04-27 18:54 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-07-22 23:39 - 2017-03-28 00:58 - 01344448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2017-07-22 23:39 - 2017-03-04 02:09 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-07-22 23:39 - 2017-03-04 02:09 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2017-07-22 23:39 - 2017-03-04 01:54 - 00290272 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-07-22 23:39 - 2017-03-04 01:53 - 00313568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2017-07-22 23:39 - 2017-03-04 01:47 - 01123912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2017-07-22 23:39 - 2017-03-04 01:47 - 00976184 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2017-07-22 23:39 - 2017-03-04 01:47 - 00530480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2017-07-22 23:39 - 2017-03-04 01:46 - 01224104 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2017-07-22 23:39 - 2017-03-04 01:46 - 00321792 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2017-07-22 23:39 - 2017-03-04 01:27 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2017-07-22 23:39 - 2017-03-04 01:27 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\findnetprinters.dll
2017-07-22 23:39 - 2017-03-04 01:26 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-07-22 23:39 - 2017-03-04 01:26 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2017-07-22 23:39 - 2017-03-04 01:25 - 00175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2017-07-22 23:39 - 2017-03-04 01:25 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCCSEngineShared.dll
2017-07-22 23:39 - 2017-03-04 01:25 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2017-07-22 23:39 - 2017-03-04 01:24 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2017-07-22 23:39 - 2017-03-04 01:23 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\DavSyncProvider.dll
2017-07-22 23:39 - 2017-03-04 01:22 - 01299968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-07-22 23:39 - 2017-03-04 01:22 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-07-22 23:39 - 2017-03-04 01:22 - 00392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2017-07-22 23:39 - 2017-03-04 01:22 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2017-07-22 23:39 - 2017-03-04 01:22 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2017-07-22 23:39 - 2017-03-04 01:21 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\system32\tapi32.dll
2017-07-22 23:39 - 2017-03-04 01:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-07-22 23:39 - 2017-03-04 01:19 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mbsmsapi.dll
2017-07-22 23:39 - 2017-03-04 01:19 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-07-22 23:39 - 2017-03-04 01:18 - 00525824 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs.dll
2017-07-22 23:39 - 2017-03-04 01:18 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2017-07-22 23:39 - 2017-03-04 01:18 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-07-22 23:39 - 2017-03-04 01:17 - 02318848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-07-22 23:39 - 2017-03-04 01:17 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2017-07-22 23:39 - 2017-03-04 01:16 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-07-22 23:39 - 2017-03-04 01:14 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2017-07-22 23:39 - 2017-03-04 01:13 - 01003520 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
2017-07-22 23:39 - 2017-03-04 01:12 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.Search.dll
2017-07-22 23:39 - 2017-03-04 01:11 - 01357312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2017-07-22 23:39 - 2017-03-04 01:07 - 00545280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2017-07-22 23:39 - 2017-03-04 01:07 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2017-07-22 23:39 - 2017-03-04 01:06 - 05380608 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-07-22 23:39 - 2017-03-04 01:03 - 02363904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-07-22 23:39 - 2017-03-04 01:03 - 02109952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2017-07-22 23:39 - 2017-03-04 01:03 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSENCD.DLL
2017-07-22 23:39 - 2017-03-04 01:02 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-07-22 23:39 - 2017-03-04 01:02 - 01709056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-07-22 23:39 - 2017-03-04 01:02 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-07-22 23:39 - 2017-03-04 01:02 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2017-07-22 23:39 - 2017-03-04 01:01 - 01493504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2017-07-22 23:39 - 2017-03-04 01:00 - 00529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2017-07-22 23:39 - 2017-03-04 00:59 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2017-07-22 23:39 - 2016-12-21 00:03 - 00136544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqmigplugin.dll
2017-07-22 23:38 - 2017-07-07 03:00 - 05996384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-07-22 23:38 - 2017-07-07 02:57 - 00276320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-07-22 23:38 - 2017-07-07 02:44 - 00186720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-07-22 23:38 - 2017-07-07 02:39 - 00198496 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-07-22 23:38 - 2017-07-07 02:33 - 00781664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-07-22 23:38 - 2017-07-07 02:19 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-07-22 23:38 - 2017-07-07 02:12 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-07-22 23:38 - 2017-07-07 02:12 - 00188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-07-22 23:38 - 2017-07-07 02:11 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-07-22 23:38 - 2017-07-07 02:00 - 12187136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-07-22 23:38 - 2017-07-07 01:57 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-07-22 23:38 - 2017-07-07 01:55 - 01571840 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-07-22 23:38 - 2017-07-07 01:54 - 02027008 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-07-22 23:38 - 2017-06-21 02:43 - 00356704 _____ (Microsoft Corporation) C:\WINDOWS\system32\halmacpi.dll
2017-07-22 23:38 - 2017-06-21 02:43 - 00356704 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2017-07-22 23:38 - 2017-06-21 02:42 - 01586736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-07-22 23:38 - 2017-06-21 02:40 - 01956192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-07-22 23:38 - 2017-06-21 02:40 - 00101216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mup.sys
2017-07-22 23:38 - 2017-06-21 02:39 - 02048496 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-07-22 23:38 - 2017-06-21 02:30 - 00869848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-07-22 23:38 - 2017-06-21 02:28 - 02277288 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2017-07-22 23:38 - 2017-06-21 02:28 - 01504056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-07-22 23:38 - 2017-06-21 02:28 - 00524776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2017-07-22 23:38 - 2017-06-21 02:27 - 01122344 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2017-07-22 23:38 - 2017-06-21 02:20 - 00962768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-07-22 23:38 - 2017-06-21 02:20 - 00432336 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMRServer.dll
2017-07-22 23:38 - 2017-06-21 02:19 - 00125792 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2017-07-22 23:38 - 2017-06-21 02:05 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rootmdm.sys
2017-07-22 23:38 - 2017-06-21 02:04 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-07-22 23:38 - 2017-06-21 02:04 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-07-22 23:38 - 2017-06-21 02:01 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmptrap.exe
2017-07-22 23:38 - 2017-06-21 01:59 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-07-22 23:38 - 2017-06-21 01:59 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp
2017-07-22 23:38 - 2017-06-21 01:59 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.HostName.dll
2017-07-22 23:38 - 2017-06-21 01:58 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinRtTracing.dll
2017-07-22 23:38 - 2017-06-21 01:58 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2017-07-22 23:38 - 2017-06-21 01:56 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2017-07-22 23:38 - 2017-06-21 01:56 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.LowLevel.dll
2017-07-22 23:38 - 2017-06-21 01:56 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-07-22 23:38 - 2017-06-21 01:55 - 00533504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSCOMEX.dll
2017-07-22 23:38 - 2017-06-21 01:55 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Core.dll
2017-07-22 23:38 - 2017-06-21 01:55 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2017-07-22 23:38 - 2017-06-21 01:54 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll
2017-07-22 23:38 - 2017-06-21 01:53 - 00386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll
2017-07-22 23:38 - 2017-06-21 01:53 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2017-07-22 23:38 - 2017-06-21 01:52 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-07-22 23:38 - 2017-06-21 01:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Picker.dll
2017-07-22 23:38 - 2017-06-21 01:51 - 01378304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-07-22 23:38 - 2017-06-21 01:51 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicesFlowBroker.dll
2017-07-22 23:38 - 2017-06-21 01:51 - 00314368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2017-07-22 23:38 - 2017-06-21 01:50 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-07-22 23:38 - 2017-06-21 01:49 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2017-07-22 23:38 - 2017-06-21 01:47 - 13873664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-07-22 23:38 - 2017-06-21 01:47 - 00797696 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2017-07-22 23:38 - 2017-06-21 01:46 - 01284096 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2017-07-22 23:38 - 2017-06-21 01:45 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-07-22 23:38 - 2017-06-21 01:44 - 00795648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll
2017-07-22 23:38 - 2017-06-21 01:44 - 00343040 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-07-22 23:38 - 2017-06-21 01:43 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll
2017-07-22 23:38 - 2017-06-21 01:42 - 01406464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2017-07-22 23:38 - 2017-06-21 01:42 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-07-22 23:38 - 2017-06-21 01:40 - 00901120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2017-07-22 23:38 - 2017-06-21 01:40 - 00675840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2017-07-22 23:38 - 2017-06-21 01:40 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2017-07-22 23:38 - 2017-06-21 01:40 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\olepro32.dll
2017-07-22 23:38 - 2017-06-21 01:38 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-07-22 23:38 - 2017-06-21 01:37 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2017-07-22 23:38 - 2017-06-21 01:37 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Geolocation.dll
2017-07-22 23:38 - 2017-06-21 01:37 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2017-07-22 23:38 - 2017-06-21 01:36 - 02648576 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-07-22 23:38 - 2017-06-21 01:36 - 00699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2017-07-22 23:38 - 2017-06-21 01:35 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2017-07-22 23:38 - 2017-06-21 01:35 - 01950208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-07-22 23:38 - 2017-06-21 01:35 - 00598528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2017-07-22 23:38 - 2017-06-21 01:35 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
2017-07-22 23:38 - 2017-06-21 01:34 - 01886720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-07-22 23:38 - 2017-06-21 01:34 - 00711168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2017-07-22 23:38 - 2017-06-21 01:34 - 00542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2017-07-22 23:38 - 2017-06-21 01:33 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll
2017-07-22 23:38 - 2017-06-21 01:33 - 01013248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2017-07-22 23:38 - 2017-06-21 01:33 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2017-07-22 23:38 - 2017-06-21 01:33 - 00691200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-07-22 23:38 - 2017-06-03 05:15 - 00099672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-07-22 23:38 - 2017-06-03 04:52 - 01021784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2017-07-22 23:38 - 2017-06-03 04:25 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-07-22 23:38 - 2017-06-03 04:25 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2017-07-22 23:38 - 2017-06-03 04:22 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpipcfg.dll
2017-07-22 23:38 - 2017-06-03 04:16 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-07-22 23:38 - 2017-06-03 04:05 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\hnetcfg.dll
2017-07-22 23:38 - 2017-06-03 04:04 - 02006528 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-07-22 23:38 - 2017-06-03 04:04 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-07-22 23:38 - 2017-04-27 20:01 - 00784064 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-07-22 23:38 - 2017-04-27 19:45 - 00025440 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2017-07-22 23:38 - 2017-04-27 19:43 - 00355168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2017-07-22 23:38 - 2017-04-27 19:40 - 00352760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-07-22 23:38 - 2017-04-27 19:33 - 00380184 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2017-07-22 23:38 - 2017-04-27 19:22 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspppoe.sys
2017-07-22 23:38 - 2017-04-27 19:21 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2017-07-22 23:38 - 2017-04-27 19:16 - 00113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Lights.dll
2017-07-22 23:38 - 2017-04-27 19:16 - 00082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-07-22 23:38 - 2017-04-27 19:15 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2017-07-22 23:38 - 2017-04-27 19:13 - 01755136 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2017-07-22 23:38 - 2017-04-27 19:13 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupugc.exe
2017-07-22 23:38 - 2017-04-27 19:12 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-07-22 23:38 - 2017-04-27 19:11 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-07-22 23:38 - 2017-04-27 19:11 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-07-22 23:38 - 2017-04-27 19:11 - 00294400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2017-07-22 23:38 - 2017-04-27 19:10 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalLanguage6.dll
2017-07-22 23:38 - 2017-04-27 19:10 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll
2017-07-22 23:38 - 2017-04-27 19:01 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialclient.dll
2017-07-22 23:38 - 2017-04-27 19:00 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-07-22 23:38 - 2017-04-27 18:59 - 00786432 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-07-22 23:38 - 2017-04-27 18:57 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-07-22 23:38 - 2017-04-27 18:57 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\CameraCaptureUI.dll
2017-07-22 23:38 - 2017-04-27 18:55 - 01993216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-07-22 23:38 - 2017-04-27 18:55 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2017-07-22 23:38 - 2017-03-28 00:39 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafpos.dll
2017-07-22 23:38 - 2017-03-28 00:37 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\apds.dll
2017-07-22 23:38 - 2017-03-28 00:36 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SerialCommunication.dll
2017-07-22 23:38 - 2017-03-28 00:35 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-07-22 23:38 - 2017-03-28 00:34 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.Phone.dll
2017-07-22 23:38 - 2017-03-28 00:31 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Desktop.dll
2017-07-22 23:38 - 2017-03-28 00:20 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-07-22 23:38 - 2017-03-28 00:19 - 00746496 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
2017-07-22 23:38 - 2017-03-28 00:19 - 00156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2017-07-22 23:38 - 2017-03-28 00:13 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-07-22 23:38 - 2017-03-28 00:09 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2017-07-22 23:38 - 2017-03-28 00:08 - 01564160 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-07-22 23:38 - 2017-03-15 23:38 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompPkgSup.dll
2017-07-22 23:38 - 2017-03-04 02:57 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-07-22 23:38 - 2017-03-04 02:09 - 00890984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-07-22 23:38 - 2017-03-04 02:09 - 00497416 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-07-22 23:38 - 2017-03-04 02:07 - 01073816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-07-22 23:38 - 2017-03-04 02:07 - 00945760 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-07-22 23:38 - 2017-03-04 02:06 - 00341336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2017-07-22 23:38 - 2017-03-04 02:06 - 00106336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2017-07-22 23:38 - 2017-03-04 02:02 - 00184416 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPHLPAPI.DLL
2017-07-22 23:38 - 2017-03-04 01:59 - 00055136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2017-07-22 23:38 - 2017-03-04 01:51 - 00399712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2017-07-22 23:38 - 2017-03-04 01:26 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2017-07-22 23:38 - 2017-03-04 01:26 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\netiougc.exe
2017-07-22 23:38 - 2017-03-04 01:25 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2017-07-22 23:38 - 2017-03-04 01:25 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2017-07-22 23:38 - 2017-03-04 01:24 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2017-07-22 23:38 - 2017-03-04 01:23 - 00531456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2017-07-22 23:38 - 2017-03-04 01:23 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2017-07-22 23:38 - 2017-03-04 01:22 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-07-22 23:38 - 2017-03-04 01:22 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\icm32.dll
2017-07-22 23:38 - 2017-03-04 01:21 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.PointOfService.dll
2017-07-22 23:38 - 2017-03-04 01:20 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.dll
2017-07-22 23:38 - 2017-03-04 01:20 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanui.dll
2017-07-22 23:38 - 2017-03-04 01:19 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2017-07-22 23:38 - 2017-03-04 01:19 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-07-22 23:38 - 2017-03-04 01:19 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.OneCore.dll
2017-07-22 23:38 - 2017-03-04 01:16 - 01013248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-07-22 23:38 - 2017-03-04 01:16 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2017-07-22 23:38 - 2017-03-04 01:16 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\mscms.dll
2017-07-22 23:38 - 2017-03-04 01:14 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2017-07-22 23:38 - 2017-03-04 01:12 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2017-07-22 23:38 - 2017-03-04 01:11 - 01320448 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2017-07-22 23:38 - 2017-03-04 01:10 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcuiu.dll
2017-07-22 23:38 - 2017-03-04 01:06 - 01382400 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2017-07-22 23:38 - 2017-03-04 01:05 - 00194560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2017-07-22 23:38 - 2017-03-04 01:05 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersGPExt.dll
2017-07-22 23:38 - 2017-03-04 01:03 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxclu.dll
2017-07-22 23:38 - 2017-03-04 01:01 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2017-07-22 23:38 - 2017-03-04 01:01 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFolders.exe
2017-07-22 23:38 - 2016-12-20 23:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-07-22 23:38 - 2016-12-14 00:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-07-22 23:38 - 2016-12-14 00:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-07-22 23:38 - 2016-12-13 23:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-07-22 23:38 - 2016-12-13 23:37 - 00205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-07-22 23:38 - 2016-12-13 23:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-07-22 23:37 - 2017-07-07 02:49 - 00340824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-07-22 23:37 - 2017-07-07 02:45 - 02263832 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-07-22 23:37 - 2017-07-07 02:39 - 01384704 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-07-22 23:37 - 2017-07-07 02:29 - 05686272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-07-22 23:37 - 2017-07-07 02:17 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-07-22 23:37 - 2017-07-07 02:13 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2017-07-22 23:37 - 2017-07-07 02:13 - 00310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2017-07-22 23:37 - 2017-07-07 02:12 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-07-22 23:37 - 2017-07-07 02:10 - 00755200 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-07-22 23:37 - 2017-07-07 02:09 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2017-07-22 23:37 - 2017-07-07 02:06 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-07-22 23:37 - 2017-07-07 01:58 - 03774464 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-07-22 23:37 - 2017-07-07 01:55 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-07-22 23:37 - 2017-07-07 01:55 - 01235968 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-07-22 23:37 - 2017-07-07 01:54 - 02997248 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-07-22 23:37 - 2017-07-07 01:53 - 02483200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-07-22 23:37 - 2017-07-07 01:52 - 04561408 _____ (Microsoft) C:\WINDOWS\system32\dbgeng.dll
2017-07-22 23:37 - 2017-07-07 01:52 - 01599488 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-07-22 23:37 - 2017-07-07 01:52 - 01413632 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-07-22 23:37 - 2017-06-21 03:20 - 00448864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2017-07-22 23:37 - 2017-06-21 02:37 - 00583136 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-07-22 23:37 - 2017-06-21 02:30 - 00196960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ifsutil.dll
2017-07-22 23:37 - 2017-06-21 02:28 - 00170448 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-07-22 23:37 - 2017-06-21 02:27 - 00975744 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-07-22 23:37 - 2017-06-21 02:27 - 00549088 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2017-07-22 23:37 - 2017-06-21 02:26 - 00523784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-07-22 23:37 - 2017-06-21 02:25 - 02168288 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-07-22 23:37 - 2017-06-21 02:25 - 01980776 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2017-07-22 23:37 - 2017-06-21 02:24 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2017-07-22 23:37 - 2017-06-21 02:24 - 00154432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntmarta.dll
2017-07-22 23:37 - 2017-06-21 02:19 - 04312248 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-07-22 23:37 - 2017-06-21 02:01 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Radios.dll
2017-07-22 23:37 - 2017-06-21 02:01 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KdsCli.dll
2017-07-22 23:37 - 2017-06-21 02:00 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll
2017-07-22 23:37 - 2017-06-21 02:00 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\uudf.dll
2017-07-22 23:37 - 2017-06-21 02:00 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.Client.dll
2017-07-22 23:37 - 2017-06-21 01:58 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-07-22 23:37 - 2017-06-21 01:57 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.SyncEngine.dll
2017-07-22 23:37 - 2017-06-21 01:57 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFi.dll
2017-07-22 23:37 - 2017-06-21 01:57 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2017-07-22 23:37 - 2017-06-21 01:57 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll
2017-07-22 23:37 - 2017-06-21 01:56 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Input.dll
2017-07-22 23:37 - 2017-06-21 01:56 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-07-22 23:37 - 2017-06-21 01:56 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2017-07-22 23:37 - 2017-06-21 01:56 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2017-07-22 23:37 - 2017-06-21 01:55 - 00404992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-07-22 23:37 - 2017-06-21 01:55 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2017-07-22 23:37 - 2017-06-21 01:54 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Import.dll
2017-07-22 23:37 - 2017-06-21 01:54 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-07-22 23:37 - 2017-06-21 01:54 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2017-07-22 23:37 - 2017-06-21 01:53 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-07-22 23:37 - 2017-06-21 01:53 - 00390656 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2017-07-22 23:37 - 2017-06-21 01:53 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2017-07-22 23:37 - 2017-06-21 01:53 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2017-07-22 23:37 - 2017-06-21 01:53 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2017-07-22 23:37 - 2017-06-21 01:53 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2017-07-22 23:37 - 2017-06-21 01:53 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExecModelClient.dll
2017-07-22 23:37 - 2017-06-21 01:53 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2017-07-22 23:37 - 2017-06-21 01:52 - 00728064 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-07-22 23:37 - 2017-06-21 01:51 - 00822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2017-07-22 23:37 - 2017-06-21 01:51 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-07-22 23:37 - 2017-06-21 01:51 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2017-07-22 23:37 - 2017-06-21 01:50 - 01167360 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-07-22 23:37 - 2017-06-21 01:50 - 01109504 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-07-22 23:37 - 2017-06-21 01:50 - 00565248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-07-22 23:37 - 2017-06-21 01:49 - 00500736 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-07-22 23:37 - 2017-06-21 01:49 - 00500224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.dll
2017-07-22 23:37 - 2017-06-21 01:49 - 00441856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-07-22 23:37 - 2017-06-21 01:46 - 01584128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2017-07-22 23:37 - 2017-06-21 01:45 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-07-22 23:37 - 2017-06-21 01:45 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\uexfat.dll
2017-07-22 23:37 - 2017-06-21 01:44 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2017-07-22 23:37 - 2017-06-21 01:44 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ufat.dll
2017-07-22 23:37 - 2017-06-21 01:43 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll
2017-07-22 23:37 - 2017-06-21 01:43 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2017-07-22 23:37 - 2017-06-21 01:42 - 02749440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-07-22 23:37 - 2017-06-21 01:40 - 02154496 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2017-07-22 23:37 - 2017-06-21 01:39 - 00818176 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-07-22 23:37 - 2017-06-21 01:38 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-07-22 23:37 - 2017-06-21 01:36 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2017-07-22 23:37 - 2017-06-21 01:35 - 02740224 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-07-22 23:37 - 2017-06-21 01:35 - 00827904 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-07-22 23:37 - 2017-06-21 01:35 - 00732160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2017-07-22 23:37 - 2017-06-21 01:35 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-07-22 23:37 - 2017-06-21 01:34 - 01120768 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-07-22 23:37 - 2017-06-21 01:34 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-07-22 23:37 - 2017-06-21 01:32 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-07-22 23:37 - 2017-06-21 01:30 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\spaceman.exe
2017-07-22 23:37 - 2017-06-03 05:50 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-07-22 23:37 - 2017-06-03 05:50 - 00101216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-07-22 23:37 - 2017-06-03 04:55 - 01896288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-07-22 23:37 - 2017-06-03 04:55 - 00342368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-07-22 23:37 - 2017-06-03 04:53 - 00454496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-07-22 23:37 - 2017-06-03 04:44 - 01409536 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-07-22 23:37 - 2017-06-03 04:44 - 00545944 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-07-22 23:37 - 2017-06-03 04:28 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2017-07-22 23:37 - 2017-06-03 04:26 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBrokerUI.dll
2017-07-22 23:37 - 2017-06-03 04:25 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2017-07-22 23:37 - 2017-06-03 04:22 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\HNetCfgClient.dll
2017-07-22 23:37 - 2017-06-03 04:20 - 00668672 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-07-22 23:37 - 2017-06-02 02:35 - 00080078 _____ C:\WINDOWS\system32\normidna.nls
2017-07-22 23:37 - 2017-04-27 19:49 - 00053080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fsdepends.sys
2017-07-22 23:37 - 2017-04-27 19:48 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-07-22 23:37 - 2017-04-27 19:45 - 00493920 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-07-22 23:37 - 2017-04-27 19:45 - 00116576 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-07-22 23:37 - 2017-04-27 19:43 - 01557224 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2017-07-22 23:37 - 2017-04-27 19:20 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\virtdisk.dll
2017-07-22 23:37 - 2017-04-27 19:19 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-07-22 23:37 - 2017-04-27 19:19 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2017-07-22 23:37 - 2017-04-27 19:19 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2017-07-22 23:37 - 2017-04-27 19:17 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-07-22 23:37 - 2017-04-27 19:16 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2017-07-22 23:37 - 2017-04-27 19:16 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2017-07-22 23:37 - 2017-04-27 19:16 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2017-07-22 23:37 - 2017-04-27 19:15 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-07-22 23:37 - 2017-04-27 19:15 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-07-22 23:37 - 2017-04-27 19:15 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl
2017-07-22 23:37 - 2017-04-27 19:13 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2017-07-22 23:37 - 2017-04-27 19:11 - 01774080 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-07-22 23:37 - 2017-04-27 19:11 - 00713728 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-07-22 23:37 - 2017-04-27 19:10 - 00819200 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2017-07-22 23:37 - 2017-04-27 19:09 - 00561152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-07-22 23:37 - 2017-04-27 19:09 - 00352256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2017-07-22 23:37 - 2017-04-27 19:07 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2017-07-22 23:37 - 2017-04-27 19:03 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2017-07-22 23:37 - 2017-04-27 19:03 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\system32\adsnt.dll
2017-07-22 23:37 - 2017-04-27 19:01 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2017-07-22 23:37 - 2017-04-27 18:53 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2017-07-22 23:37 - 2017-03-28 01:04 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll
2017-07-22 23:37 - 2017-03-28 01:02 - 00576408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-07-22 23:37 - 2017-03-28 00:52 - 00306800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2017-07-22 23:37 - 2017-03-28 00:39 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2017-07-22 23:37 - 2017-03-28 00:39 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-07-22 23:37 - 2017-03-28 00:36 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.UserDeviceAssociation.dll
2017-07-22 23:37 - 2017-03-28 00:35 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2017-07-22 23:37 - 2017-03-28 00:30 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbe.dll
2017-07-22 23:37 - 2017-03-28 00:24 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-07-22 23:37 - 2017-03-28 00:23 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2017-07-22 23:37 - 2017-03-28 00:16 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2017-07-22 23:37 - 2017-03-28 00:13 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2017-07-22 23:37 - 2017-03-28 00:12 - 00862208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-07-22 23:37 - 2017-03-04 01:57 - 00581672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-07-22 23:37 - 2017-03-04 01:56 - 00248992 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-07-22 23:37 - 2017-03-04 01:53 - 00551264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-07-22 23:37 - 2017-03-04 01:52 - 00272720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2017-07-22 23:37 - 2017-03-04 01:50 - 00100704 _____ (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll
2017-07-22 23:37 - 2017-03-04 01:45 - 00173408 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-07-22 23:37 - 2017-03-04 01:45 - 00112120 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2017-07-22 23:37 - 2017-03-04 01:45 - 00093984 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
2017-07-22 23:37 - 2017-03-04 01:42 - 01260784 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-07-22 23:37 - 2017-03-04 01:42 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\input.dll
2017-07-22 23:37 - 2017-03-04 01:30 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-07-22 23:37 - 2017-03-04 01:29 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\XInputUap.dll
2017-07-22 23:37 - 2017-03-04 01:29 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2017-07-22 23:37 - 2017-03-04 01:28 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothDesktopHandlers.dll
2017-07-22 23:37 - 2017-03-04 01:27 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MediaFoundation.DefaultPerceptionProvider.dll
2017-07-22 23:37 - 2017-03-04 01:26 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_WorkAccess.dll
2017-07-22 23:37 - 2017-03-04 01:26 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2017-07-22 23:37 - 2017-03-04 01:25 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2017-07-22 23:37 - 2017-03-04 01:25 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2017-07-22 23:37 - 2017-03-04 01:25 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\WPDShServiceObj.dll
2017-07-22 23:37 - 2017-03-04 01:24 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-07-22 23:37 - 2017-03-04 01:24 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-07-22 23:37 - 2017-03-04 01:23 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\system32\netiohlp.dll
2017-07-22 23:37 - 2017-03-04 01:23 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2017-07-22 23:37 - 2017-03-04 01:21 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2017-07-22 23:37 - 2017-03-04 01:21 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2017-07-22 23:37 - 2017-03-04 01:20 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
2017-07-22 23:37 - 2017-03-04 01:20 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPTpm12.dll
2017-07-22 23:37 - 2017-03-04 01:20 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-07-22 23:37 - 2017-03-04 01:20 - 00424960 _____ (Microsoft Corporation) C:\WINDOWS\system32\msutb.dll
2017-07-22 23:37 - 2017-03-04 01:20 - 00301568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2017-07-22 23:37 - 2017-03-04 01:18 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2017-07-22 23:37 - 2017-03-04 01:18 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2017-07-22 23:37 - 2017-03-04 01:17 - 00570368 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintRenderAPIHost.DLL
2017-07-22 23:37 - 2017-03-04 01:17 - 00482304 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2017-07-22 23:37 - 2017-03-04 01:17 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXP.dll
2017-07-22 23:37 - 2017-03-04 01:16 - 01456640 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-07-22 23:37 - 2017-03-04 01:16 - 00636928 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-07-22 23:37 - 2017-03-04 01:16 - 00473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-07-22 23:37 - 2017-03-04 01:13 - 01056768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2017-07-22 23:37 - 2017-03-04 01:12 - 00894976 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorDataService.exe
2017-07-22 23:37 - 2017-03-04 01:02 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2017-07-22 23:37 - 2017-03-04 01:01 - 03478528 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2017-07-22 23:37 - 2017-03-04 01:01 - 00560640 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserLanguagesCpl.dll
2017-07-22 23:37 - 2017-03-04 01:01 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2017-07-22 23:37 - 2016-12-20 23:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-07-22 23:37 - 2016-12-20 23:30 - 00734208 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-07-22 23:37 - 2016-12-14 00:26 - 01127040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-07-22 23:37 - 2016-12-13 23:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-07-22 23:37 - 2016-12-13 23:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-07-22 23:37 - 2016-12-13 23:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-07-22 23:37 - 2016-12-13 23:35 - 01722368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-07-22 23:37 - 2016-12-13 23:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-07-22 23:37 - 2016-07-15 20:45 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\CspCellularSettings.dll
2017-07-22 23:37 - 2016-07-15 20:43 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CfgSPCellular.dll
2017-07-22 23:37 - 2016-07-15 20:43 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAPNCsp.dll
2017-07-22 23:36 - 2017-07-07 02:03 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2017-07-22 23:36 - 2017-07-07 02:02 - 01313280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdc.dll
2017-07-22 23:36 - 2017-07-07 02:00 - 00476160 _____ (Microsoft® Windows® Operating System) C:\WINDOWS\system32\wvc.dll
2017-07-22 23:36 - 2017-06-22 01:17 - 00987840 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2017-07-22 23:36 - 2017-06-22 01:17 - 00485576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2017-07-22 23:36 - 2017-06-21 02:01 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SignInOptions.dll
2017-07-22 23:36 - 2017-06-21 01:59 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.SystemManagement.dll
2017-07-22 23:36 - 2017-06-21 01:57 - 00242688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Dxpserver.exe
2017-07-22 23:36 - 2017-06-21 01:57 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2017-07-22 23:36 - 2017-06-21 01:57 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2017-07-22 23:36 - 2017-06-21 01:55 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpd_ci.dll
2017-07-22 23:36 - 2017-06-21 01:55 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\regsvr32.exe
2017-07-22 23:36 - 2017-06-21 01:53 - 00271360 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2017-07-22 23:36 - 2017-06-21 01:50 - 00994304 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplicationFrame.dll
2017-07-22 23:36 - 2017-06-21 01:48 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\azroleui.dll
2017-07-22 23:36 - 2017-06-21 01:44 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll
2017-07-22 23:36 - 2017-06-21 01:43 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cnvfat.dll
2017-07-22 23:36 - 2017-06-21 01:42 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
2017-07-22 23:36 - 2017-06-21 01:42 - 00582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpaceControl.dll
2017-07-22 23:36 - 2017-06-21 01:39 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2017-07-22 23:36 - 2017-06-21 01:39 - 00113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpaceAgent.exe
2017-07-22 23:36 - 2017-06-21 01:38 - 00877056 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2017-07-22 23:36 - 2017-06-21 01:38 - 00753152 _____ (Microsoft Corporation) C:\WINDOWS\system32\imapi2fs.dll
2017-07-22 23:36 - 2017-06-03 04:32 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-07-22 23:36 - 2017-06-03 04:31 - 00037376 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-07-22 23:36 - 2017-04-27 20:28 - 00965472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2017-07-22 23:36 - 2017-04-27 19:55 - 00628440 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2017-07-22 23:36 - 2017-04-27 19:51 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2017-07-22 23:36 - 2017-04-27 19:22 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReInfo.dll
2017-07-22 23:36 - 2017-04-27 19:21 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthTelemetry.dll
2017-07-22 23:36 - 2017-04-27 19:20 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidcertstorecheck.exe
2017-07-22 23:36 - 2017-04-27 19:15 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsentUX.dll
2017-07-22 23:36 - 2017-04-27 19:07 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2017-07-22 23:36 - 2017-04-27 19:03 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-07-22 23:36 - 2017-04-27 19:03 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationApi.dll
2017-07-22 23:36 - 2017-04-27 19:00 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpoext.dll
2017-07-22 23:36 - 2017-04-27 18:59 - 01017856 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2017-07-22 23:36 - 2017-04-27 18:58 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\imapi2.dll
2017-07-22 23:36 - 2017-04-27 18:50 - 01438720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-07-22 23:36 - 2017-03-28 01:21 - 00167848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2017-07-22 23:36 - 2017-03-28 00:39 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.Authentication.dll
2017-07-22 23:36 - 2017-03-28 00:25 - 01196544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2017-07-22 23:36 - 2017-03-28 00:22 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2017-07-22 23:36 - 2017-03-04 02:09 - 00320144 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2017-07-22 23:36 - 2017-03-04 02:08 - 00036704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysResetErr.exe
2017-07-22 23:36 - 2017-03-04 01:51 - 00086360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2017-07-22 23:36 - 2017-03-04 01:51 - 00060768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2017-07-22 23:36 - 2017-03-04 01:29 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfp.dll
2017-07-22 23:36 - 2017-03-04 01:29 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\DuCsps.dll
2017-07-22 23:36 - 2017-03-04 01:27 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddrawex.dll
2017-07-22 23:36 - 2017-03-04 01:25 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mscandui.dll
2017-07-22 23:36 - 2017-03-04 01:24 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfui.dll
2017-07-22 23:36 - 2017-03-04 01:21 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\main.cpl
2017-07-22 23:36 - 2017-03-04 01:19 - 00277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsvcext.dll
2017-07-22 23:36 - 2017-03-04 01:18 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontext.dll
2017-07-22 23:36 - 2017-03-04 01:18 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddraw.dll
2017-07-22 23:36 - 2017-03-04 01:16 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2017-07-22 23:36 - 2017-03-04 01:16 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-07-22 23:36 - 2017-03-04 01:13 - 02458112 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2017-07-22 23:36 - 2017-03-04 01:12 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2017-07-22 23:36 - 2017-03-04 01:11 - 00729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabletPC.cpl
2017-07-22 23:36 - 2017-03-04 01:11 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\tabcal.exe
2017-07-22 23:36 - 2017-03-04 01:10 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\regedit.exe
2017-07-22 23:36 - 2017-03-04 01:10 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Tabbtn.dll
2017-07-22 23:36 - 2017-03-04 01:10 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\RelPost.exe
2017-07-22 23:36 - 2017-03-04 01:09 - 00945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-07-22 23:36 - 2017-03-04 01:09 - 00570368 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2017-07-22 23:36 - 2017-03-04 01:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhengine.dll
2017-07-22 23:36 - 2017-03-04 01:08 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-07-22 23:36 - 2017-03-04 01:07 - 00551424 _____ (Microsoft Corporation) C:\WINDOWS\system32\vds.exe
2017-07-22 23:36 - 2017-03-04 01:07 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2017-07-22 23:36 - 2017-03-04 01:07 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhtask.dll
2017-07-22 23:36 - 2017-03-04 01:05 - 01133568 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssapi.dll
2017-07-22 23:36 - 2017-03-04 01:05 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-07-22 23:36 - 2017-03-04 01:05 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2017-07-22 23:36 - 2017-03-04 01:03 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MultiDigiMon.exe
2017-07-22 23:36 - 2017-03-04 01:02 - 00580608 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2017-07-22 23:36 - 2016-12-13 23:36 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-07-22 23:34 - 2016-05-29 13:38 - 08886976 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSetup.exe
2017-07-22 23:33 - 2016-12-21 00:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-07-22 21:36 - 2017-06-03 05:50 - 01336160 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-07-22 21:36 - 2017-06-03 05:50 - 00996192 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-07-22 21:36 - 2017-06-03 05:50 - 00514400 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-07-22 21:36 - 2017-06-03 05:50 - 00455000 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-07-22 21:36 - 2017-06-03 05:50 - 00284000 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-07-22 21:36 - 2017-06-03 05:50 - 00254816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-07-22 21:36 - 2017-06-03 05:50 - 00192856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-07-22 21:36 - 2017-06-03 05:50 - 00113504 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-07-22 21:36 - 2017-06-03 05:50 - 00083296 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-07-22 21:36 - 2017-06-03 05:50 - 00030560 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-07-22 21:36 - 2017-06-03 04:31 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-07-22 21:36 - 2017-06-03 04:30 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-07-22 21:36 - 2017-06-03 04:29 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-07-22 21:36 - 2017-06-03 04:25 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-07-22 21:36 - 2017-06-03 04:06 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-07-22 21:36 - 2017-04-27 19:11 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-07-22 21:36 - 2017-04-27 19:10 - 00425472 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-07-22 21:36 - 2017-04-27 19:09 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-07-22 21:36 - 2017-03-28 00:42 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2017-07-22 21:36 - 2017-03-28 00:31 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-07-22 21:36 - 2017-03-28 00:12 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-07-22 21:36 - 2017-03-04 01:31 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsUpdateElevatedInstaller.exe
2017-07-22 21:36 - 2016-12-13 23:37 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-07-22 21:12 - 2016-12-20 23:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-07-22 15:43 - 2017-07-22 15:43 - 00000000 ____D C:\Users\tl\AppData\Local\UNP
2017-07-22 14:08 - 2017-07-22 14:09 - 00000000 ____D C:\Program Files\UNP
2017-07-22 14:08 - 2017-07-22 14:08 - 00000000 ____D C:\WINDOWS\system32\UNP
2017-07-22 13:48 - 2017-07-22 13:48 - 00001078 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2017-07-22 13:33 - 2017-07-22 13:33 - 00000000 ____D C:\2017 TOM 2ND HALF
2017-07-12 10:46 - 2017-07-12 10:51 - 00347564 _____ C:\WINDOWS\Minidump\071217-61953-01.dmp
2017-07-12 10:46 - 2017-07-12 10:46 - 00000000 ____D C:\WINDOWS\Minidump
2017-07-12 10:45 - 2017-07-12 10:45 - 833206329 _____ C:\WINDOWS\MEMORY.DMP
2017-07-01 06:52 - 2017-07-01 06:52 - 00055160 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2017-07-01 06:50 - 2017-06-28 12:08 - 00303280 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-25 09:33 - 2010-01-30 11:43 - 00000187 _____ C:\ProgramData\HPWALog.txt
2017-07-25 09:32 - 2016-09-27 16:50 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-25 09:31 - 2016-07-15 21:22 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-07-25 09:31 - 2009-12-04 22:17 - 00000000 ____D C:\Users\tl\AppData\Roaming\Yahoo!
2017-07-25 09:30 - 2016-09-27 19:05 - 00000000 ___DC C:\WINDOWS\Panther
2017-07-25 09:08 - 2016-09-27 16:15 - 00000000 ____D C:\Users\tl
2017-07-24 15:29 - 2016-09-27 16:13 - 01873112 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-07-24 14:52 - 2016-07-16 03:29 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-07-23 16:25 - 2016-09-27 16:06 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-07-23 15:38 - 2013-10-23 18:22 - 00000000 ____D C:\Program Files\Comodo
2017-07-23 14:29 - 2015-07-19 20:04 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-07-23 14:03 - 2011-12-27 16:25 - 00000000 ____D C:\Users\tl\AppData\LocalLow\Temp
2017-07-23 14:00 - 2009-07-13 21:37 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-07-23 05:59 - 2016-07-16 03:28 - 00000000 ____D C:\WINDOWS\INF
2017-07-23 05:22 - 2016-02-13 07:21 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-07-23 05:17 - 2016-09-27 16:06 - 00448872 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-07-23 05:14 - 2016-07-16 03:29 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-07-23 05:14 - 2016-07-16 03:29 - 00000000 ___RD C:\WINDOWS\PrintDialog
2017-07-23 05:14 - 2016-07-16 03:29 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-07-23 05:14 - 2016-07-16 03:29 - 00000000 ___RD C:\Program Files\Windows Defender
2017-07-23 05:14 - 2016-07-16 03:29 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-07-23 05:14 - 2016-07-16 03:29 - 00000000 ____D C:\WINDOWS\system32\setup
2017-07-23 05:14 - 2016-07-16 03:29 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-07-23 05:14 - 2016-07-16 03:29 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2017-07-23 05:14 - 2016-07-16 03:29 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-07-23 05:14 - 2016-07-16 03:29 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-07-23 05:14 - 2016-07-16 03:29 - 00000000 ____D C:\WINDOWS\Provisioning
2017-07-23 05:14 - 2016-07-16 03:29 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-07-23 05:14 - 2016-07-16 03:29 - 00000000 ____D C:\WINDOWS\bcastdvr
2017-07-23 05:14 - 2016-07-16 03:29 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-07-23 05:14 - 2016-07-15 21:22 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-07-23 04:55 - 2016-07-16 03:19 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-07-22 22:38 - 2016-07-16 03:29 - 00000000 ____D C:\WINDOWS\rescache
2017-07-22 21:54 - 2013-07-11 16:27 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-07-22 21:45 - 2010-01-12 18:45 - 132532600 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-07-22 21:37 - 2016-07-16 03:29 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-22 18:52 - 2013-01-11 20:56 - 00123928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2017-07-22 14:00 - 2016-07-16 03:29 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-07-22 13:57 - 2015-02-10 17:52 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-07-22 13:48 - 2013-02-21 20:24 - 00000000 ____D C:\Program Files\Opera
2017-07-22 13:46 - 2016-09-27 16:15 - 00000000 ____D C:\Users\DefaultAppPool
2017-07-12 11:20 - 2014-11-05 19:07 - 00000000 ____D C:\Users\tl\AppData\Roaming\AIMP3
2017-07-12 11:13 - 2015-11-02 19:52 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-07-12 10:56 - 2009-07-12 14:31 - 00000000 ____D C:\Users\tl\AppData\Roaming\Hewlett-Packard
2017-07-12 10:55 - 2012-03-30 16:21 - 00000000 ____D C:\AMAZON DOWNLOADS
2017-07-12 10:52 - 2009-10-02 21:53 - 00456360 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-07-01 08:59 - 2016-04-20 08:52 - 00000000 ____D C:\Users\tl\AppData\Local\Packages
2017-07-01 08:04 - 2016-03-22 18:01 - 00001197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-07-01 08:02 - 2014-03-20 16:43 - 00000000 ____D C:\Program Files\SUPERAntiSpyware2
2017-07-01 07:41 - 2015-09-03 08:25 - 00002218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-07-01 07:41 - 2015-09-03 08:25 - 00002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-07-01 07:18 - 2017-01-24 20:23 - 00000000 ____D C:\2017 TOM
2017-07-01 07:03 - 2014-04-18 10:40 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-07-01 07:02 - 2009-07-12 15:17 - 00000000 ____D C:\Program Files\SpywareBlaster
2017-07-01 07:02 - 2009-04-22 10:03 - 00000000 ____D C:\ProgramData\Temp
2017-07-01 06:53 - 2013-03-01 18:19 - 00296312 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys
2017-07-01 06:49 - 2013-01-11 20:55 - 00000000 ____D C:\ProgramData\AVAST Software
2017-06-30 09:46 - 2016-07-16 03:31 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2017-06-30 09:46 - 2016-07-16 03:31 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2017-06-28 12:09 - 2014-04-25 17:57 - 00042824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-06-28 12:09 - 2013-12-19 18:14 - 00147688 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-06-28 12:09 - 2013-03-01 18:19 - 00070840 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-06-28 12:09 - 2013-01-11 20:56 - 00496976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-06-28 12:09 - 2013-01-11 20:56 - 00099536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-06-28 12:07 - 2016-03-22 18:00 - 00039752 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-06-28 12:07 - 2013-01-11 20:56 - 00774288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-06-28 12:06 - 2017-02-28 20:32 - 00276704 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswblogx.sys
2017-06-28 12:06 - 2017-02-28 20:32 - 00266976 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdriverx.sys
2017-06-28 12:06 - 2017-02-28 20:32 - 00157384 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidshx.sys
2017-06-28 12:06 - 2017-02-28 20:32 - 00050352 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbunivx.sys
 
==================== Files in the root of some directories =======
 
2015-09-30 11:28 - 2015-09-30 11:28 - 0000093 _____ () C:\Users\tl\AppData\Roaming\settings.xml
2009-07-12 19:46 - 2016-12-19 13:35 - 0012884 _____ () C:\Users\tl\AppData\Roaming\wklnhst.dat
2013-06-12 21:12 - 2013-06-12 21:12 - 0000037 ___SH () C:\Users\tl\AppData\Local\70149b02515b3bb20dd492.47983420
2010-01-08 19:53 - 2010-01-08 19:53 - 0000000 _____ () C:\Users\tl\AppData\Local\AtStart.txt
2012-01-14 10:47 - 2011-09-02 06:08 - 0094208 _____ () C:\Users\tl\AppData\Local\common_functions.dll
2010-02-14 01:04 - 2015-09-29 15:59 - 0003584 _____ () C:\Users\tl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-01-08 19:53 - 2010-01-08 19:53 - 0000000 _____ () C:\Users\tl\AppData\Local\DSwitch.txt
2011-09-02 06:08 - 2011-09-02 06:08 - 0102400 _____ () C:\Users\tl\AppData\Local\ie_runner_app.exe
2012-01-14 10:47 - 2011-08-26 05:09 - 0940544 _____ (Apache Software Foundation) C:\Users\tl\AppData\Local\log4cxx.dll
2010-01-08 19:53 - 2010-01-08 19:53 - 0000000 _____ () C:\Users\tl\AppData\Local\QSwitch.txt
2016-01-11 16:35 - 2016-01-11 16:35 - 0001247 _____ () C:\Users\tl\AppData\Local\recently-used.xbel
2011-02-12 12:54 - 2011-02-12 12:54 - 0007605 _____ () C:\Users\tl\AppData\Local\Resmon.ResmonCfg
2011-10-30 09:30 - 2011-10-30 09:30 - 0000000 _____ () C:\Users\tl\AppData\Local\{198E2335-5DE6-465F-95FF-43FF8D0F3C74}
2011-05-18 16:22 - 2011-05-18 16:23 - 0000000 _____ () C:\Users\tl\AppData\Local\{7B003149-D92F-462E-A524-36F24B4C6E33}
2011-05-12 16:01 - 2011-05-12 16:01 - 0000000 _____ () C:\Users\tl\AppData\Local\{B67B0798-67F7-4909-B482-DADB915256B6}
2012-01-08 11:41 - 2012-01-08 11:41 - 0000000 _____ () C:\Users\tl\AppData\Local\{EDF43DAB-8BAC-4F94-A4CD-0A650556AD79}
2010-01-08 19:53 - 2012-01-02 17:14 - 0000284 _____ () C:\ProgramData\hpqp.ini
2010-02-26 18:57 - 2016-08-25 12:55 - 0000021 _____ () C:\ProgramData\hpqp.txt
2010-01-30 11:43 - 2017-07-25 09:33 - 0000187 _____ () C:\ProgramData\HPWALog.txt
2010-01-10 15:56 - 2015-05-06 18:54 - 0022059 _____ () C:\ProgramData\hpzinstall.log
2013-03-22 18:45 - 2013-03-22 18:45 - 0001534 _____ () C:\ProgramData\ss.ini
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-07-22 21:41
 
==================== End of FRST.txt ============================
 
 
Here's addition.txt:
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-07-2017
Ran by tl (25-07-2017 09:39:45)
Running from C:\Users\tl\Desktop
Microsoft Windows 10 Home Version 1607 (X86) (2016-09-27 22:00:49)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3386764216-2145708176-1762138646-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3386764216-2145708176-1762138646-503 - Limited - Disabled)
Guest (S-1-5-21-3386764216-2145708176-1762138646-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3386764216-2145708176-1762138646-1002 - Limited - Enabled)
tl (S-1-5-21-3386764216-2145708176-1762138646-1000 - Administrator - Enabled) => C:\Users\tl
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
32 Bit HP CIO Components Installer (HKLM\...\{A80FA752-C491-4ED9-ABF0-4278563160B2}) (Version: 7.1.8 - Hewlett-Packard) Hidden
7-Zip 4.65 (HKLM\...\7-Zip) (Version:  - )
Acrobat.com (HKLM\...\{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}) (Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20058 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 17.0.0.124 - Adobe Systems Incorporated)
Adobe Flash Player 16 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}) (Version: 11.0 - Adobe Systems, Inc.)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
AIMP3 (HKLM\...\AIMP3) (Version: v3.55.1355, 14.07.2014 - AIMP DevTeam)
Amazon Kindle (HKU\S-1-5-21-3386764216-2145708176-1762138646-1000\...\Amazon Kindle) (Version: 1.15.0.43061 - Amazon)
Amazon MP3 Downloader 1.0.17 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon MP3 Uploader (HKLM\...\{0412CCFF-BFAC-83D8-44FB-3BE60F05FCF8}) (Version: 1.0.8 - Amazon Services LLC) Hidden
Amazon MP3 Uploader (HKLM\...\com.amazon.music.uploader) (Version: 1.0.8 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-3386764216-2145708176-1762138646-1000\...\Amazon Amazon Music) (Version: 4.3.2.1367 - Amazon Services LLC)
ANT Drivers Installer x86 (HKLM\...\{9D378E1D-CE87-4D0B-AC7E-D81A76E42EF8}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.0 - Atheros)
Audacity 2.1.2 (HKLM\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 17.5.2302 - AVAST Software)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
Brickshooter Egypt (HKLM\...\Brickshooter Egypt_is1) (Version:  - Playrix Entertainment)
Brother MFL-Pro Suite MFC-L2740DW series DCP-L2540DW series (HKLM\...\{F8ECC2FD-CE2B-4ED4-BDCC-90D0D34206FD}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.26 - Piriform)
Cisco Connect (HKLM\...\Cisco Connect) (Version: 1.3.11069.2 - Cisco Consumer Products LLC)
Crayon Physics Deluxe - release 53 (HKLM\...\Crayon Physics Deluxe_is1) (Version:  - Kloonigames)
CryptoPrevent (HKLM\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
CyberLink DVD Suite (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2203 - CyberLink Corp.)
DivX Setup (HKLM\...\DivX Setup.divx.com) (Version: 2.3.0.20 - DivX, LLC)
Elevated Installer (HKLM\...\{A53F1B50-A664-4D28-92FE-DD5F507F34BC}) (Version: 4.2.0.0 - Garmin Ltd or its subsidiaries) Hidden
ESU for Microsoft Vista (HKLM\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
EZ Vinyl/Tape Converter by Ion Audio 11.7.0 (HKLM\...\EZ Vinyl/Tape Converter by Ion Audio_is1) (Version: 11.7.0 - Ion Audio LLC)
foobar2000 v1.3.8 (HKLM\...\foobar2000) (Version: 1.3.8 - Peter Pawlowski)
Freecorder 4.01 Application (HKLM\...\Freecorder4.01) (Version: 4.01 - Applian Technologies Inc.)
FreeRIP MP3 Converter 4.8.0 (HKLM\...\{501451DE-5808-4599-B544-8BD0915B6B24}_is1) (Version: 4.8.0 - GreenTree Applications SRL)
Garmin Express (HKLM\...\{d74c733b-9216-49f5-ae3a-14bf3a3d66f5}) (Version: 4.2.0.0 - Garmin Ltd or its subsidiaries)
Garmin Express Tray (HKLM\...\{5250BDEA-3EA9-441C-8233-9CBEC6A799BD}) (Version: 4.2.0.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.4.50 - Conexant Systems)
HP Doc Viewer (HKLM\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.03.0001 - Hewlett-Packard)
HP DVD Play 3.7 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: 3.7.0.6623 - Hewlett-Packard)
HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.3.1 - Hewlett-Packard)
HP Support Solutions Framework (HKLM\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.7.27.15 - Hewlett-Packard Company)
HP Wireless Assistant (HKLM\...\{1061DF04-CF33-40B0-8360-D07C9BBEB122}) (Version: 3.50.10.1 - Hewlett-Packard)
HPDiagnosticAlert (HKLM\...\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}) (Version: 1.00.0000 - Microsoft) Hidden
Image Resizer for Windows (HKLM\...\{6285B71F-660A-478B-A876-C7E66A678E6A}) (Version: 3.0.4802.35565 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson)
Inpaint 3.0 (HKLM\...\{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1) (Version:  - teorex)
inSSIDer 3 (HKLM\...\{CDF246AE-C6E3-438F-AA76-21700DCC15F6}) (Version: 3.0.6.42 - MetaGeek, LLC)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
iTunes (HKLM\...\{8862F11A-A9A0-4899-9F50-B5A79F12F3C2}) (Version: 12.3.1.23 - Apple Inc.)
Kodi (HKU\S-1-5-21-3386764216-2145708176-1762138646-1000\...\Kodi) (Version:  - XBMC-Foundation)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
LibreOffice 5.2.0.4 (HKLM\...\{8FA59B7B-1D26-408F-A798-BD11A65A68B9}) (Version: 5.2.0.4 - The Document Foundation)
LightScribe System Software  1.14.17.1 (HKLM\...\{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}) (Version: 1.14.17.1 - LightScribe)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MediaMonkey 4.0 (HKLM\...\MediaMonkey_is1) (Version: 4.0 - Ventis Media Inc.)
Microsoft Money Plus (HKLM\...\Money2008b) (Version: 17 - Microsoft)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4945.1001 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 36.0.4 (x86 en-US) (HKLM\...\Mozilla Firefox 36.0.4 (x86 en-US)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 36.0 - Mozilla)
MSVCSetup (HKLM\...\{3700194C-C5DD-439A-BE06-A66960CA4C70}) (Version: 1.00.0000 - HP) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee Reveal (HKLM\...\{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}) (Version: 7.0.35.6951 - muvee Technologies Pte Ltd)
NirSoft Wireless Network Watcher (HKLM\...\NirSoft Wireless Network Watcher) (Version:  - )
Office 15 Click-to-Run Extensibility Component (HKLM\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4945.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-007E-0000-0000-0000000FF1CE}) (Version: 15.0.4945.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4945.1001 - Microsoft Corporation) Hidden
OpenOffice 4.1.2 (HKLM\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
Opera 12.14 (HKLM\...\Opera 12.14.1738) (Version: 12.14.1738 - Opera Software ASA)
Opera Stable 46.0.2597.57 (HKLM\...\Opera 46.0.2597.57) (Version: 46.0.2597.57 - Opera Software)
Paragon Drive Backup™ 9.5 Professional Edition (HKLM\...\{485DF5E7-8379-4BFA-BAE1-9B8DBFE0D6B4}) (Version: 90.00.0003 - Paragon Software)
QLBCASL (HKLM\...\{F1D7AC58-554A-4A58-B784-B61558B1449A}) (Version: 6.40.17.2 - Hewlett-Packard) Hidden
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 3.0.1.3 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.3 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.3 - VS Revo Group, Ltd.)
SafeZone Stable 3.55.2393.609 (HKLM\...\SafeZone 3.55.2393.609) (Version: 3.55.2393.609 - Avast Software) Hidden
Scrabble 2013 (HKLM\...\{52CE4567-92BF-4ED4-9219-577E35A68A17}) (Version: 1.0.0 - LeeGT-Games)
SoftMaker FreeOffice 2016 (HKLM\...\{8EBB8452-274B-465D-8324-00B0832FBB05}) (Version: 1.0.3815 - SoftMaker Software GmbH)
Spotify (HKU\S-1-5-21-3386764216-2145708176-1762138646-1000\...\Spotify) (Version: 1.0.20.94.g8f8543b3 - Spotify AB)
SpywareBlaster 5.5 (HKLM\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
Super Tap a Jam (HKLM\...\am-supertapajam) (Version:  - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
Swiff Player 1.7.2 (HKLM\...\Swiff Player_is1) (Version: 1.7.2 - GlobFX Technologies)
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.1.3.0 - Synaptics)
VC80CRTRedist - 8.0.50727.4053 (HKLM\...\{5EE7D259-D137-4438-9A5F-42F432EC0421}) (Version: 1.1.0 - DivX, Inc) Hidden
VUDU To Go (HKLM\...\{96837DFA-4CBA-D686-AE67-FD28F17D34CD}) (Version: 2.1.6 - Vudu) Hidden
VUDU To Go (HKLM\...\com.vudu.air.Downloader) (Version: 2.1.6 - Vudu)
Winamp (HKLM\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-3386764216-2145708176-1762138646-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows 10 Update and Privacy Settings (HKLM\...\{542CC2C2-ABAF-4604-8723-DA296AF74540}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
WinX DVD Ripper Platinum 7.5.11 (HKLM\...\WinX DVD Ripper Platinum_is1) (Version:  - Digiarty Software, Inc.)
Wise Program Uninstaller 2.01 (HKLM\...\Wise Program Uninstaller_is1) (Version: 2.01 - WiseCleaner.com, Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3386764216-2145708176-1762138646-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\amazon mp3 downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-3386764216-2145708176-1762138646-1000_Classes\CLSID\{7214DA70-67FF-4329-BAF7-5930774C9AE7}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-03-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-03-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-03-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-06-28] (AVAST Software)
ContextMenuHandlers01: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2009-02-03] (Igor Pavlov)
ContextMenuHandlers01: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files\AIMP3\Modules\aimp_menu32.dll [2014-11-05] (AIMP DevTeam)
ContextMenuHandlers01: [AIMPClassic] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files\AIMP3\Modules\aimp_menu32.dll [2014-11-05] (AIMP DevTeam)
ContextMenuHandlers01: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-06-28] (AVAST Software)
ContextMenuHandlers01: [Image Resizer] -> {51B4D7E5-7568-4234-B4BB-47FB3C016A69} => C:\Program Files\Image Resizer for Windows\ShellExtensions.dll [2013-02-23] (Brice Lambson)
ContextMenuHandlers01: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2004-01-22] ()
ContextMenuHandlers03: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-06-28] (AVAST Software)
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll [2016-03-28] (Malwarebytes)
ContextMenuHandlers04: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2009-02-03] (Igor Pavlov)
ContextMenuHandlers04: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files\AIMP3\Modules\aimp_menu32.dll [2014-11-05] (AIMP DevTeam)
ContextMenuHandlers04: [AIMPClassic] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files\AIMP3\Modules\aimp_menu32.dll [2014-11-05] (AIMP DevTeam)
ContextMenuHandlers04: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2004-01-22] ()
ContextMenuHandlers06: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-06-28] (AVAST Software)
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll [2016-03-28] (Malwarebytes)
ContextMenuHandlers06: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2004-01-22] ()
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0294769A-3797-4991-9FB5-11C7A3F52B12} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-27] (Microsoft Corporation)
Task: {0E038B56-1435-4887-B9FF-429474955D22} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2017-05-16] (Microsoft Corporation)
Task: {115E46E2-09D1-499C-AED8-F4F454D9E847} - System32\Tasks\{3351A464-3403-4D9A-9B43-682F286C8D4E} => C:\Windows\system32\pcalua.exe -a "C:\2010 dad\utilities 2010\SUPERAntiSpyware.exe" -d "C:\2010 dad\utilities 2010"
Task: {189145B0-8FB3-4CF3-933E-03DEF27DBA67} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe
Task: {1D423443-9352-4D70-8B78-9A78A51D4FF4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-01-30] (Piriform Ltd)
Task: {1F1DDD17-10F2-4153-A8BD-C177569A8A09} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-27] (Microsoft Corporation)
Task: {1F574C86-CEAD-4582-8541-26388FA4D8F9} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {22A65356-8A64-4B0B-9088-8DF3F13C8A5C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {26644343-67F3-4F17-8E2E-108B21A5D6EE} - System32\Tasks\Opera scheduled Autoupdate 1425135160 => C:\Program Files\Opera\launcher.exe [2017-07-17] (Opera Software)
Task: {298B0829-68AA-4A59-9F13-0FFB80C8C168} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3386764216-2145708176-1762138646-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {2A9E9F35-93C6-47C3-BB50-D083FA3E09BB} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {34B57AC1-3789-4284-BE87-95F9765A2360} - System32\Tasks\SafeZone scheduled Autoupdate 1458687674 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-06-13] (Avast Software)
Task: {3DE955EA-433F-4B17-BD29-7310E6948E33} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {419D39C8-2C76-48D0-8846-B9263173FB82} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {42650CBE-2FE1-45BB-AAAA-989926897C4A} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-06-28] (AVAST Software)
Task: {4FF165AE-13CC-4E7F-A4F7-91E064EC7B11} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {561375CB-FF5A-417B-B297-BA73DE149581} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\WINDOWS\system32\gatherWiredInfo.vbs
Task: {5648ABFE-4913-48C3-AC72-69CD1692B7A8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-03-14] (Microsoft Corporation)
Task: {5692D533-E6F0-4FDE-89CC-1C29C79B75EA} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {570AC688-96B1-4E13-9A2B-307E39A1F8BA} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {5B82C176-4F94-4F32-812A-57C62AE1ADE0} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {5DCE836B-A040-4F8C-BE45-EB5F5EE80E1B} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {5DED52C1-BBBE-4AF9-9C9C-77AB3E3D18A2} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5F98C8D9-ADBD-444B-BF7A-993A0311DEA8} - System32\Tasks\{11896198-220B-4237-ACB3-7CDE2660AB1B} => C:\Windows\system32\pcalua.exe -a "C:\2010 dad\MISC 2010\RAR Password Cracker\uninstall.exe"
Task: {616A012A-56A5-488D-852B-7BA831B768B2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {6446945A-9A86-4EA9-AFF5-D9C723BEAF5D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-01-03] (HP Inc.)
Task: {72FC735A-2D39-4BB9-A89F-1D5AD73E051F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {739E5EBE-D9B5-46EC-BDA7-5BD5CE400D0C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-27] (Microsoft Corporation)
Task: {7F9BA1EF-B8C8-4034-AF27-5607B21D9EE0} - System32\Tasks\{90551941-2721-4A7E-A500-FB52613BA619} => C:\Windows\system32\pcalua.exe -a C:\Windows\Freecorder\uninstall.exe -c "/U:C:\Program Files\Freecorder\Uninstall\uninstall.xml"
Task: {889282AE-3D6D-485B-992B-EA3656D37B7A} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8EF8479F-83C8-4428-B4DC-B29EB7A904A5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.)
Task: {90DB3B90-86C0-4860-A0A8-14CFF0CC572E} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {95F4B114-AEA9-4849-90F1-4BD3A84BC246} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {97088F39-F96F-48FC-9088-5B0F35F2851F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-27] (Microsoft Corporation)
Task: {9DA762C1-F91B-4D8E-BD00-7C1EA5DB4407} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {9F062B14-3FCE-497B-AD0F-22B1ECD2F694} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {A495CD6B-9155-4D61-A32D-7A8CC03B2D97} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AEEDA49A-6DFB-4147-8C75-8F9E0E4D645C} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {B1E0CA6A-9FCF-4245-9ACD-9A49A91D2EC2} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B2BCF55B-0F87-4868-A73F-248FFFB48E03} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BE512668-F0DF-4CB4-8C04-6C2139250F8A} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {C7435765-BB98-465F-83C4-0C2EEFE87252} - System32\Tasks\COMODO\COMODO Maintenance {947247B5-026A-4437-9371-770782BE839D} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {CEF4AD48-4843-4B05-A0BC-FD1848026E19} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation)
Task: {D2580E38-6F43-453C-8B8A-30F4CD676FF3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.)
Task: {D26680B4-E9B0-474E-A4BC-9FA8F3C2C1EF} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D5A9B6EF-F304-480A-9E97-9DC1DB4E100C} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {D6C55EC0-E0DB-49ED-89C2-4BE32DFD6A06} - System32\Tasks\{7D5F68AE-3A15-4AAD-A607-FAB5996FDA74} => C:\Windows\system32\pcalua.exe -a "C:\2010 dad\utilities 2010\erunt\ERUNT.EXE" -d "C:\2010 dad\utilities 2010\erunt"
Task: {E3C6569C-0201-4283-A10F-4123AE094E34} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3386764216-2145708176-1762138646-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\WINDOWS\system32\gatherWirelessInfo.vbs
Task: {E70EFB66-664B-4B2C-9E95-D74B19901929} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EACA4962-5021-4C6E-84F3-EC1725147455} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F4AD4DE8-0A84-4942-9643-45282A36BD83} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation)
Task: {FB65081A-77E3-4D0F-8561-025E06FAFDBA} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FD882958-94A1-4812-8B2F-E24494314C9B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-03-14] (Microsoft Corporation)
Task: {FEE25C40-0732-4239-A6AC-9BC527EE94DB} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-07-12] (AVAST Software)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\tl\Desktop\Pandora.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=nhcmkbmicfjhooghpepbibhoneeamgdi
ShortcutWithArgument: C:\Users\tl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pandora.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=nhcmkbmicfjhooghpepbibhoneeamgdi
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 03:25 - 2016-07-16 03:25 - 00190976 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-07-22 23:38 - 2017-06-21 02:39 - 02048496 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2011-06-17 08:49 - 2011-06-17 08:49 - 00024064 _____ () C:\WINDOWS\System32\ssp8ml3.dll
2016-09-27 17:05 - 2016-09-27 17:05 - 00679624 _____ () C:\Users\tl\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\ClientTelemetry.dll
2017-03-23 10:26 - 2017-01-31 05:14 - 08909512 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2009-09-28 16:22 - 2004-01-22 18:36 - 00120832 _____ () C:\Program Files\WinRAR\rarext.dll
2015-02-10 17:52 - 2017-01-17 03:17 - 00090304 _____ () C:\Program Files\Microsoft Office 15\ClientX86\ApiClient.dll
2009-04-22 10:17 - 2008-10-06 11:54 - 00365952 _____ () C:\Program Files\SMINST\BLService.exe
2009-04-22 10:17 - 2008-10-06 11:54 - 00132480 _____ () C:\Program Files\SMINST\STWmiM.dll
2016-07-16 03:25 - 2016-07-16 03:25 - 00108032 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-07-22 23:37 - 2017-03-04 01:24 - 00321536 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-07-22 23:38 - 2017-03-04 01:04 - 06726656 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-07-22 23:38 - 2017-06-21 01:32 - 01150464 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-09-27 18:58 - 2016-09-27 18:58 - 00526848 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-07-22 23:38 - 2017-06-21 01:32 - 00779776 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-07-22 23:38 - 2017-06-21 01:32 - 01724928 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-07-22 23:38 - 2017-06-21 01:35 - 03158016 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-07-22 23:38 - 2017-03-04 00:57 - 00093184 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Dss.BackgroundTask.dll
2017-07-22 14:30 - 2017-07-22 14:31 - 00064512 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x86__kzf8qxf38zg5c\SkypeHost.exe
2017-07-22 14:30 - 2017-07-22 14:31 - 00170496 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x86__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-07-22 14:30 - 2017-07-22 14:31 - 31354880 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x86__kzf8qxf38zg5c\SkyWrap.dll
2017-07-22 14:30 - 2017-07-22 14:31 - 01719296 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x86__kzf8qxf38zg5c\skypert.dll
2017-07-22 23:38 - 2017-03-04 00:57 - 00094720 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\DeviceSideServicesActionUriHandler.dll
2017-07-22 23:38 - 2017-03-04 00:57 - 00379904 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.NodeWinrtWrap.dll
2016-07-16 03:26 - 2016-07-16 05:17 - 00033792 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\winrt-projections\bin\Winrt_Projections.node
2016-07-16 03:26 - 2016-07-16 05:17 - 00525312 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http\bin\NodeRT_Windows_Web_Http.node
2016-07-16 03:26 - 2016-07-16 05:17 - 00667136 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.headers\bin\NodeRT_Windows_Web_Http_Headers.node
2016-07-16 03:26 - 2016-07-16 05:18 - 00184320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.filters\bin\NodeRT_Windows_Web_Http_Filters.node
2016-07-16 03:26 - 2016-07-16 05:18 - 00382976 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.storage.streams\bin\NodeRT_Windows_Storage_Streams.node
2016-07-16 03:26 - 2016-07-16 05:17 - 00277504 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.foundation\bin\NodeRT_Windows_Foundation.node
2017-06-28 12:07 - 2017-06-28 12:07 - 00170224 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-07-12 11:03 - 2017-07-12 10:59 - 01038952 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-06-28 12:08 - 2017-06-28 12:08 - 67109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-06-28 12:08 - 2017-06-28 12:08 - 00192664 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-06-28 12:08 - 2017-06-28 12:08 - 00224256 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-06-28 12:06 - 2017-06-28 12:06 - 00292920 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2015-07-24 11:23 - 2016-06-16 15:05 - 05908968 _____ () C:\Users\tl\AppData\Local\Amazon Music\Amazon Music Helper.exe
2009-07-01 16:44 - 2009-07-01 16:44 - 00632888 _____ () C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
2017-07-01 07:41 - 2017-06-22 21:21 - 02877272 _____ () C:\Program Files\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-07-01 07:41 - 2017-06-22 21:21 - 00086360 _____ () C:\Program Files\Google\Chrome\Application\59.0.3071.115\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKLM\...\.scr: CryptoPreventSCR => "C:\Program Files\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" "%1" /S %*
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3386764216-2145708176-1762138646-1000\...\samsungsetup.com -> hxxp://www.samsungsetup.com
IE restricted site: HKU\S-1-5-21-3386764216-2145708176-1762138646-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3386764216-2145708176-1762138646-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3386764216-2145708176-1762138646-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3386764216-2145708176-1762138646-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3386764216-2145708176-1762138646-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3386764216-2145708176-1762138646-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3386764216-2145708176-1762138646-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-3386764216-2145708176-1762138646-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-3386764216-2145708176-1762138646-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3386764216-2145708176-1762138646-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-3386764216-2145708176-1762138646-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3386764216-2145708176-1762138646-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3386764216-2145708176-1762138646-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3386764216-2145708176-1762138646-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3386764216-2145708176-1762138646-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3386764216-2145708176-1762138646-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3386764216-2145708176-1762138646-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3386764216-2145708176-1762138646-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3386764216-2145708176-1762138646-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3386764216-2145708176-1762138646-1000\...\1001movie.com -> 1001movie.com
 
There are 6092 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 05:23 - 2015-10-12 18:11 - 00000761 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3386764216-2145708176-1762138646-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\tl\AppData\Local\Microsoft\Windows\Themes\img8.jpg
DNS Servers: 192.168.3.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: DivX Download Manager => "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Freecorder FLV Service => "C:\Program Files\Freecorder\FLVSrvc.exe" /run
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\tl\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: NeroFilterCheck => C:\Windows\system32\NeroCheck.exe
MSCONFIG\startupreg: QPService => "C:\Program Files\HP\QuickPlay\QPService.exe"
MSCONFIG\startupreg: SearchSettings => "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
MSCONFIG\startupreg: Spotify => "C:\Users\tl\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\tl\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
MSCONFIG\startupreg: UpdateLBPShortCut => "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
MSCONFIG\startupreg: UpdatePDIRShortCut => "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
MSCONFIG\startupreg: UpdatePSTShortCut => "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
MSCONFIG\startupreg: WinampAgent => "C:\Program Files\Winamp\winampa.exe"
HKU\S-1-5-21-3386764216-2145708176-1762138646-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3386764216-2145708176-1762138646-1000\...\StartupApproved\Run: => "CCleaner Monitoring"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{DEDCCDDE-E137-41A4-AFAD-06BBFACC9057}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{B5222368-D4F7-460B-8B0B-6E282514B0B4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6DC9E81C-9181-4723-A4B3-7028C8C13C66}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9B59574C-0526-45B5-ABF4-FE7D73CEC24A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{4624EDFD-657A-42EF-BE6D-AD0AA35FE2BA}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{DB175CA2-DE9D-400E-B100-1F672A204AAE}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{58221D05-2F79-47AB-B10A-BA3F8DC4E051}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{FE2C94FD-C635-4693-A4A0-1D2081305D68}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{463DDC0E-41D6-496E-B68C-86381A81D7A0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{07FC4861-C1B2-47DF-934F-F673A152D0D9}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{FAE31231-BB9B-4722-83DC-2F786BEB8DEF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{BDE1440D-A469-4775-AB92-7358F81FF516}] => (Allow) C:\Program Files\Opera\opera.exe
FirewallRules: [{B16AFF7F-3EAA-4A6F-804B-473303378B4F}] => (Allow) C:\Program Files\Opera\opera.exe
FirewallRules: [{45D93DDB-62C5-4351-A413-C837DA5F5545}] => (Allow) C:\Program Files\HP\QuickPlay\QPService.exe
FirewallRules: [{040698BC-823E-4154-9A2B-837647143616}] => (Allow) C:\Program Files\HP\QuickPlay\QP.exe
FirewallRules: [{6C7CD0C0-108B-481A-A520-989A5B423E1F}] => (Allow) E:\setup\hpznui01.exe
FirewallRules: [{0E4DFBE0-17B7-4EB9-A91E-10151CF4167C}] => (Allow) C:\Program Files\Opera\45.0.2552.888\opera.exe
FirewallRules: [{E01CAF65-287F-4A77-AC91-B1410D946860}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.607\SZBrowser.exe
FirewallRules: [{31BB4F08-541D-4D5D-9BA9-7E8998A82F36}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{F959A90D-6DA9-40A3-AF6B-02E95AA62F3F}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609\SZBrowser.exe
FirewallRules: [{9EE1A9B9-1CBE-42A9-A9BD-6BDEAEC60A0C}] => (Allow) C:\Program Files\Opera\46.0.2597.57\opera.exe
FirewallRules: [{BADCB9A9-502D-4766-89E2-2FB455C0EF4A}] => (Allow) C:\Users\tl\AppData\Local\Temp\7zSCAF6.tmp\SymNRT.exe
FirewallRules: [{DD065E19-6CA0-436A-B4E0-A95F3C3E585D}] => (Allow) C:\Users\tl\AppData\Local\Temp\7zSCAF6.tmp\SymNRT.exe
 
==================== Restore Points =========================
 
22-07-2017 14:07:01 Windows Update
23-07-2017 15:43:38 Removed COMODO Firewall
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/25/2017 09:33:10 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: tl-PC)
Description: Activation of app Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (07/25/2017 09:22:57 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: tl-PC)
Description: Activation of app Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (07/25/2017 09:22:56 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: tl-PC)
Description: App Microsoft.MicrosoftStickyNotes_1.8.0.0_x86__8wekyb3d8bbwe+App did not launch within its allotted time.
 
Error: (07/25/2017 09:16:13 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: tl-PC)
Description: Activation of app Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (07/25/2017 09:16:12 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: tl-PC)
Description: App Microsoft.MicrosoftStickyNotes_1.8.0.0_x86__8wekyb3d8bbwe+App did not launch within its allotted time.
 
Error: (07/25/2017 09:08:50 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: tl-PC)
Description: Activation of app Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (07/25/2017 09:08:49 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: tl-PC)
Description: App Microsoft.MicrosoftStickyNotes_1.8.0.0_x86__8wekyb3d8bbwe+App did not launch within its allotted time.
 
Error: (07/25/2017 07:21:13 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (07/25/2017 07:18:31 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: tl-PC)
Description: Activation of app Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (07/25/2017 07:18:30 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: tl-PC)
Description: App Microsoft.MicrosoftStickyNotes_1.8.0.0_x86__8wekyb3d8bbwe+App did not launch within its allotted time.
 
 
System errors:
=============
Error: (07/25/2017 09:35:07 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/25/2017 09:32:40 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (07/25/2017 09:31:24 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (07/25/2017 09:31:24 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Com4QLBEx service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/25/2017 09:31:23 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The hpqwmiex service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/25/2017 09:31:23 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Support Solutions Framework Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/25/2017 09:31:23 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office ClickToRun Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (07/25/2017 09:31:23 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Message Queuing service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (07/25/2017 09:31:23 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Net.Pipe Listener Adapter service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (07/25/2017 09:31:23 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Net.Msmq Listener Adapter service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
  Date: 2017-07-22 20:16:43.780
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard32.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-07-22 20:15:47.428
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard32.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-07-22 20:14:13.453
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard32.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-07-12 10:50:22.456
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard32.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-07-12 10:49:49.204
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard32.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-07-12 10:49:44.606
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard32.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-07-01 08:09:24.635
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard32.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-07-01 08:05:07.358
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard32.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-07-01 08:04:50.711
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard32.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-07-01 08:04:50.321
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard32.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU T4200 @ 2.00GHz
Percentage of memory in use: 42%
Total physical RAM: 3003.19 MB
Available physical RAM: 1724.04 MB
Total Virtual: 6075.19 MB
Available Virtual: 4493.25 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:221.52 GB) (Free:56.07 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10.92 GB) (Free:1.81 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 1A127DC8)
Partition 1: (Active) - (Size=221.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)
Partition 3: (Not Active) - (Size=10.9 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

  • 0

#23
Jr0x
Posted 25 July 2017 - 09:29 AM

Jr0x

    Malware removal team

  • Malware Removal
  • 1,830 posts
favicon-32x32.png Malwarebytes Anti-Malware

Please download Malwarebytes to your desktop.

Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.

Once the program has fully updated, Proceed with the Scan options and select "Threat Scan".

The Scan Pane is the introduction to scan-related options in the program. When you click Scan in the Menu Pane, you will see the screen shown below.

10a.png

After a scan has been executed, scan results are displayed as shown below. In this scan, three threats were detected.

13a.png

Put a checkmark on all detected and click on "Quarantine Selected"

18a.png

Selected reports may be viewed on screen, or exported to a text file for later viewing. Please note that only manual (on demand) scans are available for users of the free version of Malwarebytes.

19a.png

Please note that an Export button is shown at the bottom left corner of this screen. This allows you to make a copy of the log for use by other programs. You may export to your clipboard or to a text (TXT) file. Export to a .txt file and post its contents.


Scan with ESET Online Scanner

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.
Click Scan Now.
  • Download esetonlinescanner_enu.exe that you'll be given link to.
  • Double click esetonlinescanner_enu.exe.
  • Accept the Terms of Use
To perform the scan:
  • Make sure that Enable detection of potentially unwanted applications is selected.
  • In the Advanced Settings dropdown menu:
    • Enable detection of potentially unsafe applications are checked.
    • Enable detection of suspicious applications are checked.
    • Enable Anti-Stealth technology are checked.
    • Scan archives is checked.
    • Make sure that Clean threats automatically is unchecked.
    • Use custom proxy settings is unchecked.
  • Click Scan
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When the scan is done results will be displayed. Click the Copy to clipboard.
  • When completed it'll show a list of "Threats found", click beneath it on Save to text file.... and save it as ESET log.txt on your Desktop.
  • Then click Do not clean. Place a checkmark at Delete application's data on close, click Finish and close the program.
Please include this logfile in your next reply.
Don't forget to re-enable previously switched-off protection software!
  • 0

#24
tl79
Posted 25 July 2017 - 11:59 AM

tl79

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 186 posts

No threats found by Malwarebytes:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 7/25/2017
Scan Time: 11:56 AM
Logfile: mwbytes.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2017.07.25.08
Rootkit Database: v2017.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x86
File System: NTFS
User: tl
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 306099
Time Elapsed: 47 min, 59 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#25
tl79
Posted 25 July 2017 - 12:03 PM

tl79

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 186 posts

Running ESET now; I'll post results as soon as it's finished.


  • 0

Advertisements

#26
tl79
Posted 25 July 2017 - 05:04 PM

tl79

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 186 posts

Here's ESET log.txt:

 

C:\2016 TOM\MISC\ccleanersetup518.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Windows\Installer\MSI2667.tmp a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application

  • 0

#27
Jr0x
Posted 26 July 2017 - 06:49 AM

Jr0x

    Malware removal team

  • Malware Removal
  • 1,830 posts

Please download the latest version of MalwareBytes and install. Your current version is outdated.

After which, please run the scan again according to the instruction and post your log.


  • 0

#28
tl79
Posted 26 July 2017 - 01:39 PM

tl79

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 186 posts

Here's the latest version of Malwarebytes results:

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 7/26/17
Scan Time: 2:34 PM
Log File: malwarebytes new version.txt
Administrator: Yes
 
-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.160
Update Package Version: 1.0.2443
License: Trial
 
-System Information-
OS: Windows 10 (Build 14393.1480)
CPU: x86
File System: NTFS
User: tl-PC\tl
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 327500
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 7 min, 51 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)

  • 0

#29
Jr0x
Posted 27 July 2017 - 08:37 AM

Jr0x

    Malware removal team

  • Malware Removal
  • 1,830 posts
FRST.gifFix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste.
  • Save it on the desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.


Start
CreateRestorePoint:
CloseProcesses:
C:\2016 TOM\MISC\ccleanersetup518.exe
C:\Windows\Installer\MSI2667.tmp

Emptytemp:
End
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.

Note: Your machine will reboot after the fix.


How's your machine running? Any other issue?
  • 0

#30
tl79
Posted 27 July 2017 - 03:38 PM

tl79

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 186 posts

Here's the latest fixlog:

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 27-07-2017
Ran by tl (27-07-2017 16:30:39) Run:6
Running from C:\Users\tl\Desktop
Loaded Profiles: tl & DefaultAppPool (Available Profiles: tl & DefaultAppPool)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
C:\2016 TOM\MISC\ccleanersetup518.exe
C:\Windows\Installer\MSI2667.tmp
 
Emptytemp:
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\2016 TOM\MISC\ccleanersetup518.exe => moved successfully
C:\Windows\Installer\MSI2667.tmp => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11784490 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 377605 B
Edge => 0 B
Chrome => 34472514 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
LocalService => 798 B
NetworkService => 1062 B
tl => 9940261 B
DefaultAppPool => 0 B
 
RecycleBin => 65035502 B
EmptyTemp: => 116 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 16:32:25 ====
 
The machine seems to be running fine.  Thanks for all your help!!

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP